Risk Management Plan v3.0 - Pennsylvania Department of Health

advertisement
<enter sponsor dept/bureau name>
<Enter project code & name>
Project Risk Management Plan
Prepared by:
Project #:
Submitted to:
Date submitted
Document version:
V0.1
Commonwealth of PA-Department of Health
<enter sponsor dept or bureau name>
Document Instructions
<This document template contains directions for use or sample entries. These directions are enclosed in
brackets (< >) and are italicized. They are included to help you fill out the form. As you complete the form,
delete these instructions.
Please follow this document naming convention to facilitate document search and retrieval:
<project code (if appropriate)> <project name (abbreviated)> <document name
(abbreviated)> <version (if appropriate)>
All documents should be posted to the appropriate project folder in SharePoint. >
Document History
<The document history is a log of changes that are made to the document, who made the changes,
and when. For example, the initial creation of the document may contain the following: Version 0.1,
Date 1/1/2004, Author Charlie Brown, Status Initial creation. Subsequent updates to the document
will be Version 0.2, 0.3, etc. The first published version of the document should be Version 1.0.>
Version
0.1
1.0
Date
Table: Document History Table
Author
Status
Mm/dd/yy
Mm/dd/yy
Revision
Descriptions
Initial Draft
First Published
Approvals
<In lieu of this Approval section, which requires multiple signatures on one document, you may elect
to use the Approval Memo template. Distribute both this document and the Approval Memo,
requesting that only the memo be printed, signed and returned to indicate approval.>
Your signature below indicates that this document meets its objectives and is acceptable.
Signature
Name
Title
Date
Signature
Name
Title
Date
Signature
Name
Title
Date
Signature
Name
Title
Date
<enter project code & name>
Page 1 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
<enter sponsor dept or bureau name>
Table of Contents
1
PURPOSE OF THIS DOCUMENT ..................................................................... 3
2
ACRONYMS ...................................................................................................... 3
3
EXECUTIVE SUMMARY ................................................................................... 4
4
INTRODUCTION ................................................................................................ 5
5
RISK MANAGEMENT PROCESS ..................................................................... 6
5.1
5.2
5.3
5.4
RISK IDENTIFICATION .................................................................................... 6
RISK ANALYSIS ............................................................................................. 7
RISK RESPONSE PLANNING ........................................................................... 7
RISK MONITORING AND CONTROL .................................................................. 8
6
ROLES AND RESPONSIBILITIES .................................................................... 8
7
RISK COMMUNICATION STRATEGY .............................................................. 8
8
GLOSSARY OF TERMS.................................................................................. 10
<enter project code & name>
Page 2 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
1
<enter sponsor dept or bureau name>
Purpose of This Document
This document describes how the job of managing risks for the project will be
performed and includes:
 The process which will be used to identify, analyze and manage risks both
initially and throughout the project lifecycle;
 How often risks will be reviewed, the process for review and who will be
involved;
 Who will be responsible for which aspects of risk management; and
 How risk status will be reported and to whom.
2
Acronyms
<Provide all acronyms that may be used within this document.>
Table: Acronyms Used in This Document
Acronym
PMM
Definition
Project Management Methodology (example)
<enter project code & name>
Page 3 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
3
<enter sponsor dept or bureau name>
Executive Summary
<In this section, provide a brief one-page summary describing the purpose, methods, issues,
and results of the Project Risk Management Plan. This section should be completed last and
should capture the key points described in the detailed section of this document.>
[Enter the Executive Summary text here]
<enter project code & name>
Page 4 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
4
<enter sponsor dept or bureau name>
Introduction
Key to successful project management is identifying risks in advance and
managing these risks throughout the project lifecycle. Experience has shown
that risk management must be of concern, as unmanaged or unmitigated risks
are one of the primary causes of project failure. Without proactive management,
risks will induce chaos and failure into an otherwise well-planned and managed
project.
Risk management is the job of identifying and managing risks for the project.
Risk refers to future conditions or circumstances that exist outside of the control
of the project team that will have an adverse impact on the project if they occur.
Risk management planning sets forth a discipline and environment to make
proactive decisions and actions to:

Assess continuously what can go wrong (risks);

Determine and prioritize what risks can be minimized or eliminated; and

Develop and implement responses to mitigate identified risks and
contingency plans for high priority risks, to be implemented if those risks
occur.
The project manager and appropriate stakeholders will meet during the Strategy
and Planning phase to identify project risks. The Risk Activity Guide and Risk
Analysis White Paper, both located in the PMO template folder, contain helpful
information to help the project team identify and manage project risks.
Risks will be analyzed and documented using the Risk Management Log
template. Plans will be created to mitigate the effect of the possible risk. The
plans to respond to those risks will be included in the project schedule. During
the Execution and Control phase, at regularly scheduled status meetings, the
project manager and team members will review the status of identified risks and
determine whether additional risk factors have surfaced. As new risk factors are
identified, they are documented in the Risk Management Log, analyzed and
planned for in the same manner as those risks identified during the Planning
phase.
<enter project code & name>
Page 5 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
5
<enter sponsor dept or bureau name>
Risk Management Process
The process for managing risk will consist of the following steps.
Project Risk Management Process
STRATEGY PHASE
Project Initiation &
Risk Identification
(Capture the known
concerns early in the
project lifecycle)
PLANNING PHASE
Risk Management
Planning
EXECUTING /CONTROLLING
PHASE
Risk Monitoring &
Control
Risk Identification
Risk Analysis
Risk Response
Planning
5.1
Risk Identification
During the Strategy and Planning phases, risk identification sessions will be
held to identify project risks. The project manager will determine participants
from among appropriate stakeholders. Identified risks will be recorded in the
Risk Management Log.
Once a risk has been identified it will be categorized. Risk categories will
include



