Вы находитесь на странице: 1из 8

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals

Common Way

Risk Management Plan

Private Placement Content Management System

Kathy Cibotti 9/15/2009

Risk Management Plan SAMPLE

1 of 8

9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals

Common Way

Version History
Date 9/15/2009 9/15/2009 Version 1.0 1.1 Author Kathy Cibotti Kathy Cibotti Change & Section Draft Changes from Jordan Harris to refine process flows and roles/responsibilities.

Risk Management Plan SAMPLE

2 of 8

9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals

Common Way

Table of Contents
1 2 3 3.1 3.2 3.3 3.4 3.5 4 5 5.1 Risk Management Process ............................................................................................................... 5 Risk Management Roles & Responsibilities ................................................................................... 5 Risk Assessment ................................................................................................................................ 6 Risk Categorization.............................................................................................................................6 Probability Rating ...............................................................................................................................6 Impact Rating......................................................................................................................................7 Priority Score & Priority Rating .........................................................................................................7 Risk Management Tools .....................................................................................................................8 Risk Monitoring and Control .......................................................................................................... 8 Appendix ............................................................................................................................................ 8 Attachments ........................................................................................................................................8

Risk Management Plan SAMPLE

3 of 8

9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals

Common Way

Guidelines:
The purpose of the Risk Management Process is to provide a structured method to help: identify, analyze, plan, monitor, control and communicate risks that threaten the success of a project. This process is comprised of two required templates the: Risk Management Plan and Risk Register. Depending upon the project needs, the project manager has the option of using these standard templates or customizing the plan and register to suit the specific needs of the project. The Risk Management Plan describes the risk management and control: workflows, assessment processes, supplementary tools, roles and responsibilities. The Project Manager completes the Risk Management Plan during the planning stage of the project and reviews the plan with the entire team to secure buy-in. The Risk Register is also created during the planning stage and updated through standard risk management processes throughout the life of the project. Review of risks, their impacts and status should be built into regular team work sessions or supplementary risk management sessions depending upon the nature of the project. All sections must be completed for all projects, regardless of level. The intricacies of the plan are contingent upon the complexity level of the project.

Document Filling Instructions:


Fill the information in the Text boxes. Do not leave any section blank. The cells in the table may be filled in by clicking in the corresponding row/column and typing. To add additional rows to the table, TAB after placing the cursor in the last row and last column. [Text enclosed in quotes and displayed in red such as "Tab to add rows" should be deleted before saving the document.] When inserting an image, such as a workflow or chart: 1) only insert the image in the appropriate text box, 2) save the image as a Word document; and, 3) insert the image as a file. [To insert an image as a file: 1) from the menu bar, select Insert, 2) select File, 3) select the Word file document; and, 4) click Insert.] After finishing the document, please re-generate the complete Table of Contents to reflect the correct page numbering. (Select the Table of contents; right-click; select update fields and select update page numbers only command).

Risk Management Plan SAMPLE

4 of 8

9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals

Common Way

1 Risk Management Process


Insert high level workflow or textual description of the risk: identification, analysis, monitoring, and mitigation/elimination process that will be followed.

Risks can be identified by any member of the project team. They can be sent via email or raised during a team meeting. The project manager is responsible for logging the risks and assigning a team member to analyze. Risk owners and team members can recommend that a risk be closed; but the Steering Committee must authorize the closure of high and medium level risks.

2 Risk Management Roles & Responsibilities


Insert a table of responsibilities or amend the process flow in #2 above to identify key risk management participants and their roles (see sample for example formats).
Risk Management Plan SAMPLE 5 of 8 9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan


Roles Team members Project Manager Responsibilities Raise risks. Ensure the PM is informed of the risks.

Common Values - Common Goals

Common Way

Logs risks. Assigns an analyst to assess impact, probability and develop an action plan. Maintains the risk log including detailed status information from each review session in the register. Conducts regular risk review sessions with steering committee and project team to review risks. Follows-through with risk owners independently of team meetings. Escalates high impact risks to senior management for awareness and assistance.

Steering Committee

Address high impact risks that the PM and team cannot manager on their own. Must be aware of significant project risks and costs associated with the risks. Authorize the closure of high/medium level risks.

Risk Owner

Regularly update team on status; action plans and state of risk.

3 Risk Assessment
3.1 Risk Categorization
List and describe the categories of potential risks. This structured taxonomy will be used to help identify project risks. These can be identified by asking what could go wrong?

1. Technology new application of Microsoft Office SharePoint Services (MOSS) integrated with Documentum 2. Business Process Changes Enhancing workflows, training staff, implementing new workflows 3. Resource Constraints Market changes have shifted focus of resources; may have to compensate with consultants that could impact the budget

3.2 Probability Rating


The following probability ratings have been integrated into the Risk Register. Use these default ratings or refine as desired by the project. If the probability ratings are modified, update the Risk Plan and Risk Register Risk to reflect the changes.

Risk Management Plan SAMPLE

6 of 8

9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan


Probability Score Low Medium High 10 20 30

Common Values - Common Goals

Common Way

Description Unlikely to occur (e.g. less than a 25% chance of occurring during the course of the project). Likely to occur (e.g. > 25% and < 75% chance of occurring during the course of the project). Highly likely to occur (e.g. >75% and < 100% chance of occurring during the course of the project).

3.3 Impact Rating


The following impact ratings have been integrated into the Risk Register. Use these default ratings or refine as desired by the project. If the impact ratings are modified, update the Risk Plan and Risk Register to reflect the changes.

Impact Low Medium High

Score 10 20 30

Description Minor impact on the project (e.g. no impact to any milestone or deliverable dates)

Measurable impact on a specific milestone or deliverable and/or budget impact Significant impact on key milestones, deliverables, and/or budget

3.4 Priority Score & Priority Rating


The following Priority Score and Priority Ratings are automatically calculated in the Risk Register based upon Probability Rating and Impact Ratings selected. Use the default Priority Scores and Priority Ratings or refine as desired by the project. If the Priority Score or Priority Rating are modified, reflect changes in the Risk Plan and Risk Register.

Probability Rating Low Low Low Medium Medium Medium High High High

Impact Rating Low Medium High Low Medium High Low Medium High

Priority Score 10 15 20 15 20 25 20 25 30

Priority Rating
Low Medium High Medium Medium High High High High

Risk Management Plan SAMPLE

7 of 8

9/23/2009

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals

Common Way

3.5 Risk Management Tools


Identify other risk analysis tools that will be used, beyond or instead, of CommonWay standard templates and guidelines.

Only standard templates will be used.

4 Risk Monitoring and Control


Specify the approach and frequency for tracking, analyzing, escalating, reporting, monitoring and resolving project risks from inception to closing. This should include the establishment of any risk review committees. The monitoring and control processes are tightly coupled with Risk Register.

The Risk Register will be updated, at minimum, weekly and will be used to guide all risk review sessions. Risk monitoring and reporting will involve the following: 1. High and medium level risks will be monitored weekly during regular team meetings. This is an opportunity for team members to provide updates and to ensure that they understand project risks. 2. All risks will be monitored on an ad-hoc basis between the Project Manager and the Risk Owner. Risk owners are expected to give regular updates to risk as follows: weekly if the risk is high; monthly if the risk is medium or low. 3. High and Medium level risks will be reviewed monthly with the Steering committee. The Steering Committee must also authorize the closure of high and medium risks.

5 Appendix
5.1 Attachments
Document/System Name None Location/Link

Risk Management Plan SAMPLE

8 of 8

9/23/2009