When during a project lifecycle should we conduct a risk assessment?

At what point in a project's lifecycle should one conduct a risk assessment? Do you have any suggestions as to how to accomplish this so that the risks uncovered are such that they can be responded to?

    Requires Free Membership to View

At least during three key points:

  • Before
  • During
  • After

Two things spring to mind about conducting a risk assessment as soon as possible. First, transparency is key to finding risks early. People afraid to address issues are likely to pooh-pooh legitimate concerns. Second, enterprise risk management (ERM) offers quite a bit of guidance. My friend Bob Charette contributed a chapter to my second book, The Next Wave of Technologies: Opportunities in Chaos, on ERM since any type of major IT change in an organization is fraught with risks.

There's way too much on ERM for me to attempt to do it justice here. Suffice it to say there are significant limitations to surveys and "roundtable" meetings. Risks need to be assessed systematically and throughout the project's entire lifecycle.

This was first published in December 2009

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.