This PA is not just about listing
risks and reviewing them at project meetings. It is about studying the
risks and measuring their impact and probability on project activities. For
example, an illustration of increased maturity and sophistication required
for your organization between Level 2 risk management and Level 3 risk
management is taken from the old CMM for Software. In the old CMM,
the measures taken for each identified software risk included ???the realized
adverse impact compared to the estimated loss; and the number and magnitude
of unanticipated major adverse impacts to the software project, tracked
over time.??? Sounds like more than just sitting around in a project meeting
reviewing a risk list.
The main focus of this PA is on project risks. However, the same concepts can
be applied to organizational risks.
There are no generic practices that directly map to this process area.
n
n
Understanding Maturity Level 3: Defined n 105
Risk Management includes identifying and categorizing risks; generating a risk
management strategy; analyzing risks; documenting risk mitigation plans; mitigating
risks; and monitoring the risk effort.
Pages:
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269