Docstoc

HRMS_ProjectPlan_Appendix_B_Risk_Management_Plan_Finalv3

Document Sample
HRMS_ProjectPlan_Appendix_B_Risk_Management_Plan_Finalv3 Powered By Docstoc
					HRMS IMPLEMENTATION PROJECT

    RISK MANAGEMENT PLAN




         February 2010
Risk Management Plan



Authors:
This document was prepared by:
Valerie Adkins, Project Manager      J. Richard Fox, Project Manager
Virginia Community College System    Deloitte Consulting LLP
Monroe Building                      901 East Byrd Street Ste 820
Richmond, VA                         Richmond, VA
vadkins@vccs.edu                     jamfox@deloitte.com
(804) 819.4992                       (804) 677.8160


Revision History:
    Date        Document               Document Revision Description          Document Author
                 Version
                               Initial Release                              Richard Fox/Valerie
                       1.0
                                                                            Adkins
March 2010                     Enhanced ranking method added                Richard Fox/Valerie
                       2.0
                                                                            Adkins




Approvals:
Approval      Approved
                              Approver Name                              Signature
Date          Version
                              Project Sponsor for Steering Committee


Approval Comments:
If there are comments regarding this document please list those below:
Issue   Date            Section
                                    Comment
#       Entered         Affected




                                                    Page i
Risk Management Plan




                                            TABLE OF CONTENTS

1.   RISK MANAGEMENT OVERVIEW ..................................................................................3
2.   TRACKING RISKS ...............................................................................................................3
3.   RISK ASSESSMENT .............................................................................................................3
4.   ROLES AND RESPONSIBILITIES.....................................................................................4
5.   RISK MANAGEMENT ACTIVITIES .................................................................................5
     5.1.      RISK IDENTIFICATION .................................................................................................. 5
     5.2.      RISK ANALYSIS ............................................................................................................ 6
     5.3.      RISK PLANNING ........................................................................................................... 6
     5.4.      RISK TRACKING ........................................................................................................... 7
     5.5.      RISK CONTROL ............................................................................................................ 8
     5.6.      RISK COMMUNICATION AND DOCUMENTATION ........................................................... 8
6.   RISK EVENT ESCALATION PLAN ................................................................................10
APPENDIX A – RISK REGISTER TEMPLATE ....................................................................12
APPENDIX B – SAMPLE RISK SUBMISSION FORM ........................................................13




                                                                Page ii
1. RISK MANAGEMENT OVERVIEW
Risk is defined as the possibility of suffering harm or loss. Risk, as it pertains to the HRMS
project at the Virginia Community College System, is the possibility of an event, or series of
events, jeopardizing the VCCS’s ability to meet the goals of the project. These goals include
implementing the HRMS System during the timeframe that has been established, with the
resources that have been allocated, and with the level of quality that the VCCS expects. The
goal of a risk management plan is to determine the method that will be used to monitor risk, the
steps that will be taken to mitigate risk, and the process by which risks will be communicated to
the project stakeholders.
The project team may encounter risks throughout the implementation, and our ability to limit
their effects will help us meet the goal of an on-time, on-budget implementation. To minimize
the potential impact of risks on the VCCS HRMS Implementation, the project team will take a
proactive approach to identifying, monitoring, communicating, and mitigating risk.
2. TRACKING RISKS
When a risk is identified, the project team member will provide the Project Manager with a
description of the risk, as well as one or more proposed solutions. A team member will submit a
risk to the Project Manager using an on-line form located at
http://info.vccs.edu/hr/Documents/VCCS_HRMS_Issue-Risk_sub_form.pdf (and a copy of
which is shown in Appendix B). The Project Manager will enter the information on the Risk
Register and complete the remaining fields (see Risk Register template in Appendix A). The
tracking and management of risks will continue throughout the life of the project, as the
information about the risks is communicated in status meetings and other project forums. The
Risk Register for this project (as opposed to the template in Appendix A) will be located on the
HRMS file server – PMO/Risk Register folder.
3. RISK ASSESSMENT
As part of the ERP assessment effort, the project team completed a preliminary risk assessment
which is recorded in the Risk Register (see Appendix A). This register contains a listing of
possible project risks, the risk score for each item, the event or circumstance that may trigger the
risk mitigation strategy, and finally, the mitigation activities that will be taken if the risk
becomes a reality. During the initial weeks of the project, the project leadership will review the
preliminary risk assessment information and update the Risk Register.
The following is a list of questions that the project team will address, when conducting the risk
assessment:
          What events could negatively impact the success of the project? These events
           include all types of potential risk related to the PeopleSoft implementation, whether
           they are technical concerns, human factors, or risks related to other projects that may
           affect the schedule of the ERP project. The impact level is estimated.
          What is the probability that the risk will be realized? Assessing the likelihood
           that each risk will occur will allow the project team to prioritize the risks by
           probability and allocate resources appropriately.




