BEST PRACTICE: Proactively perform risk assessment / analysis
A risk is any event, positive or negative, that may have impact to the success of the project. In order to effectively manage project risks, they must be identified and analyzed. Risk analysis has multiple purposes. First, it documents the organization's risk threshold and identifies those events, which when triggered, need to be acted on. It also proactively defines the actions that will be taken if the event is realized and assigns owners. In this manner, the event can be quickly handled should it arise.
Each project is unique. The environment may have changed; thus, risks, or the organization's tolerance to them, may differ from project to project, or even within the same project over time. For these reasons, risks should be analyzed at least once in every project. Risk analysis should be completed early in the project once scope and requirements are known. Reviewing the risk assessment periodically throughout the project helps to ensure all team members are aware of the risks and know the actions to be taken, and may identify new risks that need to be added. Ensuring the team has access to the risk analysis document helps to ensure risks are resolved in an efficient manner.