CA_VINE_RMP
-
Upload
raj-machawar -
Category
Documents
-
view
218 -
download
0
Transcript of CA_VINE_RMP
-
8/2/2019 CA_VINE_RMP
1/11
Risk Management Plan
Project Name: California Statewide VINE
Department: Professional Services
Project Manager: Stephen Adams
Date: November 19, 2007
-
8/2/2019 CA_VINE_RMP
2/11
Risk Management Plan
INTRODUCTION.................................................................................................3
PURPOSE AND SCOPE.....................................................................................3
RISK MANAGEMENT PLANNING......................................................................4
RISK IDENTIFICATION.......................................................................................5
RISK ANALYSIS.................................................................................................6
RISK PLANNING.................................................................................................6
RISK MONITORING AND CONTROL.................................................................7
RISK MANAGEMENT ASSIGNMENTS..............................................................7
RISK CLASSIFICATION.....................................................................................8
REFERENCED DOCUMENTS..........................................................................11
DOCUMENT REVISION HISTORY....................................................................11
-
8/2/2019 CA_VINE_RMP
3/11
Risk Management Plan
INTRODUCTION
The Appriss approach to risk management starts with a plan that defines the scope and process for
the identification, assessment, and management of risks which could impact the implementation ofthe project. The objective of the Risk Management Plan is to define the strategy to manage project-
related risks such that there is acceptable minimal impact on cost and schedule, as well as
operational performance.
PURPOSE AND SCOPE
The purpose of the Risk Management Plan is to establish an approach to monitoring, evaluating,and managing risks throughout the life of the project. A risk is an uncertain event or condition that,
if it occurs, has a negative or positive effect on the projects objectives.
The risk management process will identify potential risk sources; assess individual risks andimpacts on performance, cost, and schedule; evaluate alternative approaches to mitigate high and
moderate risks; and develop action plans to handle individual risks.
The product of risk management planning will be the Risk Register. The Risk Register willdocument the various risks with their classification, mitigation and handling strategies, impact on
cost and schedule, and action items.
The risk management process includes these five elements.
1) Risk Management Planning Deciding how to approach and conduct the risk
management activities for the project.
2) Risk Identification An initial and continuous effort to identify, quantify and
document risks as they are identified.
3) Risk Analysis Evaluate identified risks to determine probability of occurrence,
impact, and timeframe.
4) Risk Planning / Mitigation Establish an action plan for risk and assign
responsibility.
5) Risk Monitoring and Control Capture, compile, and report risk.
03/16/2012 3 Version 1.0
-
8/2/2019 CA_VINE_RMP
4/11
Risk Management Plan
RISK MANAGEMENT PLANNING
Risk management planning is the process of determining how to approach and conduct risk
activities for the project. Planning is critical to establish the importance of risk management,allocating proper resources and time to risk management and establish the basis for evaluating risk.
The diagram illustrates the functional relationships of the five risk management process elements:
03/16/2012 4 Version 1.0
LEGEND
Decision
Activity
Output
Identify Risk
Analyze:
Classify
Evaluate
Analyze:Prioritize
Risk
Statement
Risk
Class,
Probability,
impact,
timeframe
Prioritized list
of task
Plan:
Assignresponsibility,
Approve plans
Assignments
approved plans
Plan:
Define Mitigationapproach.
Determine
Mitigation plan
Track: Control
Risk mitigationplan
Status Reports
Decision
- Close Risk
- Take Planned Action
- Continue Tracking
- Replan
Individual Activities
Individual Activities
Weekly and Monthly
Weekly and Monthly
-
8/2/2019 CA_VINE_RMP
5/11
Risk Management Plan
RISK IDENTIFICATION
A baseline set of risks will be created and entered into the project Risk Register. These baseline
risks will be identified through the normal course of the project planning process. Risk statementswill be written for each identified risk. Risk statements will be clear concise and contain only one
risk condition and one or more consequences of that condition.
All project stakeholders are responsible for identifying new risks. New risks identified duringproject related meetings shall be captured and added to the Risk Register within two working days
of the meeting. It will be the responsibility of the Appriss Project Manager to make sure this is
accomplished.
Appriss brings ten years of experience to the project in implementing similar systems. This
experience has provided Appriss with a unique insight to common operation and system risks.
Some of the common risks are documented in the table below. This table is not intended to be anexhaustive list.
Risk Area Potential Risk
Project Scope and Complexity Scope is not understood
Requirements not documented properly
Requirements not agreed upon by
customer
Complexity not understood in terms of:
o Technology
o Adapters needed
o Number of users
o Business process
Technology Technology not proven
Unreliable performance record ofvendors
Inexperience with the technologies to be
used
Vendor infrastructure is not sound
Staffing Inadequate resources committed to theproject
Project team does not contain membersthat have experience with similar
projects
Resources pulled from project before
completion
Culture Users not willing to make business
process changes
Customer does not make a strong
03/16/2012 5 Version 1.0
-
8/2/2019 CA_VINE_RMP
6/11
Risk Management Plan
commitment to project
Organization changes within agency,
removes key personnel
Project Management Executive oversight committee is not
actively engaged in project Project issues are not addressed
Change is not controlled and project
scope grows beyond original boundaries
RISK ANALYSIS
Appriss will use a qualitative approach to Risk Analysis. This methodology uses a risk level matrix
based on probability and impact. This allows for an independent assessment of probability and
consequence of risk.
Each risk shall be evaluated to determine impact, probability of occurrence, and timeframe. Each
risk shall be examined to determine its relationship to other risks identified. Initially, the identifier
of the risk shall provide an estimate of these attributes. The Project Manager shall be responsiblefor further analyses and prioritization of the risks. The criteria for analyzing risks are established
later in the Risk Classification section of this plan.
