Controlled copy

<Customer Name>
<Project Name>

Risk Management Plan - TESTING

<Version No.>

Prepared By Reviewed By Approved By

Name
Role
Signature
Date

Project ID:<Project ID.> <SCI.ID.> / Ver: <Ver No.>

Release ID: QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected

Page 1 of 15
How to use the Risk Assessment Sheet?
This Risk assessment sheet is divided into 5 sections.
(a) Client Engagements
(b) Program & Project management.
(c) Quality & Process
(d) Technology & Architecture
(e) Project Specific Risks
Each section contains a series of multiple choice questions based on risk sources.
Based on the choice you select for each of these questions, the risk probability is assessed and displayed in the
"Risk probability" cell. Risk impact needs to be given (between 0 to 1) in the next cell. Any additional risks
(maximum 25) can be added under "Project specific risk" section, but, for which the risk probability and impact
have to be entered.

This Risk assessment sheet gives the Risk Exposure Values for each Risk source based on the response for the
Risk questionnaire and the degree of Risk impact given in the worksheet. The risk exposure value can be used for
Developing the Risk response Plan.

When to use the Risk Assessment sheet in the Project?

It needs to be created when the project is started.
It needs to be revisited during project status review or atleast when each of the planned phases is complete.
This will help keep track of the changing risk perception in the project.

What is Risk Response Plan ?

Risk response plan need to be developed for the risk sources given based the Risk scores (as displayed in the
Risk assessment report) for the known Risk sources and any other Risk item/source that you have identified for
the project/program. Both Mitigation Plan and Contingency Plan are mandatory for High Severity risks; Atleast one
of Mitigation Plan and Contingency Plan is mandatory for Medium severity risks; Both Mitigation Plan and
Contingency Plan are optional for Low severity risks. This sheet can also be used for tracking your risks (&
mitigation activities). Pls add more rows as required.

How to use "Risk Management Menu" in Risk Response Plan?

Risk Response plan menu offers three choices
(a) Refresh Response Plan - Execution of this menu option, ensure the Risk Response plan sheet to be revised
with severity data and ordering based on the Risk exposure value in assessment sheet.
(b) Populate Risk in Cost Benefit Analysis Sheet - Execution of this menu option ensures the population of
Risk C-B Analysis sheet with risks that have a cost impact. Mitigation Plan, Owner and Severity are copied for the
risk from the Response plan.
(c) Baseline Risk Measure for Tracking - Execution of this menu option ensures baselining of Risk exposure
value which is used for tracking the risk exposure value trend.

When to do Cost befit analysis for Risks?

Risk Cost benefit analysis to be performed for the risk, which involves Procurement of hardware/software/any
other infrastructure/other services to be acquired like training that have been identified for the project/program.
This menu option "Populate Risk in cost benefit analysis sheet" helps to port these risks which have cost impact
to "Risk C-B Analysis" sheet.

What is Risk Tracking Sheet?

Risk Tracking worksheet provides facilities to baseline the Risk exposure value, whenever the characterization of
risks are changed. This baseline value is used in the Risk chart sheet to view the trend.

How to track the Risks, using Risk Tracking Sheet?

(a) When you click on "Baseline" Risk Measure get Populated as on that date.
(b) Risk Measures are getting populated based on the selections in Risk Assessment Sheet
(c) Baseline date can be changed, however it is not recommended.
(d) it is recommended to Baseline, whenever you change the selections in Risk assessment sheet, so that you
can view the change in trends.

Page 2 of 15
 QTDM-TESTRSK - Risk Assessment <Project Name/ Program Name>
Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy
Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver
No.>
Last updated by <name > on <date>

Project: <<Name>> Risk Assessment Date: <<Date>>

Client Engagement

Risk Risk Impact (value between 0 Risk Exposure

# Question Response Probability to 1) value

1 Are the business objectives well defined and related to the scope of work? No 1 0.5 0.50

2 Is the scope of work managed formally (documentation, sign-off etc)? No 1 0.5 0.50

3 Is the project scope well defined (Both in scope and out of scope)? No 1 0.5 0.50

4 Is the customer experienced in the offsourcing Testing work? No 1 0.5 0.50

5 Is the System to be Tested extremely complex? Yes 1 0.5 0.50

6 Is the client environment conducive / congenial? Entire environment is hostile 1 0.5 0.50

7 Is the business impact of the application clearly stated / documented? No 1 0.5 0.50

8 Are the stakeholders / point of contact of customers for applications clearly identified? No 1 0.5 0.50

Project & Program Management

Risk Risk Impact (value between 0 Risk Exposure
Question Response Probability to 1) value

