Last week, I facilitated a risk analysis session for a customer. It was a very enjoyable and useful session, which has resulted in a list of important risks (with estimated probability and impact) and corresponding actions we are going to take.Good risk analysis and risk management is still uncommon on IT projects. One of the reasons is that thinking about risks is scary – people prefer to think of project success instead of all the things that could go wrong, or people are so scared of possible project failure that they avoid anything that even touches on risks, problems or failure. This can lead to the risks and the necessary mitigation and contingency actions becoming increasingly undiscussable, increasing the probability and impact of the risks, increasing the chances of project failure – the fear of failure becomes a self-fulfilling prophesy.
Doing a thorough risk analysis and managing the risks during the course of the project helps to make (and keep) these things discussable so that you can anticipate and respond using appropriate actions, which makes the risks less scary and increases the probability of project success.
I have noticed a number of additional effects of doing a risk analysis:
- It helps teams and organisations in making the shift from fear to fun in their work.
- The process of going through the risks, playing with the ideas of threats and possible project failure in a relatively safe environment (at start of the project, most options still being open), will reduce stress and panic at the moment when the risk actually materializes.
- It helps building and reinforcing a shared vision.
- Agile practices like short iterations, automated acceptance testing, early and frequent customer feedback, prove to be simple and effective tools for risk detection and mitigation. The last few years, I’ve been asking myself regularly how to “sell agile”, but I realised that this is not the right question: it’s about managing project risks effectively – something for which agile software development is an excellent fit.
A very good guide to doing risk management in IT projects is the book Waltzing With Bears by Tom DeMarco and Tim Lister.