The purpose of risk management is to identify potential problems before they occur so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.
Risk management is a continuous, forward-looking process that is an important part of business and technical management processes. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management approach is applied to effectively anticipate and mitigate the risks that have critical impact on the project.
Effective risk management includes early and aggressive risk identification ...view middle of the document...
Establishing categories for risks provides a mechanism for collecting and organizing risks as well as ensuring appropriate scrutiny and management attention for those risks that can have more serious consequences on meeting project objectives.
Typical work products would include: (1) risk source lists (external and internal) and (2) risk categories lists.
2. Demonstrate that you have a process to define the parameters used to analyze and categorize risks, and the parameters used to control the risk management effort. Parameters for evaluating, categorizing, and prioritizing risks typically include risk likelihood (i.e., the probability of risk occurrence), risk consequence (i.e., the impact and severity of risk occurrence), and thresholds to trigger management activities.
Risk parameters are used to provide common and consistent criteria for comparing the various risks to be managed. Without these parameters, it would be very difficult to gauge the severity of the unwanted change caused by the risk and to prioritize the necessary actions required for risk mitigation planning.
Typical work products would include: (1) risk evaluation, categorization, and prioritization criteria and (2) risk management requirements (control and approval levels, reassessment intervals, etc.).
3. Demonstrate that you have a process to establish and maintain the strategy to be used for risk management. A comprehensive risk management strategy addresses items such as: (1) The scope of the risk management effort, (2) Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication, (3) Project-specific sources of risks, (4) How these risks are to be organized, categorized, compared, and consolidated, (5) Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks, (6) Risk mitigation techniques to be used, such as prototyping, simulation, alternative designs, or evolutionary development, (7) Definition of risk measures to monitor the status of the risks, and (8) Time intervals for risk monitoring or reassessment.
The risk management strategy should be guided by a common vision of success that describes the desired future project outcomes in terms of the product that is delivered, its cost, and its fitness for the task. The risk management strategy is often documented in an organizational or a project risk management plan. The risk management strategy is reviewed with relevant stakeholders to promote commitment and understanding.
A typical work product would be the project risk management strategy.
4. Demonstrate that you have a process to identify and document the risks. The identification of potential issues, hazards, threats, and vulnerabilities that could negatively affect work efforts or plans is the basis for sound and successful risk management. Risks must be identified and described in an understandable way before they can be analyzed and...