                                              Page 3 of 14
          What actions can the project team take to prevent these events from occurring?
           The best way to mitigate a risk is to prevent it from happening, which can often be
           done with early identification and proper planning.
          If an event does occur, what is the contingency plan? The project will define
           contingency plans for high risk items. Therefore, if a risk is realized, the project team
           will know what action to take in order to most effectively limit the extent of the
           damage. Contingency plans also must be evaluated for risk.
          What is the potential cost associated with the occurrence of the high risk events?
           The project team will perform an assessment to gain an understanding of the potential
           costs associated with each high level risk.
          Is the risk of failure too great to proceed with the current strategy? Once the
           risks are identified, and prevention and contingency plans are developed, project
           leadership should evaluate the risk scenario to determine whether an alternative plan
           of action should be pursued.
4. ROLES AND RESPONSIBILITIES
The project leadership will have the majority of the risk management responsibility for the
project, but all members of the team will contribute to the process. Team members will be
encouraged to communicate potential risks to the Project Manager as they become aware of
them. Open and honest communication will focus on achieving accurate assessment and
common understanding of project risk. The purpose of risk management is not to place blame,
but to determine the appropriate resolution to events that have the potential to compromise the
success of the project.
There are several groups of stakeholders in the project that have risk management
responsibilities.
          Project Managers – The VCCS and Deloitte Project Managers hold primary
           responsibility for making risk management decisions and invoking the mitigation and
           contingency plans. They are also responsible for communicating the status of the
           project and any potential risks to the project stakeholder.
          Project Management Team – The project team will be the most involved in the day-
           to-day operations of the project, so they will have the greatest awareness of risks
           relating to the timely completion of tasks in the project timeline and the risks that
           may affect them. Prior to the regularly scheduled Steering Committee meetings, the
           project management team will review the project risks to identify changes in
           probability and impact affecting the ranking of existing risks, summarize current
           efforts at mitigation, identify plans for further mitigation activities, and ensure all
           contingency options are fully evaluated. Additionally, any recently identified risks
           should be evaluated, ranked, and prepared for presentation to the Steering Committee.
          Project Steering Committee – In regularly scheduled project updates, the Project
           Steering Committee will receive a report from the Project Managers on the risks that
           may affect the project. All significant project risks will be documented in the status
           report and discussed with the committee as appropriate. The Steering Committee will
           be informed of current efforts to mitigate existing risks, presented with any updates



                                             Page 4 of 14
           resulting from the project management team review, and provide input into
           contingency planning and risk mitigation strategy and execution.

