A formal risk management process provides a number of benefits to both the project team and the development organization as a whole. First, it gives us a structured mechanism to provide visibility into threats to project success. By considering the potential impact of each risk item, we can focus on controlling the most severe risks first. We can combine risk assessment with project estimation to quantify possible schedule slippage if certain risks materialize into problems, thereby coming up with sensible contingency buffers. Sharing what does and does not work to control risks across multiple projects helps projects avoid repeating the mistakes of the past. Without a formal approach, we cannot ensure that our risk management actions will be initiated in a timely fashion, completed as planned, and effective.
Controlling risks has a cost, which we must balance against the potential cost we could incur if the risk is not addressed and does indeed bite us. For example, if we are concerned about the ability of a subcontractor to deliver an essential component on time, we could engage multiple subcontractors to increase the chance that at least one will come through on schedule. That’s an expensive remedy for a problem that may not even exist. Is it worth it? It depends on the down side we incur if indeed the subcontractor dependency causes the project to miss its planned ship date. Only you can decide for each individual situation.
Adapted from “Practical Project Initiation: A Handbook with Tools” (Microsoft Press, 2007), with permission from author.
Karl Wiegers, Ph.D., is Principal Consultant with Process Impact, a software process consulting and education company in Portland, Oregon. Karl’s most recent book is “Practical Project Initiation: A Handbook with Tools.” Karl is also the author of four other books and 170 articles. Karl is a frequent speaker at software conferences and professional society meetings. You can reach Karl through www.projectinitiation.com or www.processimpact.com.