Managing risks as a Business Analyst

At the end of May we had the pleasure of attending a Risk Management workshop held by Peter Leeson, CMMI Lead Appraiser and instructor with over forty years’ experience in the IT industry.

Managing Risks as a Business Analyst - Raluca Piteiu

Being inspired by this workshop, our colleague, Raluca Piteiu, came up with an article and captured our attention regarding the implications of risk management for a Business Analyst:

I was impressed by Peter’s experience and expertise and also by all the information he managed to deliver in only half a day. Being a business analyst, I couldn’t help but find the connections and implications or risk management in our day to day practice and walk away from the workshop with a series of already identified risks on the projects I was working on.

But let’s start with a little bit of background information.

What is a risk anyway?

According to the business dictionary a risk isa probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.” Building up on this, risk management represents “the identification, analysis, control, and avoidance, minimisation or elimination of unacceptable risks”.

While it is mainly the project manager’s job to manage risks throughout a project, – what is management if not constant risk management? like Peter Leeson said – the business analyst, as well as any other team member for that matter, can contribute to this exercise by identifying risks related to their area of expertise. Since we are all human, each of us is subjective and has a different perspective, therefore contributing with and identifying different risks regarding on the same topic.

Depending on the project, the business analyst may be involved from the very beginning, from the “plan” phase, or can only be part of the project team at a later stage in its life cycle. Either way, after a first contact, say kick-off workshop, with the client’s context and the project, the BA should have already identified potential risks related either to the product, the requirements, the way of working, or any other aspect he can think of.

Probability. Impact.

After collecting the above mentioned risks, the BA should add them to a risk log, and then classify them according to probability (How likely is this risk bound to happen?) and impact (What impact will the risk have it will actually happen?). The next step consists of mapping them on the risk matrix, thus allowing the BA to make informed decisions and, if needed, discuss with the right stakeholders (PM, team, client, etc.) in order to define a strategy and action plan on how to handle the various risks.

Of course, risk management is an ongoing activity and the risk log and risk matrix should be revisited as often as possible in order to always be aware of the changes and action points which need to be defined following them.

Being aware of the risks and communicating them to the relevant stakeholders as soon as possible, will not only help the BAs build up a solid relationship with the client and prove their professionalism, but also focus on the quality of the project/product and make sure that all necessary measures are taken in order to deliver the best value to the client.

To sum it up, managing risks allows the Business Analyst to deliver the best services he can by making informed decisions and suggestions, while always keeping in mind that at the end of the day we need to deliver not only functionality, but most of all value.

To finish off, here are the top takeaways from the risk management workshop from a BAs perspective:

  • It is better to manage risks and be aware of what might happen than being taken by surprise and not knowing how to react
  • Communication and collaboration are crucial factors in risk management