This practice ensures the team continues to update their risk log, analysis, and strategies as the project progresses and the environment changes.
Complacency is a top killer for projects. If a team becomes complacent and fails to monitor risks (or identify new ones), a project can suffer.
The last step in the process is monitoring and controlling the risk management process by making sure our strategies are effective, continually looking for new or escalating risks and ways to improve.
Risk Burn-Down Graphs
Risk burn-down graphs are a great way of showing the project's cumulative risk position and trends over time. They are stacked area graphs of risk severity that allow trends, along with new and escalating risks to be easily identified.
Risk retrospectives are periodic reviews of the risk and opportunity log and risk management processes being used on the project. Just as we review the evolving product and team processes throughout the project, so should we be evaluating the effectiveness of the risk management plan and processes being used by the team.
What are some types of questions we could/should be asking when we regularly review our risk management approach?
Finally, reviewing is not enough — we need to update our risk management artifacts, update our risk lists and EMV scores, and groom the backlog with new features and new risk responses; and always rebalancing the priorities. Update the risk information radiator graphs (like our risk burn-down graphs), and make sure people are not only looking at the impacts of new work in terms of estimates, but potential risks, too.