SlideShare a Scribd company logo

RiskAssessmentProcess-Cleansed

Download as PPTX, PDF
L
Lindsay Bur

The document outlines a multi-step data governance risk assessment process for classifying projects and assessing their data governance risks. It involves: 1) Classifying projects into categories based on their data handling activities and assigning maturity levels. 2) Assessing projects' compliance with data governance best practices and scoring their risk levels. 3) Defining policies and procedures to address risks and monitoring projects' risk reduction over time with regular reviews. The process aims to improve how projects govern their data through ongoing classification, assessment, policy implementation, and risk tracking.

1 of 55
Data Governance Risk Assessment Process A guide to classifying, assessing and scoring projects for Data Governance (DG) Risk and monitoring their improvement.
Data and Data Governance This purpose of this process is to improve the way that projects and project portfolios govern their data. To do this, we must first define data and data governance. Data Facts and artifacts as found or created in data sets, files, or databases from clients, third party providers, and our teams including markups and reviewer notes as well as qualitative, quantitative, analytic, and summary data. Data Governance (DG) Standards based management of data and accountability for its integrity and control throughout its life cycle.
1. First Project Review 2. Pre-Second Project Review 3. Second Project Review 4. Third to nth Project Review Data Governance Risk Assessment Process Process Inception 1-2 Months Following Inception 2 Months Following Inception Every 60 days following
Project Types for DG Classification Review Only - Review reports and other information from clients and provide insight through advice, suggestions, and recommendations Maturity Level 1 - Query and analyze data without transformation (e.g. changing or adding) - Produce or download a table, report, or other outputs from a public data source Maturity Level 2 - Acquire, collect, or produce data - Adhere to contract and related agreement or license conditions for data - Analyze and transform (e.g. change or add to) data for the purpose of producing analytic output - Enforce limited access to data Maturity Level 3 - Make changes to correct or improve permanent data - Produce a new data set that will be used by others or published and that persists on its own - Produce a data set intended for analysis that is delivered to a client for use or publication Projects in each of these categories perform the following activities: RiskIncrease
1. First Project Review Process Inception 2. Pre-Second Project Review 1-2 Months Following Inception 3. Second Project Review 2 Months Following Inception 4. Third to nth project review Every 60 days following DG Risk Assessment Process Outline Activity Classify 1 Assess Classify 2 Assess Review Review Review Only ✔ N/A N/A N/A N/A Maturity Level 1 ✔ ✔ ✔ ✔ Maturity Level 2 ✔ ✔ ✔ ✔ ✔ Maturity Level 3 ✔ ✔ ✔ ✔ ✔ Project Type
1. First Project Review Time Process Inception Review Only Classify 1 Interview project managers about basic Data Governance (DG) Activity requirements Determine projects that do not deal with governable data of any kind (e.g. advice, suggestions, and recommendations) Maturity Level 1 Classify 1 Assess Interview project managers about basic DG Activity requirements Interview project managers about Level 1 DG Activity requirements Determine and designate Maturity Level 1 Projects Determine weighted risk score based on Maturity Level and responses to Level 1 DG Activities interview Define and plan policies and procedures, based on weighted risk score, to satisfy DG requirements Determine action items going forward Maturity Level 2 Classify 1 Interview project managers about basic DG Activity requirements Determine and designate Maturity Level 2 or 3 Projects Maturity Level 3 Classify 1 Interview project managers about basic DG Activity requirements Determine and designate Maturity level 2 or 3 Projects Project Type
2. Pre-Second Project ReviewProject Type Time 1-2 Months Following Inception Review Only Maturity Level 1 Maturity Level 2 Classify 2 Assess Interview project managers about Level 2 and 3 DG Activity requirements Interview project managers about Maturity Level 1 and 2 Activity requirements Determine and designate Maturity Level 2 Projects Determine weighted risk score based on Maturity Level and responses to Level 1 and 2 DG Activities interview Define and plan policies and procedures, based on weighted risk score, to correct issues in DG Activities Maturity Level 3 Classify 2 Assess Interview project managers about Level 2 and 3 DG Activity requirements Interview project managers about Maturity Level 1, 2, and 3 Activity requirements Determine and designate Maturity Level 3 Projects Determine weighted risk score based on Maturity Level and responses to Level 1, 2, and 3 Activities interview Define and plan policies and procedures, based on weighted risk score, to correct issues in DG Activities
3. Second Project ReviewProject Type Time 2 Months Following Inception Review Only Maturity Level 1 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward Maturity Level 2 Review Determine action items going forward Maturity Level 3 Review Determine action items going forward
4. Third to nth Project ReviewProject Type Time Every 60 days following Review Only Maturity Level 1 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward Maturity Level 2 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward Maturity Level 3 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward
Data Advisor Skills (Cumulative) White Belt Green Belt Black BeltBrown Belt • Has general knowledge on the subject of data governance • Understands the 15 key data governance activities • Has taken at least one project of any type through the risk assessment process • Has taken multiple projects of multiple types through the risk assessment process • Has trained another data advisor into a brown belt • Has taken projects of all levels through the risk assessment process
First Project Review Objectives: • Part 1: Classify 1(All projects) • Determine which projects do not deal with governable data at all (e.g. advice, suggestions, and recommendations) • Determine and designate Maturity Level 1 projects • Determine Maturity Level 2 or 3 projects • Parts 2, 3, 4, and 5: Assess (Level 1 Projects only) • Assess the compliance of Level 1 projects with the first five key DG Activities • Score Level 1 projects based on their level of compliance • Define and plan appropriate policies and procedures • Determine Action items going forward
First Project Review Part 1 - Classify 1 - To begin the interview at the first project review, the projects must first be classified into their appropriate maturity Levels - At this point, it is only relevant to separate Maturity Level 1 projects from Maturity Level 2 and 3 Projects. - Determine and designate which projects are Maturity Level 1 by asking project managers during their project review whether their projects perform any of the activities in each question
First Project Review Part 1 - Classify 1 1. In this project, does your team: a. Review reports and other information from clients and provide insight through advice, suggestions, and recommendations 2. In this project, does your team: (select all that apply) a. Query and analyze data without transformation (e.g. changing or adding) b. Produce or download a table, report, or other outputs from a public data source 3. In this project, does your team: (select all that apply) a. Acquire collect, or produce data b. Adhere to contract and related agreement or license conditions for data c. Analyze and transform (e.g. change or add to) data for the purpose of producing analytic output d. Enforce limited access to data 4. In this project, does your team handle data which falls under any of the following restrictions: (select all that apply) a. PPI - Personal protected information b. PII- Personal identifying information c. HIPAA- Health insurance portability and accountability act d. FERPA- Family educational rights and privacy act
First Project Review Part 1 - Classify 1 To determine the Maturity Level of the project being assessed and finish classifying Maturity Level 1 projects, follow the directions below: 1. If a project selects an answer for question 1 and does not select an answer for any of the following questions, they are a Review Only project 2. If a project selects any answer to question 2 and does not select an answer for any of the following questions, they are a Maturity Level 1 Project 3. If a project selects any answer to question 3, they are a Maturity Level 2 or 3 project 4. If a project selects any answer to question 4, they are a Maturity Level 2 or 3 project
First Project Review Part 2 - Assess - At this time, ONLY Maturity Level 1 projects are assessed to determine a weighted risk score - The following five questions assess a Maturity Level 1 project’s compliance with the first five key DG activities, and project managers should answer them to the best of their ability
First Project Review Part 2 - Assess (Question 1) 1. Which of the following statements best describes the way you and your project team capture and communicate project data requirements*? a. Automated: Our team uses an automated system that captures and communicates project data requirements b. Written and Reviewed: Our team documents project data requirements in writing, which I then review c. Written: Our team documents project data requirements in writing d. Verbal: Our team discusses project data requirements e. None: Our team does not document or discuss project data requirements in any way *Project Data Requirements: Specifications describing the content, format, and structure of the data.
First Project Review Part 2 - Assess (Question 2) 2. On this project, is your team maintaining a catalog of your data with information about its location, sensitivity, and type? a. Automated: Our team uses an automated system that maintains a catalog of our data b. Written and Verified: Our team documents how it maintains a catalog of our data, which I then review c. Written: Our team documents how it maintains a catalog of our data d. Verbal: Our team discusses how it maintains a catalog of our data e. None: Our team does not have a method for maintaining a catalog of our data
First Project Review Part 2 - Assess (Question 3) 3. Which of the following statements best describes the way you and your project team control the location, movement, copying, and backup of your data? a. Automated: Our team uses an automated system controls the locations, movements, copying, and backup of our data b. Written and Reviewed: Our team documents how it controls the locations, movements, copying, and backup of our data, which I then review c. Written: Our team documents how it controls the locations, movements, copying, and backup of our data d. Verbal: Our team discusses how it controls the locations, movements, copying, and backup of our data e. None: Our team does not have a method for controlling the locations, movements, copying, and backup of our data
First Project Review Part 2 - Assess (Question 4) 4. Which of the following statements best describes the way you and your project team capture information about your data in tags* or the data catalog? a. Automated: Our team has an automated system that captures information about our data in tags or the data catalog b. Written and Reviewed: Our team documents how it captures information about our data in tags or the data catalog, which I then review c. Written: Our team documents how it captures information about our data in tags or the data catalog d. Verbal: Our team discusses how it captures information about our data in tags or the data catalog e. None: Our team does not have a method for capturing information about our data in tags or the data catalog *Tags: Small attachments that accompany data files and include information about them, such as content, classification, or owner.
First Project Review Part 2 - Assess (Question 5) 5. Which of the following statements best describes the way you and your project team ensure data destruction, return, or retention requirements are complete & assigned as part of project close out preparation? a. Automated: Our team uses an automated system which assigns data destruction, return, or retention requirements b. Written and Reviewed: Our team documents data destruction, return, or retention requirements, which I then review c. Written: Our team documents data destruction, return, or retention requirements d. Verbal: Our team discusses data destruction, return, or retention requirements e. None: Our team does not have a plan that addresses this
First Project Review Part 3 – Score (Maturity Level 1) - Only Maturity Level 1 projects, who have answered the preceding five questions, can be given a risk score at this time - The answers the the preceding five questions will determine the weighted score the project will receive, and Maturity Table 1 will be used to weigh the relative risk of each answer to each question
First Project Review Part 3 – Score (Maturity Level 1) Maturity Table 1 Activity None Verbal Written Reviewed Automated Maturity Level 1: 5 6 4.5 3 1.5 0 Defined 4 4 3 2 1 0 3 6 4.5 3 1.5 0 2 4 3 2 1 0 1 6 4.5 3 1.5 0
Directions for use: 1. Match the question number to the activity number in the far left column 2. Match response options at the beginning of the answer selected to one of the responses at the top of the columns, record the score 3. Repeat for each of the questions 4. Sum the scores to create the total weighted risk score 5. Record this score in the project review system First Project Review Part 3 – Score (Maturity Level 1)
First Project Review Part 4 - Define and Plan DG Procedures Procedure Table 1 Activity None Verbal Written Reviewed Automated Activity 5 Data return & destruction Engage TS, DA and IT to ensure all data retention, return and destruction requirements identified in Activity 1 are fully planned and supported based on contract and policy terms and dates. This includes data classification and retention policy validation with Das, CISO and CPO. 0 Activity 4 Tagging or Metadata creation Engage TS & DA to determine the best approach to maintaining required metadata from Activity 1 with the data (tags) or specify catalog based capture & maintenance in Activity 2 0 Activity 3 Maintain inventory Create a regular update of all data created, acquired to changed by the project using the catalog template from Activity 2 N/A Activity 2 Data catalog requirements Apply the data requirements captured in Activity 1 to define your project data catalog template N/A Activity 1 Analytic requirements Engage TS and DA to provide templates and support for written capture with a standard review process N/A Maturity Level 1: Defined
- Based on a project’s answers to the five risk assessment questions, define and assign action items that the project must address moving forward in order to improve their compliance with DG activities and decrease their risk footprint First Project Review Part 5 – Action Items
Pre-Second Project Review Objectives: • Part 1: Classify-2 (Maturity Level 2 and 3 Projects) • Determine and designate Maturity Level 2 Projects • Determine and designate Maturity Level 3 Projects • Parts 2, 3, 4, and 5: Assess (Maturity Level 2 and 3 Projects) • Assess the compliance of Level 2 projects with the first 10 key DG Activities • Score Level 2 projects based on their level of compliance • Assess the compliance of Level 3 projects with all 15 key DG Activities • Score Level 3 Projects based on their level of compliance • Define and plan appropriate policies and procedures • Create a Final Project Report
