版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、risk management plan (template and guide) version: 2.0 november 2003 risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 1 of 31 table of contents sectionpage 1introduction.3 1.1purpose.3 1.2objectives.3 1.3scope assuming that similar pro
2、cesses are in effect within the individual teams and sub-teams that comprise the program. risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 5 of 31 while risks must be identified and effective mitigations tailored for each project, ther
3、e are standard risk factors, standard assessment criteria to identify and evaluate risks, and standard mitigation approaches that have been defined for software engineering projects in general, and enterprise application implementation projects specifically. these risk factors, assessment criteria,
4、and mitigation approaches are referred to as a risk reference model. this risk management plan must ensure that both individual risks and risks that are common to the class of application of the program are both identified and mitigated. risk management is an integral part of overall project plannin
5、g and management. effective project planning and management requires effective identification and assessment of risks and determining what mitigating actions are required. managing the effective completion of mitigation actions should be integrated with overall project tasks and assignments. risk ma
6、nagement also works in concert with issue management. the key difference between issue management and risk management is the element of uncertainty inherent in risks. uncertain events that could impact the program should be identified and managed through this rmp. note that risks could lead to ident
7、ification of issues and issues could drive identification or resolution of risks. in addition to addressing identified risks through this risk management process, it is expected that the project planning process will also include quantitative risk assessment processes to validate project schedule an
8、d budget estimates. these techniques, including monte carlo simulation and decision tree analysis, are beyond the scope of this document. 1.4guiding principles in order to be successful, the principles listed below guide the use and implementation of the overall risk management process that is descr
9、ibed in detail in section 3.0 of this document. decisions will not be revisited once made (unless substantively new facts become available). escalation of risks follows the defined process identified below. a single owner is assigned responsibility for a risk even if several people work to mitigate
10、it. work and communicate progress on most severe risks first. set realistic due dates and then work to meet the dates. mitigate risks at the appropriate level (i.e., program, team, sub-team). responsible team leads determine and agree on the risk severity level. document the planned risk mitigation
11、history and actual mitigation of a risk. this documentation serves as a key input to root cause analysis, key learning, metrics, and risk analysis. for high impact, unanticipated risks, a 24-hour decision turnaround may be required or as determined by the pms. in such cases, available applicable tea
12、m members will make the decision. risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 6 of 31 1.5reference documents this risk management plan builds on general project and risk management references including: a guide to the project mana
13、gement body of knowledge (pmbok guide) 2000 edition (project management institute, 2000) assessment and control of software risks, capers jones (prentice hall, 1994) chaos report and other publications, standish group managing risk, methods for software systems development, elaine m. hall (addison w
14、esley, 1998) project project resources have inadequate capacity to complete a risk assessment; there is inadequate objectivity in identifying or assessing risks across different business units or development organizations; benefits of using a third party to conduct an independent risk audit include:
15、 access to a risk reference model a set of risk factors and effective mitigation plans that have been relevant for similar projects; trained skills in conducting structured interviews to identify and assess risks; effective change management skills to drive the project team to execute mitigation pla
16、ns. 2.1.6independent risk auditors the independent auditor is responsible for identifying program risks based on conducting objective review of project documents and interviewing key project personnel. the independent auditor should have proven experience in assessing similar class projects in size,
17、 scope, and process domain. the independent auditor should have a specific risk reference model that they can provide to the program. specific responsibilities include the following activities. conduct interviews with key project personnel including stakeholders, steering committee, process owners,
18、project managers, and team leads. review project documents including charter, project plans, organizational roles and responsibilities, testing, training, and change management strategy, architectural design and blueprint documents as they exist, etc. identify and assess program risks and capture ri
19、sk scorecard and mitigation approach / actions. communicate risk report to project managers and sponsors. risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 11 of 31 3.0risk management information to effectively manage risks standard inf
20、ormation must be captured about each identified risk. this section outlines the key attributes captured in the risk-tracking database. in addition, this section describes the elements of an effective risk reference model. 3.1detail risk attributes the following data fields along with their defined l
21、ist of values should be updated for the program and captured as the key risk information in the risk database. when a new risk is identified, the initial risk information is completed by the risk originator and documented on the “create risk” form (as referenced in section 2.1.2 above) table 2 risk
22、data elements field name definitionlist of values risk iduniquely identifies each risk. 001, 002, etc. the rim team assigns this number. short risk description brief descriptor of riskfree form user text field long risk description full description of riskfree form user text field risk originator na
23、me of person who identifies the risk project resource name risk ownername of person assigned to mitigate the risk project resource name last update date and time of last update to risk database date and time risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0
24、november 11, 2003page 12 of 31 field name definitionlist of values commentsoverall comments on risk status free form user text field areadefinition business performance risk presents a detriment to the business processes or to meeting the business objectives. change managementrisk presents a measure
25、 of resistance whether at a user or a stakeholder level. scoperisk presents scope impacts. budgetrisk presents a budget impact. risk area primary area of the program to which the risk pertains. schedulerisk presents a schedule impact. status namecodedefinition new10a newly identified risk. open20ris
26、k has been accepted by the rim team and a risk owner has been assigned and notified. cancelled90a risk that the rim team has decided does not fit the definition of a risk or the risk is no longer being tracked as a risk. mitigation plan created 30the risk owner has completed the mitigation plan and
27、is awaiting the approval of the rim team at the next risk and issue management meeting. mitigation plan approved 35the rim team has accepted the risk mitigation plan and the plan is ready for execution. statusindicates risks standing in the process. mitigating risk green 40the risk mitigation plan i
28、s being executed and is progressing as planned. risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 13 of 31 field name definitionlist of values mitigating risk yellow 41the risk mitigation plan is being executed with material challenges.
