23. RisksAll projects involve risk. By this, we mean the risk that something will go wrong. Risk is not necessarily a bad thing, as no progress is made without taking some chances. However, there is a difference between unmanaged risk say, shooting dice at a craps tableand managed risk, where the probabilities are well understood and the contingencies planned. Risk is a bad thing only if you ignore the risks and they become problems. Risk management involves assessing which risks are most likely to apply to the project, deciding on a course of action if they become problems, and monitoring projects to give early warnings of risks becoming problems. This section of the specification contains a list of the most likely and the most serious risks for your project. For each risk, include the probability of it becoming a problem and any contingency plans. It is also useful input to project management if you include the impact on the schedule, or the cost, if the risk does become a problem.
As an alternative, you may prefer to identify the single largest riskthe showstopper. If this risk becomes a problem, then the project will definitely fail. Identifying a single risk in this way focuses attention on the single most critical area. Project efforts are then concentrated on not letting this risk become a problem. This section of the book is not intended to be a thorough treatise on risk management. Nor is this section of the requirements specification meant to be a substitute for proper risk management. The intention here is to assign risks to requirements and show clearly that requirements are not freethey carry a cost that can be expressed as an amount of money or time, and as a risk. Later, you can use this information if you need to make choices about which requirements should be given a higher priority. |