Risk Management Plan SAMPLE

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan
Common Values - Common Goals
Common Way
Risk Management Plan
Private Placement Content Management System
Kathy Cibotti 9/15/2009
Risk Management Plan SAMPLE
1 of 8
9/23/2009
Common Way
Version History
Date 9/15/2009 9/15/2009 Version 1.0 1.1 Author Kathy Cibotti Kathy Cibotti Change & Section Draft Changes from Jordan Harris to refine process flows and roles/responsibilities.
2 of 8
9/23/2009
Common Way
Table of Contents
1 2 3 3.1 3.2 3.3 3.4 3.5 4 5 5.1 Risk Management Process ............................................................................................................... 5 Risk Management Roles & Responsibilities ................................................................................... 5 Risk Assessment ................................................................................................................................ 6 Risk Categorization.............................................................................................................................6 Probability Rating ...............................................................................................................................6 Impact Rating......................................................................................................................................7 Priority Score & Priority Rating .........................................................................................................7 Risk Management Tools .....................................................................................................................8 Risk Monitoring and Control .......................................................................................................... 8 Appendix ............................................................................................................................................ 8 Attachments ........................................................................................................................................8
3 of 8
9/23/2009
Common Way
Guidelines:
The purpose of the Risk Management Process is to provide a structured method to help: identify, analyze, plan, monitor, control and communicate risks that threaten the success of a project. This process is comprised of two required templates the: Risk Management Plan and Risk Register. Depending upon the project needs, the project manager has the option of using these standard templates or customizing the plan and register to suit the specific needs of the project. The Risk Management Plan describes the risk management and control: workflows, assessment processes, supplementary tools, roles and responsibilities. The Project Manager completes the Risk Management Plan during the planning stage of the project and reviews the plan with the entire team to secure buy-in. The Risk Register is also created during the planning stage and updated through standard risk management processes throughout the life of the project. Review of risks, their impacts and status should be built into regular team work sessions or supplementary risk management sessions depending upon the nature of the project. All sections must be completed for all projects, regardless of level. The intricacies of the plan are contingent upon the complexity level of the project.
Document Filling Instructions:

Fill the information in the Text boxes. Do not leave any section blank. The cells in the table may be filled in by clicking in the corresponding row/column and typing. To add additional rows to the table, TAB after placing the cursor in the last row and last column. [Text enclosed in quotes and displayed in red such as "Tab to add rows" should be deleted before saving the document.] When inserting an image, such as a workflow or chart: 1) only insert the image in the appropriate text box, 2) save the image as a Word document; and, 3) insert the image as a file. [To insert an image as a file: 1) from the menu bar, select Insert, 2) select File, 3) select the Word file document; and, 4) click Insert.] After finishing the document, please re-generate the complete Table of Contents to reflect the correct page numbering. (Select the Table of contents; right-click; select update fields and select update page numbers only command).
4 of 8
9/23/2009
Common Way
1 Risk Management Process

Insert high level workflow or textual description of the risk: identification, analysis, monitoring, and mitigation/elimination process that will be followed.
Risks can be identified by any member of the project team. They can be sent via email or raised during a team meeting. The project manager is responsible for logging the risks and assigning a team member to analyze. Risk owners and team members can recommend that a risk be closed; but the Steering Committee must authorize the closure of high and medium level risks.
2 Risk Management Roles & Responsibilities

Insert a table of responsibilities or amend the process flow in #2 above to identify key risk management participants and their roles (see sample for example formats).
Risk Management Plan SAMPLE 5 of 8 9/23/2009

Roles Team members Project Manager Responsibilities Raise risks. Ensure the PM is informed of the risks.
Common Way
Logs risks. Assigns an analyst to assess impact, probability and develop an action plan. Maintains the risk log including detailed status information from each review session in the register. Conducts regular risk review sessions with steering committee and project team to review risks. Follows-through with risk owners independently of team meetings. Escalates high impact risks to senior management for awareness and assistance.
Steering Committee
Address high impact risks that the PM and team cannot manager on their own. Must be aware of significant project risks and costs associated with the risks. Authorize the closure of high/medium level risks.
Risk Owner
Regularly update team on status; action plans and state of risk.
3 Risk Assessment
3.1 Risk Categorization
List and describe the categories of potential risks. This structured taxonomy will be used to help identify project risks. These can be identified by asking what could go wrong?
1. Technology new application of Microsoft Office SharePoint Services (MOSS) integrated with Documentum 2. Business Process Changes Enhancing workflows, training staff, implementing new workflows 3. Resource Constraints Market changes have shifted focus of resources; may have to compensate with consultants that could impact the budget
3.2 Probability Rating

The following probability ratings have been integrated into the Risk Register. Use these default ratings or refine as desired by the project. If the probability ratings are modified, update the Risk Plan and Risk Register Risk to reflect the changes.
6 of 8
9/23/2009

Probability Score Low Medium High 10 20 30
Common Way
Description Unlikely to occur (e.g. less than a 25% chance of occurring during the course of the project). Likely to occur (e.g. > 25% and < 75% chance of occurring during the course of the project). Highly likely to occur (e.g. >75% and < 100% chance of occurring during the course of the project).
3.3 Impact Rating

The following impact ratings have been integrated into the Risk Register. Use these default ratings or refine as desired by the project. If the impact ratings are modified, update the Risk Plan and Risk Register to reflect the changes.
Impact Low Medium High
Score 10 20 30
Description Minor impact on the project (e.g. no impact to any milestone or deliverable dates)
Measurable impact on a specific milestone or deliverable and/or budget impact Significant impact on key milestones, deliverables, and/or budget
3.4 Priority Score & Priority Rating

The following Priority Score and Priority Ratings are automatically calculated in the Risk Register based upon Probability Rating and Impact Ratings selected. Use the default Priority Scores and Priority Ratings or refine as desired by the project. If the Priority Score or Priority Rating are modified, reflect changes in the Risk Plan and Risk Register.
Probability Rating Low Low Low Medium Medium Medium High High High
Impact Rating Low Medium High Low Medium High Low Medium High
Priority Score 10 15 20 15 20 25 20 25 30
Priority Rating
Low Medium High Medium Medium High High High High
7 of 8
9/23/2009
Common Way
3.5 Risk Management Tools

Identify other risk analysis tools that will be used, beyond or instead, of CommonWay standard templates and guidelines.
Only standard templates will be used.
4 Risk Monitoring and Control

Specify the approach and frequency for tracking, analyzing, escalating, reporting, monitoring and resolving project risks from inception to closing. This should include the establishment of any risk review committees. The monitoring and control processes are tightly coupled with Risk Register.
The Risk Register will be updated, at minimum, weekly and will be used to guide all risk review sessions. Risk monitoring and reporting will involve the following: 1. High and medium level risks will be monitored weekly during regular team meetings. This is an opportunity for team members to provide updates and to ensure that they understand project risks. 2. All risks will be monitored on an ad-hoc basis between the Project Manager and the Risk Owner. Risk owners are expected to give regular updates to risk as follows: weekly if the risk is high; monthly if the risk is medium or low. 3. High and Medium level risks will be reviewed monthly with the Steering committee. The Steering Committee must also authorize the closure of high and medium risks.
5 Appendix
5.1 Attachments
Document/System Name None Location/Link
8 of 8
9/23/2009

Risk Management Plan SAMPLE

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management Plan SAMPLE

Uploaded by

Copyright:

Available Formats

Commonwealth of Massachusetts Information Technology Division CW Risk Management Plan

Common Values - Common Goals