Examples of Risk Management by lmz29365

VIEWS: 0 PAGES: 8

Examples of Risk Management document sample

More Info
									                          Template Examples Disclaimer

Unless otherwise specifically stated, the information contained herein is
made available to the public by the Department of Human Services, Office
of Information Services, Project Management Office for use as an example
of template content information and may not reflect the realities of an actual
project. The intent of the template example is to assist an individual
creating a new document using the PMO standard template.

Neither the DHS, OIS, PMO nor any other agency or entities thereof,
assumes any legal liability or responsibility for the accuracy, completeness,
or usefulness of any information, product or process disclosed in these
examples.

Reference herein to any specific commercial product, process, service by
trade name, trademark, manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favoring by the PMO or any
entities thereof.

The views and opinions of the originators expressed therein do not
necessarily state or reflect those of the DHS, OIS, PMO or any agency or
entities thereof.




2/1/2011 4:01:00 PM                                               Page 1 of 8
C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc
                           eXPRS Risk Management Plan

             Oregon Department of Human Services
                 Office of Information Services
              eXPRS Payment & Reporting System

                           Risk Management Plan
                          Approval Date: <mmm dd, yyyy>


                                      Risk
                                   Management




                                                          Determining which
                                 Risk Identification      risks are likely to affect
                                                          the project.




                                                          Evaluating risks to
                                                          assess the range of
                                 Risk Quantification
                                                          possible outcomes.




                                                          Defining enhancement
                                   Risk Response          steps for opportunities
                                    Development           and responses to threats.




                                                          Responding to changes
                                   Risk Response
                                                          in risk over the course of
                                       Control
                                                          the project.




                              Purpose of the Document
The purpose of the Risk Management Plan is to identify, analyze, and respond to
project risks in order to maximize the results of positive events and minimize the
consequences of adverse events.



C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc
Last printed 2/1/2011 4:01:00 PM
                           eXPRS Risk Management Plan

                             Document Change Activity
The following is a record of the changes that have occurred on this document from the
time of its original approval
#   Change Description                                              Author    Date




C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc
Last printed 2/1/2011 4:01:00 PM
                           eXPRS Risk Management Plan

Risk Management Plan

The project’s plan for risk management is to:

1. Identify risks in creating the solution that the project was undertaken to
   address. Risk identification should be performed on a regular basis
   throughout the project.

2. Analyze each risk to determine the probability of the risk occurring as
   well as the expected impact should the risk occur. These ratings (Low,
   Medium, High) will help determine which risks should have a mitigation
   plan.
3. Identify the triggers, or symptoms, for each risk to help provide early
   evidence that the risk is about to occur, or is occurring.
4. Identify how the project will respond to each risk:

          Avoidance – eliminating a specific threat, usually by eliminating
           the cause. The project management team can never eliminate all
           risk, but specific risk events can often by eliminated.
          Mitigation – reducing the expected monetary value of a risk event
           by reducing the probability of occurrence, reducing the risk event
           value, or both.
          Acceptance – accepting the consequences. Acceptance can be
           active (i.e., by developing a contingency plan to execute should
           the risk event occur) or passive (i.e., by accepting a lower profit if
           some activities overrun).
5. Based on the response, develop a mitigation plan or contingency plan
   for risks with either medium or high probability and/or impact. These
   plans describe the course of action to take should the risk trigger or
   symptom occur.

6. Execute the risk management plan in order to respond to risk events
   over the course of the project. When changes occur, the basic cycle of
   identify, quantify, and respond is repeated. It is important to understand
   that even the most thorough and comprehensive analysis cannot
   identify all risks and probabilities correctly; control and iteration are
   required.

C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc   Page 1
Last printed 2/1/2011 4:01:00 PM
                                                                        eXPRS Risk Management Plan

Risk Management Log

Potential Risk Event                                   Probability   Impact    Trigger / Symptom           Response    Mitigation / Contingency Plan
1. Business priority remains high for the eXPRS           High        High        Reviews take longer      Mitigate      Review risk impact at each steering committee.
   project; however, there is difficulty providing                                 than anticipated                       Increase frequency and duration of customer
   sufficient business staff to ensure the system                                 Rework of previously                    reviews (i.e., JAD, County/Provider Focus Groups)
   is developed to meet customer expectations.
                                                                                   approved deliverables                   at critical points in the project.
   Risk = low quality (i.e., doesn’t meet                                         Dramatic increase in
   customer needs), rework (schedule delay),                                       change requests to
   cost overruns.                                                                  product scope
2. In order to implement a new payment                    High        High        Dependent changes         Avoid        The project has developed a Business
   process, changes are required in the contract                                   are not managed                         Reengineering Plan to accomplish and coordinate
   language that the payments are based on.                                        according to a plan                     with the necessary business changes.
   Additional changes include modifying the                                        and schedule                           Issues that severely affect the project's ability to
   Accounting Code and Budget Code
                                                                                                                           succeed will be elevated through the Steering
   structures in order to fit with the new DHS                                                                             Committee to the Department for resolution.
   integrated accounting structure.