Pre-Second Project Review Part 1 - Classify 2 - At this point, Maturity Level 2 and 3 projects must be differentiated and designated appropriately - The following questions should be asked of the project managers about their current project during their pre-second project review to determine the Maturity Level of their project
Pre-Second Project Review Part 1 - Classify 2 1. In this project, does your team: (check all that apply) a. Acquire, collect, or produce data b. Adhere to contract and related agreement or license conditions for data c. Analyze and transform (e.g. change or add to) data for the purpose of producing analytic output d. Enforce limited access to data 2. In this project, does your team: (check all that apply) a. Make changes to correct or improve permanent data b. Produce a new data set that will be used by others or published and that persists on its own c. Produce a data set intended for analysis that is delivered to a client for use or publication
Pre-Second Project Review Part 1 - Classify 2 To determine the Maturity Level of the project being assessed and finish classifying Maturity Level 2 and 3 projects, follow the directions below: 1. If a project selects any answer to question one and does not select any of the answers to the following question, they are a Maturity level 2 project 2. If a project selects any answer to question 2, they are a Maturity Level 3 Project
Pre-Second Project Review Part 2 - Assess - The risk assessment should now be done for both Maturity Level 2 and 3 projects - First, answer the first five questions from part 3 of the first tier interview, then answer the following five questions
Pre-Second Project Review Part 2 - Assess (Question 6) 6. Which of the following statements best describes the way you and your project team define, enforce, and monitor limited access to your data? a. Automated: Our team uses an automated system that enforces limited access to our data and generates automatic reports b. Written and Reviewed: Our team documents how it defines, enforces, and monitors limited access to our data, which I then review c. Written: Our team documents how it defines, enforces, and monitors limited access to our data d. Verbal: Our team discusses how it defines, enforces, and monitors limited access to our data e. None: Our team does not have a method for defining, enforcing, and monitoring limited access to our data
Pre-Second Project Review Part 2 - Assess (Question 7) 7. Which of the following statements best describes the way you and your project team enforce change control and versioning* for all of your project data and data sets? a. Automated: Our team uses an automated system that enforces change control and versioning for all of our project’s data and data sets b. Written and Reviewed: Our team documents how it enforces change control and versioning for all of our project’s data and data sets, which I then review c. Written: Our team documents how it enforces change control and versioning for all of our project’s data and data sets d. Verbal: Our team discusses how it enforces change control and versioning for all of our project’s data and data sets e. None: Our team does not have a method for enforcing change control and versioning for its data and data sets *Change control and versioning: The creation and management of multiple releases of a data set
Pre-Second Project Review Part 2 - Assess (Question 8) 8. Which of the following statements best describes the way you and your project team ensure data destruction, return, or retention execution as required? a. Automated: Our team has an automated system that destroys, returns, or retains data as required b. Written and Reviewed: Our team documents how it ensures data destruction, return, or retention execution as required, which I then review c. Written: Our team documents how it ensures data destruction, return, or retentions execution as required d. Verbal: Our team discusses how it ensures data destruction, return, or retention execution as required e. None: Our team does not have a method for ensuring data destruction, return, or retention execution as required
Pre-Second Project Review Part 2 - Assess (Question 9) 9. Which of the following statements best describes the way you and your project team identify and report any data events*? a. Automated: Our team uses an automated system that identifies and reports any data events b. Written and Reviewed: Our team documents how it identifies and reports data events, which I then review c. Written: Our team documents how it identifies and reports data events d. Verbal: Our team discusses how it identifies and reports data events e. None: Our team does not have a method for identifying and reporting data events *Data Events: Events that put data, privacy, or security at risk
Pre-Second Project Review Part 2 - Assess (Question 10) 10. Which of the following statements best describes the way you and your project team ensure compliance with data usage agreements, contract terms for data use, and restricted use license terms? a. Automated: Our team uses an automated system that ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms b. Written and Reviewed: Our team documents how it ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms, which I then review c. Written: Our team documents how it ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms d. Verbal: Our team discusses how it ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms e. None: Our team does not have a method for ensuring compliance with data usage agreements, contract terms for data use, and restricted use license terms
Pre-Second Project Review Part 2 - Assess - This section of the risk assessment should ONLY be done for Maturity Level 3 projects - Once a Maturity Level 3 project has answered the preceding ten questions, they complete the following four or five
Pre-Second Project Review Part 2 - Assess (Question 11) 11. Which of the following statements best describes the way you and your project team evaluate data quality, including adherence to data requirements, and identify necessary corrections or improvements? a. Automated: Our team uses an automated system that evaluates data quality, including adherence to data requirements, and identifies necessary corrections or improvements b. Written and Reviewed: Our team documents how it evaluates data quality, including adherence to data requirements, and how it identifies necessary corrections or improvements, which I then review c. Written: Our team documents how it evaluates data quality, including adherence to data requirements, and how it identifies necessary corrections or improvements d. Verbal: Our team discusses how it evaluates data quality, including adherence to data requirements, and how it identifies necessary corrections or improvements e. None: Our team does not have a method for evaluating data quality, including adherence to data requirements, or identifying necessary corrections or improvements
Pre-Second Project Review Part 2 - Assess (Question 12) 12. Which of the following statements best describes the way you and your project team execute corrections & improvements with change history*? a. Automated: Our team uses an automated system that executes corrections and improvements with change history b. Written and Reviewed: Our team documents how it executes corrections and improvements with change history, which I then review c. Written: Our team documents how it executes corrections and improvements with change history d. Verbal: Our team discusses how it executes corrections and improvements with change history e. None: Our team does not have a method for executing corrections and improvements with change history *Change history: Documentation of changes to a product or system that are introduced in a controlled and coordinated manner
Pre-Second Project Review Part 2 - Assess (Question 13) 13. Which of the following statements best describes the way you and your project team verify data changes in new versions? a. Automated: Our team uses an automated system that verifies data changes in new versions b. Written and Reviewed: Our team documents how it verifies data changes in new versions, which I then review c. Written: Our team documents how it verifies data changes in new versions d. Verbal: Our team discusses how it verifies data changes in new versions e. None: Our team does not have a method for verifying data changes in new versions
Pre-Second Project Review Part 2 - Assess (Question 14) 14. Which of the following statements best describes the way you and your project team promote new versions of data and verify analytic logic? a. Automated: Our team uses an automated system that promotes new versions of data and verifies analytic logic b. Written and Reviewed: Our team documents how it promotes new versions of data and verifies analytic logic, which I then review c. Written: Our team documents how it promotes new versions of data and verifies analytic logic d. Verbal: Our team discusses how it promotes new versions of data and verifies analytic logic e. None: Our team does not have a method for promoting new versions of data and verifying analytic logic *Analytic logic: analysis formulae, rules & logic, coding, scripts and other automation routines
Pre-Second Project Review Part 2 – Assess - This section of the risk assessment should ONLY be done for Maturity Level 3 projects where data advisors have determined that the following DG activity is relevant
Pre-Second Project Review Part 2 - Assess (Question 15) 15. Which of the following statements best describes the way you and your project team test corrected or improved data with an analytic script or program* to confirm integrity? a. Automated: Our team uses an automated system that tests corrected or improved data with an analytic script or program to confirm integrity b. Written and Reviewed: Our team documents how it tests corrected or improved data with an analytic script or program to confirm integrity, which I then review c. Written: Our team documents how it tests corrected or improved data with an analytic script or program to confirm integrity d. Verbal: Our team discusses how it tests corrected or improved data with an analytic script or program to confirm integrity e. None: Our team does not have a method for testing corrected or improved data with an analytic script or program to confirm integrity *Analytic script or program: analysis formulae, rules & logic, coding, scripts and other automation routines
Pre-Second Project Review Part 3 - Score (Maturity Levels 2 and 3) - Maturity Level 2 and 3 projects, who have answered the appropriate number of questions, can be given a risk score at this time - The answers the the appropriate ten to fifteen questions determine the weighted risk score for the project
Pre-Second Project Review Part 3 - Score (Maturity Level 2) Maturity Table 2 Activity None Verbal Written Reviewed Automated Maturity Level 2: 10 4 3 2 1 0 Controlled 9 4 3 2 1 0 8 6 4.5 3 1.5 0 7 6 4.5 3 1.5 0 6 6 4.5 3 1.5 0 Maturity Level 1: 5 12 9 6 3 0 Defined 4 8 6 4 2 0 3 12 9 6 3 0 2 8 6 4 2 0 1 12 9 6 3 0
Directions for use: 1. Match the question number to the activity number in the far left column 2. Match response options at the beginning of the answer selected to one of the responses at the top of the columns, record the score 3. Repeat for each of the questions 4. Sum the scores to create the total weighted risk score 5. Record this score in the project review system Pre-Second Project Review Part 3 - Score (Maturity Level 2)
Pre-Second Project Review Part 3 - Score (Maturity Level 3) Maturity Table 3 Activity None Verbal Written Reviewed Automated Maturity Level 3: 15 4 3 2 1 0 Improved 14 4 3 2 1 0 13 4 3 2 1 0 12 4 3 2 1 0 11 4 3 2 1 0 Maturity Level 2: 10 8 6 4 2 0 Controlled 9 8 6 4 2 0 8 12 9 6 3 0 7 12 9 6 3 0 6 12 9 6 3 0 Maturity Level 1: 5 18 13.5 9 4.5 0 Defined 4 12 9 6 3 0 3 18 13.5 9 4.5 0 2 12 9 6 3 0 1 18 13.5 9 4.5 0
Directions for use: 1. Match the question number to the activity number in the far left column 2. Match response options at the beginning of the answer selected to one of the responses at the top of the columns, record the score 3. Repeat for each of the questions 4. Sum the scores to create the total weighted risk score 5. Record this score in the project review system Pre-Second Project Review Part 3 - Score (Maturity Level 3)
Procedure Table 2 (Activities 6-10) Pre-Second Project Review Part 4 - Define and Plan DG Procedures Activity None Verbal Written Reviewed Automated Maturity Level 2: Activity 10 Data agreement compliance Engage DA to help monitor compliance including required reports from Activities 8,9, & 10 N/A Controlled Activity 9 Periodic Updates Engage DA to assist with periodic update requirements N/A Activity 8 Data Deletion Engage DA to identify verification reports required from IT as part of project data destruction and retention requirements N/A Activity 7 Change Control Engage DA to assist with change control requirements, settings and alerts, then engage TS to apply with IT N/A Activity 6 Access Control Engage with DA, TS and IT to obtain access control rights by person and recieve ongoing access audit trail reports N/A
Procedure Table 2 (Activities 11- 15) Pre-Second Project Review Part 4 - Define and Plan DG Procedures Activity None Verbal Written Reviewed Automated Maturity Level 3: Activity 15 Verify data & analytic integrity Engage DA and TS as needed to support data corrections and verification process N/A Improved Activity 14 Data & Analytic production control Engage DA and TS as needed to control promotion of new versions of analytic scripts and data sets to shared use and publication (production) N/A Activity 13 Verify data corrections Engage DA and TS as needed to support data corrections and verification process N/A Activity 12 Data correction & improvement Engage DA and TS as needed to support data corrections and verification process N/A Activity 11 Data Requirements Adherence Engage DA to help monitor requirements satisfaction from Activities 1 and 13 N/A
Objectives • Part 1: Review (Level 1 projects) • Review progress in fulfilling action items • Re-answer risk assessment questions • Evaluate progress in decreasing risk footprint • Determine action items going forward • Part 1: Review (Level 2 and 3 projects) • Determine action items going forward Second Project Review
- Based on the action items determined in Part 5 of the first project review, determine which have and which have not been fulfilled - Have each project manager, on their own before the second project review, re- answer the five questions they previously answered during Part 2 of the first project review and determine a new risk score - Determine where each project has improved, regressed, or plateaued across each of the five DG activities - Determine which action items should be renewed and what new action items should be addressed moving forward Second Project Review Part 1 – Review (Maturity Level 1)
- Based on a project’s answers to the appropriate risk assessment questions, define and assign action items that the project must address moving forward in order to improve their compliance with DG activities and decrease their risk footprint Second Project Review Part 1 – Review (Maturity Levels 2 and 3)
Objectives: Part 1: Review (All projects) • Review progress in fulfilling action items • Re-answer risk assessment questions • Evaluate progress in decreasing risk footprint • Determine action items going forward Third to nth Project Review
- Based on the action items determined in previous project reviews, determine which have and which have not been fulfilled - Have each project manager, on their own before the third and following project reviews, re-answer questions they previously answered during the first project review or pre-second project review and determine a new risk score - Determine where each project has improved, regressed, or plateaued across each of the appropriate DG activities - Determine which action items should be renewed and what new action items should be addressed moving forward Third to nth Project Review Part 1 - Review
Thanks for watching!

