2.3 Assess and Manage Risks

Process - Assess and Manage Risks


2.3.1Determine risk management options
2.3.2Iteratively assess and prioritize risks

The objectives of project risk management are to increase the probability and/or impact of positive risks (opportunities) and to decrease the probability and/or impact of negative risks, in order to optimize the chances of project success. Risks continue to emerge during the project life cycle; therefore risk management is conducted iteratively throughout the project.

Refer to the following for a comprehensive coverage of this topic:

2.3.1 Determine risk management options

Explore various methods to address both negative risks and opportunities.

  • Negative risks: Implement strategies like escalate, avoid, transfer, mitigate, or accept.
  • Positive risks: Implement strategies like escalate, exploit, share, enhance, or accept.

Refer to risk response strategies for details.

Evaluate the feasibility and effectiveness of each option. Consider factors like cost, resources, and potential side effects when choosing the most appropriate strategy for both negative risks and positive risks.

Traditional vs. Agile

In traditional, risk management options are defined upfront through formal risk workshops or brainstorming sessions. Tools like risk registers with detailed impact and probability rankings support these activities. In Agile, risk management options are identified and re-evaluated throughout project sprints. Daily stand-up meetings and team retrospectives often act as informal forums for identifying and discussing potential risks.

2.3.2 Iteratively assess and prioritize risks

  • Identify risks: Brainstorm and identify both threats and opportunities that could impact the project, business, or personal situation.
  • Analyze risks: Consider the following for both negative risks and positive risks:
    • Likelihood: How probable is it that the event will occur?
    • Impact: How severe or beneficial would the consequences be?
    • Urgency: How quickly could this event affect the project objectives?
  • Prioritize risks: Based on the analysis, assign priority levels to both negative risks and positive risks.
  • Continuously reassess and update: Regularly revisit your risk assessment to identify new risks and opportunities, re-evaluate existing ones, and adjust the risk management strategies accordingly.

Traditional vs. Agile

In traditional projects, while regular risk reviews occur, these are typically less frequent (e.g., monthly) and focus on comparing planned mitigation strategies to actual impacts. Techniques like risk mitigation plans and contingency plans are documented and tracked. In Agile projects, iterative assessment and prioritization is continuous throughout the project lifecycle. Techniques like risk boards are used to visually track and prioritize risks, allowing for quick adjustments based on new information or changing priorities. Regular sprint reviews provide opportunities to reassess risks and adapt mitigation strategies as needed.

Last updated: March 10, 2024