As I need to prepare a few slides on project management and software development risk methodology I’m going to blog some parts of its here.
What is risk ?
The Oxford American Dictionaries give these definitions:
“a situation involving exposure to danger »
« the possibility that something unpleasant or unwelcome will happen »
« a person or thing regarded as likely to turn out well or badly, as specified, in a particular context or respect ».
« a person or thing regarded as a threat to something in need of protection »
« a thing regarded as likely to result in a specified danger »
« act or fail to act in such a way as to bring about the possibility of (an unpleasant or unwelcome event) »
Processes of Risk Management
An article on wikipedia details these steps : http://en.wikipedia.org/wiki/Risk_management
Establish context :
• planning the remainder of the process
• mapping out the scope of the exercise
o identity and objectives of stakeholders
o the basis upon which risks will be evaluated
o defining a framework for the process
o agenda for identification and analysis
Identification :
In order to start there are two different approaches, to analyse the potential source of problem or the problem itself.
“Source analysis Risk sources may be internal or external to the system that is the target of risk management. Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport. »
« Problem analysis Risks are related to identified threats. For example: the threat of losing money, the threat of abuse of privacy information or the threat of accidents and casualties. »
There’s numerous methods of risk identification:
• Objectives-based Risk Identification
• Scenario-based Risk Identification
• Taxonomy-based Risk Identification
• Common-risk Checking
Assessment
After you’ve identified potential risks you need to assess the relative importance of the losses or their probability to occur.
There’s a lot of risk assessment formulas but apparently one of the most common formulae is this one :
« Rate of occurrence multiplied by the impact of the event equals risk »
Potential Risks treatments
Once risks had been identified each management technique blongs to one of these categories :
(Dorfman, 1997)
• Transfer
• Avoidance
• Reduction (aka Mitigation)
• Acceptance (aka Retention)
Create the plan
A decision has to be taken by each level of management on which combination of methods to be used for each risk.
“The risk management plan should propose applicable and effective security controls for managing the risks. »
Implement it !
Postreview
References :
• Dorfman, Mark S. (1997). Introduction to Risk Management and Insurance (6th ed.). Prentice Hall. ISBN 0137521065.
• Stulz, René M. (2003). Risk Management & Derivatives (1st ed.). Mason, Ohio: Thomson South-Western. ISBN 0-538-86101-0.
• Alijoyo, Antonius (2004). Focused Enterprise Risk Management (1st ed.). PT Ray Indonesia, Jakarta. ISBN 979-9891818-1-7.
• Thomsett, Rob (2002). Radical project management. Upper Saddle River, NJ: Prentice Hall PTR. ISBN 0130094862.
