Get their ideas down onto
large sheets of paper you can blu-tack to the walls. Circulate a revised list after the meeting. Repeat
the process half-way through the project, and identify how many have not occurred, and how
many unforeseen ones
had
occurred. Use [Carr M], the kinds of risk mentioned earlier, and look
at each workpackage in the plan to identify how each could be compromised by being unfinished,
late, or simply giving a wrong output. Identify what the knock-on effect of such an event might
be. Look at the users, and identify how each stakeholder class might be negatively affected by a
system failure (look at section 7.7.3). Look at the development, test, training, and support environments,
and identify weak points (for example, see section 8.5.17). See [Wallace] for a list of
fifty-three major risks and their relationships.
FIGURE 3.1
A risk management process.
Start/stop
Plan risk
management
Risk
management
plan
Risk log
Identify risks
Identify risk
alerts
Estimate cost
of each risk
Estimate
probability
of each risk
Write risk
reduction plan
for each risk
Monitor risks
End of
project
Risk Management
31
???
Estimate risk costs, probabilities, and exposures
(see Table 3.1).
???
Write the reduction/mitigation plan for each risk.
???
Identify the risk alerts.
Taking the list of risks, identify what are the first signs you might get that
the risk will eventuate. What can you do to get those signs earlier? How can you get such a sign
to trigger an alert?
???
Monitor the risks
using the risk log in section 8.
Pages:
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139