Académique Documents
Professionnel Documents
Culture Documents
RISKMANAGEMENTPLAN
Thisdocumentsetsouttheproceduresandprocesseswherebyinitialandongoingriskswillbeidentified, categorized,quantified,controlled,andreportedthroughouttheCIVProcurementProject.
CIVProcurementProject BlankPage
2009
11290PyritesWay,Suite150,RanchoCordova,CA95670
CIVProcurementProject
2009
RevisionHistory
RELEASEDATE 3/25/2009 AUTHOR LeslieJohnson SUMMARYOFCHANGE InitialRelease
11290PyritesWay,Suite150,RanchoCordova,CA95670
CIVProcurementProject
2009
BlankPage
11290PyritesWay,Suite150,RanchoCordova,CA95670
CIVProcurementProject
2009
TableofContents
1 2 3 Introduction............................................................................................................................. 1 RiskManagementObjective.................................................................................................... 2 RiskManagementProcess....................................................................................................... 3 3.1 4 5 RISKProcessFlow............................................................................................................ 4
11290PyritesWay,Suite150,RanchoCordova,CA95670
CIVProcurementProject BlankPage
2009
11290PyritesWay,Suite150,RanchoCordova,CA95670
CIVProcurementProject
2009
Introduction
Thisdocumentsetsouttheproceduresandprocesseswherebyinitialandongoingriskswillbe identified,categorized,quantified,monitored,andreported. Itisimportanttodistinguishbetweenissuesandrisks.Issuesareitemsthathaveoccurredand requireresolution.Risksareuncertaineventsorconditionsthat,iftheyoccur,haveapositive ornegativeeffectonaprojectobjective.RiskManagementisaproactivelookatidentifying possibleeventsthatcouldaffecttheproject.Ifariskisrealized,itmaybecomeanissueandit willbedocumentedintheCIVProcurementProjectIssueManagementPlan.Referto the CIVProcurementProjectIssueManagementPlanlocatedintheCIVProcurement Libraryathttp://www.civ.org/ProcurementLibrary.shtmlformoredetails. Thepurposeofriskmanagementisto: 1. Identifyandanalyzepotentialthreatstothesuccessoftheproject; 2. Developmitigationstrategiesandplans; 3. Mitigateoreliminatenegativeimpactsontheproject; 4. EnsureallProjectStakeholdersareinvolvedinriskmanagementasappropriate;and 5. Developcontingencyplansforriskswhereitisunlikelyoruncertainthatthemitigation willbeeffective. TheCIVProcurementManagementteamisresponsibleforacontinuousriskappraisalprocess throughouttheCIVProcurementProjectlifecycle.DuringtheinitialphaseoftheProject,the CIVProcurementManagementteamiscomposedoftheCIVProjectDirectorandtheCIV ProcurementManager.Duringthisphase,theactivitieswillbefocusedonProjectinitiationand acquiringtheservicesofaPlanningConsultantthroughacompetitiveprocurement.Oncea PlanningConsultantiscontracted,theCIVProcurementProjectwillmoveintothenextphase, inwhichallactivitieswillbefocusedonacquiringtheservicesofaMaintenanceandOperations (M&O)contractor.Atthispointintheproject,theCIVProcurementManagementteamwill includePlanningConsultantstaff. Thisdocumentwillbereviewedatleastannuallyandupdatedasneeded.Currently,Project RiskMeetingsareheldmonthly.
11290PyritesWay,Suite150,RanchoCordova,CA95670
1|P a g e
CIVProcurementProject
2009
RiskManagementObjective
TheoverallgoaloftheRiskManagementstrategyistoapplyaproactiveapproachtoreducing exposuretoeventsthatthreatentheaccomplishmentoftheCIVProcurementProjects objectivesby: 1. Incorporatingroutinebusinesspracticesthatminimizeoravoidrisks; 2. Ensuringrisksareidentifiedinatimelymanner,shouldtheyoccur; 3. Developingproactiveandcontingentresponsestoidentifiedrisks;and 4. Rapidlyimplementingriskresponses. Additionally,itisimportantnottoattempttodocumentallpossiblerisksandoutcomes,asthis canoftenintroduceimprobablescenarios,which: 1. Createunnecessaryconcernandconfusion; 2. Shiftfocusawayfromtherealorprobablerisks; 3. Dilutethepoolofrisks;leadingtodiminishingreturnsoneffort,and 4. Reducecredibilityfortheriskmitigationprocess.
11290PyritesWay,Suite150,RanchoCordova,CA95670 2|P a g e
CIVProcurementProject
2009
3 RiskManagementProcess
3.
Newrisksarisingfromtheinvestigationormitigationofanexistingrisk.
TheCIVProcurementProjectRiskManagementPlanisadaptedfromtheSoftwareEngineering Institute(SEI)RiskManagementapproach:
1.
IdentifyRiskidentificationisanongoingprocess,whichismonitoredandupdated regularly.Riskidentificationprovidesopportunities,cues,andinformationthatbringup majorrisksbeforetheyadverselyaffecttheCIVProcurementProject. Track/ControlRisktrackingandcontrolfollowstheprogressoftheriskandits probability,aswellasthestatusofanymitigation/contingencystrategiesthathavebeen executed.Whenchangestotheriskprofileoccur,thebasiccycleofidentify,analyze, andplanwillberepeated.Existingactionplansmaybemodifiedtochangetheapproach ifthedesiredeffectisnotbeingachieved. AnalyzeRiskanalysisincludesthedeterminationof: Impacttocost,schedule,orresources; Probabilityofoccurrence; Levelofcontrol; Exposureofpotentialriskitemoccurrence;and Priorityofeachrisk.
