Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
ICT Standards and Guidelines Segment 206 Risk Management Planning Template (Version 1.0) Prepared by Document Information Document Name: Configuration Management Project – Main Document Segment: 207 Author: Akram Najjar Status: Under final revision Revision History Author Description of change Date Version Akram Najjar Restructured/Renumbered 2 April 2003 1.0 Risk Management Plan for <ProjectName> or <OperationName> Prepared by <AuthorName> <Date> Version <Version> Document Information Project / Department Name: <ProjectName> or <OperationName> Document file name: Author Name <AuthorName> Version number: <Version> Issued by: Issue Date: Status: Document Approvals Name Signature Revision History Date Author Description of change Date Table of Contents 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0 Purpose of the Plan .................................................................................. 1 Scope of Risk Management....................................................................... 1 The Risk Officer ........................................................................................ 1 Risk Identification Group ......................................................................... 1 Risk Analysis Parameters ......................................................................... 1 The Expected Documentation ................................................................... 3 6.1 Risk Events List................................................................................. 3 6.2 Risk Forms ....................................................................................... 3 6.3 Risk Data Database ........................................................................... 3 6.4 The Top Ten Risk List ......................................................................... 3 6.5 Retired Risks .................................................................................... 3 6.6 Lessons Learned ............................................................................... 3 Activities .................................................................................................. 4 7.1 Process 2: Risk Identification .............................................................. 4 7.2 Processes 3: Risk Analysis and the Risk Database ................................. 4 7.3 Process 4: Risk Response Planning ...................................................... 4 7.4 Process 5: Risk Monitoring/Control ...................................................... 5 7.5 Process 6: Risk Management Tools ...................................................... 5 Risk Analysis of the Risk Management Project ......................................... 5 Schedule for Risk Management Activities ................................................. 5 Risk Management Budget ......................................................................... 6 1.0 Purpose of the Plan This document is the plan for managing risk for <PROJECT>. It defines roles and responsibilities for participants in the risk processes, the risk management activities that will be carried out, the schedule and budget for risk management activities and any tools and techniques that will be used. 2.0 Scope of Risk Management Risk Management will take place for <Name The Project Or The Ongoing Operations>. 3.0 The Risk Officer The Risk Officer is <RISK OFFICER> and is the key person responsible for Risk Management. The Risk Officer has the following responsibilities and authority in the project: <describe what the risk officer will do such as: Coordinate all risk identification, analysis and response activities Maintaining the project’s risk database Maintain the Top Ten Risk list Notifying project management or the management of the Agency of new risk items Reporting risk resolution status to management > The Risk Officer and other members of the Risk Management team <LIST NAMES OR ROLES> shall meet <STATE FREQUENCY > to review the status of all risk response efforts, analyze any new risk events and update the project's Top Ten Risk List. 4.0 Risk Identification Group The group involved in identifying Risks in this project is made up of the following persons: <Name the persons in such a group> 5.0 Risk Analysis Parameters The following analysis parameters shall be used: The Risk evaluation is based on <Define whether a percentage or a fixed-point scale shall be used>. The Impact shall be evaluated as <<Define whether a percentage or a fixed-point scale shall be used>. Risk Management Plan Page 1 The currency used for all value computations shall be <Define the currency>. The time unit in all time computations shall be <Define the time unit>. Define any other parameters that should be used in the analysis. Risk Management Plan Page 2 6.0 The Expected Documentation The Plan will deliver the following documentation. <Choose whichever is appropriate depending on whether the analysis is based on hard copy risk forms or electronic databases.