Identify risks
Identify risks as soon as the project starts and continue identifying risks throughout the project. A common mistake is
to identify risks only at the beginning of the project and then only track the status of these initial risks. The
risk list should be revisited once per iteration or even weekly to add any newly discovered risk.
Consider recording the following information (see Artifact: Risk List for more details):
-
Risk Description
-
Risk Type
-
Risk Probability
-
Risk Impact
Prioritize risks
A good approach for prioritizing risks is to have an attribute called risk magnitude, a
combination of the risk probability and the risk impact. The table below gives an example on how to calculate the
risk magnitude:
Impact
Probability
|
High
|
Medium
|
Low
|
High
|
High
|
High
|
Medium
|
Medium
|
High
|
Medium
|
Low
|
Low
|
Medium
|
Low
|
Low
|
Define mitigation strategy and follow-up risks
Once you have chosen a set of risks to focus on, choose a mitigation strategy. For more details on the different
strategies, look at Concept: Risk Management.
Then, identify and assign tasks to apply the strategy to the given risk.
The project manager should follow up regularly on risk-mitigation actions. Try another strategy if your chosen strategy
does not reduce the magnitude of a risk.
|