Risk management

A two-step process to analyse the risks inherent in the development of an information system, then develop strategies to mitigate them, depending upon their likely impact. The risk management process should minimise spending, but maximise the reduction of the negative effects of the various possible risks to the project.

Various techniques exist for identifying potential risks, such as visualising them in terms of the project’s objectives, possible scenarios that might occur in relation to this specific project, or common risks that can be applied to a number of different situations. Such risks can include financial, legal or security issues, accidents and disasters.

Risks should be prioritised, to ensure that those with the greatest impact or highest probability of occurring are assessed first, while those with lowest impact or lowest probability of recurring are assessed later.

Strategies for risk management include avoiding the risk, reducing its negative effects, transferring it to another party, or accepting some or all of its consequences. The human factors relating to any actions should be taken into account.

A risk management plan should be continuously reviewed and updated as the project progresses, and should take into account the experience gained from any risks that occur throughout its duration.

Related methods include: General project management, Human factors analysis and Security planning.

Syndicate content