5. RISK MANAGEMENT ACTIVITIES




There are six primary activities in the Risk Management process:
          Identification – Continuous efforts to capture, acknowledge, and document risks as
           they are found.
          Analysis – An evaluation of each identified risk to estimate the probability of
           occurrence, severity of impact, timeframe of expected occurrence, triggers for
           mitigation actions, classification of related risks, and priority ranking.
          Planning – Establishes actions, plans, and approaches for addressing risks, and
           assigns responsibilities and schedules for completion. Metrics for determining the risk
           status are also defined during this step.
          Respond - Implement tasks to mitigate or eliminate project risk.
          Control – Document risk status and monitor progress against the mitigation plan.
          Communication and Documentation – A consistent effort to document the risk
           status in the Risk Register throughout all steps in the project and to communicate that
           risk status to all appropriate parties.
   5.1.        Risk Identification
Risk identification is the process of determining potential risks to the successful completion of
the project and documenting that risk. A thorough risk identification process will be completed
at the beginning of the project. Continual assessment will be an ongoing effort through go-live
and beyond. As the project moves forward, the environment will change and so will the risks.
By presenting risk identification as an opportunity to improve our chances of reaching project
goals, it will always be perceived as a positive event and all team members will be actively
engaged in risk awareness in every part of the project. Team members cannot feel reluctant to
recognize risks.
Both internal and external risks must be identified. Internal risks generally involve activities that
the VCCS controls, including securing project space, allocating project resources, and making
project-related decisions in a timely manner. The majority of internal risks will stem from
project decisions that directly affect the ability to complete future project activities. For
example, the VCCS’s selection of a hardware platform and an architecture solution must be


                                              Page 5 of 14
finalized in a timely manner. If this decision drags on, there will not be enough time for the
order to be placed and the goods to be received and installed before the first task on the project
plan involving configuration of the software begins.
External risks are beyond the influence or direct control of the VCCS, and are typically more
difficult to control. Examples of external risks are events like hurricanes, issues involving third
parties completing project tasks, and other unanticipated issues. Whether a risk is internal or
external will affect the probability and impact of a risk discussed during the risk analysis.
   5.2.           Risk Analysis
The overall impact of a risk is measured by assessing the probability that it will be realized, and
the value or loss that will result if the risk is realized. The value may represent the resource
consumption associated with the risk. The result of this analysis will help the VCCS determine
those risks that require immediate attention and prioritize resources accordingly.
The Project Team will leverage their individual experiences and knowledge to analyze project
risk areas based on their understanding of the Virginia Community College System, their
background with similar implementations, and their knowledge of the VCCS environments.
Using all of the information and experience available will produce the most accurate assessment
of risk throughout the project.
The Project Managers (from VCCS and Deloitte) will use the following system to quantify the
probability and impact of the risks:


                                       Risk Category
          Level              Value                               Impact
          High                 5       Major impact to scope, performance goals, schedule
                                       or cost, > 10%
    Medium High                   4    Moderate impact to scope, performance goals,
                                       schedule or cost, no workarounds available
       Medium                     3    Moderate impact to scope, performance goals,
                                       schedule or cost, however workarounds are available
     Medium low                   2    Minor impact to scope, schedule or cost, additional
                                       activities required to meet key dates.
          Low                     1    Minimal impact to schedule, scope or cost
          Level             Value                        Occurrence Probability
       High                   .9                         90% chance of occurring
    Medium High               .7                         70% chance of occurring
      Medium                  .5                         50% chance of occurring
    Medium low                .3                         30% chance of occurring
       Low                    .1                         10% chance of occurring



   5.3.           Risk Planning
Risk planning involves determining the appropriate response to a risk or threat. This step of risk
management develops the detailed action plan for the major risk items identified in step two.



