CCD3A8 Risk Management Plan Template

Company_Name
ProjectName
Test_PhaseTestPlan
Version1.0
Version_Date
ProjectName
RiskManagementPlan
TableofContents
1.
Introduction..................................................................................................................4
1.1.
UsingThisTemplate............................................................................................4
1.2.
Purpose................................................................................................................4
1.3.
IntendedAudience...............................................................................................4
1.4.
RiskManagementApproach...............................................................................4
1.4.1.
RiskIdentification.......................................................................................5
1.4.2.
RiskAnalysis...............................................................................................5
1.4.3.
ResponsePlanning.......................................................................................5
1.4.4.
RiskMonitoringandControl.......................................................................5
1.5.
2.
3.
4.
RolesandResponsibilities...........................................................................................6
2.1.
ProjectManager...................................................................................................6
2.2.
ProjectTeam........................................................................................................6
2.3.
SoftwareQualityAssuranceLead.......................................................................6
2.4.
ProjectSponsors..................................................................................................6
2.5.
ProjectStakeholders............................................................................................6
RiskIdentification.......................................................................................................7
3.1.
Background..........................................................................................................7
3.2.
Sources.................................................................................................................7
3.3.
Documentation.....................................................................................................7
RiskAnalysis...............................................................................................................9
4.1.
Background..........................................................................................................9
4.1.1.
QualitativeAnalysis.....................................................................................9
4.1.2.
QuantitativeAnalysis...................................................................................9
4.2.
5.
RevisionHistory..................................................................................................5
Documentation...................................................................................................10
ResponsePlanning.....................................................................................................11
5.1.
Background........................................................................................................11
5.2.
RiskStrategies...................................................................................................11
5.2.1.
Avoid.........................................................................................................11
5.2.2.
Transfer......................................................................................................11
Page2of17|Version_Date|Company_Name
RiskManagementPlan
5.2.3.
Mitigate......................................................................................................11
5.2.4.
Accept........................................................................................................11
5.3.
6.
7.
ProjectName
Documentation...................................................................................................11
RiskMonitoringandControl.....................................................................................13
6.1.
Background........................................................................................................13
6.2.
Timing................................................................................................................13
6.3.
Documentation...................................................................................................13
AppendixA:Definitions............................................................................................14
7.1.
RiskCategories..................................................................................................14
7.2.
RiskProbabilityDefinitions..............................................................................15
7.3.
RiskImpactDefinitions.....................................................................................15
7.4.
RiskProbabilityandImpactMatrix..................................................................16
TableofTables
Table1RiskCategories..................................................................................................14
Table2RiskProbabilityDefinitions..............................................................................15
Table3DefinitionofRiskImpactScales.......................................................................15
Table4RiskProbabilityandImpactMatrix..................................................................16
Company_Name|Version_Date|Page3of17
ProjectName
1.
RiskManagementPlan
Introduction
1.1. Using This Template

StopReadThisFirst!!!
Beforeyoubeginfillingoutinformationinthistemplate,firstupdatethedocumentcodes
thatareembeddedthroughoutthistemplate(thiswillsaveyoutime).GotoFile,
PropertiesandthengototheCustomtab.Youllseethefollowingentriesjustupdate
themwithinformationpertinenttoyourproject:
ProjectProjectName
CompanyCompanyName
VersionVersionnumberofthisdocument
VersionDateThedatethisversionwaspublished
Deletethisportion(Section1.1)onceyouvecompletedyourversionofthedocument.
Thiswork,unlessotherwiseexpresslystated,islicensedunderaCreativeCommons
AttributionNoncommercialShareAlike3.0License.
PleasegotoCarnegieQuality.comforquestionsorcommentsonthistemplate.
1.2. Purpose
Thepurposeofthisplanistodocumentpoliciesandproceduresforidentifyingand
handlinguncommoncausesofprojectvariation(i.e.risk).Riskshouldbethoughtofas
thepossibilityofsufferinganegativeimpacttotheproject,whetheritbedecreased
quality,increasedcost,delayedcompletion,orprojectfailure.
1.3. Intended Audience

Describetheintendedaudienceofthisplan.Generally,theriskmanagementplanshould
applytoeveryoneontheproject,includinganyconsulting/contractorteamsorresources.
1.4. Risk Management Approach

