TABLE OF CONTENTS From the previous chapter you will have ascertained the importance of having a clearly defined methodology for identifying and classifying risks. You will have also gained some insight into the qualitative tools used in the process of identifying risk, especially the use of the risk taxonomy method and risk mapping process.
The purpose and value of risk statements, the need for constant reviews during the software development life cycle and the process by which formal risk reviews are undertaken were discussed. Finally, we looked at the need for stakeholder involvement in the risk process and the importance of stakeholder participation.
It is perhaps worth stating at this point that risk management should be considered a core competency from which the project organization derives many of its competitive advantages. The ability to analyse, assess, measure and manage risk should be a prime concern in all the organization s business and technical decisions. Sensitivity to risk management innovations and issues should be seen as an integral part of the culture. Four principles guide the management of risk:
An organization-wide commitment to effective risk management starts at the senior management level.
A strong, centralized and independent control function for risk management operating in conjunction with decentralized business activities enables the organization to be agile and efficient in its business activities, yet prudent in its overall risk taking.
Diversification is an efficient mechanism for managing risk.
Returns earned must be commensurate with the marginal risk...
