Who Is Responsible For Risk Consequencies
Risks are defined in a Risk List during the Inception Phase and are presented to you prior to the LCO Milestone. You have to choose a strategy for each Risk that appears on the list.
You have two options — either to pay for the implementation of a pro-active Mitigation Plan and eliminate the Risk, or to do nothing, but agree that if the Risk happens, you will assume responsibility later by paying for Contingency Plan.
This following is an example of a possible Risk:
Risk description | Mitigation Plan | Contingency Plan |
---|---|---|
Data provider changes the API on its own schedule, without prior notification. The next change may happen before the project release Milestone, and the system won't work | Develop a configurable XML-based integration module that will allow dynamic API changes without code re-factoring | Integration module re-factoring |
The numbers for these different plans include:
Plan | Cost, staff-hours | Duration, business days |
---|---|---|
Mitigation Plan | 140 | 7 |
Contingency Plan | 280+ | 10+ |
All of these numbers are provided to you prior to the commencement of the project. Thus, there is a choice of spending 140 staff-hours immediately to remove the Risk, or to do nothing, with the understanding the 280 or more hours may be required later at your expense.
The first option is called mitigation and means that you are ready to spend time and money pro-actively in order to guarantee that the Risk will be removed.
The second option is called acceptance, and means that you do not take any action, but is ready to pay later if the Risk does in fact happen. If the Risk never happens, you will never pay for it.
If the Risk is not identified and is not listed in Risk List, the Risk is already mitigated, and bears no responsibility for you.