Theoverallriskmanagementapproachfollowsthestandardriskmanagementmodelas
showinthefollowingdiagram.
RiskManagementPlan
ProjectName
1.4.1. Risk Identification

Duringriskidentification,thesourcesofrisk,potentialriskevents,andsymptomsofrisk
areidentifiedrefertoSection3fordetails.
1.4.2. Risk Analysis
Duringriskanalysis,thevalueofopportunitiestopursuevs.thethreatstoavoid,andthe
opportunitiestoignorevs.thethreatstoacceptareassessedrefertoSection4for
details.
1.4.3. Response Planning
Duringresponseplanning,riskmanagementandcontingencyplansaredevelopedrefer
toSection5fordetails.
1.4.4. Risk Monitoring and Control
Duringriskmonitoringandcontrol,correctiveactionplansaredeveloped,implemented,
andmonitoredseesection6fordetails.
1.5. Revision History

Revision
1.0
Author
BradKuhn
Date
06/11/2007
Comments
Template
ProjectName
2.
RiskManagementPlan
Roles and Responsibilities
Foreachprojectrole,describetheresponsibilitiesinregardstorisk.Somerepresentative
rolesandresponsibilitiesaredefinedbelowinthetemplatetheseshouldbeaddedto
andtailoredforyourrespectiveorganization/project.
2.1. Project Manager

Theprojectmanagerisresponsibleforapprovaloftheriskmanagementplan(this
document),leadsandparticipatesintheriskmanagementprocess,andtakesownershipof
riskmitigation/contingencyplanningandexecution.Theprojectmanagerisultimately
responsibleforthefinaldecisiononriskactions,incoordinationwiththeproject
sponsors.
2.2. Project Team

Projectteammembers(analysts/productmanagers,developers,testers,anddeployment
teammembers)participateintheriskidentificationprocessanddiscussriskmonitoring
andmitigationactivitiesatteammeetings.
2.3. Software Quality Assurance Lead

Thesoftwarequalityassurance(SQA)leadisresponsibleforensuringidentifiedrisksare
beingmanagedpertheriskmanagementplan.TheSQAleadalsoassistinidentifying
newrisksand/orproposingmitigationstrategiesandcontingencyplans,alongwith
proposingimprovementstotheriskmanagementplanandprocesses.
2.4. Project Sponsors

Projectsponsorsparticipateinriskidentificationandriskactivities,asnecessary.Project
sponsorsalsoreceiveescalatedrisksandassistwithmitigationandcontingencyactions
forescalatedrisks.
2.5. Project Stakeholders

