Académique Documents
Professionnel Documents
Culture Documents
<Template>
Document
Version
Approval
Date
Modified
By
Change
Request#
Template
Version
Approval
Date
Modified
By
Page 2 of 9
TABLE OF CONTENTS:
1.
2.
3.
4.
5.
INTRODUCTION..................................................................................................................3
SCOPE..............................................................................................................................4
RISK MANAGEMENT PROCESS................................................................................................4
METHODS AND TOOLS FOR RISK MANAGEMENT.........................................................................4
RISK IDENTIFICATION.........................................................................................................5
5.1 Risk Sources and Categories.........................................................................................5
6 RISK ANALYSIS...................................................................................................................6
6.1 Risk Parameters and Attributes.....................................................................................6
7 RISK MITIGATION/HANDLING AND CONTINGENCY PLANNING......................................................8
8 RISK MONITORING..............................................................................................................9
8.1 Escalation..................................................................................................................9
8.2 Communicate Key Risks.............................................................................................10
Page 3 of 9
1. INTRODUCTION
A Risk is any kind of event known or unknown that could positively or negatively affect the project
objectives.
Risk Management is the systematic and explicit approach used for identifying, analyzing, and
controlling project risk. The main purpose of this document is to define the approach for identifying,
evaluating, controlling, reporting, managing, and monitoring risks.
Recognizing and managing potential risks before they impact the project are essential aspects of
project management activities. In fact, it should be carried out when real information is most lacking,
precisely because it is at this time that a risk analysis can be of most use to the project team in
gaining an understanding of the project itself.
which assists in controlling costs, meeting deadlines and producing quality results.
Effective risk management requires a thorough analysis of work before each activity begins. A
complete understanding of inherent risks enables preventive action to be taken against schedule
delays and cost overruns. Risk management is a continuous process that reduces risk to a
manageable level or eliminates it entirely. The project will use the processes described in this
document to track, assign, evaluate, communicate and potentially alleviate risks.
Identify, assess, and document factors or events that may affect project cost, schedule,
performance and/or the objectives of the project
Plan and develop strategies to minimize the possible effects of those factors or events
Involve stakeholders in the Risk Management Process
Communicate risks and their status with all stakeholders
Periodically review existing risks and identify new risks
By definition Very Small Work or Small Work is low risk. Risk identification and some risk
mitigation are provided within the Manage Small Work process. In most cases this is
sufficient for Very Small Work or Small Work. More rigorous risk management may be
provided at the umbrella project level if it is needed.
2. SCOPE
This document applies to all programmes/projects/engagements.
Programmes/Projects/engagements/business functions that require a more robust risk management
should create their own Risk Management Plan based on this plan, as part of the tailoring process.
Page 4 of 9
309121711.doc
Risk Identification
Risk Monitoring
Review risks on as needed basis with the delivery manager and the PM SME.
Identify individuals (project managers, risk owners, and other team members) that require
risk management training.
In addition to those some other assets available in use for supporting Risk Management activities
5. RISK IDENTIFICATION
Risk identification is, a sub process of Risk management, used to determine which risks are likely to
affect the project and documenting the characteristics of each.
Risks are identified from the Project start up and planning phase and continuously throughout project
execution, during project status meeting, at end of major development phases, during project
milestones and others.Identifying risk is an iterative process and it begins in the very early stages of
the project, based on the limited information available at that time, continues at a more detailed level
when the work is being planned, and then continues as the project plan is executed until the project is
closed.
This high-level risk assessment will be done at the beginning of the project planning phase, and as per
the project schedule, and when major re-planning is done.
The project teams will utilize the Risk Checklist provided in the Risk Management Tool to determine an
initial list of risks. All the risks will be stored in the Risk List tab of the Risk Management Tool. New
risks will be added to the risk list as they are identified throughout planning and execution.
Although the primary responsibility falls to an individual or group of individuals identified in the Roles
and Responsibilities Definition for the management of risk, everyone on the team is responsible to
communicate any risks they become aware of.
Page 5 of 9
309121711.doc
6. RISK ANALYSIS
Risks must be analyzed to ensure that risk-handling activities are appropriately planned and invoked.
Analyzing risks entails determining how likely they are to occur and how severe the consequences
might become. The risks are then given a relative priority. Each risk is documented and
independently assessed to:
Level For production support projects, indicate to what change request the risk is related
to. For other projects, indicate if the risk is related to the Program or Project.
ABCD
Methodology
Traditional
Methodology
0.10
0.50
0.75
1.00
Very low
Low
Medium
High
With routine
management,
likely to solve itself
Guaranteed to
become a problem
unless action is
taken
Parameter
Probability Likelihood of
becoming a
problem?
