This topic pulls together several other of the 36 common mistakes, for example feature creep and the use of leading edge technology. Many books have been written on risk management and I’m not going to attempt to distill them down to one blog posting, instead some definitions and key points.
A risk is an undesired event that has a cause and a consequence. Risk management is the systematic process of identifying risk, analysing and either responding to it or planning to minimise or avoid it.
I heard of some astonishing, but quite logical, risk management at a meeting at IBM many years ago. They had a project on a client’s site that involved the teams driving a fair distance each week for a number of months. The project manager calculated the number of miles that would be driven and then looked up the average number of miles between serious road accidents. Statistically for the number of miles to be driven there would be one serious road accident. Fortunately all journeys were completed without incident, but there was a fallback process in place had there been. Whilst this may appear cold hearted, it doesn’t exclude caring for the team members involved in the accident, in fact quite the reverse. Just as we rely on the police, ambulance and fire services in a road accident, who have plan and train constantly for this sort of activity, so IBM was creating a process that would allow the project to carry on whilst caring for the team members. If an accident had have happened unplanned for, the project manager would have had to work out what to do on the spot and implement it. By having a plan someone else can put into practise, the project manager is free to concern himself with the well being of his team members.
There’s as many ways of handling risk management as cooking eggs, so I’m just going to touch on the general steps.
Risk identification - prepare a list as part of project planning, but also identify risks during the project.
Qualiative risk analysis - this is a prioritised list of risks, ranked by the cost of correcting the risk, which could be expressed in time or money.
Quantitative risk analysis - this is the likelihood of the project not achieving its objectives if the risk occurs or the probability that the risk will occur. The expected cost can be calculated by multiplying the expected cost from the qualitative analysis with the probability of the risk occurring.
Risk response planning - look at the ways the risk can be minimised or how it will be handled and cost, using the same units as before (i.e. time or money). Minimisation of risk can consist of work you will need to do to minimise the risk and work you will need to do if the risk occurs. The cost of dealing with the risk (if it occurs) and the cost of minimising the risk can be compared and a decision made on more scientific grounds. For example, if a project was using a new database technology, you can calculate the cost of changing the database technology late in the project if a problem was found in the new technology and compare it against isolating the new technology as part of the design and having to change a smaller amount if a problem arises.
Risk monitoring and control - as the project progresses the possibility of a risk occurring may rise or fall and other risks may be identified. Just as the project plan is adjusted as it progresses, the risk management steps here should also be constantly revised and adjusted.
The Code Whisperer RSS Feed