                                              Page 6 of 14
Generally, the circumstances surrounding a risk will elicit one of three actions:
          Accept – Accept the potential outcome of the risk. Acceptance does not ignore the
           risk; it indicates that the project team has decided to not develop mitigation or
           contingency strategies.
          Review – Minimize the impact of a risk by reducing the probability of occurrence to
           an acceptable level of risk. These actions are planned and completed in advance of
           the risk event.
          Mitigate – Eliminate a risk by avoiding the circumstance causing the risk. This
           action is not always possible, but if the potential loss is too great, a contingency plan
           can be put into effect.
   5.4.        Risk Tracking
Risk information and metrics defined during planning shall be captured, tracked, and analyzed
for trends. The person responsible for the risk shall provide routine trend and status reports on
research and/or mitigation activities to the Project Manager during the weekly HRMS Project
meetings. Monitored risks shall be reported on during the monthly HRMS Project meetings.
The Risk Register will be used to report summary status and a Stoplight Status Report will be
used by the PM to report progress to senior management at the monthly review. The Overall
Risk Score is determined by multiplying the impact rank by the likelihood of occurrence. The
following table shows the range of scores and how they are grouped for recommended action.


                            0.9        0.9           1.8      2.7        3.6         4.5
          Likelihood        0.7        0.7           1.4      2.1        2.8         3.5
              Of            0.5        0.5            1       1.5         2          2.5
          Occurrence        0.3        0.3           0.6      0.9        1.2         1.5
              (%)           0.1        0.1           0.2       3         0.4         0.5
                                         1            2        3          4           5
                                                       IMPACT




                                              Page 7 of 14
           Degree of Exposure                 Rank              Recommended Action
                  High                      2.5 – 4.5                Mitigate

                  Medium                    1.2 – 2.1                   Review

                     Low                      .1 - 1                     Accept


                                Example of a risk assessment:

                Risk          Impact       Probability       Exposure        Action
                                                               Risk
              Timely              4              .7             2.8         Mitigate
            delivery of
            hardware


   5.5.        Risk Control
Decisions shall be made by the PM during the weekly and monthly meetings to: close risks;
continue to research, mitigate or watch risks; re-plan or re-focus actions or activities; or invoke
contingency plans. The PM can authorize and allocate resources toward risks.
   5.6.        Risk Communication and Documentation
Each risk that is identified will be evaluated according to the above pre-defined criteria and
recorded in the Risk Register to facilitate ongoing monitoring. The Project Managers will use a
“Green Light, Yellow Light, Red Light” methodology to categorize the status of each risk.
Categorizing each risk will ensure that the most significant issues are given the most attention.
The following is a description of each of the risk status categories:
          Green Light – Indicates that the risk has been recognized, but the probability and
           impact are not high enough to warrant concern.
          Yellow Light – Indicates that the risk has been recognized as a threat and progressed
           to the point of concern. Procedures for addressing yellow light risks include
           discussion in the weekly status meetings and monthly Sponsor Committee meetings.
           In these discussions, the Project Team or Sponsor Committee representative best
           suited to address the issue will be assigned and, potentially a meeting of the project
           managers and the Sponsor Committee representative will be scheduled to discuss
           alternatives.
          Red Light – Indicates that a risk has progressed to the point of jeopardizing the
           timelines for a successful implementation. Procedures for addressing red light risks
           include: yellow light steps and the assignment of the issue to a member of the
           Sponsor Committee for resolution. The mitigation strategy will communicate the
           project activities associated with the recognized risk.
Since the impact of this implementation will be so significant for the VCCS, it is imperative to
efficiently and effectively communicate the status of risks to the appropriate stakeholders
throughout the project. By leveraging the mediums set forth in the communication plan, utilizing
the tracking methodology established in the Risk Register, and managing the project workplan,


                                              Page 8 of 14
the Project Team will best be able to minimize the impact of potential risks on the project
schedule.
The following are some guidelines that the Project Team will refer to when assessing and
managing risks:
      Direct attention to risk items with major exposure first.
      Assign team members responsibility to resolve the risk and establish a due date for
       completion.
      Identify the cause of the risk, not the symptoms.
      Find possible work-arounds to reduce the impact of a risk item.
      Direct needed resources to control the risk impact.
      Determine triggering event that will cause the execution of contingency plans.
      Develop metrics to evaluate the effectiveness of risk mitigation actions.