Recommended

Quality assurance review check list
Quality assurance review check listQuality assurance review check list
Quality assurance review check list
zeitgeistr2
 
system analysis and design Class 3
system analysis and design Class 3system analysis and design Class 3
system analysis and design Class 3
Dr. Mazin Mohamed alkathiri
 
PMP Preparation - 08 Quality Management
PMP Preparation - 08 Quality ManagementPMP Preparation - 08 Quality Management
PMP Preparation - 08 Quality Management
Mohamed ElSaadany, PMP, CCP, PMI-RMP, SCE-PE
 
How performance management can improve client satisfaction
How performance management can improve client satisfactionHow performance management can improve client satisfaction
How performance management can improve client satisfaction
Skanska USA
 
Analysis Phase
Analysis PhaseAnalysis Phase
Analysis Phase
Amr Mohmed Fekry, PMP, BPA ACP
 
Postmortem Analysis
Postmortem AnalysisPostmortem Analysis
Postmortem Analysis
Saqib Raza
 
Mg6088 spm unit-2
Mg6088 spm unit-2Mg6088 spm unit-2
Mg6088 spm unit-2
SIMONTHOMAS S
 
Csqe sample exam 2 solutions 05.00.04
Csqe sample exam 2 solutions 05.00.04Csqe sample exam 2 solutions 05.00.04
Csqe sample exam 2 solutions 05.00.04
binodrit98
 

Recommended

Quality assurance review check list
Quality assurance review check listQuality assurance review check list
Quality assurance review check list
zeitgeistr2
 
system analysis and design Class 3
system analysis and design Class 3system analysis and design Class 3
system analysis and design Class 3
Dr. Mazin Mohamed alkathiri
 
