Risk management is a generic technique that can be applied across all phases of the Architecture
Development Method (ADM), as well as in the Preliminary Phase and the Requirements
Management Phase2. Risk management involves the following steps1:
•Risk identification: This step involves identifying the potential risks that may affect the architecture
project, such as technical, business, organizational, environmental, or legal risks. The risks can be
identified through various sources, such as stakeholder interviews, workshops, surveys, checklists,
historical data, or expert judgment.
•Risk classification: This step involves categorizing the risks based on their nature, source, impact,
and priority. The risks can be classified according to different criteria, such as time, cost, scope,
quality, security, or compliance. The classification helps in prioritizing the risks and allocating
resources and efforts to address them effectively.
•Initial risk assessment: This step involves assessing the likelihood and impact of each risk, and
determining the initial level of risk. The likelihood is the probability of the risk occurring, and the
impact is the severity of the consequences if the risk occurs. The initial level of risk is the product of
the likelihood and impact, and it indicates the urgency and importance of the risk. The initial risk
assessment helps in identifying the most critical risks that need immediate attention and mitigation.
Reference: 1: The TOGAF Standard, Version 9.2 - Risk Management 2: TOGAF ADM: Top 10
techniques – Part 9: Risk Management
