A risk for a project is a condition whose occurrence is not certain but that can adversely affect the project. Risk management requires that risks be identified and prioritized and, for the top few risks, that actions be taken to minimize their impact. The cost of risk mitigation may seem wasted when the risks do not materialize, but they must be incurred to minimize the loss in case the risk materializes.
Table 6.5. Risk Management Plan for the XYZ Project | |||||
Sequence Number | Risk | Probability | Consequences | Risk Exposure | Mitigation Plan |
1 | Failure to meet the high performance | High | High | High | Indicate expected performance to clients through requirements prototypes. Use tips from body of knowledge database to improve performance. Make team aware of the requirements. Update the review checklist to look for performance pitfalls. Study and improve performance constantly. Follow guidelines from earlier performance studies. Test application for meeting performance expectations during integration and system testing. |
2 | Lack of availability of persons with the right skills | Medium | Medium | Medium | Train resources. Review prototype with customer. Develop coding practices. |
3 | Complexity of application requirements | Medium | Medium | Medium | Ensure ongoing knowledge transfer. Deploy persons with prior experience with the application. |
4 | Manpower attrition | Medium | Medium | Medium | Train a core group of four people. Rotate onsite assignments among people. Identify backups for key roles. |
5 | Unclear requirements | Medium | Medium | Medium | Review a prototype. Conduct a midstage review. |
6 | Difficulty of reconciliation configuration of changes done in onsite maintenance during off-shore development | Medium | Low | Medium | Create a management plan and adhere to well-defined reconciliation approach. Reconcile once per month (first Tuesday or next working day). Do not reconcile changes done after a cut-off date. |
Table 6.6. Risk Evolution in the XYZ Project | ||||
Sequence Number | Risk | Current Probability | Current Consequences | Current Risk Exposure |
2 | Manpower attrition | High | High | High |
3 | Difficulty of reconciliation of changes created in onsite maintenance during off-shore development | Low | Low/medium | Low |
Following are some of the key lessons from the Infosys approach to risk management:
To help you identify risks, a list of commonly occurring risks is a good starting point. In addition, look ahead and try to visualize everything that can go wrong in the project.
For risk prioritization, a simple and effective mechanism is to classify the probabilities of risks and their impacts into categories such as low, medium, and high, and then manage the risks that have high probabilities and impact.
For the top few risks, plan the risk mitigation steps, and ensure that they are properly executed during the project.
Monitor and reevaluate the risks periodically, perhaps at milestones, to see whether the risk mitigation steps are having an effect and to revisit risk perception.
With respect to the CMM, the Project Planning KPA of level 2 requires that a project have a risk management plan. Proper processes for risk management and monitoring are a requirement for the Integrated Software Management KPA at CMM level 3.