Risk management

2,454 views
2,393 views

Published on

Risl

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,454
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
107
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Risk management

  1. 1. Office of Information Technology Risk Management Plan For <Project>
  2. 2. University Of Minnesota Office of Information Technology <Project> Risk Management Plan Table of ContentsRevision History................................................................................................................. 2Purpose.............................................................................................................................. 3Roles and Responsibilities................................................................................................. 3Risk Documentation........................................................................................................... 3Activities............................................................................................................................. 3Risk Management Approach.............................................................................................. 4Risk Management Tools..................................................................................................... 4Appendix A: Risk Documentation Form............................................................................. 5Revision HistoryName Date Reason for Change Version 2
  3. 3. University Of Minnesota Office of Information Technology <Project> Risk Management PlanPurposeThe Risk Management Plan describes how risks will be managed for the <Project>. The Planwill define the roles and responsibilities of team members in the risk processes, riskmanagement activities, the schedule and budget for risk management activities, and any toolsand techniques that will be used.Roles and Responsibilities Role ResponsibilitiesProject Manager/ • Conduct a weekly risk review at the status meeting with the projectRisk Officer team. Review the status of all risk mitigation efforts • Identify and analyze any new risks (with assistance of team members) • Maintain the project’s risk list • Report risk status to project sponsor and key stakeholders • Identify and rank most critical risksProject Member • Assess the exposure and probability for the riskAssigned a Risk • Report the results of analysis to the Project Manager • Report the results of steps taken to mitigate the risk to the Project ManagerRisk Documentation• Risk Log – The risks for this project will be accumulated in a risk log that will reside in the project repository (NetFiles). Risks will be prioritized by those that have the highest estimated risk exposure and will be referred to as the project’s Top Ten Risk List.• Risk Data Items – A Risk Document Form (see sample in Appendix A) will be used to gather information regarding potential risks and their probability of occurrence. At a minimum the information that will be gathered includes: Risk ID, description, probability of occurrence, impact of occurrence, mitigation approach, owner, due date, contingency plan.• Closing Risks – A risk will be considered closed when it meets the following criteria: planned mitigation actions have been completed and the estimated risk exposure of probability times impact is less than 2. 3
  4. 4. University Of Minnesota Office of Information Technology <Project> Risk Management PlanRisk Assessment ActivitiesActivity Task ParticipantsRisk Identification • Identify the technique that will be used to identify risk Project team factors at the beginning of the project and on-going. members; • Identify any consolidated list of risk items that will be sponsors, key used to determine risks for the project. stakeholdersRisk Analysis and • The project manager will assign each risk factor to Project managerPrioritization an individual team member who will estimate the and project probability that the risk could become a problem and members its relative impact in either dollars or schedule days.Risk Planning • A group brainstorming session is used to define Project manager mitigation plans for individual risk items and to and project assign responsibility to an individual members • For each identified risk factor, an mitigation plan will be developed that will reduce either the probability of the risk materializing or the severity of the exposure if it does. • The individual mitigation plans are consolidated into a single list and made publicly available.Risk Resolution • Each individual who is responsible for executing a Project member risk mitigation plan is also responsible for carrying out the mitigation activities.Risk Monitoring • The status and effectiveness of each mitigation Project Team action is reported to the project manager every and Project week. Manager • The probability and impact of each risk items is reevaluated and modified if appropriate. • If any new risk items are identified, they are analyzed and added to the risk list. • The Top Ten List is regenerated based on the updated probability and impact of each remaining risk. • Any risk factors for which mitigation actions are not effective or whose exposure is rising, may be escalated to the appropriate level of management for action. 4
  5. 5. University Of Minnesota Office of Information Technology <Project> Risk Management PlanRisk Management Approach1. Risks that arise throughout the project will be recorded electronically on the Risk Document Form.2. Details in respect of identified risks that will be documented and include risk description; risk classification (people, process, technology, infrastructure); probability of occurrence (high, medium, low); consequences or impact on project and risk mitigation actions(s).3. A Risk Management Seminar will be conducted during the early stages of the project life cycle to identify risks and formulate risk mitigation strategies. New risks that are identified as the project progresses will be addressed in project meetings.4. The typical ‘escalation path’ for a Risk, Issue or Change Request is shown below: Team Project nical Sponsor Executive Lead/Member Manager Sponsor The Buck Stops Here!! Escalation will depend upon the criticality of the event. The following guidelines must be adhered to in determining the point at which an event should be escalated to the next level. Criticality Escalation Point (Days past due date) High 2 days Medium 5 days Low 7 days 5
  6. 6. University Of Minnesota Office of Information Technology <Project> Risk Management PlanRisk Management ToolsA Risk Log will be maintained electronically in Excel. All risks that are initiated must bedocumented using the Risk Document Form shown below. Appendix A Sample Risk Document FormRisk ID: <sequence number> Classification: <risk Report Date: <date this risk category> report was last updated>Description: <Describe each risk in the form “condition – consequence”>Probability: <What’s the Impact: <What’s the damage if Risk Exposure: <Multiplylikelihood of this risk becoming a the risk does become a problem? Probability times Loss toproblem?> > estimate the risk exposure.>First Indicator: <Describe the earliest indicator or trigger condition that might indicate that the risk isturning into a problem.>Mitigation Approaches: <State one or more approaches to control, avoid, minimize, or otherwisemitigate the risk. Mitigation approaches may reduce the probability of the impact.>Date Started: <State the date Date to Complete: <State a Owner: <Assign each riskthe mitigation plan date by which the mitigation plan mitigation action to an individualimplementation was begun> is to be implemented.> for resolution.>Current Status: <Describe the status and effectiveness of the risk mitigation actions as of the date ofthis report.>Contingency Plan: <Describe the actions that will be taken to deal with the situation if this risk factoractually becomes a problem.>Trigger for Contingency Plan: <State the conditions under which the contingency plan will begin tobe implemented.> 6

×