Purpose
  • To create a documented plan for identifying, analyzing, and prioritizing risks
  • To identify the risk management strategies for the most significant project risks
Role:  Project Manager 
Frequency: As required, typically once per phase starting as early as Inception.
Steps
Input Artifacts:    Resulting Artifacts:   
Tool Mentors:   

Workflow Details:   

Define risk management procedure & tools To top of page

The first step in developing your Risk Management Plan is to define the procedure you will follow to:

  • Identify risks
  • Analyze risks
  • Prioritize risks

You should also identify any specialized tools or techniques you will use to capture and store risk information. This may be as simple as identifying the network server location for a shared risk list. For more information on the risk management procedures recommended in the Rational Unified Process, see Guidelines: Risk List, and Activity: Identify and Assess Risks.

Create initial risk list To top of page

Before you decide upon your risk management strategies, it is a good idea to have an idea of the kinds of risk you will need to deal with. Early in the Inception phase, it is a good idea to create an initial list of risks, and use these to guide you. To create the Risk List follow the procedure described in Activity: Identify and Assess Risks.

Assign risk management team To top of page

Decide which project team members will be responsible for managing the projects risks. It is important for this team to be representative of both technical and managerial functions. Often a good combination includes the project manager, the customer representative (or product manager), software architect, and team leads for the test, development, documentation and deployment teams. A best practice is to appoint one member of this team as the project's Risk Officer. The Risk Officer is responsible for gathering and sorting risks as they are identified, reporting risk status, and scheduling risk review meetings.

Decide strategies for managing top 10 risks To top of page

For each risk on the Risk List, the risk management team should decide upon the approach that will be used to keep the risk in check, and how to remedy the situation if the risk should occur (a contingency plan). Risk management approaches include avoidance, transfer, acceptance and mitigation. These strategies are described in more detail in Guidelines: Risk List, and Activity: Identify and Assess Risks

Define risk indicators for top 10 risks To top of page

For each risk in the risk list, identify a measurable condition that, if it should occur, tells you that the risk is about to become reality. These conditions are the risk indicators. The project manager will monitor these risk indicators throughout the project, and implement the contingency plan identified in the Risk Management Plan.

Set schedule for risk reporting and reviews To top of page

Risk management is most effective if it is treated as a continuous process. The Risk Management Plan should lay out a schedule for the issue of regular risk status reports, and risk review meetings. It should also identify the conditions when unscheduled d risk review meetings should occur.

For more information on risk management see Guidelines: Risk List.



Rational Unified Process   2003.06.13