Risk assessment

The assess risk task is used to identify the unpleasant consequences of internal and external forces on the enterprise during the transition or in the future state.

Once the potential impact of those forces are understood a recommendation can be made on the course of action.

The business analyst has to analyze the risks associated with the solution and this involves analyzing and managing these risks.

These risks might be related to the current state, the future state, the change, the change strategy or any other related tasks.

To properly analyze the risk the business analyst has to consider the following:

1. The possible consequences of the risks.

2. The impact of those consequences.

3. The likelihood of the risk.

4. The potential time frame of the risk.

The information gathered from the response to these questions would help in coordinating a change strategy.

There are five elements that can help with the assess risk task and they are:

a. Unknowns: when assessing a risk, there is no certainty that it would occur and if it does occur, what would its impact be on the enterprise.

The business analyst would work with key stakeholders to assess the risk of the current state. The business analyst can use historical data from similar situations to asses the risk of the enterprise.

The lessons learned from the past and expert judgement from the stakeholder can help the business analyst guide the team in deciding the impact and likelihood of the change in the current state.

b. Constraints, assumptions and dependencies: constraints, assumptions and dependencies can be assessed for risks and sometimes are assessed as risks themselves.

c. Negative impact to value: risks are the conditions that increase the possibility or severity of a negative effect of value. The business analyst should identify and express the risk to estimate its likelihood and impact.

Once all the risks have been identified, the business analyst collates the total risk from the individual risks and assess the overall potential risk. The risk impact can be quantified by time, efforts or other measures.

d. Risk tolerance: the risk tolerance of an enterprise is the amount of risk they are willing to accept in exchange for potential value.

There are three ways of describing risk tolerance and they are:

1. Risk-aversion: this is an unwillingness to accept risk or uncertainty.

2. Neutrality: this is a willingness to accept some risk as long as it does not result in a loss of value.

3. Risk-seeking: this is a willingness to accept more risk as long as it results in a higher potential value.

An organization can exhibit different risk tolerance at different times based on the situation.

e. Recommendation: based on the risk analysis the business analyst would make a recommendation.

The recommendation would be one of the following:

i. accept the change regardless of the risks.

ii. accept the change while mitigating the risks.

iii. find ways to increase the benefits of the change which would reduce the risks.

iv. identify ways of optimizing opportunities.

v. do not go ahead with the change.