Task: Manage Risks
This task describes how to identify, analyze and prioritize risks to the project, determine appropriate risk management strategies, and reflect these in the risk list for the project.
Purpose
  • To identify, analyze and prioritize risks to the project
  • To determine appropriate risk management strategies
  • To update the risk list to reflect the current project status
Relationships
RolesPrimary: Additional: Assisting:
InputsMandatory:
  • None
Optional: External:
  • None
Outputs
Affected Work Items
Work Item Types
Steps
Identify risks

Make an inventory of the potential risks to the project. Gather the project team together in early phases or iterations of the project in order to create an initial risk list. See Identifying Risks for more information.

Note: The team at this point could be quite small; if there are more than five to seven people on the project team, limit the risk assessment process to the activity leaders.

Assess risks

Analyze the risks in order to combine similar risks (to reduce the size of the risk list) and to rank the risks in terms of their impact on the project. Knowing the risk exposure, in other words the risk impact and likelihood of occurrence, will help the team prioritize and attack risks. See Assessing Risks for more information.

Identify risk actions

Develop plans to attack project risks. The typical strategies to be followed are:

  • Risks mitigation, that is to reduce the impact and likelihood of occurrence of the risks
  • Risks contingency, that is to develop alternative plans to address risks when they occur
  • Risks avoidance, that is to reorganize the project to eliminate risks

For the top priority risks, identify and capture in the risk list the strategy associated with each risk.

See Identifying Risk Actions for more information.

Revisit risks throughout the project

Risk assessment is actually a continuous process, rather than one which occurs only at specific intervals during the project. At minimum, you should assess risks at the end of an iteration or phase. Refocus on the goals of the iteration or phase with respect to the risk list. Specifically:

  • Eliminate risks that have been fully mitigated.
  • Introduce new risks recently discovered.
  • Reassess the magnitude and reorder the risk list (see step: Analyze and prioritize risks).

If possible, revisit your list weekly to see what has changed. Make the top ten items visible to the whole project and insist on action being taken on them. Often you should attach the current risk list to your status assessment reports.

Note: Do not be too concerned if you discover that the risk list grows during the initial phases or iterations of the project. As project members do the work, they realize that something they thought was trivial actually contains risks. As you begin doing integration, you may find some hidden difficulty. However the risks should steadily decrease as the project reaches the middle- to final-phases of the project. If not, you may not be handling risks appropriately or your system is too complex, or impossible to build in a systematic and predictable fashion. 

Properties
Multiple Occurrences
Event Driven
Ongoing
Optional
Planned
Repeatable
More Information