RISK PLANNING
Risk handling is the identification of a course of action or inaction selected for the purpose of
effectively managing a given risk. All identified risks shall be handled. Specific handling methodsshould be selected after the probable impact on the project has been determined.
The Appriss Project Manager will determine what action should be taken for each risk as it brought
to his attention through weekly team meetings and database reports. The Appriss Project Managershall determine whether to keep the risk, delegate responsibility, or transfer the risk responsibility
up the project organization chain. The Project Manager, if necessary, may transfer a risk(s) to
external organizations if that organization is best suited to handle the risk.
Risk planning requires a decision to perform further research, accept the risk (documentacceptance rationale in the Risk Register and close the risk), watch the risk attributes and status
(define tracking requirements, document in the Risk Register, and assign a "watch" action), ormitigate the risk (create a Mitigation Plan, assign action items, and monitor the activities and risk).
Mitigation activities shall be documented on the Risk Register or by creating a separate MitigationPlan. A Mitigation Plan shall be written for any effort that requires re-allocation of project
resources. The Project Manager shall determine when to use a Mitigation Plan.
03/16/2012 6 Version 1.0
-
8/2/2019 CA_VINE_RMP
7/11
Risk Management Plan
RISK MONITORING AND CONTROL
Risk information and metrics defined during planning shall be captured, tracked and analyzed fortrends. The person assigned responsibility for the risk shall provide routine trend and status reports
on research and/or mitigation activities to the Appriss Project Manager during the weekly projectmeetings. Watched risks shall be reported on during the monthly project meetings. The RiskRegister shall be used to report summary status, and a Stoplight Status Report shall be used by the
Appriss Project Manager to report progress to senior management at the monthly reviews.
Decisions shall be made by the Project Manager during the weekly and monthly meetings to close
risks, continue to research, mitigate or watch risks, re-plan or re-focus actions or activities, orinvoke contingency plans. This is also the time when the Project Manager authorizes and allocates
resources toward risks.
RISK MANAGEMENT ASSIGNMENTS
The following table describes the responsibilities of the project stakeholders:
Who Responsibilities
Individual Members Identify new risks
Estimate probability of risk, impact, and time frame
Classify risk
Recommend action
Assist in prioritizing risk
Appriss Project
Manager
Collect all risk information from individuals
Ensure accuracy of probability, impact and time frame Build the Risk Register
Collect and report risk measures and metrics
Report risk to senior management
Prioritize Risk
Executive Oversight
Committee Authorize expenditures of resources for mitigation
Authorize additional cost or time to mitigate risk.
03/16/2012 7 Version 1.0
-
8/2/2019 CA_VINE_RMP
8/11
Risk Management Plan
The following table describes the criteria for communicating and documenting risk
Who Responsibilities
Individual Members
to Project Manager
Any risk that impacts performance
Any risk that impacts >10 percent of budgetAny risk that exceeds schedule milestones
Any risk that needs to be transferred to another team
Project Manager toExecutive Oversight
Committee
Mitigation activity status
Any risk that impacts mission success
Any risk that causes the project budget to be exceeded by
more that 10 percent
Any risk that may negatively impact Appriss or their
customers
Risk status
RISK CLASSIFICATION
Risk shall be analyzed qualitatively using impact, likelihood and timeframe classifications definedin this section. Impact is based on project success, resources, cost, and schedule. Likelihood is
used to provide an order of magnitude based on quantitative data and qualitative experience.
Impact Classification
High
Schedule Slip Slip of delivery beyond two month of milestone schedules. Cost Overrun - > 10 percent increase in budget allocation.
Technical Loss of critical function or major objective.
Political Bad press for TOHS, DIR, TDEx, or other entities
Significant
Schedule Slip - > 1 month 5 percent but < 10 percent increase to budget
Technical -Major function objective not fully met.
Political - Senior Management has concerns about project success or
development progress
Low
Schedule Slip - > 2 weeks
-
8/2/2019 CA_VINE_RMP
9/11
Risk Management Plan
Cost Overrun minor impact
Technical Small impact to technical performance
Likelihood Classification
High (>70% chance of occurrence)
Occurrence is very likely and may not be controlled by following existingprocesses, procedures and plans.
Significant (40% - 70% chance of occurrence)
Occurrence is likely and may not be entirely controlled by following existingprocesses, procedures and plans.
Low (20% - 39% chance of occurrence)
Occurrence is unlikely and may not be entirely controlled by following existing
processes, procedures and plans.
Negligible (
-
8/2/2019 CA_VINE_RMP
10/11
Risk Management Plan
Risk Classification Chart
Green - Items classified as green are acceptable without further mitigation and will be routinely
tracked.
Yellow - Items classified as yellow may require mitigation. For these items, alternative
dispositions will be identified and trade-offs conducted to determine the mitigation required.
Red - Items classified as red are considered primary risk drivers. For these items, mitigationoptions will be developed. Red risks will be assessed for impact to budget reserves and will be
tracked to closure.
03/16/2012 10 Version 1.0
High RED
Significant YELLOW
Low
GREEN
Negligible
Negligible Low Significant High
-
8/2/2019 CA_VINE_RMP
11/11
Risk Management Plan
Timeframe is used in conjunction with the Risk Classification Chart to determine priorities,
establish when risks need to have actions taken, and how long risks may need to be watched ortracked before they no longer are a concern or can be closed.
Each project review meeting will result in an update to the project Risk Register that will be sent toall project personnel.
REFERENCED DOCUMENTS
1. Risk Register
2. Mitigation Plan
3. Stoplight Status Report
Document Revision History
Version Date Changes Updated By
1.0 4/30/07 Original document C. Higginbotham
03/16/2012 11 Version 1.0