IT GovernanceRisk Management

The “If/ Then” Risk Statement

This blog post from Dave Gordon reviews the principle and lessons behind the If/Then Risk statement. As elementary as it may seem, this principle states that explaining to stakeholders what can happen in certain criteria are met (or not met), is more effective than simply trying to explain the risk itself:

You may remember the definition of a risk as “An uncertainty that matters.”   In this case, the  Event  is the uncertainty, and the  Consequences  are  why  it matters.   The risk statement relates the Consequences to the Event.   As an example, let’s say an interface is being built that will pass “hours worked” for each employee from the timekeeping system to the payroll system.   Obviously, the hours worked is a critical input in order to calculate payroll for those employees who are paid by the hour.   For this reason, the interface must be developed, and testing completed, before payroll system testing can begin.

So, to present this to a stakeholder, you’d say something along the lines of: if the timekeeping is not completely validated before payroll system testing, the payroll testing system will experience schedule slip. Dave Gordon explains how articulating consequences helps explain what will happen in the event, and why the stakeholder should be concerned about it.

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.