                                             Page 9 of 14
     6. RISK EVENT ESCALATION PLAN
     Much of the success of the implementation depends on the ability of the VCCS to make
     decisions on a timely basis and to have a clear understanding of the delineation of authority.
     Once a risk event has been identified, the following escalation plan will be followed to ensure
     that the risk is properly assessed, tracked, and appropriately resolved.
     The following table will be reviewed and updated as necessary.
     Single            Information Flow                          Action            Strategic Planning
  Description
A risk event has   Individual who identifies     Members of the project       Project manager will:
been identified    the risk notifies a member    team who has been            1. Begin an assessment of
                   of the project team who       notified passes on the           the risk.
                   enters risk into the issue    risk event information to    2. Determine if immediate
                   log.*                         the Project Manager.             action is required.
                                                                              3. Report the addition of
                                                                                  another Risk event to the
                                                                                  entire Project team.
Risk               Outcome of Risk          Mitigation activity begins
Assessment has     assessment is:
been completed         1. Updated in issue
                           log
                       2. Communicated with
                           Project team.
Risk event         Project Manager notifies Project Manager and               Continuously monitor the
should be          Project Management Team. Project Management                Risk Event and the impact on
escalated                                   Team outlines proposed            the project along with the
outside of the                              recommended Risk Event            status of the request for
Project                                     mitigation strategy that          assistance with the mitigation
Management                                  requires resources or             strategy.
Team                                        decisions not within the
                                            scope of the Project              If necessary recommends
                                            Team.                             further escalation of the Risk
                                                                              Events.
                                                 Project Manager and
                                                 Project Management
                                                 Team detail any Risk
                                                 Event that would
                                                 dramatically impact the
                                                 project as soon as risk
                                                 has been properly
                                                 identified.




                                                 Page 10 of 14
     Single            Information Flow                         Action          Strategic Planning
  Description
Risk event         Project Sponsor notifies the Project Sponsor and        Continuously monitor the
should be          Project Steering             Project Steering           Risk Event and the impact on
escalated          Committee.                   Committee outlines         the project along with the
beyond the                                      proposed recommended       status of the request for
Project Sponsor                                 Risk Event mitigation      assistance with the mitigation
                                                strategy that requires     strategy.
                                                resources or decisions
                                                not within the scope of    If necessary recommends
                                                the Project Team.          further escalation of the Risk
                                                                           Event.
                                                Project Manager, Project
                                                Steering Committee and
                                                Project Sponsor detail
                                                any Risk Event that
                                                would dramatically
                                                impact the project as
                                                soon as risk has been
                                                properly identified.
Risk Event         Project Steering Committee                              Continuously monitor the
should be          determines that identified                              Risk Event and the impact on
escalated          Risk event information                                  the project along with the
beyond the         should be escalated to the                              status of the request for
Project Steering   Chancellor.                                             assistance with the mitigation
Committee                                                                  strategy.




                                                Page 11 of 14
                                               APPENDIX A – Risk Register Template


VCCS - HRMS Implementation Project Risk Register

Once identified, risks will be entered into the register and tracked throughout the project.




                                                                    Page 12 of 14
                   APPENDIX B – Sample Risk Submission Form

The following submission form is available from the VCCS HRMS Project website at
http://info.vccs.edu/hr/Documents/VCCS_HRMS_Issue-Risk_sub_form.pdf. This form can be
used to submit project issues as well as project risks.


Issue / Risk Submission Form
Project Title – HRMS Implementation Project



Issue / Risk Reporting
Submitted By:                 Issue Date: (i.e., the date    Issue no.
                              issue is submitted for         (assigned by PMO)
                              consideration)
Phone:


e-mail address:

Issue Type (select one of the following: Question, Potential Risk, Concern, Potential
Change Request, Problem, Unassigned)
Priority (select one of the following: Very High, High, Med, Low, Unassigned)

Description of Issue




Recommendation




                                            Page 13 of 14

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:6
posted:1/25/2011
language:English
pages:14