Risk is unavoidable part of our lives. We take risks each day in order to develop and grow as humans and as society. In this fast paced world nothing is constant, neither are risks. They evolve, they change fast and if we don’t manage to minimize their threats and maximize the hidden opportunities in them we are going to fail.
In order to understand the benefits of risk management we need to analyze the risks, understand and address the right factors if we want to achieve the goals we set. This is a short brief about risks as one of the crucial factors in our lives.
It doesn’t really matter in which fields of your professional or personal life you are facing risks, a risk will always be a risk.
For the purpose of this article we’ll keep our focus on software project risk management. While risk is inherent in everything we do and involves diverse roles of risk professionals where risk management is needed; diverse roles such as: insurance, business continuity, health and safety, corporate governance, engineering, planning and financial services.
Whether you are an organization or professional you should adopt or improve risk management standards:
- ISO 31000 2009 – Risk Management Principles and Guidelines
- A Risk Management Standard – IRM/Alarm/AIRMIC 2002 – developed in 2002 by the UK’s 3 main risk organizations.
- ISO/IEC 31010:2009 – Risk Management – Risk Assessment Techniques
- COSO 2004 – Enterprise Risk Management – Integrated Framework
- OCEG “Red Book” 2.0: 2009 – a Governance, Risk and Compliance Capability Model
(References and standards – Source: theirm.org)
From there on, you’ll be able to approach risks with the best practices using fast-moving-forwards and frameworks which will help your organization or client. Plus these standards will give you credibility as a business which can be trusted.
But what if you have all that established in your organization (i.e. you are working with finances) and you are in front of big software project, the chances that you’ll outsource most of the work to a solution delivery team outside of your organization are huge. What traits should you recognize to ensure yourself that the team you choose will finish the job?
You might be familiar with the risk management, but you still need to recognize these 7 factors included in the project planning from the solution delivery team.
Risk management is a part of the project. The risks are growing and evolving how the project moves forward. If the team is ignorant on the potential risks and too confident about the delivery, then many risks will occur during the project. Don’t believe blindly in the project manager. A good practice is when a risk management log is maintained daily. Only with proper assessment the benefits of risk management can be maximized.
Risks need to be identified early in the project and prioritized. It doesn’t matter if it’s a minor or major risk, everything needs to be considered. Put in a log and then graded (low, medium or high with probability of occurrence factor). Risks can reveal some booby traps you will encounter or some golden opportunities that may not have crossed your mind!
Do not be afraid to communicate about risks. If there is a break in the communication between the delivery team, the project owners or the other stake holders, then you are risking to bring your project to a dead end! A sincere approach and communication on what might happen during the project won’t hurt anyone’s feelings.
Each threat identified with the risk management assessment might be a hidden opportunity. Never ever focus only on “bad guys”. Modern risk approaches also focus on positive risks, the project opportunities. These are the uncertain events that are beneficial to your project and organization. These “good guys” make your project faster, better and more profitable.
Clarify ownership issues. What does this mean? First of all the project manager job is not finished when the initial risk log is created, and on contrary, this is only the beginning! As I mentioned before, the risks will also evolve with the project, so you must clarify each developing risks. You must do that because if a risk occurs, someone must take responsibility. I know that some people might feel uncomfortable because of the responsibility they take, but that must be done.
Proper risk analysis. The nature of each risk must be analyzed and identified properly. From here you can set the proper triggers and contingency to prevent it or mitigate the risk. If the delivery team takes good care of this while planning the project, then you can be confident in the competence of the project.
Risk log and risk tracking. This is needed in order to keep an eye on all risks and make sure that you don’t miss a risk or two. The tracking will help you to track the associated tasks to each risk. When a huge stake is put on a project, then if you are the project owner you might want to review these documents more often.
Risk management is always beneficiary and saves money and time. These risk rules and guides above should help you to implement a proper risk management structure in your project, or spot the difference between an experienced and an inexperienced delivery team.
I wish you success with your projects.