Risk Profile - Risk Management Plan Document Shell v2

2,999 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,999
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
69
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Risk Profile - Risk Management Plan Document Shell v2

  1. 1. United States Department of Agriculture (USDA) eGovernment Program Risk Profile – Risk Management Plan Business Case Template November 2002
  2. 2. Risk Profile – Risk Management Plan Table of Contents Revision History................................................................................................................ii Previous Change History................................................................................................ii Document Sign-off.........................................................................................................ii 1 Introduction.....................................................................................................................1 2 Identify Risks...................................................................................................................2 2.1 Financial Risks...........................................................................................................2 2.2 Technical Risks..........................................................................................................2 2.3 Operational or Business Risks...................................................................................3 2.4 Schedule or Project Resources Risks.........................................................................3 2.5 Legal and Contractual or Strategic Risks...................................................................3 2.6 Organizational and Change Management Risks........................................................4 2.7 Data and Information Risks.......................................................................................4 2.8 Security Risks............................................................................................................4 2.9 Privacy Risks.............................................................................................................4 3 Analyze Risks..................................................................................................................5 3.1 Risk Probability.........................................................................................................5 3.2 Percent Occurrence....................................................................................................5 3.3 Risk Priority...............................................................................................................5 3.4 Cost of Risk................................................................................................................5 3.5 Risk Adjusted Cost....................................................................................................5 3.6 Risk Score..................................................................................................................6 4 Mitigate Risks..................................................................................................................7 4.1 Strategy and Methodology.........................................................................................7 5 Track Risks......................................................................................................................9 6 Appendix A....................................................................................................................10 6.1 Risk Management Table..........................................................................................10 USDA eGovernment Program i risk-profile-risk-management-plan-document-shell-v2787.doc
  3. 3. Risk Profile – Risk Management Plan Revision History Previous Change History Table a – Previous Change History VERSION DATE AUTHOR COMMENT Document Sign-off Table b – Document Sign-off DATE NAME TITLE USDA eGovernment Program ii risk-profile-risk-management-plan-document-shell-v2787.doc
  4. 4. Risk Profile – Risk Management Plan 1 Introduction [Introduce the purpose of the Risk Management Plan and the methodology that will be followed.] Questions answered: • What is the purpose of Risk Management? • What are the main topics discussed in the plan? • What is the process for managing risk on this project? USDA eGovernment Program 1 risk-profile-risk-management-plan-document-shell-v2787.doc
  5. 5. Risk Profile – Risk Management Plan 2 Identify Risks 2.1 Financial Risks [Discuss the risks that could result in needing unexpected funding, such as scope creep, sponsorship changes, cost overruns, legal dispute outlays, costs of lost information/data, hardware/software failure and replacement, costs to correct design errors or omissions, and potential cost of relying on a single vendor.] Questions answered: • What are the relevant financial risks for the project? • What sorts of financial issues would arise from implementation of the capability? 2.2 Technical Risks [Discuss the risks caused by an inability to accurately predict the investment’s lifecycle.] Questions answered: • What are the relevant technical risks for the project? Investment Size: • Number of project team members • Project duration • Number of organizational departments involved in the investment • Size of programming effort (e.g., hours). Investment Structure: • Complexity of effort (e.g., number of interfaces with other systems, etc.) • Security vulnerabilities • New system or renovation of existing system(s) • Organizational, procedural, or personnel changes resulting from the system • User perceptions and willingness to participate • Management commitment • Level of user involvement. Project team’s familiarity with: • Proposed business or application area • Target development environment, tools, and operating system • Development of similar systems. USDA eGovernment Program 2 risk-profile-risk-management-plan-document-shell-v2787.doc
  6. 6. Risk Profile – Risk Management Plan User group’s familiarity with: • System development process • Proposed application or business area • Similar investments • New technology. 2.3 Operational or Business Risks [Discuss the degree to which a proposed investment solves business problems or takes advantage of business opportunities. The business case may be enhanced if the investment can be linked to the overall strategic plan. The investment should functionally integrate with Department-level planning (i.e., enterprise architecture, Telecommunications and eGovernment). Information should be included on how the investment will affect organizational structures and procedures. (Investments with broader impacts on existing organizational structures or procedures are more risky than investments with lesser or more narrow impacts.)] Questions answered: • What are the relevant operational risks for the project? • What impacts would there be to the current operations, help desk, OCIO, etc. that may cause operational risks? 2.4 Schedule or Project Resources Risks [Discuss the degree to which the expected completion dates for all major investment activities meet organizational deadlines and constraints for effecting change. Concerns may include governmental regulation deadlines, project management experience, schedule timeframe, resource availability and competency, and contractor capabilities.] Questions answered: • What are the relevant schedule risks for the project? • What would happen if the project schedule were not met? • What risks would USDA suffer if timelines were missed? 2.5 Legal and Contractual or Strategic Risks [Discuss the investment ramifications that could result from developing an information system. Risks increase when outside organizations are involved. Risks may include, but are not limited to: Contract protests, Copyright infringements, Non-disclosure, Labor laws, Foreign trade regulations (limiting encryption techniques), Financial reporting standards, Software ownership in joint ventures.] USDA eGovernment Program 3 risk-profile-risk-management-plan-document-shell-v2787.doc
