Art of Designing an Effective Risk Management Plan
Developing a risk management plan is simply a matter of following the five steps described below. The risk management plan thus becomes a straightforward byproduct of the processes like:
1) Risk Identification
2) Risk Categorization
3) Risk Prioritization
Step-1: Creation of a risk categorization table
Using different categories, a risk categorization table is constructed. This table is the starting point for identification of specific risks on each project.
The project team can use this table to review categories of risk for their project. It also provides the team with a set of factors to consider, and provides slots for them to decide which factors are relevant and what evidence they have.
As the organization learns more about its performance it may decide on ways to compare ratings on a given project with its prior history. It may determine total-rating count, or number of risks, or some combination of number and level of impact that predicts project failure or success.
Step-2: Ranking of the risks to the project for every category
a) Risk factors and areas: Under each category, this column lists category risk factors.
b) Low risk evidence (L): This column has characteristics of the risk factor when it can be considered as a low risk to the project.
c) Medium risk evidence (M): This column has characteristics of the risk factor when it provides a medium risk.
d) High-risk evidence (H): This column has characteristics of the risk factor when it should be considered as a high risk.
e) Rating: Select the level of risk (For example : H, M, L or 3, 2,1) applicable to the concerned project.
f) Comments: Provide information about project specifics that supports the rating choice.
It may be kept in mind that in some cases, evidence in one category for high risk may be evidence for low risk in another. For example, support for organization goals or use of new technologies may be taken either way, depending on the situation.
Following Tables indicates the risk factors and categories with their respective evidence of low, medium and high risk. These tables are nothing but templates that can be used as a starting point for any software development project. Categories, factors, and evidence can easily be modified within this framework for any project.
Step-3: Sorting of the risk table in the order of risk
Sorting of the risk table is done in order of risk with high-risk items being the first.
# When “High” rating risks are more than ten; calculate the risk exposure. These become our key risks.
# Identify different means to control every key risk, establish ownership of the desired action, and decide the date of completion.
# Integrate the key risks into the project plan and find out the impact of decided schedule and cost.
Step-4: Design a risk format for regular weekly review
Establish a regular risk format for weekly project status meetings. At a minimum, show the status of the top ten, the ranking of each one from the previous week, and the number of weeks on the list. Show the risk response report and the risk change report.
Step-5: Continuity of Risk Management Process
The final step is to ensure that risk management is an ongoing process within your project management. Monitoring and control of the risk list must be done on a regular basis. The project manager and team must be aware of the identified risks and the processes for resolving them. New risks must be identified as soon as possible, prioritized, and added-on to the risk management plan. High-priority risks must be worked on with respect to the overall project plan.
A) Project Management Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating |
Approach | Product and process planning and monitoring in place | Planning and monitoring need enhancement | weak or nonexistent planning and monitoring | |
Communication | Clearly communicates goals and status between the team and rest of the organization | Communicates some of the information some of the time | Rarely communicates clearly to team or to others who need to be informed of team status |
B) Schedule Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating |
Delivery commitment | Stable commitment dates | Some uncertain commitments | Unstable, fluctuating commitments | |
Development schedule | Team projects that schedule is acceptableand can be met | Team finds one phase of the plan to have a schedule that is too aggressive | Team projects that two or more phases of schedule are unlikely to be met |
C) Project Content Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating |
Requirements stability | Little or no change expected to be approved set (baseline) | Some change expected against approved set | Rapidly changing or no agreed upon baseline | |
System testability | System requirements easy to test, plans underway | Parts of system hard to test, or minimal planning being done | Most of system hard to test, or no test plans being made |
D) Customer Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating | |
Customer involvement | End-users highly involved with project team provide significant impact on system | End-users play minor roles, moderate impact on system | Minimal or no end user involvement little end-user input | ||
Customer | End-users highlyexperienced in similar projects,have specific ideas of how needs can be met | End-users have experience with similar projects & have needs in mind | End-users have no previous experience with similar project unsure of how need can be met |
E) Mission & Goals Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating |
Project Fit | Directlysupports organization mission and/ or goals | Indirectly impacts one or more goals | Does not. Support or relate to organization mission or goals | |
Work Flow | Little or no change to work flow | Will change some aspect or havesmall effect on work flow | Significantly changes the work flow or method oforganization |
F) Organization Management Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating |
Organization stability | Little or no change in management or structure expected | Some management change or reorganization expected | Management or organization structure is continually or rapidly changing | |
Management support | Strongly committed to success of project | Some commitment, not total | Little or no Support |
G) Budget or Cost Related Factors:
Risk Factors and Categories | L – Low RiskEvidence | M -Medium Risk Evidence | H- High Risk Evidence | Rating |
Project size | Small, non complex, or easily decomposed | Medium, moderate complexity, decomposable | Large, highly complex, or not decomposable | |
Technology | Mature existent in house experience | Existent some in-house experience | New technology or a new use or development little in-house experience |
Many More Articles on Risk Analysis & Security Testing
An expert on R&D, Online Training and Publishing. He is M.Tech. (Honours) and is a part of the STG team since inception.
Good Information about RISK Planing.Keep posting this kind of information which helps so many professionals and people new to QA/QC. Good Work.
hello..
good information, can u pls provide example with Mitigation plans as well..like u ve given Risks related to Project, mgmt, Cost ..can u mention mitigation in same table