1: Identify potential risks
The key to success in identifying potential risks to your project is to involve the right people. Everyone has a different perspective and interest in a project, and that unique view of the world can be used to uncover a robust collection of risks that you might not otherwise identify. Here are some of the roles to consider tapping into:
* End users (from a variety of areas)
* Management (different levels)
* Developers (from all the affected system areas)
* Quality assurance
* Business/system analysts
* System/data architects
My favorite technique for uncovering risks is to have an open brainstorming session with all the interested parties involved. This is not for the faint of heart. The only way to do it effectively is to have a skilled facilitator running the session. Drill down into each suggested risk only as deep as needed to properly describe it and to determine whether it is valid for the scope of the project. Don’t take the time during this session to evaluate the significance of each risk.
All risks are not created equal. Each risk should be evaluated for the likelihood it will happen, as well as for how big an impact it will have if realized. You can do this over multiple sessions with smaller groups. This will allow you rank the risks and determine which ones will be worth further time and energy to address.
You should come up with a strategy to prevent each risk from being realized or for compensating in the event it does occur (create a “plan B”). Ideally, you want to do this for every identified risk. But if time and resources are limited, use the results from your analysis (tip #3) to determine which risks should make the short list for mitigation.
5: Review and revisit
Once you’re “done,” you’re not done. Situations change over time. New risks arise, old ones disappear, and mitigations that seemed like a good idea at the time may need to be rethought. The risks that have been identified should be reviewed on a regular basis and updated accordingly. New perspectives on the project could have a profound effect on the risk profile of the project. Also, make sure that the mitigations that seemed like a good idea when you started the list are still viable and appropriate.
Risk management can be an involved undertaking, and there are already a number of best practices around to help guide the activity. The tips here are hardly a comprehensive review of the discipline, but they are great place to start for the beginner and an excellent reminder for the practitioner.