> 6.1 Risk Events List The Risk List is the result of Risk Identification activities. It consists of a list of all risks grouped by an agreed upon classification. The Risk Events List is located at: <state where risk list is located> 6.2 Risk Forms The Risk Form is a hardcopy form containing a large set of fields for each risky event being analyzed and controlled. The form contains data about the event, its computational aspects and all risk response information. Risk Forms are located at: <state where risk list is located> 6.3 Risk Data Database The information to be stored in the database (Electronic or in hard copy form) contains information about each project, risk and persons involved in risk management. The Risk Database is located at: <state where Risk Database is located> 6.4 The Top Ten Risk List The risk items that currently have the highest estimated exposure are referred to as the project’s Top Ten Risk List. This is to be presented once a <PERIOD>. The Top Ten Risk List is located at: <state where Top Ten risk list is located> 6.5 Retired Risks Every <PERIOD>, a list of all risks that have been retired is produced. A risk item can be considered retired when it meets the following criteria: <example: the planned mitigation actions have been completed or the estimated risk exposure of probability times impact is less than 2> 6.6 Lessons Learned The Risk Management Team meets at the end of the project to analyze the lessons learned from risk management activities for this project. Risk Management Plan Page 3 For ongoing activities or operations, the team meets every <PERIOD> to prepare the Lessons Learned document. <describe what the document will contain: A list of the most troublesome events A list of the most costly responses A list of the lessons learned, i.e., risks to be avoided in the future, ways to respond to them, etc. > 7.0 Activities Risk Management Plan activities closely follow the Risk Management SOPs provided by OMSAR: Process Process Process Process Process Process 1: 2: 3: 4: 5: 6: Risk Management Planning (The current document) Risk Identification Risk Analysis and the Risk Database Additional Quantitative Risk Analysis Techniques Risk Response Planning Risk Monitoring/Control <In the following sections, define the specific steps to be taken from the above SOPs> 7.1 Process 2: Risk Identification <State the methods to be used to identify risks events at the beginning of the project and on an on-going basis. This may involve a workshop, brainstorming sessions, interviews at the beginning of each phase, or a questionnaire. Describe any consolidated lists of risk items that will be used to identify candidate risks for this project.> <state who is involved in identifying project risks> 7.2 Processes 3: Risk Analysis and the Risk Database For each event in the Risk Events List, individuals are identified who are best suited to complete Risk Analysis tasks, such as assigning probabilities, impacts, etc. Upon completion of the Analysis, the data is collected and entered into the Risk Database (If applicable). The Risk Table is arranged by decreasing exposure. The total Project Risk is analyzed and the Top Ten List is prepared. 7.3 Process 4: Risk Response Planning The Top Ten Risks, or those risk factors having an estimated exposure greater than <state Exposure Threshold> are assigned to individual project members for development and execution of a Risk Response Plan. Risk Management Plan Page 4 <Or, a group brainstorming session is used to develop the Risk Response Plan for individual risk items and to assign responsibility of execution to specific individuals.> 7.4 Process 5: Risk Monitoring/Control Each individual responsible for executing a risk response plan carries out the response activities. <Describe the methods and metrics for tracking the project’s risk status over time, and the way risk status will be reported to management.> The status and effectiveness of each mitigation action is reported to the Risk Officer every two weeks. The probability and impact for each risk item is reevaluated and modified, if appropriate. If any new risky events have been identified, they are analyzed and added to the risk list. The Top Ten Risk List is regenerated based on the updated probability and impact for each remaining risk. Any risk factors for which mitigation actions are not being effectively carried out, or whose risk exposure is rising, may be escalated to an appropriate level of management for visibility and action. 7.5 Process 6: Risk Management Tools <Describe any tools that will be used to store risk information, evaluate risks, track status of risk items, or generate reports or charts depicting risk management activity and status. If specific questionnaires or databases will be used during risk identification, describe them here. If lessons learned about controlling the risk items will be stored in a database for reference by future projects, describe that database here.> 8.0 Risk Analysis of the Risk Management Project The Risk Officer will need to prepare Risk Analysis for the project in question. 9.0 Schedule for Risk Management Activities The schedule for all Risk Management activities is the following: <list all activities showing their date, duration and responsible party> Completion of the Risk Plan Risk Identification Preparation of the Risk List (Identified risks) Risk Management Plan Page 5 Preparation of the Risk Analysis Prioritization of Risks Preparation of the Risk Response plan Prepare the Top Ten Risk list Risk Monitoring and Tracking Risk Reviews (Several) 10.0 Risk Management Budget <Estimate the budget available for managing the project’s or the ongoing operation’s risks>. Risk Management Plan Page 6