Overview:
This is a fundamental practice that project managers should consider in their projects. Identifying and minimizing risks early in the project lifecycle is key factor for project success.
Introduction to Risk Management:
Every project contains some measure of uncertainty. Risk Management deals with this uncertainty, trying to understand its potential influence on the project. The purpose of Risk Management is to increase the probability and impact of positive events and decrease the probability and impact of events adverse to the project [PMI04]. The project manager, team, and stakeholders should be involved in risk management.
Identify Risks:
Identify risks as soon as the project starts and document them in the Risk List. Continue identifying and managing risks throughout the project. A common mistake is to identify risks only at the beginning of the project and then only track the status of these initial risks. The Risk List should be revisited weekly, or as a minimum when performing task Plan Iteration, to add any newly discovered risks.
Prioritize Risks:
Prioritize risks for further analysis or action. A good approach for prioritizing risks is to have an attribute called risk magnitude, a combination of the risk probability and the risk impact. Each iteration provides a chance for better understanding of stakeholder needs, the team capabilities, the technology at hand, and so on. Capture, qualify and prioritize risks as they arise. High magnitude risks are attacked first, thus improving the chances of project success and minimizing uncertainty.
Select Risk Response Strategies:
You are trying to mitigate or tackle the high priority risks as early as possible in the project. In order to achieve this you need to get a good grip on the risks the project is faced with, and have clear strategies on how to mitigate or deal with them. Once you have chosen a set of risks to focus on, develop options and determine actions to enhance opportunities and reduce threats, selecting a strategy, as described in Risk guidance. Sometimes strategies can be determined for each cause, rather than each risk, eliminating many risks at once.
Plan Risk Response:
For each selected strategy, identify and assign tasks to apply the strategy to the given risk. Place those tasks on the Work Items List so they can be assigned to iterations. Keep a reference to the risk for traceability. The effort must be appropriate to the magniture of the risk. Avoid spending more preventing a threat than the impact from the risk if it occurs.
Monitor Risks: