Plan for Risk and Opportunities

(Activity) for Tier: Product

View Training

Purpose

Risks and Opportunities are specific project uncertainties that cause a negative or positive impact respectively. This activity guides the team through planning for risks and opportunities. Teams will develop categories to help the team identify risks and opportunities and establish templates and working agreements to provide structure. Standardization of a risk or opportunity statement helps the team consistently write strong statements. A well-constructed statement makes subsequent management activities easier. It also makes it easier to explain and report the items you are managing to your stakeholders and senior management teams.

When

After the Project Charter has been drafted and reviewed

Entry Criteria

Sub-Activities

  1. Identify risk and opportunity categories

    • Brainstorm a list of categories to help more easily identify and analyze risks and opportunities. Consider the following:
    • Work management uncertainties such as contracts, budget, schedule, skill gaps, and resources.
    • Compliance or Authorization uncertainties such as Authority to Operate (ATO), Required Security Training, and PII.
    • Technical Performance uncertainties such as quality characteristics and reliability.
    • Environmental uncertainties such as licensing, production upgrades, and configuration changes.

    Note

    The team may have combined or separate lists for risks and opportunities.

    • Continuously maintain the category list. Add categories based on experience in order to help identify recurring risks or opportunities.
    • Remove categories that are never used and add categories

  2. Develop a format for risk and opportunity statements

    • The statement should document the cause, effect, and any downstream effects.

    Consider using the if, then, so format:

    • Write a complete sentence including a cause and an effect.
    • Use the ‘if…then’ logic to link the cause and effect. Or use words such as, ‘may lead to’ or ‘may result in’ to join the two parts.
    • Describe the cause as a condition or set of conditions (triggers) that need to be present for the risk to occur.
    • State the impact on the plan, goal or overall objective under consideration. (Ask yourself so what?)
    • Record the final statement with the description field.

    Example Risk: If the integration test fails (if), we will need to fix and retest the solution (then), which may result in a delay to production (so).

    Example Opportunity: If peer reviews are conducted on test cases with developers (if), we may reduce defects due to differences of understanding (then), which may result in increased velocity (so).

  3. Develop working agreements (norms) for managing risk & opportunity

    • Determine a risk mitigation threshold. While risks should be mitigated from highest exposure to lowest. It may be necessary to require mitigation above a certain exposure value. The threshold should not exceed 16.
    • Review the Manage Risk and Manage Opportunities activities to ensure an understanding of these processes.
    • Work with the team to develop norms for identification, monitoring, and communication beyond what is stated in the process guidance.
    • Determine the periodicity for monitoring. For risks, the periodicity may change based on the current active risks but should not exceed weekly. Monitoring is described within the Manage Risk and Manage Opportunities activities.

  4. Develop work item templates

    • Record the standard format for the risk and opportunity statements within the work item templates.
    • Record the category list within the work item templates.
    • Record any applicable working agreements (norms) within the work item templates. For instance, the team may want to record the risk statement steps in the template.

OUTPUTS

EXIT CRITERIA

  • Working Agreements have been documented within the work item templates