Page 6 of 9
309121711.doc
ABCD
Methodology
Traditional
Methodology
0.10
0.50
0.75
1.00
Very low
Low
Medium
High
Negligible impact;
no attention from
management
Noticeable impact
at the higher
levels of
management
Remote; a
peripheral activity
Some effect on
the main
programme.
Mainly near the
margins
Serious impact on
the main
project/programme
activities
There is time to
analyze and plan
risk mitigation
Impact or action
needed soon
Parameter
Impact - What is
the overall impact,
considering all
factors?
Define the values
to use for the
severity of adverse
consequences if
the risk does occur
Proximity (or
Criticality) - What
is the effect if we
don't find out for
sure?
Defines how close
a risk is to the
core objectives of
the project.
Time - How soon
must action be
taken?
Identifies how
much time there is
to manage the risk
Note: remember to
take into account
the length of the
project
Risk Exposure (Traditional) The cell will be colored based on the product of the
Probability and Impact values. (The Risk Exposure value is also used in the calculations to
determine the Risk Rating.)
Risk Rating (Traditional) This field will indicate if the risk is Low, Medium or High. High
risks have the highest priority.
Page 7 of 9
309121711.doc
The plan may utilize any of the following approaches for Risk Response:
Accept accept the risk with a clear understanding of the potential impact(s)
Transfer transfer the risk to another group or individual that can better address the risk
Mitigate take steps to avoid, prevent, or minimize the possibility of the risk occurring
Avoid risks that cannot and will not be managed but still need to be documented as a risk
Mitigation/handling plans and contingency plans will be documented in the Risk Assessment/Handling
Plan shell.
The Risk Management Tool will automatically recommend the creation of Risk Assessment/Handling
Plan, based on the values of risk parameters and attributes, for risks with Risk Rating (Traditional) or
Risk Exposure (ABCD) rated as Medium or High. In any other case, whenever the Project Manager
considers necessary, risk mitigation/handling plans will be developed and implemented to proactively
reduce the potential impact of a risk occurring.
Assigned responsibility will be documented within the Risk Assessment/Handling Plans.
Make sure to reference the handling plan being created in the Risk Management tool by providing file
name (and path). Also evaluate including in a separate tab for each handling plan being created (using
the Risk Assessment/Handling Plan template).
All plans will be monitored regularly, according to the monitoring frequency documented in the plan.
All actions taken on the mitigation/handling and contingency plans must be documented within the
Risk Assessment/Handling Plans.
8. RISK MONITORING
Risks are monitored and controlled according to the plan. Risk mitigation/handling and contingency
plans are reviewed to determine if action must be taken. New risks are documented and analyzed.
The risk list is reviewed regularly according to the Risk Management Plan.
During the reviews, risks are examined to determine if the status has changed, and to ensure the
current analysis of the risk is valid. The impact, probability, and approach are reviewed and updated
including the creation of Risk Assessment/Handling Plans, if necessary.
Risk Assessment/Handling Plans are reviewed according to the documented frequency within the plans
to determine if the risk symptoms or contingency triggers and actions are current. If the risk
symptoms or contingency triggers for these plans have been exceeded, the appropriate actions are
taken and the status of these plans is monitored.
The following table defines the typical follow-up frequency that needs to be done to each risk item
based on the Risk Exposure index:
Risk Exposure (ABCD)
Risk Rating (Traditional)
Follow-up frequency
Low
Monthly
Medium
Weekly
High
Daily
If new risks are identified, they are analyzed and documented in the risk list. All new and modified
information is documented in the appropriate fields within the risk tool and the Risk
Assessment/Handling Plans.
Page 8 of 9
309121711.doc
8.1 ESCALATION
If a risk cannot be managed at any particular level of the project, it must be escalated to ensure
the risk is brought to the attention of appropriate parties and managed effectively.
Determine whether or not the risk needs to be escalated according to the following criteria:
Risks escalated for visibility or information only
Risks escalated for leadership action or resolution All risks for which an effective risk
response cannot be developed at the project manager level
All risks for which a Risk Assessment/Handling Plan has not been formulated with an
acceptable timeframe (e.g., risk event is to occur in 30 days, the plan must be in place
within 7 days; or, a risk event is to occur in 6 months, the risk plan should be in place
within 30 days of the date the risk was identified)
An identified risk has not been acted upon within a maximum of two weeks from the
date identified
If escalation is considered necessary, notify leadership according to the projects escalation
path, defined in the Communication Plan. Indicate if the risk is being escalated for action,
resolution, visibility or information only. Update the Risk List and the Risk Assessment/Handling
Plan with the name and date that the escalation occurred. Track the risk until closed.
Page 9 of 9
309121711.doc