Presentation is about risk management in IT projects. It describes basic concepts and approaches when it comes to assessing and identifying risks. The full presentation can be found on our youtube channel - https://www.youtube.com/watch?v=SR6CwTj_qz0. It was conducted in Visuality by Wiktor De Witte - Project Manager.

1. Risk
Prepared by Wiktor De Witte

2. Table of Contents:
● What is a risk? What is a risk in a project?
● Characteristics of a Risk
● What isn’t a risk?
● Hold up - why I am sitting here at this lightning talk listening to this?
● Risk Management
● Assessing the risk
● Risk Matrix
● Types of reactions to a risk
● Okay thanks for wasting my time, now what?
There is a funny animal
on some of the slides if
that presentation
doesn’t appeal to you

3. 1. What is a risk? What is a risk in a
project?
Definition of a risk in Oxford Dictionary:
● Exposition ( of someone or something valued) to danger, harm, or loss.
Definition of a Project Risk in PRINCE2 Manual :
● Risk is a set of events that, should they occur, will have an effect on achieving
the project objectives.

4. Characteristics of a Risk
● Risk doesn’t mean necessarily mean that there are only threats to happen,
risks might be also connected to some positive outcome or an opportunity.
● Risk means there is something uncertain, a chance to happens. Once risk
materializes, it’s not a risk, it happened.

5. What isn’t a risk?
● Again, risk definition implies uncertainty. Certain events are not risks - they are
collateral damage that have to be accepted.
You wouldn’t be able to go to work
on Monday if your kid catches fever on Sunday ← Risk
Your kid caught fever and you can’t show up in the office
on Monday ← not Risk

6. Hold up - why am I sitting here listening
to this? Where is KFC? Should be here...
● Being aware of uncertainty of some aspects lets you focus on those part and
mitigate possible effects.
Example: There is Majówka coming and most of the office is flipping meats on the
grill. What if there is an outage in production environment? Our clients will lose
money.
Mitigation: Team establishes firewatch during the Majówka
and in case of fire, will break the glass.

7. Risk Management

8. Assessing the Risk
A risk has essentially two values that are key for it’s proper assessment:
● Likelihood of occurrence ( [0,1,2,3,4,5], where 0 is 0% chance something is
about to happens and 5 is almost impossible to NOT to happen.)
● Impact ( [0,1,2,3,4,5], where 0 is negligible and 5 is a critical hit )
Depending on these values we can pinpoint these
risk to a following table:

9. Risk Matrix

10. Risk Matrix pt. 2

11. Types of reactions to a risk
● Threat
○ Avoid ( Take action so the threat no longer has impact or can no longer happen.)
○ Reduce ( Reduce the probability of the risk. Reduce the impact if the risk does occur. )
○ Fallback ( A fallback plan of actions that would be done if the risk occurs and would become an
issue)
○ Transfer ( Transfer the financial risk to another party )
○ Share ( Find some party that is going to share losses )
○ Accept ( Take a decision about not caring )
● Opportunity
○ Share ( Same as above )
○ Enhance ( Enhance is where you take actions to improve the likelihood of the event occurring
and you enhance the impact if the opportunity should occur.)
○ Exploit ( Exploit is where, if the risk does happen, you would take advantage of it and use it.)
○ Reject ( Take a decision about not caring )

12. Okay, thanks for wasting my time, now
what?
Situation:
You are a project team member and the team is composed of 3 backend
developers and one frontend developer. You know that frontend developer
has some problems with law and is sometimes summoned by court to show up
here and there. What can you do to avoid bottlenecks?

13. Okay, thanks for wasting my time, now
what?
Options we have on the table:
● Avoid - ask for a presidential pardon ( avoid probability ) / turn the colleague over for someone else
with greater availability ( avoid impact )
● Reduce - ask the colleague about some timetable of court hearings ( reduce probability ) / plan
sprints accordingly to potential absences, declaring less value ( reduce impact )
● Fallback - discuss the situation with the higher level and whenever that happens, stop the sprint and
re-initiate anew, focusing only on backend-related increment.
● Transfer - hire a full time 3rd party dev to reduce bottleneck and increase bus factor to 2.
● Share - find a 3rd party developer willing to fill in the shoes in case of a court hearing.
● Accept - whatever. Life’s life. I am not going to pretend we can do something about anything.

14. Okay, thanks for wasting my time, now
what?
Which one was the best?
The one with the best Effect ( Direct Result + Fallout ) to Cost ratio. And the one that
doesn’t make you a jerk in front of your colleagues.