Stakeholdersassistinmonitoringriskactioneffectivenessandparticipateinrisk
escalation,asnecessary.
RiskManagementPlan
3.
ProjectName
Risk Identification
Thissectioncontainssamplecontentwhichshouldbeadaptedtoyourspecificproject.
3.1. Background
Duringriskidentificationpotentialsourcesofriskandpotentialriskeventsare
developed.Section7.1showsasampleriskcategorization.Predefinedriskcategories
provideastructurethathelpstoensurethatasystematicprocessisfollowedtoidentify
risks.Riskcategoriescanbetailoredovertime,asspecificprojectsdemand(additionsto
riskcategoriesshouldbemaintainedinthisdocumentforuseinfutureprojects).After
identifyingandcategorizingtheriskevent,itisenteredintotheriskregister.
3.2. Sources
Riskidentificationisdonethroughoutthelifecyclesofaproject,althoughamajorityof
therisksshouldbeidentifiedearlyonsoproperresponseplanningandmonitoringcan
occur.Thefollowingshouldbeconsideredastoolsandtechniquesforriskidentification:
Analysisofhighleveldeliverables
AnalysisoftheWBSandprojectschedule
Analysisofscopechangerequests
Analysisofprojectassumptions
Projectteaminput(whichcantaketheformofinterviews,brainstorming
sessions,and/orDelphitechnique)
Stakeholderandsponsorinput
Formalriskidentificationsessions
Previouslessonslearned
SQAauditsandreviews
Performanceandstatusreports
Diagrammingtechniquessuchascauseandeffectdiagrams,processorsystem
flows,andinfluencediagrams.
3.3. Documentation
Allidentifiedrisksshouldbedocumentedandenteredintotheriskregister(anExcel
spreadsheet),whichiskept<listlocationhere>.Duringriskidentification,thefollowing
informationisrequiredfordocumentation:
Riskcategory
Risktrigger
ProjectName
Potentialoutcome
RaisedBy
DateRaised
Source
RiskManagementPlan
Therisktriggeristheeventthatwouldneedtohappeninorderforthepotentialoutcome
tooccur.Risktriggersareusuallyexpressedwithsomesortofdependency,orqualifier.
Forexample,arisktriggermightbethataresourceontheprojectleaves.Thismight
easilybeaccountedforbyutilizingotherresources.Butifaresourcewithkeyskillsor
knowledgeleaves,thentheprojectmaybesignificantlyimpacted.Thisapproachis
suggestedinordertoclarifythethoughtprocessofidentifyingrisks.Whentherisk
triggeroccurs,theriskisnolongerarisk,buthasmaterializedintoaproblem/issuethat
needsresolution.
RiskManagementPlan
4.
ProjectName
Risk Analysis
4.1. Background
Afterariskorgroupofriskshasbeenidentifiedanddocumented,riskanalysisshouldbe
performed.Duringriskanalysis,eachpotentialriskeventisanalyzedfor:
Theprobabilitythattheriskwilloccur
Theimpactoftheriskifitoccurs
RiskprobabilitiesaredefinedinSection7.2oftheAppendix.Riskimpactdefinitionsare
definedinSection7.3oftheAppendix.Impactscanbeassessedagainstprojectcost,
schedule,scope,and/orquality.Iftheriskeventaffectsmorethanonedimensionandthe
scoresaredifferent,thehigherimpactdefinitionshouldbeutilized.
Oncetheappropriateriskimpactandprobabilityareselected,theriskscorecanbe
determined.Theriskprobabilityandimpactmatrixisshowninsection7.5ofthe
Appendix.Thematrixshowsthecombinationofimpactandprobabilitythatinturnyield
ariskpriority(shownbythered,yellow,andgreencoloredshadings).
Riskpriorityisutilizedduringresponseplanningandriskmonitoring/control(see
Sections5and6).Itiscriticaltounderstandthepriorityforeachriskasitallowsthe
projectteamtoproperlyunderstandtherelativeimportanceofeachrisk.
Riskimpactanalysiscanbequalitativeorquantitative.
4.1.1. Qualitative Analysis
Qualitativeanalysisisaquickerandusuallymorecosteffectivewaytoanalysisrisks(as
opposedtoquantitativeanalysis).Analysisshouldbeperformedwiththegoalof
gatheringdataon:
Thelikelihoodoftheriskoccurring(usingdefinitionsfromSection7.2)
Thequalitativeimpactontheproject(usingdefinitionsfromSection7.3)
Thequalityoftheriskdatabeingutilized(e.g.howreliableisthedata?)
4.1.2. Quantitative Analysis

Quantitativeanalysisutilizestechniquessuchassimulationanddecisiontreeanalysisto
providedataon:
Theimpacttocostorscheduleforrisks
Theprobabilityofmeetingprojectcostand/orscheduletargets
Realisticprojecttargetsoncost,schedule,and/orscope
ProjectName
RiskManagementPlan
Qualitativeanalysisshouldoccurpriortoconductingquantitativeanalysis.Notevery
riskneedstogothroughquantitativeanalysis.Ifquantitativeanalysisistobeused,then
thissectionshouldcontaininformationon:
Definedcriteriaforwhichrisksgothroughquantitativeanalysis
Technique(s)tobeutilized
Expectedoutputsofquantitativeanalysis
4.2. Documentation
Theresultsofriskanalysisshouldbedocumentedintheriskregister.Thefollowing
informationshallbeenteredintheregister:
Riskimpact
Riskprobability
Riskmatrixscorecomputedbytheriskregisterspreadsheetafterimpactand
probabilityareentered
Riskprioritycomputedbytheriskregisterspreadsheetafterimpactand
probabilityareentered
Qualitativeimpactdescriptivecommentsaboutthepotentialriskimpact
RiskManagementPlan
5.
ProjectName
Response Planning
5.1. Background
Duringresponseplanning,strategiesandplansaredevelopedtominimizetheeffectsof
therisktoapointwheretheriskcanbecontrolledandmanaged.Higherpriorityrisks
shouldreceivemoreattentionduringresponseplanningthanlowerpriorityrisks.Every
riskthreatshouldbeassignedanownerduringresponseplanning.
5.2. Risk Strategies