   Risk = if all dependencies are not
   implemented then eXPRS cannot be
   installed into production.
3. Budget Risk – General Fund deficit &                   High        High        POP not in               Mitigate      Review risk impact at each steering committee.
   Federal Funding update. The project is at                                       Legislature Budget                     The Department has expressed a commitment to
   risk by the current budget issues within the                                                                            eXPRS and will continue funding based on internal
   State of Oregon.                                                                                                        priorities.
   Risk = if the project is not funded then it may                                                                        Steering Committee to provide awareness,
   be cancelled or delayed.                                                                                                marketing, and support for project to decision
                                                                                                                           makers.


C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc       Page 1
Last printed 2/1/2011 4:01:00 PM
                                                                        eXPRS Risk Management Plan

Potential Risk Event                                   Probability   Impact    Trigger / Symptom           Response    Mitigation / Contingency Plan
4. The primary constraint for implementing a             Medium       High        Earned Value analysis    Mitigate   
   payment system is that implementation must                                      forecasts significant                  Reduce product scope
   occur at the start of a fiscal year.                                            schedule variance
                                                                                                                          Revise schedule to delay some tasks while
   Risk = if the project does not implement the                                                                            implementing the primary payment process
   payment process in July 2004 then                                                                                       components on schedule
   implementation will be delayed until July                                                                              Add resources in design to mitigate risk of rework
   2005
5. SFMS and other accounting systems are in               High        High        ACH implemented in       Accept        Manage the impact and coordinate the changes
   revision at the same time as our                                                SFMS                                    using the eXPRS Business Reengineering Plan
   development – ie. Which standards do we                                        Single DHS Agency #
   develop to?                                                                     implemented in SFMS
   Risk = accounting standards will change
   while eXPRS is in development.
6. Multiple business units will be impacted by            High       Medium       No consensus in           Avoid        The project is using a Joint Application
   the new eXPRS system; however, they may                                         design review                           Development (JAD) group that represents the
   not be experiencing similar issues with the                                                                             primary stakeholder groups for development and
                                                                                  No consensus for
   current system.                                                                                                         review of eXPRS throughout the entire
                                                                                   acceptance tests
                                                                                                                           development process.
   Risk = MH, DD, and A&D may have different                                                                              Issues that cannot be resolved through consensus
   and competing requirements for eXPRS.                                                                                   will be raised to the steering committee for
                                                                                                                           resolution.




C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc       Page 2
Last printed 2/1/2011 4:01:00 PM
                                                                        eXPRS Risk Management Plan

Potential Risk Event                                   Probability   Impact    Trigger / Symptom          Response    Mitigation / Contingency Plan
7. An external Quality Assurance (QA) review is          Medium      Medium       QA Contract does not    Mitigate      The project has developed the QA SOW based on
   required based on DAS rules. The QA SOW                                         move forward in                        OIS standard
   is still in review as of February 2003 after six                                review and approval                   The project will continue to work with Contracts to
   months of development.                                                          process.                               ensure the eXPRS QA SOW is developed and
                                                                                                                          satisfies the template requirements.
   Risk = non-compliance with DAS rules and
   potential impact to system quality, schedule,                                                                         The project will continue to review risk status at
   cost, due to unknown risks.                                                                                            each steering committee.
8. Many state employees are retiring early to             High        High        Retirement notices      Accept        The loss of the System Manager presents critical
   take avoid penalty of retirement savings.                                                                              risk to the project and must be suitably filled in
                                                                                                                          order for the project to be successful.
   Risk = retirement of any project leaders                                                                              The System Manager ensures the system satisfies
   presents critical risk to the project in terms of                                                                      the scope and needs of its stakeholders by taking
   cost, schedule, and quality, as well as                                                                                a leadership role in the validation, implementation,
   potentially impacting the viability of the                                                                             and operation of system products.
   project itself.
                                                                                                                         Issues resulting from deficiently managed
                                                                                                                          implementation include heavy maintenance costs,
                                                                                                                          shortened system life, and may undermine or even
                                                                                                                          completely offset the anticipated benefits.
                                                                                                                         Issues from deficiently managed system operation
                                                                                                                          are likely to negatively affect system quality.
                                                                                                                          Erroneous results and threats to security and data
                                                                                                                          integrity
9. Staff Losses – layoffs, promotions, transfers,        Medium       High                                Accept     
   etc…
10. Technical Infrastructure – copy from issue           Medium       High                                           
    log
11. Lack of expertise in new technologies -               High       Medium                                             Training


C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc       Page 3
Last printed 2/1/2011 4:01:00 PM
                                                                        eXPRS Risk Management Plan

Potential Risk Event                                   Probability   Impact    Trigger / Symptom   Response   Mitigation / Contingency Plan
12. External interfaces – CSTAT, CI, MMIS                                                                    




C:\Docstoc\Working\pdf\c43c6bef-a7ba-4ad4-95f3-e540d0981a8e.doc       Page 4
Last printed 2/1/2011 4:01:00 PM

								
To top