Open janhalen opened 3 months ago
I agree making it clear what the risk is by not complying will be of huge value. I support the use of short risk descriptions like the example given.
Should I understand the suggestion as adding an extra column so the governance check list look like this: | # | Krav | Henvisning | Niveau | Risk |
Add a way to describe risk and consequences
If a criteria cannot be met, we should expand the evalation to clearly communicate the consequences of this lack of compliance.
Taken from the playbook of risk assesment this could e.g. be:
"Not meeting this criteria introduces significant risk of technical debt, that should be planned and budgeted with in a development milestone within the next 6 months"