Project Risk Management

"If a project has no risks, don't do it." - WaltzingWithBears by TomDeMarco and TimothyLister


RiskManagement is balancing the amount of risk we want to take with the amount of risk our project exposes us to.

Our RiskExposure varies over the length of a project. RiskManagement therefore must be a continuous iterative process even if our project lifecycle is not.

A RiskManagementCycle?: The FiveCoreRisks of software projects should number among our identified risks. They are: For more on RiskManagement strategies see: A common risk is lack of skills. For example, when developers who have written nothing but Visual Basic are expected to crank out production Java code. In this situation: RiskDiscovery? is feedback. If we don't act on it, we have wasted our time collecting it. HandWaving is a common RiskEvasion tactic. However, RiskManagement takes time and resources like any other part of ProjectManagement. Once we have our RiskExposure for each risk, we can sort our risks and manage only the TopTenRisks.

[1] acceptance means accepting a portion of the impact equal to the probability and padding the cost/schedule accordingly; this is in contrast to evasion, where we trust to luck that the impact will not occur.

Contributors: LaurentBossavit, PaulSinnett, and others


Resources

EnterpriseRiskManagement? framework summary 2004 http://www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf


See AnatomyOfRisk, AtsRiskManagement, ExtremeRiskManagement

EditText of this page (last edited March 5, 2014) or FindPage with title or text search