Risk Management (RSKM)

Purpose:

Identify potential problems before they occur so that risk-handling activities can be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.

Objective:

Establishes organizational expectations for defining a risk management strategy and identifying, analyzing, and mitigating risks.

Description:

Risk Management is a continuous, forward-looking process that is an important part of project management. Risk management should address issues that could endanger the achievement of critical objectives. A continuous risk management approach effectively anticipates and mitigates risks that can have a critical impact on a project.

Effective risk management includes early and aggressive risk identification through collaboration and the involvement of relevant stakeholders as described in the stakeholder involvement plan addressed in the Project Planning process. Strong leadership among all relevant stakeholders is needed to establish an environment for free and open disclosure and discussion of risk.

Risk management should consider both internal and external, as well as both technical and non-technical, sources of cost, schedule, performance, and other risks. Early and aggressive detection of risk is important because it is typically easier, less costly, and less disruptive to make changes and correct work efforts during the earlier, rather than the later, phases of the project.

For example, decisions related to product architecture are often made early before their impacts can be fully understood, and thus the risk implications of such choices should be carefully considered.

Industry standards can help when determining how to prevent or mitigate specific risks commonly found in a particular industry. Certain risks can be proactively managed or mitigated by reviewing industry best practices and lessons learned.

Risk management can be divided into the following parts:

- Defining a risk management strategy
- Identifying and analyzing risks
- Handling identified risks, including the implementation of risk mitigation plans as needed

As represented in the Project Planning and Project Monitoring and Control processes, organizations initially may focus on risk identification for awareness and react to the realization of these risks as they occur. The Risk Management process describes an evolution of these specific practices to systematically plan, anticipate, and mitigate risks to proactively minimize their impact on the project.

Although the primary emphasis of the Risk Management process is on the project, these concepts can also be applied to manage organizational risks.

In Agile environments, some risk management activities are inherently embedded in the Agile method used. For example, some technical risks can be addressed by encouraging experimentation (early “failures”) or by executing a “spike” outside of the routine iteration. However, the Risk Management process encourages a more systematic approach to managing risks, both technical and non-technical. Such an approach can be integrated into Agile’s typical iteration and meeting rhythms; more specifically, during iteration planning, task estimating, and acceptance of tasks.

Entrance Criteria:

Need for Organizational Risk Management Process

Exit Criteria:

Organizational Risk Management Process

Process:

Tailoring Guidelines:

Organizations may choose to purchase a risk management process and procedures rather than develop them. Using the Causal Analysis and Resolution process, they can tailor the process to fit their organization.

Process Verification Record(s):

Projects shall monitor all identified risks during the progress review meetings for the project and shall report all risks with high exposure in the project’s Senior Management Review
- Stored By: Project Manager

Projects shall develop mitigation plans for all identified risks that have a high-risk exposure
- Stored By: Project Manager

Measure(s):

Number of risks identified, managed, tracked, and controlled
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Risk exposure and changes to the risk exposure for each assessed risk, and as a summary percentage of management reserve
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Change activity for risk mitigation plans
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Occurrence of unanticipated risks
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Risk categorization volatility
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Comparison of estimated versus actual risk mitigation effort and impact
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Schedule for risk analysis activities
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

Schedule of actions for specific mitigation
- Maintained By: Project Manager
- Submitted By: Project Manager
- Frequency of Submission: Monthly

References:

CMMI^® for Development, Version 1.3, Software Engineering Process Management Program, November 2010
CMMI^® for Acquisition, Version 1.3, Software Engineering Process Management Program, November 2010
CMMI^® for Services, Version 1.3, Software Engineering Process Management Program, November 2010

When your employees have questions, they want immediate answers. And when different needs arise during the workday, employees are motivated to learn at the moment.

In-the-flow learning delivers real-time education when your employees need it most and unleashes opportunities to:

Identify skills that need to be developed
Implement practical approaches to support learning
Discover how to better support skills development

Here are the training modules for Risk Management:

Risk Management (Feature)