1 Has a good Knowledge Management System been proposed (or in place)? No 1 0.5 0.50

2 Specify the size of the Project Team > 40 1 0.5 0.50

3 Is there a dependency for project execution on other vendors? Yes (For almost all aspects) 0.8 0.5 0.40

4 How strong is the skill matrix (demand vs supply)? Weak matrix 1 0.5 0.50

5 Is the schedule / cost / SLA very aggressive for the project? Extremely aggressive 1 0.5 0.50

6 Will there be a substantial change in Business process / policies? Many 1 0.5 0.50

7 Is the Acceptance criteria clearly documented? No 1 0.5 0.50

8 Will the resource movement during execution affect the SLAs? Yes 1 0.5 0.50

Quality & Process

Risk Risk Impact (value between 0 Risk Exposure
Question Response Probability to 1) value

1 Rate the team's experience in terms of familiarity of process / technology / domain New to all 1 0.5 0.50

2 Are the standards(Client / Technology / CTS) that need to be followed defined explicitly? No 1 0.5 0.50

3 Is the Deliverable clearly defined and documented? No 1 0.5 0.50

Technology & Architecture

Page 3 of 15
 Risk Risk Impact (value between 0 Risk Exposure
Question Response Probability to 1) value

1 Is the Technology / Architecture of the System to be tested extremely complex? New to Cognizant & Complex 1 0.5 0.50

2 Are the Test data requirements complex? Need to be prepared by us and approved
1 by client 0.5 0.50

3 Are the non-functional requirements to be tested complex? New to Cognizant & Complex 1 0.5 0.50

4 Rate the complexity of System Interfaces ( in terms of number and complexity) Many & Complex 1 0.5 0.50

5 Is the System being tested, will be implemented in multiple locations? Exactly one 0 0.5 0.00

6 Is performance part of non-functional requirements? If yes, are the environment in which to be tested
Yes,
quantified
Not defined
and defined?
/ quantified
(including system
1 load factor) 0.5 0.50

7 Is the system to be tested built on … Proprietary Technology but NO documentation

1 available 0.5 0.50

Project Specific Risk

Risk
probability
(value
between 0 to Risk Impact (value between 0 Risk Exposure
# Risk Perceived Risk Classification 1) to 1) value

1 Others 1.00 0.50 0.50

2 Others 1.00 0.50 0.50

3 Others 1.00 0.50 0.50

4 Others 1.00 0.50 0.50

5 Others 1.00 0.50 0.50

6 Others 1.00 0.50 0.50

7 Others 1.00 0.50 0.50

8 Others 1.00 0.50 0.50

9 Others 1.00 0.50 0.50

10 Others 1.00 0.50 0.50

11 Others 1.00 0.50 0.50

12 Others 1.00 0.50 0.50

13 Others 1.00 0.50 0.50

14 Others 1.00 0.50 0.50

15 Others 1.00 0.50 0.50

16 Others 1.00 0.50 0.50

17 Others 1.00 0.50 0.50

18 Others 1.00 0.50 0.50

19 Others 1.00 0.50 0.50

20 Others 1.00 0.50 0.50

Page 4 of 15
21 Others 1.00 0.50 0.50

22 Others 1.00 0.50 0.50

23 Others 1.00 0.50 0.50

24 Others 1.00 0.50 0.50

25 Others 1.00 0.50 0.50

Analysis of calculated % Risk:

Low Risk (0-0.3) 0.3
Medium Risk(>0.3 and <=0.7) 0.7
High Risk( >0.7) > 0.7

Page 5 of 15
 QTDM-TESTRSK - Risk Response Plan <Project Name/ Program Name>
Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy
Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.>