PMP Preparation - 08 Quality Management
PMP Preparation - 08 Quality ManagementPMP Preparation - 08 Quality Management
PMP Preparation - 08 Quality Management
Mohamed ElSaadany, PMP, CCP, PMI-RMP, SCE-PE
 
How performance management can improve client satisfaction
How performance management can improve client satisfactionHow performance management can improve client satisfaction
How performance management can improve client satisfaction
Skanska USA
 
Analysis Phase
Analysis PhaseAnalysis Phase
Analysis Phase
Amr Mohmed Fekry, PMP, BPA ACP
 
Postmortem Analysis
Postmortem AnalysisPostmortem Analysis
Postmortem Analysis
Saqib Raza
 
Mg6088 spm unit-2
Mg6088 spm unit-2Mg6088 spm unit-2
Mg6088 spm unit-2
SIMONTHOMAS S
 
Csqe sample exam 2 solutions 05.00.04
Csqe sample exam 2 solutions 05.00.04Csqe sample exam 2 solutions 05.00.04
Csqe sample exam 2 solutions 05.00.04
binodrit98
 
Defining the Problem - Goals and requirements
Defining the Problem - Goals and requirementsDefining the Problem - Goals and requirements
Defining the Problem - Goals and requirements
Stephennancy
 
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Reetesh Gupta
 
Managing IT Projects
Managing IT ProjectsManaging IT Projects
Managing IT Projects
Rhys Leong
 
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Renato Gonzalez
 
Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises
Moutasm Tamimi
 
Pressman ch-22-process-and-project-metrics
Pressman ch-22-process-and-project-metricsPressman ch-22-process-and-project-metrics
Pressman ch-22-process-and-project-metrics
Seema Kamble
 
Systematic review on evaluating planning process in agile development methods
Systematic review on evaluating planning process in agile development methodsSystematic review on evaluating planning process in agile development methods
Systematic review on evaluating planning process in agile development methods
TELKOMNIKA JOURNAL
 
Project Management: Initiating Process Group - Lesson 1
Project Management: Initiating Process Group - Lesson 1 Project Management: Initiating Process Group - Lesson 1
Project Management: Initiating Process Group - Lesson 1
JMBOKAcademy
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
Rohana K Amarakoon
 
Managing projects by data
Managing projects by dataManaging projects by data
Managing projects by data
Mobi Marketing
 
Capability Maturity Model Integartion
Capability Maturity Model IntegartionCapability Maturity Model Integartion
Capability Maturity Model Integartion
Saqib Raza
 
Spm project planning
Spm project planning Spm project planning
Spm project planning
Kanchana Devi
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
UMA PARAMESWARI
 
Verifying and Validating Requirements
Verifying and Validating RequirementsVerifying and Validating Requirements
Verifying and Validating Requirements
Ravikanth-BA
 
Unit3 software review control software
Unit3 software review control softwareUnit3 software review control software
Unit3 software review control software
Reetesh Gupta
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
Moutasm Tamimi
 
Software Metrics
Software MetricsSoftware Metrics
Software Metrics
Swati Patel
 
Major proj term3
Major proj term3Major proj term3
Major proj term3
hccit
 
Slides chapters 21-23
Slides chapters 21-23Slides chapters 21-23
Slides chapters 21-23
Priyanka Shetty
 
PMP Preparation - 03 Framework
PMP Preparation - 03 FrameworkPMP Preparation - 03 Framework
PMP Preparation - 03 Framework
Mohamed ElSaadany, PMP, CCP, PMI-RMP, SCE-PE
 
OSHA Team Leader
OSHA Team LeaderOSHA Team Leader
OSHA Team LeaderKhaled Mulla
 
Leidymareco
LeidymarecoLeidymareco
Leidymareco
Lei94
 

More Related Content

What's hot

Defining the Problem - Goals and requirements
Defining the Problem - Goals and requirementsDefining the Problem - Goals and requirements
Defining the Problem - Goals and requirements
Stephennancy
 
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Reetesh Gupta
 
Managing IT Projects
Managing IT ProjectsManaging IT Projects
Managing IT Projects
Rhys Leong
 
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Renato Gonzalez
 
Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises
Moutasm Tamimi
 
Pressman ch-22-process-and-project-metrics
Pressman ch-22-process-and-project-metricsPressman ch-22-process-and-project-metrics
Pressman ch-22-process-and-project-metrics
Seema Kamble
 
Systematic review on evaluating planning process in agile development methods
Systematic review on evaluating planning process in agile development methodsSystematic review on evaluating planning process in agile development methods
Systematic review on evaluating planning process in agile development methods
TELKOMNIKA JOURNAL
 
Project Management: Initiating Process Group - Lesson 1
Project Management: Initiating Process Group - Lesson 1 Project Management: Initiating Process Group - Lesson 1
Project Management: Initiating Process Group - Lesson 1
JMBOKAcademy
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
Rohana K Amarakoon
 
Managing projects by data
Managing projects by dataManaging projects by data
Managing projects by data
Mobi Marketing
 
Capability Maturity Model Integartion
Capability Maturity Model IntegartionCapability Maturity Model Integartion
Capability Maturity Model Integartion
Saqib Raza
 
Spm project planning
Spm project planning Spm project planning
Spm project planning
Kanchana Devi
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
UMA PARAMESWARI
 
Verifying and Validating Requirements
Verifying and Validating RequirementsVerifying and Validating Requirements
Verifying and Validating Requirements
Ravikanth-BA
 
Unit3 software review control software
Unit3 software review control softwareUnit3 software review control software
Unit3 software review control software
Reetesh Gupta
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
Moutasm Tamimi
 
Software Metrics
Software MetricsSoftware Metrics
Software Metrics
Swati Patel
 
Major proj term3
Major proj term3Major proj term3
Major proj term3
hccit
 
Slides chapters 21-23
Slides chapters 21-23Slides chapters 21-23
Slides chapters 21-23
Priyanka Shetty
 
PMP Preparation - 03 Framework
PMP Preparation - 03 FrameworkPMP Preparation - 03 Framework
PMP Preparation - 03 Framework
Mohamed ElSaadany, PMP, CCP, PMI-RMP, SCE-PE
 

What's hot (20)

Defining the Problem - Goals and requirements
Defining the Problem - Goals and requirementsDefining the Problem - Goals and requirements
Defining the Problem - Goals and requirements
 
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
Unit4 Proof of Correctness, Statistical Tools, Clean Room Process and Quality...
 
Managing IT Projects
Managing IT ProjectsManaging IT Projects
Managing IT Projects
 
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
Software quality assurance (sqa) Parte II- Métricas del Software y Modelos d...
 
Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises
 
Pressman ch-22-process-and-project-metrics
Pressman ch-22-process-and-project-metricsPressman ch-22-process-and-project-metrics
Pressman ch-22-process-and-project-metrics
 
Systematic review on evaluating planning process in agile development methods
Systematic review on evaluating planning process in agile development methodsSystematic review on evaluating planning process in agile development methods
Systematic review on evaluating planning process in agile development methods
 
Project Management: Initiating Process Group - Lesson 1
Project Management: Initiating Process Group - Lesson 1 Project Management: Initiating Process Group - Lesson 1
Project Management: Initiating Process Group - Lesson 1
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
 
Managing projects by data
Managing projects by dataManaging projects by data
Managing projects by data
 
Capability Maturity Model Integartion
Capability Maturity Model IntegartionCapability Maturity Model Integartion
Capability Maturity Model Integartion
 
Spm project planning
Spm project planning Spm project planning
Spm project planning
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
 
Verifying and Validating Requirements
Verifying and Validating RequirementsVerifying and Validating Requirements
Verifying and Validating Requirements
 
Unit3 software review control software
Unit3 software review control softwareUnit3 software review control software
Unit3 software review control software
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
 
Software Metrics
Software MetricsSoftware Metrics
Software Metrics
 
Major proj term3
Major proj term3Major proj term3
Major proj term3
 
Slides chapters 21-23
Slides chapters 21-23Slides chapters 21-23
Slides chapters 21-23
 
PMP Preparation - 03 Framework
PMP Preparation - 03 FrameworkPMP Preparation - 03 Framework
PMP Preparation - 03 Framework
 

Viewers also liked

Leidymareco
LeidymarecoLeidymareco
Leidymareco
Lei94
 
registro mercantil
registro mercantilregistro mercantil
registro mercantil
cindyjanse
 
team dd's 2 NO CLEVE
team dd's 2 NO CLEVEteam dd's 2 NO CLEVE
team dd's 2 NO CLEVEDerek DeBoer
 
Presentacioncello
PresentacioncelloPresentacioncello
Presentacioncello
Daniela Gutiérrez
 
Mspark's Monthly Trends Monitor - Aug 16 issue
Mspark's Monthly Trends Monitor - Aug 16 issue Mspark's Monthly Trends Monitor - Aug 16 issue
Mspark's Monthly Trends Monitor - Aug 16 issue
Frank Boggess
 
