Risk Management Required

Document Sample
Risk Management Required Powered By Docstoc
					IT Project Risk Management Plan Worksheet
Determine if Risk Management is required for Project Tasks:
Project Title:                                                                              Anticipated Project Start Date:


Project Leader/Manager:                                                                     Date Prepared:


Sponsor:


All projects are comprised of tasks. Tasks involve hazards if not sufficiently planned and correctly performed. Hazards that are not adequately
controlled are likely to cause risk. Answer the following questions about each task to determine if it is adequately controlled. If not, hazards
identified need to be risk managed.


                                             Are the Controls Adequate?
                                                                                                                               Yes         No
Support – Is type/amount/capability/condition of support adequate to carry out the mission?

   Personnel

   Supplies

   Equipment/Material

   Services/Facilities

   Funding

   Standards – Is guidance / procedure adequately clear / practical /specific to control hazard?

Knowledge/Skills/Abilities – Are personnel involved adequately trained to control the identified hazard?

Leader – Is leadership ready, willing, and able to enforce standards required to control hazard?

Individual/Team Self-Discipline – Is performance and conduct sufficiently self-disciplined to control hazard?

If all answers are “yes,” no further action is required (subject to sponsor and management approval). If one or more answers are “no,” risk
management controls should be implemented. Use the attached “Risk Management Worksheet” to document controls.



62c549fc-ff48-4a04-a800-11b682863c33.xls                                 Page 1 of 6                                          Last revised: 2/20/2008 11:58 AM
62c549fc-ff48-4a04-a800-11b682863c33.xls   Page 2 of 6   Last revised: 2/20/2008 11:58 AM
IT Project Risk Management Plan Worksheet:
Project Title:                                                                             Anticipated Project Start Date:

Project Leader/Manager:                                                                    Date Prepared:


Sponsor:

                                                                                     5.
                                        3. Initial Risk                           Residual
    1. Tasks      2. Identify Hazards        Level        4. Develop Controls    Risk Level 6. Implement Controls ("How To")     7. Who/How Monitored




8.Overall Mission/Task Risk Level:
                                                                                LOW(L)      MODERATE(M)         HIGH(H)       EXTREMELY HIGH (E)
                                                                                Extremely High Risk: associate Vice-President
                                                                                High Risk: Department Director
9. Risk Decision Authority:
                                                                                Moderate Risks: Sponsoring Department Supervisor
                                                                                Low Risk: Project Manager
See Instructions+Definitions and Risk Assessment Matrix on separate tabs.
Use as many worksheets as necessary to document risk and proposed controls/response.




62c549fc-ff48-4a04-a800-11b682863c33.xls                                 Page 3 of 6                                         Last revised: 2/20/2008 11:58 AM
I. Determine Risk for Project:
All projects are comprised of tasks. Tasks involve hazards if not sufficiently planned and correctly performed. Hazards that are not
adequately controlled are likely to cause risk.

II. Directions For Use:
 1. Complete the Risk Management Worksheet
 2. Use information as is appropriate to fill out Scope Document.
 3. Attach completed worksheet to Scope Document.



III. Category Definitions:
     1. Tasks: Lowest level of effort on the project.
     2. Identify Hazards: Review factors for the task. Additional factors include historical lessons learned, experience, judgment,
     equipment characteristics and warnings, and environmental considerations.
     3. Initial Risk Level: Assess hazard and determine initial risk for each hazard by applying risk assessment matrix (see Risk
     Assessment Matrix).
     4. Develop Controls: Develop one or more controls for each hazard that will either eliminate the hazard or reduce the risk (probability
     and/or severity). Specify who, what, where, why, when, and how for each control.
     5. Residual Risk Level: Determine the residual risk for each hazard by applying the risk assessment matrix, assuming the controls are
     implemented.
     6. Implement Controls: Decide how each control will be put into effect or communicated to the personnel who will make it happen
     (written or verbal instruction; safety, Standard Operating Procedures, testing, etc.).
     7. Who/How Monitored: Who and how will each control be monitored (continuous monitoring, spot-checks). Evaluate frequently
     and pass on lessons learned.
     8. Overall Mission/Task Risk: Select the highest residual risk level and circle it. This becomes the overall mission or task risk level.
     The supervisor decides whether the controls are sufficient to accept the level of residual risk. If the risk is too great to continue the
     mission or task, the supervisor directs development of additional controls or modifies, changes, or rejects the COA.
     9. Risk Decision Authority: The decision to accept or not accept the risk(s) associated with an action is made by the appropriate
     supervisor or leader responsible for performing that action.
Risk Assessment Matrix
                                   Risk Assessment Matrix

                                                            PROBABILITY
                 SEVERITY                  Frequent   Likely Occasional Seldom        Unlikely
                                              (F)      (L)      (O)       (S)           (U)
 Catastrophic (C)                              E         E          H         H          M

 Critical (CR)                                 E         H          H         M          L

 Marginal (M)                                  H        M          M           L         L

 Negligible (N)                               M          L          L          L         L


PROBABILITY – The likelihood that an event will occur.
  FREQUENT – Occurs often, continuously experienced.
  LIKELY – Occurs several times.
  OCCASIONAL – Occurs sporadically.
  SELDOM – Unlikely, but could occur at some time.
  UNLIKELY – Can assume it will not occur.

SEVERITY – The expected consequence of an event in terms of degree of injury, property damage, loss of service or other mission-
impairing factors.
   CATASTROPHIC – Project failure.
   CRITICAL –Major system outage, significant project delay or cost increase.
   MARGINAL – Minor system outage, minor project delay or cost increase.
   NEGLIGIBLE – Little/no impact on project accomplishment.