Last updated by <name > on <date>

Risk Management Menu Refresh Response PlanGO Help

Mitigation Plan Contingency Plan Risk Follow-up

Severity Date on
Cost impact in
(High, which
Risk Classification Risk Source Risk Owner Mitigating the Planned Actual Actual
Medium, Planned closure Actual next Follow-up
Risk (Yes/No) Action item Action item closure closure Follow-up
Low) date closure date follow-up details
date date Date
is
required
Client Engagement Poorly defined Business Objectives Medium
Client Engagement Insufficient details about the contract Medium
Client Engagement Creeping User Requirements Medium
Client Engagement Insufficient operational experience for the customer Medium
Client Engagement Complexity of Application / System Medium
Client Engagement Non conducive client environment Medium
Client Engagement Lack of knowledge of critical-to-business factors Medium
Client Engagement Lack of Application ownership by client personnel Medium
Project & Program ManagementInsufficient Knowledge management Medium
Project & Program ManagementDifficulty in status tracking and co-ordination Medium
Project & Program ManagementUnrealistic SLAs Medium
Project & Program ManagementWeak skill matrix Medium
Project & Program ManagementAggressive Schedules / Cost / SLAs Medium
Project & Program ManagementVolatile client business processes Medium
Project & Program ManagementAcceptance crideria not clear Medium
Project & Program ManagementDependency on Resources Medium
Quality & Process Insufficient Process / Technology / Domain knowledge Medium
Quality & Process Lack of communication Medium
Quality & Process Lack of communication with client Medium
Technology & Architecture Complex technology/architecture Medium
Technology & Architecture Complex System Interfaces Medium
Technology & Architecture Performance as a critical-to-quality factor Medium
Technology & Architecture Complex Data requirements Medium
Technology & Architecture Complex Non-functional requirements (NFR) Medium
Technology & Architecture Technical Skill level of proprietary system Medium
Technology & ArchitectureEnvironment dependency between LocationsLow

Risk Severity Distribution

Low 3.85%
High 0.00%

Medium 96.15%

Page 6 of 15
 QTDM-TESTRSK - Risk Response Plan <Project Name/ Program Name>
Form NO:QTDM-QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy
Project ID:<Project Id.> <SCI.ID.>

Last updated by <name > on <date>

Using the Risk Cost benefit Analysis Sheet

Risk Cost benefit analysis Sheet need to be developed for the risk sources that you have identified for the project/progra involves Procureme
infrastructure/other services to be acquired like training.This sheet helps the PM do a Cost Benefit analysis on the Mitigation cost and the Ris
the projects needs .Pls add more rows / columns as required.

Mitigation
Severity (High,
Risk Source Risk Owner Mitigation Plan Cost
Medium, Low)
(<UOM>)

Page 7 of 15
ame/ Program Name>
ed Controlled Copy
<SCI.ID.> / Ver: <Ver No.>

project/progra involves Procurement of hardware/software/any other

s on the Mitigation cost and the Risk Cost. This sheet can also be tailored as per

Risk Cost
Cost Benefit Analysis Decision
(<UOM>)

Page 8 of 15
 QTDM-TESTRSK - Assessment Report <Project Name/ Program Name>
Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy
Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.>
Last updated by <name > on <date>

Using the Risk Tracking Sheet:

This Risk Tracking worksheet provides facilities to baseline the Risk exposure value, whenever the characterisation of
risks are changed. This baseline value is used in the Risk chart sheet to view the trend. Baseline
Click "Baseline" to Baseline Risk Exposure value
Use the filter option to select the risks for which you would like to see the trend over the life time of the project

Risk Classification Source of risk Select 9/17 10/2 10/17 11/1 11/16

Page 9 of 15
Page 10 of 15
12/1 12/16 12/31 1/15 1/30 2/14 3/1 3/16

Page 11 of 15
Page 12 of 15
 Risk Exposure Value
1.000
0.950
0.900
0.850
0.800
0.750
0.700
0.650
0.600
0.550
0.500
0.450
0.400
0.350
0.300
0.250
0.200
0.150
0.100
0.050
0.000
9/17 10/2 10/17 11/1 11/16 12/1 12/16 12/31 1/15 1/30 2/14 3/1 3/16

Row 8 Row 9 Row 10 Row 11 Row 12 Row 13 Row 14 Row 15 Row 16 Row 17 Row 18
Row 19 Row 20 Row 21 Row 22 Row 23 Row 24 Row 25 Row 26 Row 27 Row 28 Row 29
Row 30 Row 31 Row 32 Row 33

Page 13 of 15
3/1 3/16

Row 18
Row 29

Page 14 of 15
Change Log
Please note that this table needs to be maintained even if a Configuration Management tool is used.

Version Number Changes made

V1.0 <First version>
V1.1 <If the change details are not explicitly documented in the table below, reference should be
provided here>
Page no Changed by Effective date Changes effected

V1.2 <If the change details are not explicitly documented in the table below, reference should be
provided here>
Page no Changed by Effective date Changes effected

Page 15 of 15