Barranquilla atlántico
Barranquilla atlánticoBarranquilla atlántico
Barranquilla atlántico
dayana alcazar altahona
 
MSPARK MARKETING TRENDS MONITER
MSPARK MARKETING TRENDS MONITERMSPARK MARKETING TRENDS MONITER
MSPARK MARKETING TRENDS MONITER
Sheila Skaggs-Gay
 
PROFILE DPM FINAL ENL PRINT 27.9
PROFILE DPM FINAL ENL PRINT 27.9PROFILE DPM FINAL ENL PRINT 27.9
PROFILE DPM FINAL ENL PRINT 27.9Jaina Nguyen
 
090525_Ken Pavés.pdf
090525_Ken Pavés.pdf090525_Ken Pavés.pdf
090525_Ken Pavés.pdf
unn | UNITED NEWS NETWORK GmbH
 
resume
resumeresume
resume
Katrina Aquino
 
Economía, objeto y método
Economía, objeto y métodoEconomía, objeto y método
Economía, objeto y método
jesuspinedat
 
Unidad ll secuencia didáctica integrando un software
Unidad ll secuencia didáctica integrando un software Unidad ll secuencia didáctica integrando un software
Unidad ll secuencia didáctica integrando un software
Diana Paola Averrisquieta Sánchez
 
Cartula
CartulaCartula
Cartula
John95_
 
The Innovation Bottom Line: How Sustainability is Paying Off
The Innovation Bottom Line: How Sustainability is Paying OffThe Innovation Bottom Line: How Sustainability is Paying Off
The Innovation Bottom Line: How Sustainability is Paying Off
Boston Consulting Group
 
The World of Wine & Spirits
The World of Wine & SpiritsThe World of Wine & Spirits
The World of Wine & Spirits
HEMANT SINGH
 

Viewers also liked (18)

OSHA Team Leader
OSHA Team LeaderOSHA Team Leader
OSHA Team Leader
 
Leidymareco
LeidymarecoLeidymareco
Leidymareco
 
BSc_degree
BSc_degreeBSc_degree
BSc_degree
 
registro mercantil
registro mercantilregistro mercantil
registro mercantil
 
team dd's 2 NO CLEVE
team dd's 2 NO CLEVEteam dd's 2 NO CLEVE
team dd's 2 NO CLEVE
 
Presentacioncello
PresentacioncelloPresentacioncello
Presentacioncello
 
Mspark's Monthly Trends Monitor - Aug 16 issue
Mspark's Monthly Trends Monitor - Aug 16 issue Mspark's Monthly Trends Monitor - Aug 16 issue
Mspark's Monthly Trends Monitor - Aug 16 issue
 
Barranquilla atlántico
Barranquilla atlánticoBarranquilla atlántico
Barranquilla atlántico
 
MSPARK MARKETING TRENDS MONITER
MSPARK MARKETING TRENDS MONITERMSPARK MARKETING TRENDS MONITER
MSPARK MARKETING TRENDS MONITER
 
Garage Door Repair Cave Creek
Garage Door Repair Cave CreekGarage Door Repair Cave Creek
Garage Door Repair Cave Creek
 
PROFILE DPM FINAL ENL PRINT 27.9
PROFILE DPM FINAL ENL PRINT 27.9PROFILE DPM FINAL ENL PRINT 27.9
PROFILE DPM FINAL ENL PRINT 27.9
 
090525_Ken Pavés.pdf
090525_Ken Pavés.pdf090525_Ken Pavés.pdf
090525_Ken Pavés.pdf
 
resume
resumeresume
resume
 
Economía, objeto y método
Economía, objeto y métodoEconomía, objeto y método
Economía, objeto y método
 
Unidad ll secuencia didáctica integrando un software
Unidad ll secuencia didáctica integrando un software Unidad ll secuencia didáctica integrando un software
Unidad ll secuencia didáctica integrando un software
 
Cartula
CartulaCartula
Cartula
 
The Innovation Bottom Line: How Sustainability is Paying Off
The Innovation Bottom Line: How Sustainability is Paying OffThe Innovation Bottom Line: How Sustainability is Paying Off
The Innovation Bottom Line: How Sustainability is Paying Off
 
The World of Wine & Spirits
The World of Wine & SpiritsThe World of Wine & Spirits
The World of Wine & Spirits
 

Similar to RiskAssessmentProcess-Cleansed

PROJECT PLANNING.pptx
PROJECT PLANNING.pptxPROJECT PLANNING.pptx
PROJECT PLANNING.pptx
ShanmugapriyaSenthil3
 
PROJECT PLANNING.pptx
PROJECT PLANNING.pptxPROJECT PLANNING.pptx
PROJECT PLANNING.pptx
ShanmugapriyaSenthil3
 
CAPM Exam preparation - series 1
CAPM Exam preparation - series 1CAPM Exam preparation - series 1
CAPM Exam preparation - series 1
Toe Myint Naing
 
lecture about project management: Logical Framework.ppt
lecture about project management: Logical Framework.pptlecture about project management: Logical Framework.ppt
lecture about project management: Logical Framework.ppt
NguyenDanhTai
 
spm-01.ppt
spm-01.pptspm-01.ppt
spm-01.ppt
st.mary's womens engineering college,budampadu
 
Kick+Off+Presentation.pptx
Kick+Off+Presentation.pptxKick+Off+Presentation.pptx
Kick+Off+Presentation.pptx
Ajinkya Vaze
 
13 Project Monitoring And Evaluation
13 Project Monitoring And Evaluation13 Project Monitoring And Evaluation
13 Project Monitoring And Evaluation
rajkpandey2000
 
13 project monitoring and evaluation
13 project monitoring and evaluation13 project monitoring and evaluation
13 project monitoring and evaluation
rajkpandey2000
 
Unit 1.2 Stepwise Project Planning.pdf
Unit 1.2 Stepwise Project Planning.pdfUnit 1.2 Stepwise Project Planning.pdf
Unit 1.2 Stepwise Project Planning.pdf
AkshayDwivedi31
 
Project auditing
Project auditingProject auditing
Project auditing
Libra chudry
 
Bsbpmg505 manage project quality
Bsbpmg505 manage project qualityBsbpmg505 manage project quality
Bsbpmg505 manage project quality
asmits kharel
 
Final Class Presentation on Project Audit and Closure.ppt
Final Class Presentation on Project Audit and Closure.pptFinal Class Presentation on Project Audit and Closure.ppt
Final Class Presentation on Project Audit and Closure.ppt
GeorgeKabongah2
 
2 a. project auditing
2 a. project auditing2 a. project auditing
2 a. project auditing
Dr.R. SELVAM
 
Project manegement
Project manegementProject manegement
Project manegement
Savvycom Savvycom
 
E success client-software-development
E success client-software-developmentE success client-software-development
E success client-software-development
Riyaan Sharma
 
Topic 1a overview program and project structures
Topic 1a overview program and project structuresTopic 1a overview program and project structures
Topic 1a overview program and project structures
Allan Cunningham
 
Project audit and closure
Project audit and closureProject audit and closure
Project audit and closure
Velita Furtado
 
New Change Implementation
New Change ImplementationNew Change Implementation
New Change Implementation
guest7471d9a
 
New Change Implementation
New Change ImplementationNew Change Implementation
New Change Implementation
Sonia Usih, PMP, MCPM, BSc.
 
unit-3.pptx
unit-3.pptxunit-3.pptx
unit-3.pptx
Prabin Pandit
 

Similar to RiskAssessmentProcess-Cleansed (20)

PROJECT PLANNING.pptx
PROJECT PLANNING.pptxPROJECT PLANNING.pptx
PROJECT PLANNING.pptx
 
PROJECT PLANNING.pptx
PROJECT PLANNING.pptxPROJECT PLANNING.pptx
PROJECT PLANNING.pptx
 
CAPM Exam preparation - series 1
CAPM Exam preparation - series 1CAPM Exam preparation - series 1
CAPM Exam preparation - series 1
 
lecture about project management: Logical Framework.ppt
lecture about project management: Logical Framework.pptlecture about project management: Logical Framework.ppt
lecture about project management: Logical Framework.ppt
 
spm-01.ppt
spm-01.pptspm-01.ppt
spm-01.ppt
 
Kick+Off+Presentation.pptx
Kick+Off+Presentation.pptxKick+Off+Presentation.pptx
Kick+Off+Presentation.pptx
 
13 Project Monitoring And Evaluation
13 Project Monitoring And Evaluation13 Project Monitoring And Evaluation
13 Project Monitoring And Evaluation
 
13 project monitoring and evaluation
13 project monitoring and evaluation13 project monitoring and evaluation
13 project monitoring and evaluation
 
Unit 1.2 Stepwise Project Planning.pdf
Unit 1.2 Stepwise Project Planning.pdfUnit 1.2 Stepwise Project Planning.pdf
Unit 1.2 Stepwise Project Planning.pdf
 
Project auditing
Project auditingProject auditing
Project auditing
 
Bsbpmg505 manage project quality
Bsbpmg505 manage project qualityBsbpmg505 manage project quality
Bsbpmg505 manage project quality
 
