Risk Assessment

Escaping danger zone with a bulletproof planning

Our product management is actually a risk-based product management.

For risk containment and mitigation. We identify where the and in which stage the risk will arises and execute the plan upon the experience and knowledge of the entire team to minimise the impact to the project.

Risk assessment includes the following tasks:

  • Identify risks and their triggers
  • Classify and prioritise all risks
  • Craft a plan that links each risk to a mitigation
  • Monitor for risk triggers during the project
  • Implement the mitigating action if any risk materialises
  • Communicate risk status throughout project

Five Types of Risk In Product Management

For most product development projects, we can define five main risk impact areas:

  • New, unproven technologies
  • User and functional requirements
  • Application and system architecture
  • Performance
  • Organizational

Monitor and Mitigate

To be effective, software risk monitoring has to be integral with most project activities. Essentially, this means frequent checking during project meetings and critical events.

Monitoring includes:

  • Publish project status reports and include risk management issues
  • Revise risk plans according to any major changes in project schedule
  • Review and reprioritize risks, eliminating those with lowest probability
  • Brainstorm on potentially new risks after changes to project schedule or scope

When a risk occurs, the corresponding mitigation response should be taken from the risk management plan.

Mitigating options include:

  • Accept: Acknowledge that a risk is impacting the project. Make an explicit decision to accept the risk without any changes to the project. Project management approval is mandatory here.
  • Avoid: Adjust project scope, schedule, or constraints to minimize the effects of the risk.
  • Control: Take action to minimize the impact or reduce the intensification of the risk.
  • Transfer: Implement an organizational shift in accountability, responsibility, or authority to other stakeholders that will accept the risk.
  • Continue Monitoring: Often suitable for low-impact risks, monitor the project environment for potentially increasing impact of the risk.