- PRAM -
PROJECT RISK ASSESSMENT FOR [Project]
Risk Mitigation Steps (include
Risk Variables Prob Consq Positive Impact Expectation Negative Impact
ID mitigation tasks in project plan)
July 11, 2008 1
The first step in risk management using the Project Risk Assessment Method (PRAM) is to identify the risks that
exist. A risk may be defined as an issue or an obstacle that may produce an undesired outcome. To assist the
project manager in the identification of the risks associated with Information Systems projects, the following
simplified Project Risk Template is provided below. Although this template is not all-inclusive, it is an excellent
checklist for identifying and communicating project risks.
Risk Variables by PM Principle
1. Define the Job in Detail 4. Break the Job Down
New Technology Large/Small Project
Functional Complexity Size of Team
New vs. Replacement Geographic Dispersion
Leverage on Company Reliability of Personnel
Intensity of Business Need Availability of Support Organization
Interfaces to Existing Applications Availability of Project Champion
Number of User Departments Involved Project Manager Availability
2. Involve the Right People 5. Set Up Change Procedure
Staff Availability Vulnerability to Change
Commitment of Team Stability of Business Area
Team Morale Organizational Impact
Applications Knowledge Tight Timeframe
Customer IT Knowledge Turnover of Key People
Technical Skills Availability Change Budget Accepted
Staff Conflicts Change Process Accepted
Senior Management Commitment to Project Charge Back System
Project Manager Experience Accountability for Change
3. Estimate Time and Costs 6. Agree on Acceptance Criteria
Quality of Information Available Level of Customer Commitment
Dependability on other projects Customer Attitude Toward BIS
Conversion Difficulty Readiness for Responsiblity Takeover
End-date Dictate Customer Design Participation
Conflict Resolution Mechanism Customer Participation in Beta Testing
Continued Budget Availability Customer Proximity to BIS
Project Standards Used Acceptance Process
High 51% - 100%
Medum 16% - 50%
Low 0% - 15%
High 21% - 100%
Medium 12% - 20%
Low 0% - 10%
Step One - Identify the Risks
Objective: Explicitly identify issues and obstacles that may produce undesired outcomes.
Key Ideas: Use the Risk Variables Sheet to assist in risk identification.
Identify Additional Unique Project Risks
Eliminate Assumptions With Specific, "Shared" Risks
Step Two - Assess The Risk
Objective: Assess Risk Impacts on the Project
Key Ideas: "Probable" Risks should be assessed as risks that are reasonably likely to occur.
Both positive and negative consequence for each risk should be articulated.
The impact on project estimates, both positive and negative, should be stated.
Step Three - Plan Risk Mitigation
Objective: State the actions needed now to mitigate negative consequences or to maximize positive benefits.
Key Ideas: Decide in advance how to manage each probably risk.
Explore ways of eliminating risks by uncovering acceptable alternatives.
Establish criteria for change.
Step Four - Develop the Project Risk Profile
Objective: Provide clear, graphic presentation so that parties understand and agree to risk impacts and needed actions.
Key Ideas: Create a simple statement of risks, impacts and mitigation actions.
Step Five - Update Project Plan
Objective: Include risk mitigation tasks to the project plan to insure actions are taken when appropriate.
Key Ideas: Mitigating actions are added to the project plan task list as reminders during project execution.
ze positive benefits.
k impacts and needed actions.