Final Class Presentation on Project Audit and Closure.ppt
Final Class Presentation on Project Audit and Closure.pptFinal Class Presentation on Project Audit and Closure.ppt
Final Class Presentation on Project Audit and Closure.ppt
 
2 a. project auditing
2 a. project auditing2 a. project auditing
2 a. project auditing
 
Project manegement
Project manegementProject manegement
Project manegement
 
E success client-software-development
E success client-software-developmentE success client-software-development
E success client-software-development
 
Topic 1a overview program and project structures
Topic 1a overview program and project structuresTopic 1a overview program and project structures
Topic 1a overview program and project structures
 
Project audit and closure
Project audit and closureProject audit and closure
Project audit and closure
 
New Change Implementation
New Change ImplementationNew Change Implementation
New Change Implementation
 
New Change Implementation
New Change ImplementationNew Change Implementation
New Change Implementation
 
unit-3.pptx
unit-3.pptxunit-3.pptx
unit-3.pptx
 

RiskAssessmentProcess-Cleansed

  • 1. Data Governance Risk Assessment Process A guide to classifying, assessing and scoring projects for Data Governance (DG) Risk and monitoring their improvement.
  • 2. Data and Data Governance This purpose of this process is to improve the way that projects and project portfolios govern their data. To do this, we must first define data and data governance. Data Facts and artifacts as found or created in data sets, files, or databases from clients, third party providers, and our teams including markups and reviewer notes as well as qualitative, quantitative, analytic, and summary data. Data Governance (DG) Standards based management of data and accountability for its integrity and control throughout its life cycle.
  • 3. 1. First Project Review 2. Pre-Second Project Review 3. Second Project Review 4. Third to nth Project Review Data Governance Risk Assessment Process Process Inception 1-2 Months Following Inception 2 Months Following Inception Every 60 days following
  • 4. Project Types for DG Classification Review Only - Review reports and other information from clients and provide insight through advice, suggestions, and recommendations Maturity Level 1 - Query and analyze data without transformation (e.g. changing or adding) - Produce or download a table, report, or other outputs from a public data source Maturity Level 2 - Acquire, collect, or produce data - Adhere to contract and related agreement or license conditions for data - Analyze and transform (e.g. change or add to) data for the purpose of producing analytic output - Enforce limited access to data Maturity Level 3 - Make changes to correct or improve permanent data - Produce a new data set that will be used by others or published and that persists on its own - Produce a data set intended for analysis that is delivered to a client for use or publication Projects in each of these categories perform the following activities: RiskIncrease
  • 5. 1. First Project Review Process Inception 2. Pre-Second Project Review 1-2 Months Following Inception 3. Second Project Review 2 Months Following Inception 4. Third to nth project review Every 60 days following DG Risk Assessment Process Outline Activity Classify 1 Assess Classify 2 Assess Review Review Review Only ✔ N/A N/A N/A N/A Maturity Level 1 ✔ ✔ ✔ ✔ Maturity Level 2 ✔ ✔ ✔ ✔ ✔ Maturity Level 3 ✔ ✔ ✔ ✔ ✔ Project Type
  • 6. 1. First Project Review Time Process Inception Review Only Classify 1 Interview project managers about basic Data Governance (DG) Activity requirements Determine projects that do not deal with governable data of any kind (e.g. advice, suggestions, and recommendations) Maturity Level 1 Classify 1 Assess Interview project managers about basic DG Activity requirements Interview project managers about Level 1 DG Activity requirements Determine and designate Maturity Level 1 Projects Determine weighted risk score based on Maturity Level and responses to Level 1 DG Activities interview Define and plan policies and procedures, based on weighted risk score, to satisfy DG requirements Determine action items going forward Maturity Level 2 Classify 1 Interview project managers about basic DG Activity requirements Determine and designate Maturity Level 2 or 3 Projects Maturity Level 3 Classify 1 Interview project managers about basic DG Activity requirements Determine and designate Maturity level 2 or 3 Projects Project Type
  • 7. 2. Pre-Second Project ReviewProject Type Time 1-2 Months Following Inception Review Only Maturity Level 1 Maturity Level 2 Classify 2 Assess Interview project managers about Level 2 and 3 DG Activity requirements Interview project managers about Maturity Level 1 and 2 Activity requirements Determine and designate Maturity Level 2 Projects Determine weighted risk score based on Maturity Level and responses to Level 1 and 2 DG Activities interview Define and plan policies and procedures, based on weighted risk score, to correct issues in DG Activities Maturity Level 3 Classify 2 Assess Interview project managers about Level 2 and 3 DG Activity requirements Interview project managers about Maturity Level 1, 2, and 3 Activity requirements Determine and designate Maturity Level 3 Projects Determine weighted risk score based on Maturity Level and responses to Level 1, 2, and 3 Activities interview Define and plan policies and procedures, based on weighted risk score, to correct issues in DG Activities
  • 8. 3. Second Project ReviewProject Type Time 2 Months Following Inception Review Only Maturity Level 1 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward Maturity Level 2 Review Determine action items going forward Maturity Level 3 Review Determine action items going forward
  • 9. 4. Third to nth Project ReviewProject Type Time Every 60 days following Review Only Maturity Level 1 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward Maturity Level 2 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward Maturity Level 3 Review Review progress in fulfilling action items Re-answer risk assessment questions Evaluate progress in decreasing risk footprint Determine action items going forward
  • 10. Data Advisor Skills (Cumulative) White Belt Green Belt Black BeltBrown Belt • Has general knowledge on the subject of data governance • Understands the 15 key data governance activities • Has taken at least one project of any type through the risk assessment process • Has taken multiple projects of multiple types through the risk assessment process • Has trained another data advisor into a brown belt • Has taken projects of all levels through the risk assessment process
  • 11. First Project Review Objectives: • Part 1: Classify 1(All projects) • Determine which projects do not deal with governable data at all (e.g. advice, suggestions, and recommendations) • Determine and designate Maturity Level 1 projects • Determine Maturity Level 2 or 3 projects • Parts 2, 3, 4, and 5: Assess (Level 1 Projects only) • Assess the compliance of Level 1 projects with the first five key DG Activities • Score Level 1 projects based on their level of compliance • Define and plan appropriate policies and procedures • Determine Action items going forward
  • 12. First Project Review Part 1 - Classify 1 - To begin the interview at the first project review, the projects must first be classified into their appropriate maturity Levels - At this point, it is only relevant to separate Maturity Level 1 projects from Maturity Level 2 and 3 Projects. - Determine and designate which projects are Maturity Level 1 by asking project managers during their project review whether their projects perform any of the activities in each question
  • 13. First Project Review Part 1 - Classify 1 1. In this project, does your team: a. Review reports and other information from clients and provide insight through advice, suggestions, and recommendations 2. In this project, does your team: (select all that apply) a. Query and analyze data without transformation (e.g. changing or adding) b. Produce or download a table, report, or other outputs from a public data source 3. In this project, does your team: (select all that apply) a. Acquire collect, or produce data b. Adhere to contract and related agreement or license conditions for data c. Analyze and transform (e.g. change or add to) data for the purpose of producing analytic output d. Enforce limited access to data 4. In this project, does your team handle data which falls under any of the following restrictions: (select all that apply) a. PPI - Personal protected information b. PII- Personal identifying information c. HIPAA- Health insurance portability and accountability act d. FERPA- Family educational rights and privacy act
  • 14. First Project Review Part 1 - Classify 1 To determine the Maturity Level of the project being assessed and finish classifying Maturity Level 1 projects, follow the directions below: 1. If a project selects an answer for question 1 and does not select an answer for any of the following questions, they are a Review Only project 2. If a project selects any answer to question 2 and does not select an answer for any of the following questions, they are a Maturity Level 1 Project 3. If a project selects any answer to question 3, they are a Maturity Level 2 or 3 project 4. If a project selects any answer to question 4, they are a Maturity Level 2 or 3 project
  • 15. First Project Review Part 2 - Assess - At this time, ONLY Maturity Level 1 projects are assessed to determine a weighted risk score - The following five questions assess a Maturity Level 1 project’s compliance with the first five key DG activities, and project managers should answer them to the best of their ability
  • 16. First Project Review Part 2 - Assess (Question 1) 1. Which of the following statements best describes the way you and your project team capture and communicate project data requirements*? a. Automated: Our team uses an automated system that captures and communicates project data requirements b. Written and Reviewed: Our team documents project data requirements in writing, which I then review c. Written: Our team documents project data requirements in writing d. Verbal: Our team discusses project data requirements e. None: Our team does not document or discuss project data requirements in any way *Project Data Requirements: Specifications describing the content, format, and structure of the data.
  • 17. First Project Review Part 2 - Assess (Question 2) 2. On this project, is your team maintaining a catalog of your data with information about its location, sensitivity, and type? a. Automated: Our team uses an automated system that maintains a catalog of our data b. Written and Verified: Our team documents how it maintains a catalog of our data, which I then review c. Written: Our team documents how it maintains a catalog of our data d. Verbal: Our team discusses how it maintains a catalog of our data e. None: Our team does not have a method for maintaining a catalog of our data
