Identify: Identification surfaces software-related risks before they become
actual problems which adversely affect the project. Before risks can be
managed, they must be identified.
Analyze: Analysis is the conversion of identified risk data into
decision-making information, and provides the quantification and oversight
clarity needed to guide the project manager to work on the "right"
Plan: Planning involves developing actions to mitigate individual software
risks, prioritizing risk mitigation actions, and integrating these actions
into an executable risk management plan.
Track: Tracking consists of implementing the risk management plan and
monitoring the status of risks and actions taken to mitigate those risks. Risk
metrics and triggering events are monitored as part of the tracking
Control: Control corrects for deviations from planned risk mitigation
actions; and builds on project management processes to control mitigation
plans, respond to triggering events, and improve risk management
Communication: Communication among the appropriate organizational entities
must exist for risks to be identified, analyzed, planned for, tracked, and
controlled correctly. Risk communication lies at the center of the paradigm to
emphasize both its pervasiveness and its criticality.
As of this writing, the SEI Risk Program has drafted a questionnaire-based
risk identification method scheduled for formal release as an SEI Technical
Report in June 1993) as an approach to addressing the first activity in the
Risk Management Paradigm. The questionnaire was developed to provide coverage
of the risk areas defined in the SEI's Taxonomy of Software Development Risk
(see Figure 2-2). The taxonomy defines a framework for organizing and studying
the full breadth of potential software technical risk. Appendix A
describes the tax- onomy hierarchy in detail. The taxonomy-based questionnaire
applies a systematic data gathering technique to facilitate an objective and
consistent identification of software technical risks across the entire
taxonomic spectrum. The taxonomy-based questionnaire is at Appendix