Risk Management seems second nature to most of the folks whose worked dedicatedly in technology.
Unfortunately, the reality is, no one really tells you anything about it in college, until you worked on your first project or coordinated your first end-to-end development, integration or deployment.
Initially your college built-in mentality is to whine, procrastinate, and frown at the idea because what you originally thought as something straight forward (ei. develop scripts/solution then deploy), now has to undergo rigorous process engagements, sometimes on several verticals, all in the name of "due diligence" or worst yet - "industry best practices". You quickly loose any sense of security once you realize that your technical designs or development codes will have to undergo several layers of testing, validation, reviews, even before you get a chance to present it to a board or committee for approval.
All of which boils down to this = more frigging work for you, bub!
Slowly, but surely, you warm up to the idea. Not only because you've accepted this as a part of your professional life, but also because you appreciate the security that these once bothersome processes and risk control measures now offer.
Enter Risk Management 101- tadah!
At it's basic form, Risk Management is really a collection of process groups and best practices in the industry aimed at, well... managing risks. (duh!)
Curiously, the process of risk management, doesn't just matter or start when the problematic engineer comes breaking your door down with a problem - most of the time, there are no dramatic one-liners like, "Houston, we have a problem" sort of a deal.
Because of the degree of financial impact, coupled by that ever-present obiquitous dilema on optimizing operations and efficiencies; risk management now is expected to be part of every business (or technology) undertaking - part of the mythical "initiation check lists".
Deductive reasoning (and common sense...) will tell you that managing "risks" would have a better chances if it was identified at the very earliest point in the endeavor, allowing you to have enough time to put together logical convergent planning around remediating or managing the said risk.
Running into risks and issues for every project or undertaking is a statistical certainty. That is why, it is essential to put up control measures, trackers, indicators, and mitigation and remediation plans to detect them early, and provide acceptable terms on how to deal with it, even before the "risk" materializes.
Project Management practices, hopes to address this key item, and several project management professionals have already put in countless hours and text, priceless advise to attempt to better recognize, process, and mitigate risk
Because of the fact that each and every project or endeavor comes with its own unique challenges and "personality", no single individual out there can truly say, they will have a comprehensive account of the format on the process of Risk Management that they can simply grab and refer to whenever they encounter any risk associated dilema.
From most of the materials out there, together with my set of experiences in project managing, I've put together a practical set of advises/recommendations, that you need to understand to be better equipped at managing risks.
Please feel free to put whatever you feel needed to be included on the list:
(1) Understand the requirement(s) per the task at hand - This is a crucial first step, which most "seasoned" professionals sometimes feel they're just "too good" for. Accepting that all projects/tasks are unique means that no amount of experience/tenure can ever truly say that an individual has all that he needs to know about anything to cover "all bases". Once you understand this fact, you can proceed to the next step.
(2) Set a regular review process with your team/groups to discuss and identify potential "risk -centers" constantly evaluating its relevance - Only after fully understanding the requirements will you be truly inclined to sit down and identify the unique risks and risk-centers associated for a particular endeavor. By creating an avenue to review and discuss these items with your group or team, will you be able to better identify (and sometimes...) understand what the entire "risk picture" would look like. Leveraging on your team with specific skill sets and rich experiences would mean that you are not only covering the risk under your set of expertise, but also, catching essential risk items that your team will most likely have more understanding of.
(3) Keep a risk register log and follow up on remediation requirements and delegation of tasks - by investing time and resources to your risk review meetings, the logical steps is to track and address key questions like, what are the remediation plans/steps for the identified risks? and who will be accountable for creating a remediation plan? In doing so, you will be at a better position to understand the impacts of these risks and obviously, would be more empowered at addressing and assessing them according to an over-all go forward approach
(4) Follow up and communicate to management these risks - In order to better align the objectives of each undertaking, you need to communicate all associated risks, especially ones that would have financial, or operational impacts to management. This could easily be accomplished if you've been keeping my 3rd advise above.
(5) Delegate the risk, or assign it to any particular invidual or group for remediation - This means that once you've identified the risk, drawn up a form of remediation plan, you need to assign the risk item to the individual better suited to address the said item.