  • 18. First Project Review Part 2 - Assess (Question 3) 3. Which of the following statements best describes the way you and your project team control the location, movement, copying, and backup of your data? a. Automated: Our team uses an automated system controls the locations, movements, copying, and backup of our data b. Written and Reviewed: Our team documents how it controls the locations, movements, copying, and backup of our data, which I then review c. Written: Our team documents how it controls the locations, movements, copying, and backup of our data d. Verbal: Our team discusses how it controls the locations, movements, copying, and backup of our data e. None: Our team does not have a method for controlling the locations, movements, copying, and backup of our data
  • 19. First Project Review Part 2 - Assess (Question 4) 4. Which of the following statements best describes the way you and your project team capture information about your data in tags* or the data catalog? a. Automated: Our team has an automated system that captures information about our data in tags or the data catalog b. Written and Reviewed: Our team documents how it captures information about our data in tags or the data catalog, which I then review c. Written: Our team documents how it captures information about our data in tags or the data catalog d. Verbal: Our team discusses how it captures information about our data in tags or the data catalog e. None: Our team does not have a method for capturing information about our data in tags or the data catalog *Tags: Small attachments that accompany data files and include information about them, such as content, classification, or owner.
  • 20. First Project Review Part 2 - Assess (Question 5) 5. Which of the following statements best describes the way you and your project team ensure data destruction, return, or retention requirements are complete & assigned as part of project close out preparation? a. Automated: Our team uses an automated system which assigns data destruction, return, or retention requirements b. Written and Reviewed: Our team documents data destruction, return, or retention requirements, which I then review c. Written: Our team documents data destruction, return, or retention requirements d. Verbal: Our team discusses data destruction, return, or retention requirements e. None: Our team does not have a plan that addresses this
  • 21. First Project Review Part 3 – Score (Maturity Level 1) - Only Maturity Level 1 projects, who have answered the preceding five questions, can be given a risk score at this time - The answers the the preceding five questions will determine the weighted score the project will receive, and Maturity Table 1 will be used to weigh the relative risk of each answer to each question
  • 22. First Project Review Part 3 – Score (Maturity Level 1) Maturity Table 1 Activity None Verbal Written Reviewed Automated Maturity Level 1: 5 6 4.5 3 1.5 0 Defined 4 4 3 2 1 0 3 6 4.5 3 1.5 0 2 4 3 2 1 0 1 6 4.5 3 1.5 0
  • 23. Directions for use: 1. Match the question number to the activity number in the far left column 2. Match response options at the beginning of the answer selected to one of the responses at the top of the columns, record the score 3. Repeat for each of the questions 4. Sum the scores to create the total weighted risk score 5. Record this score in the project review system First Project Review Part 3 – Score (Maturity Level 1)
  • 24. First Project Review Part 4 - Define and Plan DG Procedures Procedure Table 1 Activity None Verbal Written Reviewed Automated Activity 5 Data return & destruction Engage TS, DA and IT to ensure all data retention, return and destruction requirements identified in Activity 1 are fully planned and supported based on contract and policy terms and dates. This includes data classification and retention policy validation with Das, CISO and CPO. 0 Activity 4 Tagging or Metadata creation Engage TS & DA to determine the best approach to maintaining required metadata from Activity 1 with the data (tags) or specify catalog based capture & maintenance in Activity 2 0 Activity 3 Maintain inventory Create a regular update of all data created, acquired to changed by the project using the catalog template from Activity 2 N/A Activity 2 Data catalog requirements Apply the data requirements captured in Activity 1 to define your project data catalog template N/A Activity 1 Analytic requirements Engage TS and DA to provide templates and support for written capture with a standard review process N/A Maturity Level 1: Defined
  • 25. - Based on a project’s answers to the five risk assessment questions, define and assign action items that the project must address moving forward in order to improve their compliance with DG activities and decrease their risk footprint First Project Review Part 5 – Action Items
  • 26. Pre-Second Project Review Objectives: • Part 1: Classify-2 (Maturity Level 2 and 3 Projects) • Determine and designate Maturity Level 2 Projects • Determine and designate Maturity Level 3 Projects • Parts 2, 3, 4, and 5: Assess (Maturity Level 2 and 3 Projects) • Assess the compliance of Level 2 projects with the first 10 key DG Activities • Score Level 2 projects based on their level of compliance • Assess the compliance of Level 3 projects with all 15 key DG Activities • Score Level 3 Projects based on their level of compliance • Define and plan appropriate policies and procedures • Create a Final Project Report
  • 27. Pre-Second Project Review Part 1 - Classify 2 - At this point, Maturity Level 2 and 3 projects must be differentiated and designated appropriately - The following questions should be asked of the project managers about their current project during their pre-second project review to determine the Maturity Level of their project
  • 28. Pre-Second Project Review Part 1 - Classify 2 1. In this project, does your team: (check all that apply) a. Acquire, collect, or produce data b. Adhere to contract and related agreement or license conditions for data c. Analyze and transform (e.g. change or add to) data for the purpose of producing analytic output d. Enforce limited access to data 2. In this project, does your team: (check all that apply) a. Make changes to correct or improve permanent data b. Produce a new data set that will be used by others or published and that persists on its own c. Produce a data set intended for analysis that is delivered to a client for use or publication
  • 29. Pre-Second Project Review Part 1 - Classify 2 To determine the Maturity Level of the project being assessed and finish classifying Maturity Level 2 and 3 projects, follow the directions below: 1. If a project selects any answer to question one and does not select any of the answers to the following question, they are a Maturity level 2 project 2. If a project selects any answer to question 2, they are a Maturity Level 3 Project
  • 30. Pre-Second Project Review Part 2 - Assess - The risk assessment should now be done for both Maturity Level 2 and 3 projects - First, answer the first five questions from part 3 of the first tier interview, then answer the following five questions
  • 31. Pre-Second Project Review Part 2 - Assess (Question 6) 6. Which of the following statements best describes the way you and your project team define, enforce, and monitor limited access to your data? a. Automated: Our team uses an automated system that enforces limited access to our data and generates automatic reports b. Written and Reviewed: Our team documents how it defines, enforces, and monitors limited access to our data, which I then review c. Written: Our team documents how it defines, enforces, and monitors limited access to our data d. Verbal: Our team discusses how it defines, enforces, and monitors limited access to our data e. None: Our team does not have a method for defining, enforcing, and monitoring limited access to our data
  • 32. Pre-Second Project Review Part 2 - Assess (Question 7) 7. Which of the following statements best describes the way you and your project team enforce change control and versioning* for all of your project data and data sets? a. Automated: Our team uses an automated system that enforces change control and versioning for all of our project’s data and data sets b. Written and Reviewed: Our team documents how it enforces change control and versioning for all of our project’s data and data sets, which I then review c. Written: Our team documents how it enforces change control and versioning for all of our project’s data and data sets d. Verbal: Our team discusses how it enforces change control and versioning for all of our project’s data and data sets e. None: Our team does not have a method for enforcing change control and versioning for its data and data sets *Change control and versioning: The creation and management of multiple releases of a data set
  • 33. Pre-Second Project Review Part 2 - Assess (Question 8) 8. Which of the following statements best describes the way you and your project team ensure data destruction, return, or retention execution as required? a. Automated: Our team has an automated system that destroys, returns, or retains data as required b. Written and Reviewed: Our team documents how it ensures data destruction, return, or retention execution as required, which I then review c. Written: Our team documents how it ensures data destruction, return, or retentions execution as required d. Verbal: Our team discusses how it ensures data destruction, return, or retention execution as required e. None: Our team does not have a method for ensuring data destruction, return, or retention execution as required
  • 34. Pre-Second Project Review Part 2 - Assess (Question 9) 9. Which of the following statements best describes the way you and your project team identify and report any data events*? a. Automated: Our team uses an automated system that identifies and reports any data events b. Written and Reviewed: Our team documents how it identifies and reports data events, which I then review c. Written: Our team documents how it identifies and reports data events d. Verbal: Our team discusses how it identifies and reports data events e. None: Our team does not have a method for identifying and reporting data events *Data Events: Events that put data, privacy, or security at risk
  • 35. Pre-Second Project Review Part 2 - Assess (Question 10) 10. Which of the following statements best describes the way you and your project team ensure compliance with data usage agreements, contract terms for data use, and restricted use license terms? a. Automated: Our team uses an automated system that ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms b. Written and Reviewed: Our team documents how it ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms, which I then review c. Written: Our team documents how it ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms d. Verbal: Our team discusses how it ensures compliance with data usage agreements, contract terms for data use, and restricted use license terms e. None: Our team does not have a method for ensuring compliance with data usage agreements, contract terms for data use, and restricted use license terms
