PERFORMING RISK ASSESSMENT AND MITIGATION

Risk is inherent in projects. Project teams should identify the potential risks on their projects and develop a plan for managing those risks.

Risk management planning involves deciding how to approach and plan the risk management activities for a project.

There are several ways to identify potential risks. Reviewing historical information, analyzing the nature of the project or products, and using various information gathering techniques can help in identifying potential risks.

Qualitative risk analysis involves assessing the likelihood and impact of identified risks to determine their magnitude and priority. For example, there is always a risk that fire may destroy a building. The project team might identify this risk and note that it would have severe consequences if it occurred but that it is highly unlikely to occur. Risks can be prioritized as high, medium, or low. They can also be prioritized in rank order or by determining risk factors.

If any tasks on the critical path take longer than planned, the project will not meet its target schedule date. It is very important, therefore, to understand potential schedule risks for critical tasks.

There are several ways to reduce potential impacts of risk on the schedule. Project teams can include buffers or additional time before the project completion date to reduce the likelihood of a schedule overrun. Project managers can increase monitoring of critical tasks to help ensure timely completion.

Risk mitigation is reducing the impact of a risk event by reducing the probability of its occurrence. For example, a project team might decide to use a current version of an operating system instead of planning to user a soon-to-be-released version.

Information technology projects often neglect risk management. Be sure to identify potential risks on projects and plan how to manage those risks.