29、 mitigating risk red 42the risk mitigation plan is being executed with severe challenges new action is required. mitigation complete 50the risk owner has completed executing the mitigation plan and has achieved the target severity level. completion needs to be reviewed in the next risk and issue man
30、agement meeting for approval. completed60the risk has been adequately mitigated. re-opened risk 70a completed risk that the rim team has determined requires further mitigation. completed (after re- open) 80the re-opened risk mitigation has been accepted and the risk has been adequately mitigated. st
31、atus namecodedefinition high3data or judgment indicates high likelihood of occurrence. medium2data or judgment indicates moderate likelihood of occurrence. probability of occurrence indicates the probability of the risk occurring. low1data or judgment indicates small likelihood of occurrence. scope
32、impact status namecodedefinition probability of impact indicates the estimate of the impact, should the risk occur, for each of the program areas identified. the overall probability of impact is the highest of the individual probabilities high3increased team scope 5% or program scope $5m. risk manag
33、ement plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 14 of 31 field name definitionlist of values medium2increased team scope 5% or program scope 5% or program budget $5m. medium2increased team budget 5% or program budget 25% increase in overall sch
34、edule. 2increase in team schedule affects ability to meet major milestone, or 10% increase in overall schedule. low1no/minimal schedule impact, or increase in team schedule, but overall schedule not affected. change management impact status namecodedefinition (e.g., if the scope impact were high and
35、 all others low, then the overall probability of impact would be high). high3significant resistance likely, or anticipate resistance/issues high enough to have significant business consequences (e.g., disrupted operations). risk management plan (template and guide) ei toolkit phase: implementation d
36、oc version: 2.0 november 11, 2003page 15 of 31 field name definitionlist of values medium2short-term resistance/issues likely, but do not anticipate long- term resistance, or moderate resistance likely. low1minimal impact on users or stakeholders. business performance impact status namecodedefinitio
37、n high3degrades business process performance from current levels, or business process not executable, or business objectives wont be met. medium2reduced planned business benefits (e.g., increased cycle time, quality, decreased customer satisfaction). low1no/minimal reduction in planned business bene
38、fits, or potential short-term reduction in planned benefits. target severity level expected impact and likelihood of the risk after completion of mitigation plan same codes as used to capture initial risk impact and likelihood. risk mitigation plan full mitigation plan detailing actions, schedule, a
39、ssigned resources, etc. link to separate file. 3.2risk reference model a risk reference model captures common risk conditions from similar classes of projects. it contains risk factors organized into categories for ease of administration and reporting. a major goal of having this defined taxonomy of
40、 risk factors is to support an overall program risk risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 16 of 31 assessment that ensures a comprehensive review of likely causes of risks. for example, the following table presents standard
41、risks across custom software engineering projects. table 3 sei software risk taxonomy reprinted from managing risk, methods for software systems development, by elaine m. hall (addison wesley: 1998), pp. 76, 77. product engineeringdevelopment environmentprogram constraints 1. requirements1. developm
42、ent process1. resources a. stabilitya. formalitya. schedule b. completenessb. suitabilityb. staff c. clarityc. process controlc. budget d. validityd. familiarityd. facilities e. feasibilitye. product control f. precedent2. contract g. scale2. development systema. type of contract a. capacityb. restr
43、ictions 2. designb. suitabilityc. dependencies a. functionalityc. usability b. difficultyd. familiarity3. project interfaces c. interfacese. reliabilitya. customer d. performancef. system supportb. associate contractors e. testabilityg. deliverabilityc. subcontractors f. hardware constraintsd. prime
44、 contractor g. non-developmental software 3. management processe. corporate management a. planningf. vendors 3. code and unit testb. project organizationg. politics a. feasibilityc. management experience b. unit testd. project interfaces c. coding / implementation 4. management methods 4. integratio
45、n and testa. monitoring a. environmentb. personnel management b. productc. quality assurance c. systemd. configuration management 5. engineering specialties5. work environment a. maintainabilitya. quality attitude b. reliabilityb. cooperation c. safetyc. communication d. securityd. morale e. human f
