Home
 		 Information
Sources
 		 Training &
Seminars
 		 About
Btt
 

 

 

Risk Management: 
 

Page 1 of 8

A practical toolkit for identifying, analysing and coping with Project Risk

by Tom Gilb. September 1998
 

Summary:
Risk management must be fully integrated into all the development and maintenance processes for systems. It involves more than applying risk assessment methods to identify and evaluate system risks.

To explain this broad approach to risk management, this paper discusses the way in which Requirements Driven Management (RDM) methods contribute to handling risks.

Definition of 'Risk':
Risk is an abstract concept expressing the possibility of unwanted outcomes.  A ‘risk’ is anything which can lead to results that deviate from the requirements.

It is in the nature of risk that the probability of risks actually occurring, and their actual impact when they do so, can only be predicted to varying degrees of accuracy. Not all risks can be identified in advance.

Risk Management is any activity which identifies risks, and takes action to remove, reduce or control ‘negative results’ (deviations from the requirements).

Principles of Risk Management:
In my view, the fundamental principles of risk management include:

1. Quantify requirements
All critical quality and resource requirements must be identified and quantified numerically.

2. Maximize profit, not minimize risk
Focus on achieving the maximum benefits within budget and time-scales rather than on attempting to eliminate all risk.

3. Design out unacceptable risk
Unacceptable risk needs to be ‘designed out’ of the system consciously at all stages, at all levels in all areas, e.g. architecture, purchasing, contracting, development, maintenance and human factors.

4. Design in redundancy
When planning and implementing projects, conscious backup redundancy for outmaneuvering risks is a necessary cost.

5. Monitor reality
Early, frequent and measurable feedback from reality must be planned into your development and maintenance processes, to identify and assess risks before they become dangerous.

6. Reduce risk exposure
The total level of risk exposure at any one time should be consciously reduced to between 2% and 5% of total budget.

7. Communicate about risk
There must be no unexpected surprises. If people have followed guidelines and are open about what work they have done, then others have the opportunity to comment constructively. Where there are risks, then share the information.

8. Reuse what you learn about risk
Standards, rules and guidance must capture and assist good practice. Continuous process improvement is also needed.

9. Delegate personal responsibility for risk
People must be give personal responsibility in their sector for identification and mitigation of risks.

10. Contract out risk
Make vendors contractually responsible for risks, they will give you better advice and services as a result.

Let’s now consider, each of these principles in turn and describe some (not all!) of the roles that the RDM methods play in risk management. However, first here is an outline sketch of the RDM methods:

  • Planguage; a requirements specification language insisting on quantified values.
     

  •  Impact Estimation (IE); an analysis tool (a table) allowing evaluation of the likelihood of achieving requirements and, the evaluation and comparison of different designs (strategies). A strength of IE is that it also helps identify new designs and uncover previously unstated requirements.
     

  • Evolutionary Delivery (Evo); based on the work by the quality gurus Deming and Juran, a way of working that focuses on evolutionary delivery of early, measurable, system benefits to the customers. A system is developed, by small risk steps, in a series of plan, develop, deliver and evaluate cycles.
     

  • Inspection; a technique for measuring and improving technical document quality. Technical documents are evaluated against their source documents and any prevailing standards by Inspection teams consisting of individuals with specially assigned roles. The overall aims are to identify defects, to identify patterns in the introduction of defects (leading to process improvement), to help train individuals to avoid creating defects and, to assist team-building.

 Readers wanting a more detailed explanation of these methods should look in the References at the end of this article.


 more...
 
© Tom@Gilb.com 2005 
Back to: Projects Implementation     Next: Page 2 of 8

Copyright © Biness Transition Technologies Ltd 2004.  A

ll Rights Copyright © Business Transition Technologies Ltd 2006.  All Rights Reserved.