Thereareseveralmethodsforrespondingtorisks.
5.2.1. Avoid
Riskavoidanceinvolveschangingaspectsoftheoverallprojectmanagementplanto
eliminatethethreat,isolatingprojectobjectivesfromtherisksimpact,orrelaxingthe
objectivesthatareinthreatened(e.g.extendingthescheduleorreducingthescope).
Risksthatareidentifiedearlyintheprojectcanbeavoidedbyclarifyingrequirements,
obtainingmoreinformation,improvingcommunications,orobtainingexpertise.
5.2.2. Transfer
Risktransferenceinvolvesshiftingthenegativeimpactofathreat(andownershipofthe
response)toathirdparty.Risktransferencedoesnoteliminateathreat,itsimplymakes
anotherpartyresponsibleformanagingit.
5.2.3. Mitigate
Riskmitigationinvolvesreducingtheprobabilityand/ortheimpactofriskthreattoan
acceptablelevel.Takingearlyandproactiveactionagainstariskisoftenmoreeffective
thanattemptingtorepairthedamagearealizedriskhascaused.Developingcontingency
plansareexamplesofriskmitigation.
5.2.4. Accept
Acceptanceisoftentakenasariskstrategysinceitisverydifficulttoplanresponsesfor
everyidentifiedrisk.Riskacceptanceshouldnormallyonlybetakenforlowpriority
risks(seeSection4.1).Riskacceptancecanbepassive,wherenoactionistakenatall,or
active.Themostcommonactiveapproachtoriskacceptanceistodevelopacostand/or
schedulereservetoaccommodateknown(orunknown)threats.
5.3. Documentation
Theresultsofresponseplanningshouldbedocumentedintheriskregister.The
followinginformationshallbeenteredintheregister:
ProjectName
RiskManagementPlan
Responsestrategy(avoid,transfer,mitigate,oraccept)
Responsenotes(descriptionofplan)ifamitigationapproachistaken,specific
triggerpointsthatrequireaspectsofthecontingencyplantobeexecutedshould
bedocumented
Riskowner
RiskManagementPlan
6.
ProjectName
Risk Monitoring and Control
6.1. Background
Plannedriskresponses(seeSection5)shouldbeexecutedasrequiredoverthelifecycle
oftheproject,buttheprojectshouldalsobecontinuouslymonitoredfornewand
changingrisks.Duringriskmonitoringandcontrolthefollowingtasksareperformed:
Identify,analyze,andplanfornewrisks
Keeptrackofidentifiedrisksandmonitortriggerconditions
Reviewprojectperformanceinformation(suchasprogress/statusreports,issues,
andcorrectiveactions)
Reanalyzeexistingriskstoseeiftheprobability,impact,orproperresponseplan
haschanged
Reviewtheexecutionofriskresponsesandanalyzetheireffectiveness
Ensureproperriskmanagementpoliciesandproceduresarebeingutilized
6.2. Timing
Discusshowoftentheriskmonitoringandcontrolprocesswilloccuroverthelifetimeof
theproject.
6.3. Documentation
Theresultsofriskmonitoringandcontrolshouldbedocumentedintheriskregister.The
followinginformationshallbeenteredintheregister:
Statusvalidstatusesare:
o IdentifiedRiskdocumented,butanalysisnotperformed
o AnalysisCompleteRiskanalysisdone,butresponseplanningnot
performed
o PlanningCompleteResponseplanningcomplete
o TriggeredRisktriggerhasoccurredandthreathasbeenrealized
o ResolvedRealizedriskhasbeencontained
o RetiredIdentifiedrisknolongerrequiresactivemonitoring(e.g.risk
triggerhaspassed)
TriggerDateiftheriskhasbeentriggered
Notes
ProjectName
RiskManagementPlan
RiskManagementPlan
7.
ProjectName
Appendix A: Definitions
Eachappendixcontainssamplecontentwhichshouldbeadaptedtoyourspecificproject.
7.1. Risk Categories

