Risks are everywhere around us in our life and our brain uses ways to determine whether we should react to it or not. Let’s see some examples: you are walking down the street, get to the corner, the light is red, drivers have their cars stopped and the pedestrian signal says “walk”; without even think about it, you’ll cross the street. But, if the same situation happened on a corner without lights and cars coming from the left at a considerable speed, you would look and choose when to cross the street, finding the safest moment to do it.

At some point, in just a few milliseconds, the brain assesses the situation and determines what could go wrong and what the consequences would be. Immediately after that, the decision is clear: cross or wait.

We do exactly that when developing software, documenting it so everybody knows about the system. And we do that so we can determine a mitigation plan (waiting for a bit before crossing or just use another corner to cross in the example above). The process is very simple and consists in assessing two variables: likelihood and impact.

Likelihood: the chance of something, unexpected at this point, to happen.
Impact: how much it will affect the project.

Identifying risks

In both cases we can use a range that goes from low to very high, having 2 or three steps in the middle: low, medium, high, very high.

But, what is risk? Everything that could go wrong? Well, not really: it is about things we can’t control. Let’s say we need to buy a printer for a project, the risk won’t be our ability to buy it, but the likelihood of not getting the money from the accountant or a delay in the shipping.

In four easy steps, the process will be:
  1. List the risks
  2. Determine the likelihood and impact
  3. Think of a mitigation plan
  4. Add a cost of the mitigation plan

Lets see an example:

Risk Likelihood Impact Mitigation Plan Cost
One of the developers has quit Medium High Add an extra developer part time to the project that is up to speed and can quickly cover the other one $3,000 * 50% of the salary of a developer.
We run out of power supply for more than 4 hours Low High Rent a generator for the whole summer $4,500 * The cost of the rent
The client didn't provide credentials on time High Medium Ask the client every other day for credentials and let them know that the lack of credentials will delay the project deadline Reputation
Apple releases a new iOS version that prevents us to publish our app Medium Low Subscribe to Apple news to be the first to know. Discuss with the client what we would do if/when this happens 10 days: Two weeks of work of our dev/testing teams. Plus going live two weeks later.

( * ) numbers are for the solely reason of explaining that risks can be measured