Risk management, though closely associated with project management, also has relevance in the world of business analysis.

Requirements risk management however differs from project risk management. Requirements risk management focuses on actively identifying and managing the uncertainties associated with the recommended solution while project risk management focuses on the uncertainties linked to the project. Requirements risk management can however, complement the project manager’s risk management effort and is particularly essential to delivering successful projects as it aids anticipating and solving problems that may affect requirements during the course of implementation.

Requirements risks are occurrences or conditions that can affect the successful development of an end product if not properly managed. As part of elicitation efforts, BAs typically identify risks by asking “What-if” questions. When elicitation efforts focus on identifying exceptions and failure points, it’s a form of risk management. The idea is to find potential solutions to these questions and include them as part of requirements to reduce the probability of missing out on critical requirements.

To simulate the usefulness of this technique, let's take a look at this requirement:

“The system shall reduce an employee’s leave balance by 1 day if their attendance record is not detected for that day.”

Here are some “What-if” questions you may ask to identify the risks linked to this:

“What if the staff’s attendance records are not uploaded to the system by the security team?”

The fact that staff’s records have to be manually uploaded has become a potential “risk” to the project. A risk statement could then be posed as:

“If attendance records are not uploaded to the system, leave balance deduction will be inaccurate”

One response to this risk is the introduction of a requirement to ensure that “Attendance records are automatically uploaded” to avoid the delays and risks associated with manual upload of data.

Due to the central role that requirements play in successful projects, it’s important to actively identify and manage the risks associated with them. For effective risk management, the following steps should be taken:

1. Organize a session for project stakeholders to brainstorm on possible risks

2. Rank the risks based on the probability of their occurrence (How likely is it that an identified risk will cause a problem?) and the impact (To what extent will the risk affect requirements?)

3. Discuss/evaluate ways of managing identified risks - make sure at least one team member is responsible for monitoring each risk and that all team members understand the impact of their actions on requirements and the eventual success of the implementation.

4. Actively monitor the project and identify additional risks where they occur.

Requirements Risk Mitigation

Here are some general requirements risks that apply to most projects (and requirements) and some ideas on how they can be mitigated:

1. Lack of involvement of the technical department

- Identify the technical stakeholders

- Run requirements by them early enough before they are due to be implemented

2. Scope creep

- Ensure that all stakeholders understand the scope

- Validate requirements as often as possible

3. Poor impact analysis

- Document requirements and get all relevant stakeholders to review them for any missing and dependent requirements.

Thinking of requirements risks can help to build stronger requirements and close gaps not already covered by the recommended solution. Through the use of complementary techniques like interface analysis, document analysis, etc, BAs can come up with requirements aimed at preventing risks from becoming reality. Controls designed to address each risk should be put in place though this may lead to the creation of additional product requirements.

Requirements Risk Log

Interested in keeping a log?

Here are some possible headers for documenting requirements risks:

Risk ID
Risk description
Probability of occurrence and
Impact of occurrence, for ranking risks

Thinking of the risks linked to each requirement can certainly help to identify critical requirements that may otherwise, be missed. There’s certainly significant value to be had by proactively monitoring requirements for potential risks before they are implemented.

Featured

The Business Analyst Competency List

Being a business analyst is a journey filled with challenges and triumphs, where the treasure is not just data but insights that transform businesses. Fundamentally, we do our best not only to understand information but also to think of how we can use that information to lead transformation, efficiency, and improvement. In this article, we’re looking at some of the most sought-after competencies vital in navigating the intricate world of business analysis.

Optymyze CEO Discusses How To Use Data Analytics To Improve Your Business Processes

Data and analytics can provide invaluable insights into how your business is performing. Experts like Mark Stiffler say that leveraging data and analytics can uncover new growth opportunities, strengthen existing processes, and increase your overall efficiency. In this blog post, we'll discuss eleven tips you can use to leverage data and analytics to improve your business processes.

6 Tips For Software Vendor Selection

Selecting vendors for software implementation projects can seem like a complicated process but it doesn’t have to be with the right tips in mind. This article discusses tips for vendor selection you should know about.

BPMN Diagrams For Dummies

Business process modeling notation, or BPMN, is how BPM professionals communicate the design of a specific process, be it simple or exceedingly complex. Various steps in any process may come up. Notation helps a business process management (BPM) professional identify these at a glance and describe what needs to be done at any given point during the process based on element types.

3 Reasons Why Most Digital Transformation Initiatives Continue To Fail

Are you thinking about initiating a digital transformation campaign in your company?

If so, you may be worried about what could go wrong and the challenges that possibly lie ahead. You've probably heard about the many unsuccessful stories, and you're right to be concerned.

Establishing Rapport With Critical Stakeholders

To bridge communication gaps, understand why establishing a good rapport is vital. Then, apply these methods to building relationships with your most important stakeholders.

Removing “Analysis Paralysis” From Team Sessions

For many teams, careful planning and data-driven examination of the challenges they face are paramount to success. There is power in information and analytics, but their potency can be a double-edged sword, especially if you're prone to analysis paralysis.

What Are Critical Success Factors?

How can we aim for, or even define, business success, if we don't know what it is? Critical success factors (CSFs) are an important element in business, and essentially entail identifying what really matters. In this blog post, we will explain exactly what critical success factors are, and take you through some of the different types.

Looking For Business Insights? Here's A List Of Free Online Survey Tools To Explore

This article discusses four online survey platforms that provide free survey management features which can be used with either the internal or external customers of a business.

How To Define A Winning Value Proposition

The value proposition is the reason why customers turn to one company over another, and can be viewed as the collective attribute(s) or a bundle of services/products that satisfy the unique needs of the specific customer segment a business serves.

General BA Matters

Requirements Risk Management: What's In It For Business Analysts?

Requirements Risk Mitigation

Requirements Risk Log

Business Analyst Learnings

USEFUL BA PRODUCTS