November 17, 2006 - Risky Business Part 5

So far we have identified, prioritized and defined mitigation steps. We have moved from a list of excuses for failure to a list of things that could save our project. But if we stopped there nothing will get accomplished and we will still get bit.

Assign an Owner. Without ownership being assigned to the mitigation steps, no one will do them. It’s like walking into your messy living room and saying, "someone really ought to clean this up." Chances are it will be messy the next time you walk in, too. It is important that the responsibility of the action be given to a single individual. If 2 or more are assigned they will either talk it to death or assume the other has it covered.

Two quick notes. First, a risk can have more than one mitigation step. Either assign an individual to each step or make one person responsible for ensuring it gets done. Second, the person assigned does have to be the one that does the work. Don't try to micromanage a separate group’s resources, assign it to the team lead.

Set a Due Date. Determine when each mitigation step needs to be completed. If possible allow the individual assigned the step to set the date. A date imposed is "unrealistic" but one that is self-selected carries a subconscious commitment with it. Granted, dates that are too far in the future will need to be negotiated.

Track it. Give things a chance to happen. Although risks can be discussed during status meetings, ideally a separate meeting should be scheduled on a monthly basis to rework the list to:
* Check status on mitigation steps
* Identify new risks
* Re-assess the probability and impact levels
* Modify mitigation steps and dates

By actively pursuing risks you can eliminate potential issues before they even start.