What’s the risk of not addressing a risk?  What happens on a project when a risk is identified and not addressed/mitigated?    There may be reasons not to correct it, e.g low probability of occurrence and minimal impact,  but how do we document and track this decision?  And if we’re delaying an implementation how do we insure the risk is addressed at a later date, e.g. next version release?   How do we insure that if an audit takes place the project team can clearly explain the reasons for the decision?  Is this even acceptable?
Continue reading →