How to conduct Risk Management from CMMI point of view?

CMMI FAQ 0

30th April, 2013

In CMMI, Risk Management (RSKM) is a process area at CMMI Maturity Level 3 and requires projects to manage Risk so that projects are not disturbed by any unwanted conditions and deliver the result which they are intended to. In CMMI Maturity Level 2 under Project Monitoring and Control Process Area in SP 1.3 Monitor Project Risks, project risks have to be managed at CMMI Maturity Level 2 also. Risk Management (RSKM) helps in identifying potential problem as said and managing/mitigating/eliminating them before they occur.

Risk Management involves following activities:

• Identification of risks – Risks can be identified related to the different categories and broadly belonging to Process (Complex, Simple, Medium Complex etc.), People (Team Members, Senior Management, Customers, and Suppliers), Technology (OS, Databases, Programming Language, Tools, COTS) and Others (Communication Language, Statutory, On-time Delivery). Refer to the Old Risk Log for selecting risks for your projects. It is also possible that there is no Risk Log available. Risks encountered shall be collected from Project Teams and documented in the form of Risk Log.
• Analysis of Risks – Once you have identified all risks, do analyse them for different factors – risk, probability and its impact on the project. During risk analysis or assessment, we examine the accuracy of the estimates that were made during risk projection and attempt to prioritize the risks. For assessment to be useful, a risk level is determined. There is a level of performance degradation, cost overrun, support, or schedule slippage that (or any combination of the four) that will cause the project to be terminated. If the combination of risks lead to problems that cause schedule and cost overruns, there will be a level, that (when exceeded) will cause project termination. So Risk shall be analysed carefully based on the parameters as said above.
• Risk Tracking – Risk tracking needs to be done on a real time basis. It can be done live or on completion of a milestone. Risk Log document is a live document and shall be updated periodically for the new Risk Score for the identified Risks and to add new Risks identified due to changes in project conditions/environment etc.
• Risk Repository – Risks shall be documented from projects. Even if there was not Risk Log available in the past, oral evidences should be collected from project teams and shall be documented in the Risk Log and shall be used as Risk Repository for planning Risks Management in new projects.
• Handling Risks – Risk Mitigation Plan shall be prepared for each risk. Risk mitigation planning can also include contingency plans to deal with the impact of selected risks that can occur despite attempts to handle/manage them. Risks shall be handled based on their occurrence in the project. Risks shall be handled whose threshold has exceeded from defined limits.

Risk Management Summary

• Do estimate costs and benefits of implementing the risk mitigation plan for each risk.
• Identify and assign resources who will handle the Risks Management.
• Closely monitor the risk, update log and close the risk once its effect becomes very less.

How DQS India can help in better Risk Management?

DQS India has very experienced team of CMMI Consultants who have vast experience of working in diverse Project Environments, Team Sizes, and Domains. They can help projects team in understanding Risk Management in totally different light which will help them in managing risks better.

They can help in the development of Processes, Templates, Checklists and Guidelines for Risk Management and at the same time provide Training for implementation of these artefacts to project teams.