Thefollowingdiagramshowspredefinedriskcategories.Riskcategoriesshouldbeused
inthinkingaboutandidentifyingrisks(seeSection3formoredetails).
Table1RiskCategories
ProjectName
RiskManagementPlan
7.2. Risk Probability Definitions

Thefollowingchartshowsriskprobabilitydefinitions.Duringriskanalysisthepotential
likelihoodthatagivenriskwilloccurisassessed,andanappropriateriskprobabilityis
selectedfromthechartbelow(seeSection4formoredetails).
ProbabilityCategory
Probability
Description
VeryHigh
0.90
Riskeventexpectedtooccur
High
0.70
Riskeventmorelikelythannottooccur
Probable
0.50
Riskeventmayormaynotoccur
Low
0.30
Riskeventlesslikelythannottooccur
VeryLow
0.10
Riskeventnotexpectedtooccur
Table2RiskProbabilityDefinitions
7.3. Risk Impact Definitions

Thefollowingchartshowsriskimpactdefinitionsacrosseachofthepotentiallyimpacted
projectareas(cost,schedule,scope,andquality).Duringriskanalysisthepotential
impactofeachriskisanalyzed,andanappropriateimpactlevel(0.05,0.10.0.20,0.40,or
0.80)isselectedfromthechartbelow(seeSection4formoredetails).
Project
Objective
VeryLow
Low
Moderate
High
VeryHigh
0.05
0.10
0.20
0.40
0.80
Cost
Insignificant
costimpact
<10%cost
impact
1020%cost
impact
2040%cost
impact
>40%cost
impact
Schedule
Insignificant
schedule
impact
<5%
schedule
impact
510%
schedule
impact
1020%
schedule
impact
>20%
schedule
impact
Scope
Barely
noticeable
Minorareas
impacted
Majorareas
impacted
Changes
Product
unacceptable becomes
tosponsor
effectively
useless
Quality
Barely
noticeable
Onlyvery
demanding
applications
impacted
Sponsor
must
approve
quality
reduction
Quality
reduction
unacceptable
tosponsor
Table3DefinitionofRiskImpactScales
Product
becomes
effectively
useless
RiskManagementPlan
ProjectName
7.4. Risk Probability and Impact Matrix

Theriskprobabilityandimpactmatrixshowsthecombinationofriskimpactand
probability,andisutilizedtodecidetherelativepriorityofrisks.Risksthatfallintothe
redshadedcellsofthematrixarethehighestpriority,andshouldreceivethemajorityof
riskmanagementresourcesduringresponseplanningandriskmonitoring/control.Risks
thatfallintotheyellowshadedcellsofthematrixarethenexthighestpriority,followed
byrisksthatfallintothegreenshadedcells.
Probability
Threats
0.90
0.05
0.09
0.18
0.36
0.72
0.70
0.04
0.07
0.14
0.28
0.56
0.50
0.03
0.05
0.10
0.20
0.40
0.30
0.02
0.03
0.06
0.12
0.24
0.10
0.01
0.01
0.02
0.04
0.08
0.05
0.10
0.20
0.40
0.80
Table4RiskProbabilityandImpactMatrix

CCD3A8 Risk Management Plan Template

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CCD3A8 Risk Management Plan Template

Transféré par

Droits d'auteur :

Formats disponibles

Company_Name

1.1. Using This Template

1.3. Intended Audience

1.4. Risk Management Approach

1.4.1. Risk Identification

1.5. Revision History

Roles and Responsibilities

2.1. Project Manager

2.2. Project Team

2.3. Software Quality Assurance Lead

2.4. Project Sponsors

2.5. Project Stakeholders

4.1.2. Quantitative Analysis

5.2. Risk Strategies

Risk Monitoring and Control

7.1. Risk Categories

7.2. Risk Probability Definitions

7.3. Risk Impact Definitions

7.4. Risk Probability and Impact Matrix

Vous aimerez peut-être aussi