  • 36. Pre-Second Project Review Part 2 - Assess - This section of the risk assessment should ONLY be done for Maturity Level 3 projects - Once a Maturity Level 3 project has answered the preceding ten questions, they complete the following four or five
  • 37. Pre-Second Project Review Part 2 - Assess (Question 11) 11. Which of the following statements best describes the way you and your project team evaluate data quality, including adherence to data requirements, and identify necessary corrections or improvements? a. Automated: Our team uses an automated system that evaluates data quality, including adherence to data requirements, and identifies necessary corrections or improvements b. Written and Reviewed: Our team documents how it evaluates data quality, including adherence to data requirements, and how it identifies necessary corrections or improvements, which I then review c. Written: Our team documents how it evaluates data quality, including adherence to data requirements, and how it identifies necessary corrections or improvements d. Verbal: Our team discusses how it evaluates data quality, including adherence to data requirements, and how it identifies necessary corrections or improvements e. None: Our team does not have a method for evaluating data quality, including adherence to data requirements, or identifying necessary corrections or improvements
  • 38. Pre-Second Project Review Part 2 - Assess (Question 12) 12. Which of the following statements best describes the way you and your project team execute corrections & improvements with change history*? a. Automated: Our team uses an automated system that executes corrections and improvements with change history b. Written and Reviewed: Our team documents how it executes corrections and improvements with change history, which I then review c. Written: Our team documents how it executes corrections and improvements with change history d. Verbal: Our team discusses how it executes corrections and improvements with change history e. None: Our team does not have a method for executing corrections and improvements with change history *Change history: Documentation of changes to a product or system that are introduced in a controlled and coordinated manner
  • 39. Pre-Second Project Review Part 2 - Assess (Question 13) 13. Which of the following statements best describes the way you and your project team verify data changes in new versions? a. Automated: Our team uses an automated system that verifies data changes in new versions b. Written and Reviewed: Our team documents how it verifies data changes in new versions, which I then review c. Written: Our team documents how it verifies data changes in new versions d. Verbal: Our team discusses how it verifies data changes in new versions e. None: Our team does not have a method for verifying data changes in new versions
  • 40. Pre-Second Project Review Part 2 - Assess (Question 14) 14. Which of the following statements best describes the way you and your project team promote new versions of data and verify analytic logic? a. Automated: Our team uses an automated system that promotes new versions of data and verifies analytic logic b. Written and Reviewed: Our team documents how it promotes new versions of data and verifies analytic logic, which I then review c. Written: Our team documents how it promotes new versions of data and verifies analytic logic d. Verbal: Our team discusses how it promotes new versions of data and verifies analytic logic e. None: Our team does not have a method for promoting new versions of data and verifying analytic logic *Analytic logic: analysis formulae, rules & logic, coding, scripts and other automation routines
  • 41. Pre-Second Project Review Part 2 – Assess - This section of the risk assessment should ONLY be done for Maturity Level 3 projects where data advisors have determined that the following DG activity is relevant
  • 42. Pre-Second Project Review Part 2 - Assess (Question 15) 15. Which of the following statements best describes the way you and your project team test corrected or improved data with an analytic script or program* to confirm integrity? a. Automated: Our team uses an automated system that tests corrected or improved data with an analytic script or program to confirm integrity b. Written and Reviewed: Our team documents how it tests corrected or improved data with an analytic script or program to confirm integrity, which I then review c. Written: Our team documents how it tests corrected or improved data with an analytic script or program to confirm integrity d. Verbal: Our team discusses how it tests corrected or improved data with an analytic script or program to confirm integrity e. None: Our team does not have a method for testing corrected or improved data with an analytic script or program to confirm integrity *Analytic script or program: analysis formulae, rules & logic, coding, scripts and other automation routines
  • 43. Pre-Second Project Review Part 3 - Score (Maturity Levels 2 and 3) - Maturity Level 2 and 3 projects, who have answered the appropriate number of questions, can be given a risk score at this time - The answers the the appropriate ten to fifteen questions determine the weighted risk score for the project
  • 44. Pre-Second Project Review Part 3 - Score (Maturity Level 2) Maturity Table 2 Activity None Verbal Written Reviewed Automated Maturity Level 2: 10 4 3 2 1 0 Controlled 9 4 3 2 1 0 8 6 4.5 3 1.5 0 7 6 4.5 3 1.5 0 6 6 4.5 3 1.5 0 Maturity Level 1: 5 12 9 6 3 0 Defined 4 8 6 4 2 0 3 12 9 6 3 0 2 8 6 4 2 0 1 12 9 6 3 0
  • 45. Directions for use: 1. Match the question number to the activity number in the far left column 2. Match response options at the beginning of the answer selected to one of the responses at the top of the columns, record the score 3. Repeat for each of the questions 4. Sum the scores to create the total weighted risk score 5. Record this score in the project review system Pre-Second Project Review Part 3 - Score (Maturity Level 2)
  • 46. Pre-Second Project Review Part 3 - Score (Maturity Level 3) Maturity Table 3 Activity None Verbal Written Reviewed Automated Maturity Level 3: 15 4 3 2 1 0 Improved 14 4 3 2 1 0 13 4 3 2 1 0 12 4 3 2 1 0 11 4 3 2 1 0 Maturity Level 2: 10 8 6 4 2 0 Controlled 9 8 6 4 2 0 8 12 9 6 3 0 7 12 9 6 3 0 6 12 9 6 3 0 Maturity Level 1: 5 18 13.5 9 4.5 0 Defined 4 12 9 6 3 0 3 18 13.5 9 4.5 0 2 12 9 6 3 0 1 18 13.5 9 4.5 0
  • 47. Directions for use: 1. Match the question number to the activity number in the far left column 2. Match response options at the beginning of the answer selected to one of the responses at the top of the columns, record the score 3. Repeat for each of the questions 4. Sum the scores to create the total weighted risk score 5. Record this score in the project review system Pre-Second Project Review Part 3 - Score (Maturity Level 3)
  • 48. Procedure Table 2 (Activities 6-10) Pre-Second Project Review Part 4 - Define and Plan DG Procedures Activity None Verbal Written Reviewed Automated Maturity Level 2: Activity 10 Data agreement compliance Engage DA to help monitor compliance including required reports from Activities 8,9, & 10 N/A Controlled Activity 9 Periodic Updates Engage DA to assist with periodic update requirements N/A Activity 8 Data Deletion Engage DA to identify verification reports required from IT as part of project data destruction and retention requirements N/A Activity 7 Change Control Engage DA to assist with change control requirements, settings and alerts, then engage TS to apply with IT N/A Activity 6 Access Control Engage with DA, TS and IT to obtain access control rights by person and recieve ongoing access audit trail reports N/A
  • 49. Procedure Table 2 (Activities 11- 15) Pre-Second Project Review Part 4 - Define and Plan DG Procedures Activity None Verbal Written Reviewed Automated Maturity Level 3: Activity 15 Verify data & analytic integrity Engage DA and TS as needed to support data corrections and verification process N/A Improved Activity 14 Data & Analytic production control Engage DA and TS as needed to control promotion of new versions of analytic scripts and data sets to shared use and publication (production) N/A Activity 13 Verify data corrections Engage DA and TS as needed to support data corrections and verification process N/A Activity 12 Data correction & improvement Engage DA and TS as needed to support data corrections and verification process N/A Activity 11 Data Requirements Adherence Engage DA to help monitor requirements satisfaction from Activities 1 and 13 N/A
  • 50. Objectives • Part 1: Review (Level 1 projects) • Review progress in fulfilling action items • Re-answer risk assessment questions • Evaluate progress in decreasing risk footprint • Determine action items going forward • Part 1: Review (Level 2 and 3 projects) • Determine action items going forward Second Project Review
  • 51. - Based on the action items determined in Part 5 of the first project review, determine which have and which have not been fulfilled - Have each project manager, on their own before the second project review, re- answer the five questions they previously answered during Part 2 of the first project review and determine a new risk score - Determine where each project has improved, regressed, or plateaued across each of the five DG activities - Determine which action items should be renewed and what new action items should be addressed moving forward Second Project Review Part 1 – Review (Maturity Level 1)
  • 52. - Based on a project’s answers to the appropriate risk assessment questions, define and assign action items that the project must address moving forward in order to improve their compliance with DG activities and decrease their risk footprint Second Project Review Part 1 – Review (Maturity Levels 2 and 3)
  • 53. Objectives: Part 1: Review (All projects) • Review progress in fulfilling action items • Re-answer risk assessment questions • Evaluate progress in decreasing risk footprint • Determine action items going forward Third to nth Project Review
  • 54. - Based on the action items determined in previous project reviews, determine which have and which have not been fulfilled - Have each project manager, on their own before the third and following project reviews, re-answer questions they previously answered during the first project review or pre-second project review and determine a new risk score - Determine where each project has improved, regressed, or plateaued across each of the appropriate DG activities - Determine which action items should be renewed and what new action items should be addressed moving forward Third to nth Project Review Part 1 - Review

Editor's Notes

  1. Get language from Sandy about the second classify option for review only
  2. Q1: If a project selects any answer to this questions and does not select any of the answers to the following question, they are a Maturity level 2 project Q2: If a project selects any answer to this question, they are a Maturity Level 3 Project