Risk Management Plan - Download Now DOC by hir81200

VIEWS: 163 PAGES: 6

Risk Management Plan document sample

More Info
									Office of Information Technology



    Risk Management Plan

              For

          <Project>
                                                                                       University Of Minnesota
                                                                             Office of Information Technology
                                                                                                      <Project>
                                                                                          Risk Management Plan

                                                      Table of Contents
Revision History ................................................................................................................        2
Purpose ............................................................................................................................     3
Roles and Responsibilities ................................................................................................              3
Risk Documentation ..........................................................................................................            3
Activities............................................................................................................................   3
Risk Management Approach .............................................................................................                   4
Risk Management Tools ...................................................................................................                4
Appendix A: Risk Documentation Form ............................................................................                         5



Revision History
Name                                 Date            Reason for Change                                                             Version




                                                                       2
                                                                University Of Minnesota
                                                      Office of Information Technology
                                                                               <Project>
                                                                   Risk Management Plan
Purpose
The Risk Management Plan describes how risks will be managed for the <Project>. The Plan
will define the roles and responsibilities of team members in the risk processes, risk
management activities, the schedule and budget for risk management activities, and any tools
and techniques that will be used.

Roles and Responsibilities
        Role                                          Responsibilities
Project Manager/           Conduct a weekly risk review at the status meeting with the project
Risk Officer                team. Review the status of all risk mitigation efforts
                           Identify and analyze any new risks (with assistance of team
                            members)
                           Maintain the project’s risk list
                           Report risk status to project sponsor and key stakeholders
                           Identify and rank most critical risks
Project Member             Assess the exposure and probability for the risk
Assigned a Risk            Report the results of analysis to the Project Manager
                           Report the results of steps taken to mitigate the risk to the Project
                            Manager

Risk Documentation
   Risk Log – The risks for this project will be accumulated in a risk log that will reside in the
    project repository (NetFiles). Risks will be prioritized by those that have the highest
    estimated risk exposure and will be referred to as the project’s Top Ten Risk List.

   Risk Data Items – A Risk Document Form (see sample in Appendix A) will be used to gather
    information regarding potential risks and their probability of occurrence. At a minimum the
    information that will be gathered includes: Risk ID, description, probability of occurrence,
    impact of occurrence, mitigation approach, owner, due date, contingency plan.

   Closing Risks – A risk will be considered closed when it meets the following criteria:
    planned mitigation actions have been completed and the estimated risk exposure of
    probability times impact is less than 2.




                                                  3
                                                                University Of Minnesota
                                                      Office of Information Technology
                                                                               <Project>
                                                                   Risk Management Plan
Risk Assessment Activities

Activity              Task                                                          Participants
Risk Identification    Identify the technique that will be used to identify risk   Project team
                         factors at the beginning of the project and on-going.      members;
                       Identify any consolidated list of risk items that will be   sponsors, key
                         used to determine risks for the project.                   stakeholders
Risk Analysis and      The project manager will assign each risk factor to         Project manager
Prioritization           an individual team member who will estimate the            and project
                         probability that the risk could become a problem and       members
                         its relative impact in either dollars or schedule days.
Risk Planning          A group brainstorming session is used to define             Project manager
                         mitigation plans for individual risk items and to          and project
                         assign responsibility to an individual                     members
                       For each identified risk factor, an mitigation plan will
                         be developed that will reduce either the probability of
                         the risk materializing or the severity of the exposure
                         if it does.
                       The individual mitigation plans are consolidated into
                         a single list and made publicly available.
Risk Resolution        Each individual who is responsible for executing a          Project member
                         risk mitigation plan is also responsible for carrying
                         out the mitigation activities.
Risk Monitoring        The status and effectiveness of each mitigation             Project Team
                         action is reported to the project manager every            and Project
                         week.                                                      Manager
                       The probability and impact of each risk items is
                         reevaluated and modified if appropriate.
                       If any new risk items are identified, they are
                         analyzed and added to the risk list.
                       The Top Ten List is regenerated based on the
                         updated probability and impact of each remaining
                         risk.
                       Any risk factors for which mitigation actions are not
                         effective or whose exposure is rising, may be
                         escalated to the appropriate level of management
                         for action.




                                                  4
                                                                   University Of Minnesota
                                                         Office of Information Technology
                                                                                  <Project>
                                                                      Risk Management Plan


Risk Management Approach

1. Risks that arise throughout the project will be recorded electronically on the Risk Document
   Form.
2. Details in respect of identified risks that will be documented and include risk description; risk
   classification (people, process, technology, infrastructure); probability of occurrence (high,
   medium, low); consequences or impact on project and risk mitigation actions(s).
3. A Risk Management Seminar will be conducted during the early stages of the project life
   cycle to identify risks and formulate risk mitigation strategies. New risks that are identified
   as the project progresses will be addressed in project meetings.
4. The typical ‘escalation path’ for a Risk, Issue or Change Request is shown below:
            Team          Project       Business/Tech-     Executive
                          Manager       nical Sponsor      Sponsor     The Buck Stops Here!!
            Lead/Member


   Escalation will depend upon the criticality of the event. The following guidelines must be
   adhered to in determining the point at which an event should be escalated to the next level.


     Criticality      Escalation Point
                      (Days past due date)
     High             2 days
     Medium           5 days
     Low              7 days




                                                   5
                                                                    University Of Minnesota
                                                          Office of Information Technology
                                                                                   <Project>
                                                                       Risk Management Plan

Risk Management Tools
A Risk Log will be maintained electronically in Excel. All risks that are initiated must be
documented using the Risk Document Form shown below.


                                             Appendix A

                                Sample Risk Document Form

Risk ID: <sequence number>           Classification: <risk category> Report Date: <date this risk
                                                                    report was last updated>
Description: <Describe each risk in the form “condition – consequence”>


Probability: <What’s the           Impact: <What’s the damage if Risk Exposure: <Multiply
likelihood of this risk becoming a the risk does become a                Probability times Loss to
problem?>                          problem?>                             estimate the risk exposure.>
First Indicator: <Describe the earliest indicator or trigger condition that might indicate that the risk is
turning into a problem.>

Mitigation Approaches: <State one or more approaches to control, avoid, minimize, or otherwise
mitigate the risk. Mitigation approaches may reduce the probability of the impact.>


Date Started: <State the date   Date to Complete: <State a            Owner: <Assign each risk
the mitigation plan             date by which the mitigation plan mitigation action to an individual
implementation was begun>       is to be implemented.>                for resolution.>
Current Status: <Describe the status and effectiveness of the risk mitigation actions as of the date of
this report.>

Contingency Plan: <Describe the actions that will be taken to deal with the situation if this risk factor
actually becomes a problem.>


Trigger for Contingency Plan: <State the conditions under which the contingency plan will begin to
be implemented.>




                                                      6

								
To top