OSS risk approaches

When anyone asks me how I can best describe my experience of nearly forty years at sea, I merely say, uneventful. Of course there have been winter gales, and storms and fog and the like, but in all my experience, I have never been in any accident of any sort worth speaking about…I never saw a wreck and never been wrecked, nor have I been in any predicament that threatened to end in disaster of any sort….”

“I cannot imagine any condition which would cause a ship to founder. I cannot conceive of any vital disaster happening to this vessel. Modern shipbuilding has gone beyond that.
Both of these quotes come from Captain Edward J. Smith, the Captain of the RMS Titanic.

If this is your approach to risk on OSS projects, then A) your previous projects have been run remarkably well and B) I hope a calamity doesn’t await future projects.

Your organisation probably already has its own risk management approach in place for all projects. I tend to base my OSS risk management strategy around Australian/New Zealand Standard AS/NZS 4360:2004, mainly because of familiarity rather than relative merits compared with other approaches.

The AS/NZS standard recommends the following elements, which seem pretty logical for analysing risks:

  • Establish Goals and Context
  • Identify Risks
  • Analyse Risks
  • Evaluate Risks
  • Determine Risk Treatments / Mitigations including:
    • Avoiding the risk by discontinuing activities that cause it
    • Reducing the likelihood of occurrence
    • Reducing the consequences of occurrence
    • Transferring the risk
    • Retaining the risk
  • Monitor and Report on the effectiveness of Risk treatments

To be honest, I intentionally keep the process simple and unsophisticated. By preparing and maintaining a risk matrix, the list of tasks above can be managed relatively simply.
A simplified version of the risk matrix I tend to use for OSS Implementation projects can be found on this page.

As you’ll notice, risks 001 to 009 are shown to demonstrate the framework of the risk matrix. Feel free to contact me if you’d like a more comprehensive version.

Read the Passionate About OSS Blog for more or Subscribe to the Passionate About OSS Blog by Email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.