Risk Management is a Four Stage Process
Risk management is not exactly the most popular topic in project meetings. People would rather talk about more exciting things such as the features to be be built and the choice of technologies. We don’t blame them, those topics are more interesting but we have also learned through experience that good risk management is in fact, key to delivering those same exciting features. We have developed a 4-Stage Risk Identification and Management Process which we apply at the outset and throughout every project:
Stage 1. Risk Identification
This starts with a brainstorming session with various project stakeholders where we focus on each aspect or sub-component of the project and create a list of all potential threats including those stemming from technology, schedule and availability of resources. Once each risk is identified, we move to Stage 2.
Stage 2. Risk Prioritization
In this stage, each risk is assigned a probability (how likely is this risk to occur?) and an impact score (how sever would the impact of this risk be on on the project objectives) The combination of these two parameters and a measure of judgment is used to prioritize the identified risks.
Stage 3. Risk Strategies
In Stage 3, we define and assign one or more management strategies to the risks. Possible risk management strategies can include risk avoidance, risk mitigation and risk transfer and each of these has a specific set of associated actions.
Stage 4. Risk Monitoring
Our team refers to our Stage 4 as the rule of “Repeat Early and Often”. As the project progresses, risks need to be reassessed and updated to reflect new realities. In our experience, risk monitoring meetings often serve to unearth key issues (a.k.a. risks) and allow the team to coordinate solutions and management strategies well ahead of these turning into crises.