<enter sponsor dept/bureau name> <Enter project code & name> Project Risk Management Plan Prepared by: Project #: Submitted to: Date submitted Document version: V0.1 Commonwealth of PA-Department of Health <enter sponsor dept or bureau name> Document Instructions <This document template contains directions for use or sample entries. These directions are enclosed in brackets (< >) and are italicized. They are included to help you fill out the form. As you complete the form, delete these instructions. Please follow this document naming convention to facilitate document search and retrieval: <project code (if appropriate)> <project name (abbreviated)> <document name (abbreviated)> <version (if appropriate)> All documents should be posted to the appropriate project folder in SharePoint. > Document History <The document history is a log of changes that are made to the document, who made the changes, and when. For example, the initial creation of the document may contain the following: Version 0.1, Date 1/1/2004, Author Charlie Brown, Status Initial creation. Subsequent updates to the document will be Version 0.2, 0.3, etc. The first published version of the document should be Version 1.0.> Version 0.1 1.0 Date Table: Document History Table Author Status Mm/dd/yy Mm/dd/yy Revision Descriptions Initial Draft First Published Approvals <In lieu of this Approval section, which requires multiple signatures on one document, you may elect to use the Approval Memo template. Distribute both this document and the Approval Memo, requesting that only the memo be printed, signed and returned to indicate approval.> Your signature below indicates that this document meets its objectives and is acceptable. Signature Name Title Date Signature Name Title Date Signature Name Title Date Signature Name Title Date <enter project code & name> Page 1 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health <enter sponsor dept or bureau name> Table of Contents 1 PURPOSE OF THIS DOCUMENT ..................................................................... 3 2 ACRONYMS ...................................................................................................... 3 3 EXECUTIVE SUMMARY ................................................................................... 4 4 INTRODUCTION ................................................................................................ 5 5 RISK MANAGEMENT PROCESS ..................................................................... 6 5.1 5.2 5.3 5.4 RISK IDENTIFICATION .................................................................................... 6 RISK ANALYSIS ............................................................................................. 7 RISK RESPONSE PLANNING ........................................................................... 7 RISK MONITORING AND CONTROL .................................................................. 8 6 ROLES AND RESPONSIBILITIES .................................................................... 8 7 RISK COMMUNICATION STRATEGY .............................................................. 8 8 GLOSSARY OF TERMS.................................................................................. 10 <enter project code & name> Page 2 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health 1 <enter sponsor dept or bureau name> Purpose of This Document This document describes how the job of managing risks for the project will be performed and includes: The process which will be used to identify, analyze and manage risks both initially and throughout the project lifecycle; How often risks will be reviewed, the process for review and who will be involved; Who will be responsible for which aspects of risk management; and How risk status will be reported and to whom. 2 Acronyms <Provide all acronyms that may be used within this document.> Table: Acronyms Used in This Document Acronym PMM Definition Project Management Methodology (example) <enter project code & name> Page 3 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health 3 <enter sponsor dept or bureau name> Executive Summary <In this section, provide a brief one-page summary describing the purpose, methods, issues, and results of the Project Risk Management Plan. This section should be completed last and should capture the key points described in the detailed section of this document.> [Enter the Executive Summary text here] <enter project code & name> Page 4 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health 4 <enter sponsor dept or bureau name> Introduction Key to successful project management is identifying risks in advance and managing these risks throughout the project lifecycle. Experience has shown that risk management must be of concern, as unmanaged or unmitigated risks are one of the primary causes of project failure. Without proactive management, risks will induce chaos and failure into an otherwise well-planned and managed project. Risk management is the job of identifying and managing risks for the project. Risk refers to future conditions or circumstances that exist outside of the control of the project team that will have an adverse impact on the project if they occur. Risk management planning sets forth a discipline and environment to make proactive decisions and actions to: Assess continuously what can go wrong (risks); Determine and prioritize what risks can be minimized or eliminated; and Develop and implement responses to mitigate identified risks and contingency plans for high priority risks, to be implemented if those risks occur. The project manager and appropriate stakeholders will meet during the Strategy and Planning phase to identify project risks. The Risk Activity Guide and Risk Analysis White Paper, both located in the PMO template folder, contain helpful information to help the project team identify and manage project risks. Risks will be analyzed and documented using the Risk Management Log template. Plans will be created to mitigate the effect of the possible risk. The plans to respond to those risks will be included in the project schedule. During the Execution and Control phase, at regularly scheduled status meetings, the project manager and team members will review the status