Project Risk Profiling
It is very important to do effective risk profiling of Projects that are delivered, on an ongoing basis. This being a health checkup, needs to be done continuously and not one-time or only-on-need-to-know-basis.
In my experience, I gauge a project's risk level in the first 10 to 30 minutes of discussion with the Project Manager. There are weaknesses that have marked presence based on the region where the software project is developed, so my questions will be accordingly framed. Risk, primarily means, risk of failing to deliver and thereby impacting the top line and bottom line of the organization.
The delivery capability predominantly, sort of over simplified, depends on Vendor capability on the business domain & technology. This further leads to two parameters under each of them, which the type of people they deploy and the process maturity to handle this technology & domain.
Risk matters most as you grow
Risk appetite is high when the organization is small, since the fall is not a humpty dumpty fall. But, when the organization grows Risk Management becomes the primary role of the Board and Senior Management. This culture needs to be percolated till the Project Manager level to do
A highly experienced delivery professional can read patterns (read anti-patterns) in delivery before they become full blown issues. There are lots of tell tale indicators that would provide wake-up calls, some random ones are here: -
- Too much re-work
- Sudden spending of long hours to do deliveries
- More un-planned deliveries
- High turnover amongst Juniors in team (They take the brunt most on the field...!)
- Customers reaching Seniors more frequently (Pseudo escalation)
- Anxiety in the air
It is high time for the Project Manager to get his/her hands dirty by getting into specifics by seeing this tell tale signs. The typically un-experienced Project Manager want the problem to become big enough to face it, but that may be too late.
Know Thy Capability Clearly & Continuously
As told earlier, it is important to know the delivery capability even before the project is kicked off. These days Project Risk Offices are coming into practice that could report to the Board directly the status of Key Accounts. Have a mechanism to independently measure the risk levels.
Remember, Risk also means Returns
Risk profiling only tells the level of monitoring needed when the risk is within acceptable levels. This does not mean ignoring all risky ventures, which is not an entrepreneur's way of doing business. Just that put in more life jackets when the sea is too rough.
Constantly profile projects for risks and give high visibility for high-risk projects. It doesn't stop here, periodically know how the risk gets managed and plow back the learning into the system.
Finally remember, like many other paradigms in software delivery, risk profiling is also a journey and not a destination...!
I agree with you Ram... We look at the current risk exposure... As you said, tracking the risk exposure on a ongoing basis... preferably as a chart and analyzing it peridically (once a month or a quarter) would really help... Each project would bring a different trace of the risk exposure & mitigation and the SQA team collectively analyzing these traces would indicate which project is really on the 'risk'...
Good One Srini.
Ram. Wonderful. Touched upon the most importnat asspect of RM.
Excellent article!