Project Risk Management

"If a project has no risks, don't do it." - WaltzingWithBears by TomDeMarco and TimothyLister

RiskManagement is balancing the amount of risk we want to take with the amount of risk our project exposes us to.

Our RiskExposure varies over the length of a project. RiskManagement therefore must be a continuous iterative process even if our project lifecycle is not.

A RiskManagementCycle?: The FiveCoreRisks of software projects should number among our identified risks. They are: For more on RiskManagement strategies see: A common risk is lack of skills. For example, when developers who have written nothing but Visual Basic are expected to crank out production Java code. In this situation: RiskDiscovery? is feedback. If we don't act on it, we have wasted our time collecting it. HandWaving is a common RiskEvasion tactic. However, RiskManagement takes time and resources like any other part of ProjectManagement. Once we have our RiskExposure for each risk, we can sort our risks and manage only the TopTenRisks.

[1] acceptance means accepting a portion of the impact equal to the probability and padding the cost/schedule accordingly; this is in contrast to evasion, where we trust to luck that the impact will not occur.

Contributors: LaurentBossavit, PaulSinnett, and others


EnterpriseRiskManagement? framework summary 2004

See AnatomyOfRisk, AtsRiskManagement, ExtremeRiskManagement

View edit of March 5, 2014 or FindPage with title or text search