CERT-SEI

Traditional Risk Management Tools and Methods

Continuous Risk Management

When using Continuous Risk Management (CRM), risks are assessed continuously and used for decision-making in all phases of a project. Risks are carried forward and dealt with until they are resolved or they turn into problems and are handled as such. Projects or organizations can easily establish continuous risk management as a routine practice and then continue to improve this process.

Using CRM, technical managers and lead engineers learn how to build a risk management process that is tailored to their specific project or organization; software engineers learn how to perform the risk management methods and use the CRM tools; change agents (such as members of software engineering process groups) learn why continuous risk management should be used and how to get projects to tailor it and start using it.

Although CRM deals primarily with performing continuous risk management in a software development environment, it can easily address systems, hardware, and other domains.

Software Risk Evaluation

The SEI Software Risk Evaluation (SRE) Service is a diagnostic and decision-making tool that enables the identification, analysis, tracking, mitigation, and communication of risks in software-intensive programs. An SRE is used to identify and categorize specific program risks emanating from product, process, management, resources, and constraints. The program's own personnel participate in the identification, analysis, and mitigation of risks facing their own development effort.

An SRE provides a program manager with a mechanism to anticipate and address program risks. The SRE introduces a set of activities that, when initiated, begin the process of managing risk. These activities can be integrated with existing methods and tools to enhance program management practices.