46、actors risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 17 of 31 product engineeringdevelopment environmentprogram constraints f. specifications in addition, to the risk taxonomy, many risk reference models also provide assessment crit
47、eria to determine the existence of risks on a project and to evaluate the severity of these risks. a full- featured risk reference model also contains standard mitigation approaches and actions that have been proven to address risks in other projects. there are numerous sources for risk reference mo
48、dels, including the software engineering institute, ieee, and various academic and commercial sources. in assessing which model is best for the program, chose a model that is built on similar projects in size, scope, complexity, industry, and application class. note that some of the models are speci
49、fically targeted to enterprise applications. risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 18 of 31 4.0risk management process risk management involves three major phases: risk management planning, risk management execution, and ris
50、k management closeout. 4.1risk management planning risk management planning activities for the program involve establishing the infrastructure to support effective risk management. the primary activities are described below. establish the risk management organization and assign roles and responsibil
51、ities as outlined in section 2 above. it is essential for effective execution of the risk management plan that the pmo risk and issue management team be given adequate authority and visibility. select a risk-tracking tool. there are a number of commercial and open source tools available which suppor
52、t the collection, management, and reporting of risks. it is essential to select a tool that adequately supports risk description, assignment of severity scores, and capture of mitigation actions, plan, and results. ideally the tool integrates easily into the suite of pmo supporting tools. this docum
53、ent should be updated to reflect detailed guidelines for the use of the selected risk-tracking tool. determine if a risk reference model is relevant for the project and select the specific model if appropriate. a risk reference model captures common risk conditions from similar classes of projects.
54、it contains risk factors organized into categories for ease of administration and reporting. frequently there are pre-defined assessment criteria that can be used to determine the existence of risks on a project and to evaluate the severity of the risk. a full-featured risk reference model also cont
55、ains standard mitigation approaches and actions that have been proven to address risks in other projects. evaluate the capability and availability of project staff to perform a risk assessment to determine whether an independent risk audit is advised. if so indicated, source the independent auditor
56、task. plan to have an initial assessment and periodic monitoring/audits. these periodic audits should be proactively aligned with key project checkpoints where audits will uncover highest severity risks. validate risk management metrics that will be used to assess performance of the risk management
57、process. document these metrics and ensure they are reported regularly. 4.2risk management execution this section describes, step-by-step, the risk management process from identification to completion. the risk management process is a continuous cycle. it is performed initially during program planni
58、ng and thereafter following newly identified risks. risk management plan (template and guide) ei toolkit phase: implementation doc version: 2.0 november 11, 2003page 19 of 31 these new risks may arise from a variety of sources: new risks previously missed or unforeseen, new risks arising as a result
59、 of a change in circumstances (such as sponsorship involvement, resource turnover, resource availability, new initiatives/distractions, etc) new risks arising from an approved change request, where cost, scope, or schedule may be amended, impacting the critical path, new risks arising as a result of
60、 escalation of major project issues, new risks arising from current risks whose response requires investigation, and new risks arising from the outcome or consequence of a separate risk occurrence. figure 4 depicts the risk management process steps. subsequent sections detail each process step, the
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 《装饰施工图范例》课件
- 2023年水处理剂项目筹资方案
- 危险废物相关法律法规及规范化管理培训 课件
- 机械制图测试题及参考答案
- 东莞市长安实验中学2023-2024学年八年级上学期期末考试数学试卷
- 养老院老人生活娱乐设施管理制度
- 养老院老人健康监测服务质量管理制度
- 投资养殖合同(2篇)
- 2024年版:临时建设设施买卖合同规范
- 2025年阿克苏货运车从业考试题
- 羽毛球智慧树知到答案2024年山东工艺美术学院
- 2024年动画制作员(高级工)技能鉴定理论考试题库-下(多选、判断题)
- 2024-2030年中国立式包装机行业发展分析及发展趋势与投资前景预测研究报告
- 2024年全国寄生虫病防治技能竞赛备赛试题库-上(血吸虫病、疟疾)
- Scratch少儿编程知识试题
- 保安服务公司管理制度
- 第25课 中华人民共和国的成立和社会主义制度的建立(课件)-【中职专用】《中国历史》(高教版2023基础模块)
- 2024年人教版八年级道德与法治上册期末考试卷(附答案)
- 泰安市2022-2023学年七年级上学期期末(线下)地理试题
- 苏教版高中化学必修第一册专题5微观结构与物质的多样性第二单元微粒之间的相互作用力课件
- 汽车维修投标书服务方案(2篇)
评论
0/150
提交评论