BA Techniques: Risk Analysis and Management

Written by IISCM | Jul 8, 2020 12:34:21 PM

Purpose

Risk analysis and management identifies the areas of uncertainty that could negatively affect the value, analyzes, and evaluates those uncertainties, and develops, and manages ways of dealing with the risk.

Business Analysis Body of Knowledge® (BABOK®)

Risk analysis is defined as the sequence of processes of risk management planning, analysis, identification, and controlling the risk on the project. The risk is any uncertain event or condition that might affect the business analysis effort that impact on the outcome of the business solution. Businesses are often faced with multiple risks that have to be analyzed and managed. Risk management is not only about what can go wring but it is also about what can go right. The purpose of risk analysis is to identify all the uncertainties that have an impact on the initiative. The risk tolerance and the threshold of the project must be fully understood, defined, and communicated. Once the risk have been identified by the team, risk assessment can be carried out in a collaborative setting where the team members can gather to determine the probability and the impact of the risks.  

Risk analysis and management involves identifying, analyzing, and evaluating the risks that negatively affect the product outcome. The sufficient controls are not already in place, business analysts develop plans for avoiding, reducing, and modifying the risks, and when necessary, implement these plans. Risk management is an ongoing activity. Continuous consultation and communication with the stakeholders helps to both identify new risks and to monitor the identified risk in the product.  When elicitation focus on identifying exceptions and failure points, then its a form of risk management. As apart of elicitation effort, business analysts typically identify the risks by asking what-if question to the stakeholders.

Some of the articles related to Risk analysis and management techniques are as follows,

The main factors that have to be considered in risk analysis and management are,

  • Risk Identification - Risk are discovered and identified through the combination of expert judgement, stakeholder input, experimentation, past experiences, and historical analysis of similar initiatives and situations. The goal is to identify a comprehensive set of relevant risk and to minimize the unknowns. Risk identification is an on-going activity.
  • Analysis - It involves understanding the risk, and estimating the level of the risk. The consequences of a risk are described in terms of their impact on the potential value. The impact of any risk can be described in terms of cost, duration, solution scope, and solution quality.
  • Evaluation - The risk analysis results are compared with the potential value of the change or of the solution to determine if the level of risk is acceptable or not. An overall risk level may be determined by adding up all the individual risk levels.
  • Treatment - One or more approaches for dealing with a risk may be considered, and any combination of approaches could be used to address a risk.
  • Avoid - either the source of the risk is removed, or plans are adjusted to ensure that the risk does not occur.
  • Transfer - The liability for dealing with the risk is moved to, or shared with a third party.
  • Mitigate - Reduce the probability of the risk occurring or the possible negative consequences if the risk does occur.
  • Accept - Decide not to do anything about the risk. If the risk does occur, a work around will be developed at that time.
  • Increase - Decide to take on more risk to pursue an opportunity.

 

Some of the books for Risk Analysis and Management techniques are,