RISK ANALYSIS AND MANAGEMENT

A Risk is an uncertain event or condition which could either affect the cost, time, scope or quality and hence the success or failure of a project . So it is important to analyze the risks regularly as the project progresses. While we may not be able to avoid every risk, we can limit each risk’s impact on the project by preparing for it beforehand.
Risk Analysis Steps :
1. Risk Identification : It is the process to identify the business, financial , technological and operational risks. It basically includes scope of the project, cost and schedule decided for the project, change in customer requirements and resource management.
2. Risk Assessment : It is the process to identify the probability of occurrence of each identified risk. It is Business Analyst responsibility to arrive at a consensus, may be percentage, for each risk item identified.
3. Risk Response Planning : It includes the planning to that reduces the probability of occurrence of risk. Business Analyst along with the project manager is given the responsibility to decide the conditions for which the strategies will need to be used.
4. Risk Rating : Calculate an overall risk rating for the proposed projects in terms of the costs, time and solution quality. The business analyst initiates a discussion to determine the risk in the project. Each identified risk should be rated before making necessary arrangements to rectify the same, it would help in generating risk log for future prospects

For each risk , we’ll note the likelihood of its occurrence ( Frequency) , the cost ( Severity) to the project if it does occur, and the strategy for handling the risk.
Strategies include the following:

• Avoid: When both Severity and Frequency of risk are high . Avoid the risk by removing the potential risk through taking precautionary measures, which at extremes can mean cancelling the project.
• Mitigate: When Severity is low but Frequency is high. This means minimize the damage a risk can cause or reduce its likelihood of occurring (or both) through taking precautionary actions
• Transfer : When Severity is high but Frequency is low. Usually this means insuring against a risk occurring, but can also include getting the business owner/sponsor to take accountability for the risk outside the scope of the project
• Accept: When both Severity and Frequency of Risk are low. In cases where the risk is considered unworthy of effort to manage it can be accepted. This may occur in instances where the risk is so unlikely to occur as to not warrant attention, or where the impact is insignificant in the content of the business and project’s environment