Risk management

1. Meghana Shirguppi

2.  What is Risk and why bother?
 What is Risk Management
 Identify Risk
◦ Risk Factors
◦ Risk Register
 Manage Risk – Mitigation and Contingency plan
 Monitor and Control Risk

3. What is Risk
 Risk is an uncertain event or condition that, if occurs, has an effect on at least one project
objective.
 Release / Project risk is a potential source of deviation from the
release/project plan.
Why bother?
 Risk Analysis is a proven way of identifying factors that could negatively
affect the success of a release or any project.
 It allows us to examine the risks that we might face
 It allows us to have mitigation and contingency plan ready in time.
Benefits from Risk management are
◦ Reduce release risk
◦ Improve Predictability
◦ Improve Quality and Productivity

4. Risk Management is the process of
 Identifying Risk– which are likely to affect the
project/release
 Risk Quantification – Evaluation of risk to assess the range
of possible outcomes
 Risk Response (Mitigation)– defining steps for handling the
risk
 Monitor and Control Risk– responding to changes in risk
over course of project

5. Risk Analysis helps you identify and manage potential problems that could affect the initiatives or
projects.
Risk is made up of two things: the probability of something going wrong, and the impact (negative
consequences) that will happen if it does.
Other factors to be consider is timings of the risk and owner of the risk.
When is this risk expected to occur during the project/release life cycle?
Who is the owner? Who will monitor and provide status?
Risk factors
3.
1.
2.
Expected timing
The probability that it
The Impact (when) in the project
will occur
life cycle

6. Guidelines on How to identify Project / Release Risk
.
Scope Risk : Examine the plan or the scope for the project. Identify short team task and long term
task. Call out the risks that poses due to a scope change.
Requirement Risk
Scope Creep – e.g. unexpected legal requirements can change the scope.
Scope Gap – ill defined scope.
Technical Risk - Choosing a tool , technology or vendor( eg. No advanced technology
available or the existing technology is in initial stages.)
Schedule and Resource Risk : Check if you have require resources on project?
Hardware / Software Resource – Unavailability of required hardware/software may affect
the project deliverable and timeline
People joining the team late, may impact schedule
Is there is a risk of loosing resources?
Risk due to Estimates - Wrong time estimation
Estimates that are excessively inaccurate
Too aggressive a schedule
Dependencies risk due to external dependency.
Structural or operational aspects of the project teams. Is there any risk due to the cross site teams?
No proper subject training can be a risk
Failure to resolve the roles and responsibilities can be a risk

7. Risk Register - After Identifying the Risk we should have the initial
entries into the risk register.
 It includes:
 List of risk (description of the risk)
 List of POTENTIAL responses (mitigation)
 Updated risk categories (Probability / Impact)
Id Description Probability Impact Status Owner Mitigation Plan
1 The requirements for High High Open Sean Sean will provide detailed use cases.
"sharing" is not clear. Sean will validate with customer.
2 Scope creep after technical Medium High Open PM PMs to do requirement review with all
design will impact the the stakeholders
timeline
3 Design not ready by a <date> Low High Atul Atul to monitor
will result in schedule delay
4 Dependant module not High High Arvindh Communicate and agree on dates with
delivered by a <date> will the dependant team and consumer as
have a –ve impact on well
schedule

8. Impact
Probability
High Medium Low
High
Medium
Low

9. Few ways of managing risk -
1. Do something (Mitigation) to eliminate Risks before they happens
2. Decrease the probability and/or impact.
3. For the remaining (residual) risk that cannot be eliminated. Do
something if the risk happens (contingency plan).

10. Monitor & Control Risk is the process of ..
◦ Implementing risk response plans,
◦ Tracking identified risks,
◦ Monitoring residual risks,
◦ Identifying new risks that might occur during the release
 Other purposes are to determines if
◦ Project assumptions are still valid
◦ Risk has changed or can be retired
◦ Risk management policy & procedure are being followed
◦ Align contingency reserves with current risk assessment

11.  Risk is the enemy! Risk is a potential source of deviation from the
plan.
 No project is without risk.
 Identify all the risk. Risks are identified in all phases.
 Create Risk Register
 Non-critical risks should also be documented.
 Mitigation and contingency plan in place
 Monitor and control regularly.