Business Risks - organizational, management, business users,
procurement, customer service, external environmental factors, etc.
Project Risks - schedule requirements, contractors, internal staff,
stakeholders, scope management, process and funding.
Technical Risks - products, quality, technical complexity, requirements,
design, implementation, environment, systems, security, etc.
Within each of the risk categories, individual risks will be identified and
analyzed using the Risk Management Log.
<enter project code & name>
Page 6 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
5.2
<enter sponsor dept or bureau name>
Risk Analysis
Once a risk has been identified and categorized the following information will
be analyzed for each risk:

Probability – The level of certainty that the risk event will occur. This will be
measured on a scale of one (lowest) to 4. The probability of occurring
calculation is 1 (1% - 24%), 2 (25% - 49%), 3 (50% - 79%), and 4 (80% 100%).

Impact – Impact is the rating of the severity of the consequences if the risk
were to occur. As with probability, impact is measured on a scale from 1
(lowest) to 4. The impact calculation is 1 (marginal), 2 (normal), 3 (critical),
and 4 (catastrophic).
 Risk Score – Risk probability and impact are weighted together to calculate
the risk’s score. This score can be used to assign priority and identify the
risk response. The Risk Management Log will automatically calculate this
value. A higher risk value is assigned a more aggressive risk response
plan then one which has a lower priority. The following guidelines will be
used to determine the level of risk response planning required.
 Probability 
Table: Project Risk Response
6
8
10
12
5
7
9
11
4
6
8
10
3
5
7
9
 Impact 
Where:
3 -5
Create a risk response
6 - 8 Create a risk response & outline a contingency plan
9 - 12 Create both a risk response & contingency plan
5.3
Risk Response Planning
Risk response planning will involve determining first how to approach the risk
base on the following four options:

Mitigate - Do something to reduce the risk impact

Transfer - Move all or part of the risk to another party and then setting
up an agreement for that party to accept the risk
<enter project code & name>
Page 7 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
<enter sponsor dept or bureau name>

Accept - Acknowledge that the risk exists but make the decision to do
nothing and accept the probability of the risk occurring.

Avoid - Change the Project Plan to eliminate the risk. Example: perform
an extensive requirements gathering effort.
The risk response plans will be captured and maintained in the Risk
Management Log along with the assignment of a person who is responsible for
executing these plans. Risk triggers will also be identified to provide early
indication that a contingency plan must potential be executed. Where possible,
risk mitigation activities will be reflected in the project schedule.
5.4
Risk Monitoring and Control
Following risk response planning, and throughout the project lifecycle, it is the
responsibility of the project manager or designated risk monitor to conduct ongoing risk response activities. For newly identified/analyzed risks it is
necessary to formulate new response plans. For risks that have been fully
mitigated it is necessary to record the results in the Risk Management Log and
close the risk. For risks that have not been fully mitigated, it may be necessary
to perform risk analysis again, reformulate the response plan, and/or re-assign
to another responsible person. The consistent review and updating of the Risk
Management Log during team meetings also supports this need.
6
Roles and Responsibilities
<Describe who will be involved in the risk management process.>
[Enter the roles and responsibility text here.]
Table: Risk Management Roles and Responsibilities
Risk Item
7
Reference
Risk Management Log is maintained by:
<Person’s name, email, phone>
Persons/groups to be included in initial risk identification
activity:
<Insert rows as needed>
Persons to be involved in risk review:
<Insert rows as needed>
Risk Communication Strategy
<Describe what methods will be used to communicate on issues and status relative to the
management of project risks. Will meetings be used? What will the escalation procedures be?>
[Enter the risk communication strategy text here]
<enter project code & name>
Page 8 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
<enter sponsor dept or bureau name>
<Or use the table below>
Table: Risk Communication Roles and Responsibilities
Risk Item
Reference
Risks will be reviewed:
<Daily, weekly, as needed,
etc.>
Location of Risk Management Log
<Insert hyperlink to the project’s
Risk Management Log.>
<enter project code & name>
Page 9 of 11
Project Risk Management Plan
Commonwealth of PA-Department of Health
8
<enter sponsor dept or bureau name>
Glossary of Terms
<Include all terms that may not be familiar to the reader.>
Term
Table: Glossary of Terms used in This Document
Definition
<enter project code & name>
Page 10 of 11
Project Risk Management Plan
Download