Many methods, including brainstorming, Delphi method, expert knowledge, analysis of the causes and consequences (root cause analysis), sample lists of risks, assumptions analysis, SWOT analysis, Ishikawa diagram and more, can be used to create it.We recommend to update the risk lists to a minimum of 1 x 14 days.
- Risk description - Unambiguous and specific risk description (not lack of resources for the project, but eg missing analyst).
- Impact - Verbal description of the impact of risk on time, budget and scope.
- Monetary impact - quantification of the financial impact of risk
- Type - risk classification according to choice - "technical", "people", "organization", "customer".
- Probability - How likely is it to expect a risk on a scale of 1 to 5 (1 is very low, 5 very high).
- Impact - What is the impact of the risk on the project on a scale from 1 to 5 (1 very low, 5 very high).
- Severity - The overall weight of the risk. Calculated as the product of the impact and the probability. The higher the value, the higher the overall severity of the risk.
- Status - marking the risk as active and inactive, for the possibility of further filtering.
- Expected date of occurrence
- Owner - the specific person who is responsible for dealing with the risk
- Strategy - Choice of procedure for risk according to the offered list (mitigate, accept, transfer, avoid)
- Risk prevention plan - a description of how to prevent risk and what measures to take to minimize the likelihood of the risk occurring.
- Risk trigger - what is the trigger of risk - on the basis of which events the risk arises.
- Contingency plan - risk response.
Continuously and regularly update the list of risks due to their development during the project life cycle.