Positive in risk management;)

“In the middle of difficulty lies opportunity”
Albert einstein

The book [1] (the list of sources is listed below) lists the maturity levels of companies and organizations in terms of risk management. There are 5 levels or stages:

• Problem stage - when work with risks is not conducted until they become problems
• Mitigation stage - when people are familiar with the concept of "risk", but no one knows how to manage risks on a regular basis (the concept of risk management was presented to them, but so far in very limited amounts). Often, the only risk management strategy is to reduce the likelihood of its occurrence.
• Prevention stage - when risk management becomes the activity of the team as a whole, in not only the task of management (project, department, company); The process involves more and more interested people who can identify risks, but their quantitative assessment still causes certain difficulties. This stage is the turning point from reactive to proactive risk management.
• Anticipation stage - this stage is characterized by the collection and analysis of metrics in order to anticipate future problems and predict certain events related to the project. The customer (client) is also involved in the risk management process, which makes it possible to more accurately conduct a quantitative risk assessment, as well as correctly prioritize
• Opportunity stage - this stage represents a positive vision of the risk management process when all stakeholders are involved (managers, project team, customer representatives). At this stage, each risk is treated (can be interpreted) as well as some possibility. Everyone is aware of these opportunities and the risks associated with them and can choose different paths of movement further, finding compromises between the level of risk and new opportunities

It is clear that different companies are at different levels of maturity. In my opinion, my company is now somewhere between Anticipation and Opportunity maturity levels, but we continue to work;) And at what stage is your company?

When I began to study risk management, I was very interested in the higher stage of maturity - the Opportunity stage. Although the debate about the exact definition of the concept of "risk" is still underway, it is traditionally assumed that risk is associated with such characteristics as uncertainty and loss. With uncertainty, everything is clear, but the risks, along with negative consequences, can also provide certain opportunities.

What are these opportunities? This may be to extract more profits from product development, activity with greater value added, minimizing rework in the finished product, long-term profits or savings from certain solutions (for example, using a particular system or component, an approach, etc.).

Specific examples? With them harder. Here is what I managed to find in [2]:

1. Initially the project was planned for 90 days. The customer would like to receive the product earlier (he thus will get more profit), but he agreed with this assessment. Using a new tool for testing may allow a product to be delivered within 60 days, however, no one worked with a new tool in the company before this point (lack of experience, training time, etc.). If this tool does not work, then the project may take even 110 days instead of 90.
2. An estimate was made according to which it takes 6 months to complete a medium sized project. We can finish the project earlier if we use the methodology of Extreme Programming. At the same time, the first build will be delivered to the customer in 3 months, the rest - every month. However, with this approach there is a risk that this methodology will not work for this project, or that the project team will resist changes, which will cause delays in the project.

Although the traditional approach to risk management tends to consider them only from the point of view of any troubles (losses, time delays, reduced quality, etc.), I believe that considering them and from a positive point of view can provide additional opportunities for profit, guarantees project success, customer satisfaction.
')
Honestly, I still don’t work very well with “positive” risks - this is due to the specifics of work and the space for improving risk management processes in my company. Have you encountered “positive” risks in your work? Can you give examples of such risks and ways of working with them? In what cases did success await you, and in what cases - complete failure?

List of sources

[1] Hall, EM, “Managing Risk - Methods for Software Systems Development”, Addison Wesley, ISBN 0201255928, 1997
[2] Mochal, T., “Factor Positive Risk Into Project Planning”, Tech Republic, 9 Sept. 2002 - techrepublic.com.com/5100-6330_11-1027709.html