Managing risk programmes
From Figure 10.1 it is clear that IS project risk management begins with an analysis process. Once this is completed a series of actions are triggered in order to reduce the risk, The original risks and the impact of these actions are reviewed from time to time. If the risk still remains too high, i.e. the situation is not satisfactory, then further analysis is required which in turn leads to more action and subsequent reviews. If, after the review process, the risk situation is found to be satisfactory then the project manager will routinely continue with the project until the system is commissioned. However, even where the IS project risk review is found to be satisfactory, it will have to be repeated at regular periods in order to ensure that no further risk complications occur.