of identified risks and determine whether additional risk factors have surfaced. As new risk factors are identified, they are documented in the Risk Management Log, analyzed and planned for in the same manner as those risks identified during the Planning phase. <enter project code & name> Page 5 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health 5 <enter sponsor dept or bureau name> Risk Management Process The process for managing risk will consist of the following steps. Project Risk Management Process STRATEGY PHASE Project Initiation & Risk Identification (Capture the known concerns early in the project lifecycle) PLANNING PHASE Risk Management Planning EXECUTING /CONTROLLING PHASE Risk Monitoring & Control Risk Identification Risk Analysis Risk Response Planning 5.1 Risk Identification During the Strategy and Planning phases, risk identification sessions will be held to identify project risks. The project manager will determine participants from among appropriate stakeholders. Identified risks will be recorded in the Risk Management Log. Once a risk has been identified it will be categorized. Risk categories will include Business Risks - organizational, management, business users, procurement, customer service, external environmental factors, etc. Project Risks - schedule requirements, contractors, internal staff, stakeholders, scope management, process and funding. Technical Risks - products, quality, technical complexity, requirements, design, implementation, environment, systems, security, etc. Within each of the risk categories, individual risks will be identified and analyzed using the Risk Management Log. <enter project code & name> Page 6 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health 5.2 <enter sponsor dept or bureau name> Risk Analysis Once a risk has been identified and categorized the following information will be analyzed for each risk: Probability – The level of certainty that the risk event will occur. This will be measured on a scale of one (lowest) to 4. The probability of occurring calculation is 1 (1% - 24%), 2 (25% - 49%), 3 (50% - 79%), and 4 (80% 100%). Impact – Impact is the rating of the severity of the consequences if the risk were to occur. As with probability, impact is measured on a scale from 1 (lowest) to 4. The impact calculation is 1 (marginal), 2 (normal), 3 (critical), and 4 (catastrophic). Risk Score – Risk probability and impact are weighted together to calculate the risk’s score. This score can be used to assign priority and identify the risk response. The Risk Management Log will automatically calculate this value. A higher risk value is assigned a more aggressive risk response plan then one which has a lower priority. The following guidelines will be used to determine the level of risk response planning required. Probability Table: Project Risk Response 6 8 10 12 5 7 9 11 4 6 8 10 3 5 7 9 Impact Where: 3 -5 Create a risk response 6 - 8 Create a risk response & outline a contingency plan 9 - 12 Create both a risk response & contingency plan 5.3 Risk Response Planning Risk response planning will involve determining first how to approach the risk base on the following four options: Mitigate - Do something to reduce the risk impact Transfer - Move all or part of the risk to another party and then setting up an agreement for that party to accept the risk <enter project code & name> Page 7 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health <enter sponsor dept or bureau name> Accept - Acknowledge that the risk exists but make the decision to do nothing and accept the probability of the risk occurring. Avoid - Change the Project Plan to eliminate the risk. Example: perform an extensive requirements gathering effort. The risk response plans will be captured and maintained in the Risk Management Log along with the assignment of a person who is responsible for executing these plans. Risk triggers will also be identified to provide early indication that a contingency plan must potential be executed. Where possible, risk mitigation activities will be reflected in the project schedule. 5.4 Risk Monitoring and Control Following risk response planning, and throughout the project lifecycle, it is the responsibility of the project manager or designated risk monitor to conduct ongoing risk response activities. For newly identified/analyzed risks it is necessary to formulate new response plans. For risks that have been fully mitigated it is necessary to record the results in the Risk Management Log and close the risk. For risks that have not been fully mitigated, it may be necessary to perform risk analysis again, reformulate the response plan, and/or re-assign to another responsible person. The consistent review and updating of the Risk Management Log during team meetings also supports this need. 6 Roles and Responsibilities <Describe who will be involved in the risk management process.> [Enter the roles and responsibility text here.] Table: Risk Management Roles and Responsibilities Risk Item 7 Reference Risk Management Log is maintained by: <Person’s name, email, phone> Persons/groups to be included in initial risk identification activity: <Insert rows as needed> Persons to be involved in risk review: <Insert rows as needed> Risk Communication Strategy <Describe what methods will be used to communicate on issues and status relative to the management of project risks. Will meetings be used? What will the escalation procedures be?> [Enter the risk communication strategy text here] <enter project code & name> Page 8 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health <enter sponsor dept or bureau name> <Or use the table below> Table: Risk Communication Roles and Responsibilities Risk Item Reference Risks will be reviewed: <Daily, weekly, as needed, etc.> Location of Risk Management Log <Insert hyperlink to the project’s Risk Management Log.> <enter project code & name> Page 9 of 11 Project Risk Management Plan Commonwealth of PA-Department of Health 8 <enter sponsor dept or bureau name> Glossary of Terms <Include all terms that may not be familiar to the reader.> Term Table: Glossary of Terms used in This Document Definition <enter project code & name> Page 10 of 11 Project Risk Management Plan