The purpose of assessing risk is:
To understand the undesirable consequences of internal and external forces on the enterprise during a transition to, or once in, the future state. An understanding of the potential impact of those forces can be used to make a recommendation about the course of action.
When assessing risks, the needed inputs are as follows:
The only output is risk analysis results which include the following tasks:
One of the most important questions you should ask yourself and the stakeholders is:
How much uncertainty are we as an organization or you as a stakeholder willing to take on in exchange for potential value?
There are 3 different attitudes toward risks:
The BA's job is to collaborate with stakeholders and assess risks based on the current situation. However, since it's not possible to know what will occur, it is necessary to include the impact of the unknowns on the initiative. This is done through experiences, historical contexts, the lessons learned from past changes, and expert judgment from stakeholders.
The known elements such as constraints, assumptions, and dependencies. They too can be analyzed for risks and seen as risks. If, for example, any of the stated elements are associated with any component of the ongoing change, it has to be treated and managed as a risk. In this case, the BA is in charge of identifying the event or condition and consequences that could occur.
The negative nature of the risks, as stated in the guide, we can say that the risks themselves can have a negative impact on the value to be delivered. Each risk is identified along with the expected level of happening and its impact. So a part of the BA's job is to aggregate these individual risks and indicate the overall potential impact. The impact can be stated through: