Project Risk Assessment Spreadsheet

Document Sample
Project Risk Assessment Spreadsheet Powered By Docstoc
					Risk Assessment
                                                                                     Instructions
   Column Name
                                                         Phase I. Identify and Prioritize Risk
                        Enter all potential risks to the project in this column. Refer to the Common Risks tab for examples of risks that are common among
Specific Risk Event     projects. This list is not exhaustive, however, and risks specific to your project should be added.
Impact                  Use the Grading Criteria tab to determine the impact of the risk on a scale of 1 (Negligible) to 5 (Very High).
Likelihood              Use the Grading Criteria tab to determine the likelihood of the risk on a scale of 1 (Extremely Unlikely) to 5 (Extremely Likely).
Total Risk Score        This column will be automatically calculated based on the indicated impact and likelihood.
                                                           Phase II. Identify Risk Response
                        This column is used to document the response to each risk, based on the total risk score from phase I. Identify if you will "avoid",
Risk Response           "accept", or "mitigate" the risk and how you will accomplish that action.
                        Use the Grading Criteria tab to determine the impact of the risk on a scale of 1 (Negligible) to 5 (Very High), assuming the risk
Impact                  response is implemented.
                        Use the Grading Criteria tab to determine the likelihood of the risk on a scale of 1 (Extremely Unlikely) to 5 (Extremely Likely),
Likelihood              assuming the risk response is implemented.
Total Risk Score        This column will be automatically calculated based on the indicated impact and likelihood.
Owner                   Enter the name of the person responsible for implementing the risk response.
Due Date                Enter the date the risk response should be implemented.
Status                  Enter the status of the risk response.




© Copyright 2011 Docstoc Inc.
                          Phase I. Identify and Prioritize Risk                                                                                        Phase II. Identify Risk Response
                                                                            Total Risk                                                                                             Total Risk
                                                                                                                                                       Impact       Likelihood
                                                                  Likeli-     Score                                                                                                  Score
                                                         Impact                                                                                          1-5             1-5
                 Specific Risk Event                               hood      Low = 1                         Risk Response                                                          Low = 1        Owner     Due Date               Status
                                                           1-5                                                                                      (if response    (if response
                                                                    1-5      Med = 2                                                                                                Med = 2
                                                                                                                                                   implemented)    implemented)
                                                                             High = 3                                                                                               High = 3
                                                                                         Risk will be mitigated by working with business users
Example: Business processes are not clearly defined or                                                                                                                                                                  Meeting is scheduled with the
                                                           3        4           2        to clarify and document the critical business processes        2               2              1        Jane Smith   5-Dec
documented.                                                                                                                                                                                                             business users.
                                                                                         prior to the start of the design phase.




      © Copyright 2013 Docstoc Inc.
                                                                                    Impact Scale
 Impact Score                  1                            2                                        3                                  4                              5
    Type                  Negligible                       Low                                  Moderate                              High                         Very High
                Minimal impact to project     Minor changes to                       Some requirements change or        New capability or skill set       Showstopper occurs or post-
                scope, resources, schedule or requirements, schedule,                there is a loss of a constrained   requirement identified,           implementation rollback
   Program /
                quality required for project  resources or quality                   resource, requiring re-work of     requiring significant scope       required
    Project
                success                                                              project plan, resources, or        change, budget increase or
                                                                                     budget                             schedule pushout
   Corporate    No external or internal issues Minor impact to image and             Relation with partners             Negative publicity with           Major media event with long-
    Image                                      reputation                            impacted                           impact to corporate brand         term fallout
                Negligible effect on           Work-arounds are in place             Moderate impact to efficiency      Significant operational impact    Shutdown of critical
  Operations    operations                     but some loss to efficiency           or effectiveness                   affecting corporate               operation without work-
                                               will occur                                                               performance                       around
                No impact to data              Unlawful, unauthorized, or        Unlawful, unauthorized, or             Unlawful, unauthorized, or        Unlawful, unauthorized, or
                availability, confidentiality, adverse action affecting          adverse action affecting               adverse action affecting          adverse action affecting top
  Information
                or integrity                   confidential or personal data,    aggregated confidential or             restricted, secret, or personal   secret, personal data, or
    Security
                                               or equivalent information         personal data, or equivalent           data, or equivalent               equivalent information
                                                                                 information                            information
                No legal or compliance            Minor process issues without Internal issues that do not              Privacy, regulatory,              Significant privacy,
     Legal      implications                      regulatory or compliance       have external ramifications            compliance, or contractual        regulatory, compliance, or
                                                  issues                                                                issues                            contractual issues
                No impact to strategic            Discretionary budget           Revenue impact; Internal               Short Term: Direct revenue        Long Term: Significant
                objectives or business            affected; internal opportunity business relationships or              impact; Business                  revenue impact; Business
                functions                         costs                          functions impacted                     relationships and or external     relationships and/or external
   Strategic
                                                                                                                        functions impacted; Technical     functions impacted; Technical
   Objective
                                                                                                                        leadership or time to market      leadership or time to market
                                                                                                                        threatened                        threatened

                                                                               Likelihood Scale
  Likelihood
                                1                                2                                  3                                  4                               5
    Score
     Type            Extremely Unlikely                   Very Unlikely                          Likely                          Very Likely                   Extremely Likely
                Probability that this risk will   Probability that this risk will    Probability that this risk will    Probability that this risk will   Greater than 95% probability
  Description
                occur between 0% - 5%             occur between 6% - 30%             occur between 31% - 69%            occur between 70% - 94%           that this risk will occur




© Copyright 2013 Docstoc Inc.
                                                Access Management
Access requests do not require approval, or the approval is not documented.
People outside of the company will need to be granted access to the system.
                                    Business Continuity/Disaster Recovery
Business Continuity or Disaster Recovery plans do not exist or are not current.
                                           Business Process and Rules
Business processes require excessive manual work or are not scalable for business growth.
Key processes are not clearly defined, consistently followed, or documented.
                                        Cultural and Local Considerations
Items such as fees, taxes, or other regulations are not fully understood.
Local business procedures and customs are dramatically different.
                                                        Data
Confidential data is not encrypted and may be accessed by unauthorized individuals.
Data requirements are unknown or data is difficult to access.
Key data can be modified (intentionally or unintentionally) without data owner's knowledge.
                                                Requirements/Scope
Requirements and scope continue to change.
                                                Design/Development
Design is not flexible enough to allow for changing business conditions.
Design does not follow accepted standards.
                                                  Implementation
Business groups won't be able to support the implementation because of lack of training, resources, etc.
                                                       Network
Customer-facing application will need to be developed to exchange electronic data.
Changes to firewalls and user security are required.
                                                    Personnel
Lack of key resources are available.
People assigned to the project do not have the appropriate skill-set or experience.
                                                 Communication
Communication with key stakeholders or review bodies is difficult.
                                                       Vendor
Goods or services provided by the Vendor do not meet standards outlined in the contract.
Vendor may go out of business or drop products/support for critical items.
                                    Regulatory, Compliance, and Corporate
The process of working with restricted countries is not defined.
The project must comply with internal and external audit requirements.
                                       System Performance and Availability
Application, network, or database failures.
                                                       Testing
Insufficient resources are assigned to support the testing phase.
Real world data is not available for testing.



© Copyright 2013 Docstoc Inc.
				
DOCUMENT INFO
Shared By:
Tags:
Stats:
views:617
posted:1/4/2012
language:Unknown
pages:4
Description: This Risk Assessment Spreadsheet is designed to help managers identify and track the level of risk faced by a project. This form comes with instructions for how managers can identify and prioritize risks as well as identify risk responses. Managers should identify the threat level posed by the risk, the likelihood of the risk occurring, the potential impact of the risk, as well as risk response actions that can be taken.