Table of Contents

RISK CULTURE
Risk Thinking
What Is Risk?
A Boundary Problem
Expressing Risk: The Basic Terms
Risk Vocabulary
Risk-Driven Project Management
Controlling the Process, Environment, and Risk
Maturity in Risk Culture
Risk Scale
Preparing for Risk

RISK MANAGEMENT PROCESS
What Is Risk Management?
Risk Management Paradigms
Is There a Process?
In Real Life
Five Models for Risk Management
Model 1: The Organic Risk Management Process
Model 2: Goal Selection
Thinking about Less Risky Alternatives
Model 3: Minimum Risk Management
Model 4: Medium-Scale Risk Management
Model 5: IAMT Cycle
Model 6: Full-Scale Risk Management
Risk Management at Different Levels
Risk Escalation

RISK ATTRIBUTES
Risk Classification
Risk Attributes
Risk Origin
Screening the Risks
Three P's
Risk Severity
SEI Risk Taxonomy
Risk Levels
Time Element
Affected Process Areas
Affected Key Result Areas (KRA)
Affected Goals
Affected Requirements
Risk Name
Who Will Assign the Attributes?

RISK IDENTIFICATION
The Meaning of Risk Identification
Risk Identification Methods
Levels in Identification
Identifying Product Risks
Implementing Risk Identification Processes

RISK ANALYSIS
Scope and Purpose of Risk Analysis
First-Order Analysis
Useful Risk Distribution Analysis
Seeing the Larger Picture
Risk Levels and Analysis Effort
Ownerless Risks
Putting Together the Preliminary Analyses
The Analysis Report
More Analysis
How to Implement Analysis

RESPONDING TO RISK
Getting Started
Special Treatment for Catastrophic Risks
The Constraint Risks
Responding to Ordinary Threats
A Comparison of Two Levels of Response
Risk Response Plans
Risk Avoidance
Risk Transfer
Risk Acceptance
Risk Monitoring
Risk Mitigation
Contingency Plans
Strategic Plan
Risk Escalation
Implementing Risk Response

RISK TRACKING
What Do We Track in Risks?
A Moving Target
Tracking Risk Response Plans
Tracking the Bigger Response: Audits
Tracking Hazard Risks
Trigger Levels
Tracking Project Risks
Tracking Operational Risks
Tracking Enterprise Risks
Learning by Tracking
Risk Tracker Tool
The Hardening of Risks
Implementing Risk Tracking

RISK MODELS
Why Models?
Simple Risk Models
Implementing Risk Models

RISK INTELLIGENCE
Natural Warning Systems
Metrics Models
Earned Value Model
Estimation Model
Requirement Model
Critical Path Model
WBS Model
PERT Model of Risk
Implementing Risk Intelligence

FEED FORWARD
Beyond Risk Reports
Passing Knowledge Forward
Risk Communication: The Critical Need
Ten Barriers to Risk Communication
Risk Dashboard
Analytical Views
Use of Models
The Tool
Risk Closure Report
Better Than SPC
Incorporating FFL in Risk Management

INTEGRATED RISK MANAGEMENT
Economy Drive
The Visible and the Invisible
The Positive and the Negative
Program-Level Integration
Strategic Business Unit (SBU)-Level Integration
Enterprise-Level Integration
Integrated Plans
Integrated Risk Management: An Agile Process
How to Establish Integrated Risk Management

RISK MANAGEMENT: DRAFT PROCEDURES
Can There Be a Procedure?
The Risk Arena
Symptoms of Not Having a Formal Risk Management Procedure
The Anatomy of a Risk Management Procedure
For Whom?
Implementing the Procedures
Procedure 1: Risk Management at Project and Operations Level
Procedure 2: Enterprise Risk Management

APPENDIX A: CAPER JONES'S RISK

APPENDIX B: REX BLACK'S QUALITY RISK LIST

APPENDIX C: SEI RISK TAXONOMY

APPENDIX D: TOP N SOFTWARE RISKS

APPENDIX E: PMI, RISK MANAGEMENT PROCESS

APPENDIX F: IRM, RISK MANAGEMENT STANDARD

APPENDIX G: CONTINUOUS RISK MANAGEMENT (CRM) PARADIGM

APPENDIX H: BARRY BOEHM'S RISK MANAGEMENT PROCESS

APPENDIX I: RISK MANAGEMENT IN CMMI

APPENDIX J: REQUIREMENT RISK VERSUS MEASURABLE
QUALITY ATTRIBUTES

APPENDIX K: DIARY OF A RISK MANAGER

RISK GLOSSARY

REFERENCES

INDEX