3.3: Approach to Assessment
3.3 Approach to Assessment
From our previous discussions in Chapters 1 and 2 we defined risk as three broad categories:
-
Category business risk: whatever affects your ability to meet project objectives. These risks are managed by the business and cannot be transferred.
-
Category technical risk: includes full SDLC project risk; these are managed by the party best placed to do so. Project personnel and stakeholders share detailed plans for managing risks.
-
Category external risk: outside the control of the project, such as legislation, changes in provider marketplace. Project personnel and stakeholders produce and maintain plans for mitigating these risks.
Through the preparation of risk statements (and supporting information), and perhaps the use of qualitative techniques we will have ascertained some view as to what our exposure to risk represents. Risk exposure helps us to list the risks in priority order, with the risks of most concern given the highest priority. The key activities associated with undertaking a risk assessment are listed below:
-
Risk analysis, that is deciding the impact of the risk were it to occur, using predefined methods and techniques
-
Risk prioritization, that is deciding which risks are important ( and why)
-
Risk mitigation, that is deciding on an appropriate course of action.
3.3.1 Key inputs
To carry out the activities listed above, the project manager and the team need various inputs in the form of documentation, methods and resources. As a minimum the following are required:
-
Statements of risk (including...