When documenting risks in a business case, it is essential to follow structured processes to ensure
risks are appropriately identified, analyzed, and managed. Let’s evaluate each option again based on
best practices outlined in the BCS Business Analysis Framework and other methodologies:
Key Considerations:
Risk Documentation: Risks must be recorded systematically to ensure they are visible, actionable,
and traceable.
Ownership of Risks: Assigning ownership ensures accountability and clarity about who is responsible
for monitoring and mitigating each risk.
Risk Management Lifecycle: The process typically involves identification, documentation,
assessment, ownership assignment, and response planning.
Evaluation of Each Option:
A . Create a RAID log
A RAID log (Risks, Assumptions, Issues, and Dependencies) is a widely used tool in business analysis
and project management for capturing and managing risks systematically.
It provides a centralized repository for tracking risks, assumptions, issues, and dependencies,
ensuring that risks are documented comprehensively and transparently.
This aligns with best practices for risk management and is a critical first step in ensuring risks are
appropriately recorded.
Conclusion: This is a must-do action.
B . Document the source of each risk
While documenting the source of each risk can provide valuable context, it is not a mandatory or
primary step in the initial documentation phase.
Sources of risks are often identified during risk analysis or root cause analysis, which occurs after
risks have been recorded.
Although useful, this step is secondary to creating a RAID log and assigning ownership.
Conclusion: This is not the most critical action at this stage.
C . Identify an owner for each risk
Assigning ownership for each risk is a fundamental part of risk management. Without clear
ownership, risks may remain unmonitored or unaddressed.
Ownership ensures accountability and helps streamline communication and decision-making
regarding risk mitigation strategies.
According to the BCS Business Analysis Framework , identifying risk owners is a key responsibility
during the risk documentation process.
Conclusion: This is a must-do action.
D . Provide justification for each countermeasure identified
Justifying countermeasures is part of the risk response planning phase, which occurs after risks have
been documented, assessed, and prioritized.
At this stage, John’s focus should be on identifying and recording risks, not on evaluating or justifying
solutions.
Conclusion: This is not relevant at the documentation stage.
E . Impact assessment of each countermeasure identified
Similar to option D, impact assessments for countermeasures are conducted during the risk response
planning phase, not during the initial documentation phase.
This step is premature and does not align with the immediate need to document risks.
Conclusion: This is not relevant at the documentation stage.
Final Recommendation:
Based on the BCS Business Analysis Framework and industry best practices, the two most
appropriate actions for John are:
Create a RAID log (to systematically document risks).
Identify an owner for each risk (to ensure accountability and clarity).
These steps ensure that risks are appropriately recorded and managed, laying the foundation for
effective risk management.
