Risks vary from one project to another. A scientific and carefully planned approach towards identifying risks and making efforts to mitigate them would prove to be an asset to the organization. That's where risk management comes in.
According to SEI (http://www.sei.cmu.edu/), risk management is a practice with processes, methods, and tools for managing risks in a project. It provides a disciplined environment for proactive decision making to:
- assess continuously what could go wrong (risks);
- determine which risks are important to deal with;
- implement strategies to deal with those risks.
There are two approaches to mitigate risk:
1. The reactive approach: Here, the risk is identified once it translates into an undesirable consequence, and is only then acted upon.
2. The proactive or preventive approach: This approach adopts the "look before you leap" formula. Here, the probability of risk occurrence is analyzed and a plan defined to prevent it.
The approach that is best-suited for a particular organization depends on the complexity of the project. If the application is a small and simple one with a short life cycle, a reactive approach can be employed, as the risk of running into schedule slippage is less likely here. The proactive approach, on the other hand, suits complex or sophisticated applications with numerous inter-dependent components, as it not only helps in identifying the risks a priori but also plays an important role in the project staying within its prescribed time and budget limits.
A number of factors need to be taken into account before developing and implementing a fool-proof risk management plan: the severity of the risk, the possible damage it can cause, the time and duration of its occurrence, time required to mitigate the risk, the possibility of its recurrence, and so on. In order to identify these factors and successfully account for them, an organization should adopt the following six-step process:
* Risk identification
* Plan development
* Plan implementation
This process may be considered as a hierarchical series of actions.
The following sections examine each of these actions in greater detail.
* Surveying The Landscape
Risk identification is a primary and crucial step in risk management. Each and every weak spot of the equipment (both hardware and software) used in application development, the team, and the organization as a whole, should be scrutinized and evaluated. If this is done at the outset of the software life cycle, the possibility of mishaps leading to loss of time, financial resources and manpower can be averted.
Here are some golden rules to follow in this stage:
1. Work to a goal: Don't just design or implement a risk management plan as per textbook, make sure that there is a genuine rationale behind it. Consider the following examples:
* If an application/product is targeted for bulk production, care should be taken to see that the organization does not fall short of resources, or else the delivery of the product might be delayed.
* If the product is aimed at a low-income user base, measures should be taken such that the project development does not incur costs more than that allocated to it, else the end product could cost more than the targeted consumer could afford.
2. Maintain and update documents: Keep that pen rolling. Maintain documents of all the vulnerabilities and loopholes in the system, and update them as and when more risk scenarios are recorded.
3. Share information with your peers: If, in the course of planning, it is felt that a certain risk might prove to be a threat to the application, tell the people concerned about it. If nobody else has pointed it out, then seize the opportunity to share this information. Work with a broad perspective - you won't regret it.
blog comments powered by Disqus