Home / BA / Risk Analysis and Management

Risk Analysis and Management

Risk Analysis and Management:-

Risk – It is an uncertain event which, if occurs, might effect the scope, schedule, cost and quality of a project.

As mentioned earlier, It is an uncertain event. It may or may not occur.

Risk Analysis and management is a process of

  1. Identifying Risk events
  2. Analysing risk events
  3. Developing strategies / response for the handling risk events
  4. Monitoring and controlling risk events

It is a continous process and happens throughout the project schedule.

Managing risk is responsibility of all the project team members.

It is important to do risk analysis at the beginning of the project and continue it throughout the project.

Understanding the following is very important before starting the risk analysis and management process

  • Project scope and objectives
  • Project cost and package
  • Project Schedule
  • Different stakeholders


Risk Register

A Risk Register has the complete details of the identified risks, probability and impact, owners and actions.




Identified Risks









Scope Schedule Quality Cost


Identifying risk events

  • This can be done by Brainstorming, Interview, RCA, SWOT Analysis and other elicitation techniques
  • Once the Risk events are identified, They must be updated in Risk Register.

Analysing Risk Events

  • The probability of occurrence and the Impact of the risk event should be analysed.
  • Risk events can be categorized as low, medium and high or on a scale from one to 10 on their occurrence probability and impact.
  • Same needs to be updated in the Risk register


Developing strategies / response for the handling risk events

The strategies / response should be cost effective, realistic and agreed upon by all and owned by a responsible person.

Following are the categories of strategies / response for handling risk events.

  • Avoid – changing the project management plan to eliminate the risk entirely

Ex – changing project scope, removing requirements etc.

  • Transfer – Shifting ownership & -ve impact to third party

Ex – contract with third party to do some portion of hte project, insuring hardware etc.

  • Mitigate – Reducing probability & impact of risk event

Ex – Less complex process, conducting more tests, double check important stages

  • Accept – Not to acknowledge the risk unless it occurs as it has very less probability / impact or its impossible to avoid / transfer/ mitigate the risk.

Risk register needs to be updated accordingly.


Monitoring and Controlling risk events

This can be done by following..

  • Implementing risk strategies / response
  • Tracking risks
  • Identifying new risks

Weekly meetings should be arranged for monitoring and controlling risk events. This helps in understanding success of the risk strategies / response and status of the risk events.

Risk register needs to be updated accordingly.

About Firdous Khan

Check Also

What is BRD? How is it different from SRS?

BRD stands for Business Requirements Document, whereas SRS stands for Software Requirements Specification. Both documents …

Leave a Reply

Watch Dragon ball super