  7. 7. Risk Profile – Risk Management Plan Questions answered: • What are the relevant legal and contractual risks for the project? • What laws and mandates are in place and what are the ramifications for missing these regulations? 2.6 Organizational and Change Management Risks [Discuss the risks associated with key stakeholders and their view of the investment. Redistribution of power is the single greatest element that will increase organizational risk. Increasing stakeholder buy-in lowers organizational resistance to change.] Questions answered: • What are the relevant organizational risks for the project? • What risks would there be against people and processes at USDA? 2.7 Data and Information Risks [Discuss the risks associated with Data or Information misuse.] 2.8 Security Risks [Discuss the Security Risks.] 2.9 Privacy Risks [Discuss any risks of privacy misuse.] USDA eGovernment Program 4 risk-profile-risk-management-plan-document-shell-v2787.doc
  8. 8. Risk Profile – Risk Management Plan 3 Analyze Risks 3.1 Risk Probability [Identify an estimated probability that each risk will occur.] Questions answered: • Which risks are likely or severe? 3.2 Percent Occurrence [Identify an estimated percent of systems that each risk will affect.] Questions answered: • What is the likelihood that each risk would actually occur? 3.3 Risk Priority [Identify a ranking and priority of the risks.] Questions answered: • What risks are related? • What variables affect the impact of the identified risks? • What are the root cusses of the risks? 3.4 Cost of Risk [Identify an estimated cost for each risk.] Questions answered: • How much cost could be encountered by each risk? 3.5 Risk Adjusted Cost [Identify the estimated factor of risk or risk exposure. This is calculated by multiplying the probability of occurrence or likelihood with the consequence or impact (in dollar terms) if the risk occurred.] USDA eGovernment Program 5 risk-profile-risk-management-plan-document-shell-v2787.doc
  9. 9. Risk Profile – Risk Management Plan Questions answered: • What is probability of occurrence? • What is the impact of the risk occurring? 3.6 Risk Score [Identify an estimated risk score. This is calculated by dividing the investment's overall risk factor by the number of identified risks. This encourages Project Managers to include all identified risks and provides a more accurate picture of the overall investment risk. For example, several low-impact, low-likelihood risks may be less risky than a single high-impact, high-likelihood.] Questions answered: • What is the investment's overall risk rating? • How many risks have been identified? USDA eGovernment Program 6 risk-profile-risk-management-plan-document-shell-v2787.doc
  10. 10. Risk Profile – Risk Management Plan 4 Mitigate Risks 4.1 Strategy and Methodology [Describe the objectives and overall goals of the risk mitigation process.] Questions answered: • What are the main objectives for risk mitigation? • What strategy will be used for risk mitigation? Financial Controls • Perform Cost-Benefit and economic analyses • Implement a rigorous investment management program • Utilize earned value, share in savings, use contracting approaches, etc. to help control costs • Purchase liability insurance • Establish clear benefits to be realized • Use competitive bidding for each investment design increment. Technical Controls • Reengineer the process first • Use development lifecycle methodology/ structure • Use project planning/management software • Use appropriately trained personnel • Divide the investment into increments • Isolate custom design portions of the investment • Assign a Project Manager (preferably with Project Management Institute or similar organization certification) to be accountable for the investment • Conduct an Independent Verification and Validation (IV&V) • Conduct pilot test(s). Operational Controls • Use a strategic information management framework • Establish clear requirements and objectives • Use a change management program to minimize organizational disruption • Adequately train organization and provide follow on support • Establish performance metrics and monitor metrics using a reporting system • Establish a communications plan. USDA eGovernment Program 7 risk-profile-risk-management-plan-document-shell-v2787.doc
  11. 11. Risk Profile – Risk Management Plan Schedule Controls • Use contractual incentives for quality or timeliness • Use contractual penalties for missed deadlines • Use contractual incentives for meeting or beating deadlines • Use project management software • Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal. (DEL 01-0985) F - 4 USDA CPIC Guide to Information Technology • Use an experienced/certified Project Manager and/or provide the necessary training to the Project Manager • Set realistic expectations and manage those expectations • Use outsourcing to augment scarce internal resources. Legal and Contractual Controls • Create a software license management program • Review all applicable laws • Apprise contracting personnel of potential legal concerns and contract disputes • Maintain communication with contractors to minimize contract disputes • Provide multiple termination opportunities within a contract. Organizational Controls • Obtain “buy-in” from top management early in planning stages • Work closely with end-users to establish system requirements • Maintain good communication with all stakeholders. [Define an iterative approach for managing and mitigating risks identified in the assessment process. Specifically, this methodology should discuss the identification of the appropriate risk control strategy, objectives, alternatives, mitigation approach, responsible parties, resources required, activities, actions taken to date, and results achieved.] Questions answered: • What steps should be followed to manage the risks identified in the Assessment Plan? USDA eGovernment Program 8 risk-profile-risk-management-plan-document-shell-v2787.doc
  12. 12. Risk Profile – Risk Management Plan 5 Track Risks [Include a Risk Management Table used to track the risks identified for the project. The table should include the following columns: Date Identified, Area of Risk, Description, Risk Priority, Risk Probability, Probability of Occurrence, Cost of Risk, Risk Factor, Risk Score, Mitigation Strategy, Current Status. The template for this table is included in Appendix A.] USDA eGovernment Program 9 risk-profile-risk-management-plan-document-shell-v2787.doc
  13. 13. Risk Profile – Risk Management Plan 6 Appendix A 6.1 Risk Management Table Table 6.1a – Risk Management DATE AREA OF DESCRIPTION RISK RISK OCCURRENCE COST OF RISK LEVEL OF MITIGATION CURRENT IDENTIFIED RISK PRIORITY PROBABILITY RISK ADJUSTED CONTROL STRATEGY STATUS COST USDA eGovernment Program 10

×