Show Menu

IT Project Risk Cheat Sheet by

IT Project Risk
management     project     costs     risk

Risk definition from PRINCE2

‘The chance of exposure to the adverse conseq­uences of future events.’

External risks include:

Government interv­ention
Cuts in resources, including staff
Reduction in financial support
Increased compet­ition from rivals
Social develo­pments

Identi­fying risks

Analyse what you already know - views, trends or constr­­aints
Use prompts and checklists from aids to build initial list of risks. (Check textbooks, Applic­ation develo­pment documents, company standards, Google)
Review Barry Boehm’s Top Ten Risks
Methods of gathering risk info
Interv­iewing experts or stakeh­olders
Brains­torming workshops w/stak­eho­lders
Searching past project docume­ntation
Law of dimini­shing returns, do not assume that all generic risks will be relevant
Dismiss risks not project specific
Recognise root cause of the problem

Quanti­tative approaches to risk

Based on seemingly precise values
Probab­ility is repres­ented between 0-1 or %
Impact = $ loss should risk happen
Prob­ability x impact = risk exposure $$$
Risk exposure value (REV) can be compared against insurance premium
REV helps assess effect­iveness of risk reduction action
Risk reduction leverage (RRL) = (RE (before) – RE(after)) / cost of risk reduct­ion
If RRL > 1.0 the action is worth while
Problems with quanti­tative risk assessment
Without lots of data IDing probab­ility is often guesswork
Amount of damage usually guesswork
Amount guessed might be less than actuality & risk fund may be exhausted

Probab­ility impact grid (PIG)

With qual approach, risk tolerance line is drawn on PIG. Don't approve project with risks above this line. Take mitigative action to reposition risks by reducing risk probab­ility &/or impact

Planning, monitoring and control

New risks ID'd any time, & secondary risks result from actions to reduce initial risks.
Monitoring is part of project control cycle
Monitoring = mixture of regular reviews and reviews after events, e.g. end of a stage.
Need a project risk plan to doc planning & facilitate monitoring & control process. Use a risk regist­er/log, & list all the risks

Risk register management

For each risk in register, an individual risk record will be created
Risk record shows prob & impacts before and after mitigating action is taken
Risk plan
Plans of actions documented
Not always 1:1 between risk and plan
Risk owner manages risk plan & monitoring
If risk changes during process, revise plans

Adverse effects could be

Reduction in the value delivered
Project failure
Higher develo­pment costs
Delayed project completion
Reduced scope
Reduced perfor­mance
Completed system fails to deliver capability = original business case not realised

Risk Management Framework

Barry Boehm’s Top Ten Software Project Risks

1. Personnel shortfalls – capabi­lit­y/skill mismatches
2. Unreal­istic schedules and budgets
3. Developing wrong functions & properties
4. Developing the wrong user interface
5. Gold-p­lating – develo­pment of unneeded functi­onality
6. Continuous stream of changes
7. Shortfalls in external components
8. Shortfalls in externally performed tasks
9. Real-time perfor­mance shortfalls
10. Straining capabi­lities – current techno­logies / expertise not developed to satisfy req's and project becomes a research project

The qualit­ative approaches to risk

Because qualit­ative is mostly guesswork modern practice = qualit­ative approach
Approaches = interv­iewing stakeh­olders, experts and brains­torming
Qual­itative descri­ptions of probab­ili­ty:
Extremely Likely, Very High, High, Medium, Low, Very Low, Improbable
Quanti­tative values expressed within a range, e.g. 20–50% probab­ility. Then map to categories of probab­ility and impact
Risk assessment similar to effort estima­tion, often done together
Priori­tising risks
Ensure effort used where needed most
Use a probab­ility impact grid (PIG)
On the PIG #'s uniquely identify each risk

Mitigating actions decision consid­era­tions

Benefits should outweigh benefits of inaction – use the calc of risk reduction leverage
How many actions to approve
In relation to which risks
Focus first on the show-s­toppers – that prevent completion of the project.
With quant approach, sum up risk exposure figures for an overall project risk exposure. Then plan actions to reduce risk to level accept­able. Altern­atively address highest priority risks.

Risk register


Internal risks include

staff changes
lack of policies to guide decision making
increased scope of changes
lack of developer experience

Risk manage­ment: similar to any other activity

ID risks
Plan to deal with them
Execute project
Monitor and control
Cyclic process throughout project

Assessing the risk

Evaluate and then prioritise the risk
Evaluation criteria
Probab­ility risk will occur
Impact that the risk could have
Risk exposure, magnitude of the risk
Risks may impact time, cost or quality, and will impact business case.
Time: longer develo­pment time needed
Quality: reduction in the scope or perfor­mance of the delive­rable
Costs: increase in the resources
A risk can be viewed as an opport­unity
Proximity of the risk
Risk magnitude vary – completed tasks risks disappear
Time period when the risk may occur
Uncert­ainty high at beginning due to unknowns. As knowledge increases uncert­ainty is reduced.

Mapping assess­ments of risk probab­ility

Deciding the approp­riate actions

Conseq­uence of mitigating action, update:
project schedule
develo­pment costs
functional scope
Perfor­mance of the delive­rables
Acce­pting the risk
If prob low, impact low, & other actions not practical could accept risk and monitor it
Maybe cost of action outweighs impact
Prev­enting the risk aka 'risk avoida­nce'.
Reducing the risk
Action before the expected risk occurs
Tran­sfe­rring the risk to another party, outsource for eg
No action before the risk occurs
Plan of action once risk occurs, or certain
Generally only incurs costs if risk arises
$ to manage risk and with creating the conditions in the contin­gency action plan

Download the IT Project Risk Cheat Sheet

2 Pages

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!



No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Project Management Cheat Sheet
          Project Planning Cheat Sheet

          More Cheat Sheets by NatalieMoore