Main Menu
Home / IT Governance / The “If/ Then” Risk Statement

The “If/ Then” Risk Statement

This blog post from Dave Gordon reviews the principle and lessons behind the If/Then Risk statement. As elementary as it may seem, this principle states that explaining to stakeholders what can happen in certain criteria are met (or not met), is more effective than simply trying to explain the risk itself:

You may remember the definition of a risk as “An uncertainty that matters.”   In this case, the  Event  is the uncertainty, and the  Consequences  are  why  it matters.   The risk statement relates the Consequences to the Event.   As an example, let’s say an interface is being built that will pass “hours worked” for each employee from the timekeeping system to the payroll system.   Obviously, the hours worked is a critical input in order to calculate payroll for those employees who are paid by the hour.   For this reason, the interface must be developed, and testing completed, before payroll system testing can begin.

So, to present this to a stakeholder, you’d say something along the lines of: if the timekeeping is not completely validated before payroll system testing, the payroll testing system will experience schedule slip. Dave Gordon explains how articulating consequences helps explain what will happen in the event, and why the stakeholder should be concerned about it.

About Anne Grybowski

Anne is a former staff writer for CAI's Accelerating IT Success, with a degree in Media Studies from Penn State University.

Check Also

The Obvious but Overlooked Reasons a Project Plan Can Fail

When it comes to managing projects, too many people stumble and fall on the essentials, …

Leave a Reply

Your email address will not be published. Required fields are marked *