Professional Documents
Culture Documents
Common Way
1 of 8
9/23/2009
Common Way
Version History
Date 9/15/2009 9/15/2009 Version 1.0 1.1 Author Kathy Cibotti Kathy Cibotti Change & Section Draft Changes from Jordan Harris to refine process flows and roles/responsibilities.
2 of 8
9/23/2009
Common Way
Table of Contents
1 2 3 3.1 3.2 3.3 3.4 3.5 4 5 5.1 Risk Management Process ............................................................................................................... 5 Risk Management Roles & Responsibilities ................................................................................... 5 Risk Assessment ................................................................................................................................ 6 Risk Categorization.............................................................................................................................6 Probability Rating ...............................................................................................................................6 Impact Rating......................................................................................................................................7 Priority Score & Priority Rating .........................................................................................................7 Risk Management Tools .....................................................................................................................8 Risk Monitoring and Control .......................................................................................................... 8 Appendix ............................................................................................................................................ 8 Attachments ........................................................................................................................................8
3 of 8
9/23/2009
Common Way
Guidelines:
The purpose of the Risk Management Process is to provide a structured method to help: identify, analyze, plan, monitor, control and communicate risks that threaten the success of a project. This process is comprised of two required templates the: Risk Management Plan and Risk Register. Depending upon the project needs, the project manager has the option of using these standard templates or customizing the plan and register to suit the specific needs of the project. The Risk Management Plan describes the risk management and control: workflows, assessment processes, supplementary tools, roles and responsibilities. The Project Manager completes the Risk Management Plan during the planning stage of the project and reviews the plan with the entire team to secure buy-in. The Risk Register is also created during the planning stage and updated through standard risk management processes throughout the life of the project. Review of risks, their impacts and status should be built into regular team work sessions or supplementary risk management sessions depending upon the nature of the project. All sections must be completed for all projects, regardless of level. The intricacies of the plan are contingent upon the complexity level of the project.
4 of 8
9/23/2009
Common Way
Risks can be identified by any member of the project team. They can be sent via email or raised during a team meeting. The project manager is responsible for logging the risks and assigning a team member to analyze. Risk owners and team members can recommend that a risk be closed; but the Steering Committee must authorize the closure of high and medium level risks.
Common Way
Logs risks. Assigns an analyst to assess impact, probability and develop an action plan. Maintains the risk log including detailed status information from each review session in the register. Conducts regular risk review sessions with steering committee and project team to review risks. Follows-through with risk owners independently of team meetings. Escalates high impact risks to senior management for awareness and assistance.
Steering Committee
Address high impact risks that the PM and team cannot manager on their own. Must be aware of significant project risks and costs associated with the risks. Authorize the closure of high/medium level risks.
Risk Owner
3 Risk Assessment
3.1 Risk Categorization
List and describe the categories of potential risks. This structured taxonomy will be used to help identify project risks. These can be identified by asking what could go wrong?
1. Technology new application of Microsoft Office SharePoint Services (MOSS) integrated with Documentum 2. Business Process Changes Enhancing workflows, training staff, implementing new workflows 3. Resource Constraints Market changes have shifted focus of resources; may have to compensate with consultants that could impact the budget
6 of 8
9/23/2009
Common Way
Description Unlikely to occur (e.g. less than a 25% chance of occurring during the course of the project). Likely to occur (e.g. > 25% and < 75% chance of occurring during the course of the project). Highly likely to occur (e.g. >75% and < 100% chance of occurring during the course of the project).
Score 10 20 30
Description Minor impact on the project (e.g. no impact to any milestone or deliverable dates)
Measurable impact on a specific milestone or deliverable and/or budget impact Significant impact on key milestones, deliverables, and/or budget
Probability Rating Low Low Low Medium Medium Medium High High High
Impact Rating Low Medium High Low Medium High Low Medium High
Priority Score 10 15 20 15 20 25 20 25 30
Priority Rating
Low Medium High Medium Medium High High High High
7 of 8
9/23/2009
Common Way
The Risk Register will be updated, at minimum, weekly and will be used to guide all risk review sessions. Risk monitoring and reporting will involve the following: 1. High and medium level risks will be monitored weekly during regular team meetings. This is an opportunity for team members to provide updates and to ensure that they understand project risks. 2. All risks will be monitored on an ad-hoc basis between the Project Manager and the Risk Owner. Risk owners are expected to give regular updates to risk as follows: weekly if the risk is high; monthly if the risk is medium or low. 3. High and Medium level risks will be reviewed monthly with the Steering committee. The Steering Committee must also authorize the closure of high and medium risks.
5 Appendix
5.1 Attachments
Document/System Name None Location/Link
8 of 8
9/23/2009