MAN.5 Risk Management

Linked Knowledge Nuggets:
arrow_forward "Risk Management"

person Author: Process Fellows
MAN.5 – Risk Management ensures that potential risks are systematically identified, analyzed, and treated throughout the project. It includes defining suitable methods (e.g. FMEA), evaluating risk acceptance, and taking corrective actions to reduce impact. The process creates transparency and supports informed decision-making.

• school PF_MAN.5_Risk Management_Extract.pdf
  Short Overview of the MAN.5 Risk Management Process covering base practices, some examples and a comparion between Automotive SPICE® version 3.1 and 4.0

• O1 The sources of risks (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) are identified and regularly updated.
• O2 Potential undesirable events are identified as they develop during the conduct of the project (Project = Endeavor with defined start and finish dates undertaken to create a product or service in accordance with specified resources and requirements.).
• O3 Risks (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) are analyzed and the priority in which to apply resources to treatment of these risks (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) is determined.
• O4 Risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) measures (Measure = An activity to achieve a certain intent.) are defined, applied, and assessed to determine changes in the status of risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) and the progress of the risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) treatment activities.
• O5 Appropriate treatment is taken to correct or avoid the impact of risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) based on its priority, probability, and consequence or other defined risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) threshold.

BP2 Identify potential undesirable events. ( O2 )

Identify potential undesirable events within the scope of the risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) management for the project (Project = Endeavor with defined start and finish dates undertaken to create a product or service in accordance with specified resources and requirements.).

Linked Knowledge Nuggets:
arrow_forward "Examples of potential undesirable events"

person Author: Process Fellows
Throughout the entire project lifecycle, various undesirable events may occur, affecting internal and/ or external stakeholders. These events can be categorized for example into process-related and technical product-related ones.

• Process-Related Undesirable Events:
  These refer to disruptions or deviations in project execution and collaboration: Project progress deviates from the planned schedule or effort estimates. Resources, including personnel, are unavailable when needed. Commitments made by development partners are at risk of not being fulfilled.
• Technical Product-Related Undesirable Events:
  These concern the quality and suitability of the delivered product: Defective product is delivered to the customer. Requirements are incomplete or missing and therefore the product does not provide the needed capabilities. Changes in the product lead to unintended impacts on product's behavior.

BP6 Monitor risks. ( O4 )

Regularly re-evaluate the risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) related to the identified potential undesirable events to determine changes in the status of a risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) and to evaluate the progress of the risk (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) treatment activities.
Note 5: Risks (Risk = The combination of the probability of occurrence and the consequences of a given future undesirable event.) of high priority may need to be communicated to and monitored by higher levels of management.

Linked Knowledge Nuggets:
arrow_forward "Managing project risks effectively"

person Author: Process Fellows
Risk registers are not enough. MAN.5.BP6 expects continuous monitoring, i.e. a regular update, including mitigation actions. Use heat maps, risk burndown charts, and regular risk reviews.

arrow_forward "Why is a regular risk monitoring helpful?"

person Author: Process Fellows
Risks should be tracked regularly in risk management for several important reasons:

• Risks Can Evolve Over Time: Risks are not static. Their likelihood, impact, or relevance can change due to internal or external factors such as project progress, market shifts, regulatory updates, or technical developments. Regular tracking ensures that the risk profile remains accurate and up to date.
• Enables Timely Mitigation: By monitoring risks continuously, teams can respond quickly when a risk becomes more critical or imminent. This allows for proactive mitigation strategies rather than reactive crisis management.
• Supports Decision-Making: Updated risk information helps stakeholders make informed decisions about priorities, resource allocation, and contingency planning. It ensures that decisions are based on current realities rather than outdated assumptions.