Risk management during requirements

Risk management is project management for adults. This means the manager adopts an adult attitude toward things that might go wrong during the project, a marked difference from the prevailing can-do attitude. The risk manager is obliged to do some cannot-do thinking, to look problems - even potentially unsolvable ones - directly in the eye and acknowledge that they could come to pass. The risk-aware project manager will accept a lucky break if it should happen but refuses to include it in the plan. At the heart of risk management is a public, continuing process of risk identification. Some risks that will threaten your project are utterly unique to your situation, but others are not. Over some 10 years of conducting risk identification exercises in organizations, we have found five risks that are so ubiquitous that we have dubbed them core risks. We focus on the first two core risks and discuss risk management as part of the requirements process: intrinsic schedule flaws-estimates that are wrong (undoable) from day one, often based on nothing more than wishful thinking; and specification breakdown - failure to achieve stakeholder consensus on what to build.