Manage Risk

(Activity) for Tier: Product

View Training

PURPOSE

Risks are specific project uncertainties that cause a negative impact. The process attempts to inherently mitigate risk common to software development. For instance, the daily standup mitigates the risk that a team member will be blocked more than a day without intervention. This activity provides guidance beyond that and addresses specific cases where risks require mitigation and contingency plans in order to manage them effectively. Mitigation plans are executed to prevent or reduce the impact of materialization. Contingency plans are executed when a risk materializes.

PARTICIPATING ROLES

INPUTS

  • Risks identified in other activities

ENTRY CRITERIA

  • Risk Categories have been identified
  • Risk Work Item Template(s) has been created

WHEN

Continuously through the life of the project

SUB-ACTIVITIES

  1. Identify Risks

    • Proactively identify potential risks to avoid or minimize the impact of risks relating to achieving objectives. Use the categories identified during Plan for risk and opportunities to help brainstorm risks.
    • Review the risks with stakeholders to determine which ones are worth tracking and developing plans for. Risks should relate to achieving an objective. The stakeholders very based on the activities involved.
    • Record draft risks using the Risk work item and the template developed during planning.
    • Provide a succinct title that can easily remind stakeholders of the effort at a glance.

  2. Develop a Risk Statement

    • Write a statement that captures the cause, effect, and objective within the description field. Use the template developed during Plan for Risk and Opportunities . These statements should relate to achieving an objective.

  3. Analyze Risks

    • Select the likelihood that the risk will materialize from the following set: 1, 3, 5, 7, 9.

      • Very Low (1): Less the 10% likely.
      • Low (3): 10 to <30% likely.
      • Medium (5): 30 to <50% likely.
      • High (7): 50 to <70% likely.
      • Very High (9): Great than 70% likely.

    • Record this in the likelihood field of the work item.

    • Determine the impact of the risk. Attempt to quantify this by doing a relative comparison to other potential impacts and select a numeric value from the following set: 1, 2, 4, 8, 16. Use the following scale to assist and record this in the impact field:

      • Very Low (1): A risk that may be accepted and unworthy of tracking.
      • Low (2): Minor impact, unlikely to require escalation.
      • Medium (4): Moderate to large impact but can be managed through normal means.
      • High (8): Major impact that may result in lower CPAR scores, notable customer dissatisfaction, or personnel loss. These are typically escalated for analysis of applicability to the organization.
      • Very High (16): Potential loss of contract or serious impact to company assets that must be escalated for organizational mitigation and awareness. Escalate all these risks immediately by adorning the item with a “Escalate” tag and informing the BUL.

    • Calculate the item’s exposure by multiplying the likelihood and the impact. Record this in the exposure field.

    • Prioritize the risk by exposure with higher exposure indicating a greater need to mitigate.

  4. Plan Mitigation

    • For each risk, develop a mitigation plan and record it in the mitigation plan field.

      • Assess the risk and brainstorm options to mitigate its impact and/or avoid its materialization.
      • List mitigation options ordered by the likelihood of success.
      • Mitigation plans should proactively address the risk by preventing materialization or reducing the impact. Monitoring is not mitigation.
      • Review the Conduct Product Decision Analysis & Resolution activity to determine if your Risk qualifies as a DAR trigger.

    Note

    Accepting risk should only be used as a last resort. Close accepted risks as they do not require mitigation plans. Execute any contingency plans if applicable.

  5. Plan Contingency

    • For each risk, develop a contingency plan and record it within the contingency plan field in order to respond effectively if the risk materializes.

    Note

    For projects using the If, Then, So format, a risk will materialize when the “if” part of the risk statement becomes true.

  6. Mitigate Risks

    • Continuously execute mitigation plans starting with the highest exposure items and working down the list. Set risks in mitigation to the Active state and assign them to the best stakeholder to execute and monitor.
    • Update the risk parameters (likelihood, impact) and provide a status within the discussion field each time a mitigation action is performed so it’s clear how the action influenced the parameters.
    • Ensure execution of mitigation plans occur for risks that exceed the team’s agreed upon threshold determined during Plan for risk and opportunity management.
    • Ensure follow through by assigning related work items to one or more team members best able to execute the plans.

  7. Monitor Risks

    • Continuously review, update, and communicate the items starting from the highest exposure and working down.

      • Update parameters (impact, likelihood, etc.) based on execution of the mitigation plan or external changes.
      • Update tasks for items that have active plans being executed.
      • Update other aspects of the item to ensure its information is current.

    • Resolve risks that have been mitigated.

    • Close risks once all tasks are closed and stakeholders have reviewed and agree the item is complete. For materialized risks, execute the contingency plan, review with the team, then close the risk.

    • Consider routinely analyzing the effectiveness of risk mitigation with the team. This should include both risks that were well mitigated and not mitigated.

  8. Escalate Risks

    • Escalate risk work items that have been adorned with an “Escalate” tag.
    • Discuss with business unit lead, any risks that require escalation to executive management.
    • Import any risk work item with an “Escalate” tag into Inspire and be prepared to discuss during the Business Unit Status Review (BUSR).

OUTPUTS

EXIT CRITERIA

  • Risks above the threshold have been escalated, disucussed with BUL, and imported into Inspire.