2.
3.
4.
5.
6.
11290PyritesWay,Suite150,RanchoCordova,CA95670 3|P a g e
CIVProcurementProject RISKProcessFlow
2009
3.1
Manage Risks
1. Identify Risk
No Risk or Issue? Issue No Risk Condition Triggered? Issue Management Risk Mitigation Required? 6. Monitor Risk Yes Handle as Issue? Yes 3. Determine Approach and Create Risk Mitigation Plan Escalation Management No Issue Management 8. Close Risk
Risk
Yes
2. Analyze Risk
Step Responsible 1. RiskOriginator Action IdentifyRisk AnypersonassociatedwiththeCIVProcurementProjectisexpectedto identifyanddocumentpotentialrisks.AnyProjectteammemberor stakeholdermayinformtheCIVProcurementManagerorPMOofa potentialrisk.Identifiedriskswillbedocumentedinmeetingminutes and/orsubmitteddirectlytotheCIVProcurementManagerorPMOviae mailusingtheCIVProcurementRiskForm(seeattachedAppendixA). RisksarethencategorizedaccordingtothepotentialimpactontheCIV ProcurementProject.Riskscanbecategorizedascost,schedule, technology,operations,orexternal.
11290PyritesWay,Suite150,RanchoCordova,CA95670 4|P a g e
2009
AnalyzeRisk Similarandrelatedrisksaregroupedpriortoanalyzingtheprobability, impact,andlevelofcontrolforeachrisk. RiskImpactmeasurestheeffectthatariskwillhaveontheproject.Each riskwillberatedonitsimpact,ifitdoesoccur. IMPACTRATINGSCALE Low(1) Theriskdoesnotrepresentamaterialimpactontheproject budget,schedule,orquality. Medium Theriskwoulddisruptprojectprogress,extendtheschedule, (2) orreducethebudgetovertheshortterm,butismanageable. High(3) Theriskrepresentsasignificantnegativeimpactonproject budget,schedule,orqualityandthreatensoverallproject success.
RiskProbabilityisthelikelihoodthataneventwillactuallyoccur.Eachrisk willberatedontheprobabilityofitoccurring. PROBABILITYRATINGSCALE Low(1) Theriskisunlikelytooccurorwillprobablynotoccur. Medium Theriskmayoccurorhasa50/50chanceofoccurring. (2) High(3) Theriskisalmostcertainorverylikelytooccur.
11290PyritesWay,Suite150,RanchoCordova,CA95670 5|P a g e
CIVProcurementProject
2009
LevelofControlistheinfluencethattheCIVProcurementProjecthas regardingtheoutcomeoftherisk. LEVELOFCONTROLSCALE NoControl(1) NoneoftheStakeholderscancontroltheoutcomeof therisk. Minimal StateorFederalStakeholdershavetheauthorityto Control(2) controltheoutcomeoftherisk. Moderate TheCIVProcurementProjectManagementteamhas Control(3) theauthoritytocontroltheoutcomeoftherisk. HighControl TheCIVProcurementManagerhastheauthorityto (4) controltheoutcomeoftherisk. RiskExposurewillmeasuretheoverallthreatofrisksbyassumingarisk factor. AnumericscorewillbeusedtodetermineaLowexposure(1or2),Medium exposure(3or4)orHighexposure(6or9). Theriskexposureiscomputedusingprobabilityandlevelofcontrol. Thefollowingriskcalculationexpressestheoverallriskexposure. RiskExposure Factor = ProbabilityxImpact LevelofControl
11290PyritesWay,Suite150,RanchoCordova,CA95670 6|P a g e
CIVProcurementProject
2009
Step 4.
Responsible RiskOwner
Action DetermineApproachandCreateRiskMitigationPlan Thisstepinvolvesdevelopingactionstoaddressindividualrisks,prioritizing riskactions,andcreatinganintegratedriskactionplan. Note:theCIVProcurementRiskMatrixwillbeupdatedthroughouttheRisk Mitigationlifecycle. Therearesixresponsestoconsiderwhenformulatingriskactionplans. 1. Investigate.Risksthatrelatetoalackofknowledgemayoftenbe resolvedormanagedmosteffectivelybylearningmorebefore proceeding. 2. Accept.ThisdescribestheriskfactorsthatmaydirectlyaffecttheCIV ProcurementProject,butareoutsideofthesphereofinfluenceofthe engagement,andtherefore,canonlybeaccepted.Inaddition, acceptanceofrisksasaresponsemaybebasedontherelativecost effectivenessofanyavailableresponseorsolution.Forexample, acceptanceresponsecouldbecreatedfromalegislativeorlegalrisk, overwhichnocontrolcanbeleveraged.Theriskactionplanwill includedevelopmentofadocumentedrationaleforacceptingtherisk butnotdevelopingmitigationorcontingencyplans.Itisprudentto continuemonitoringsuchrisksintheeventthatchangesoccurin probability,impact,orlevelofcontrolrelatedtothisrisk. 3. Avoid.RiskavoidancepreventstheProjectfromtakingactionsthat increaseexposuretoomuchtojustifythebenefit. 4. Assign.Assignbasedresponsestargettheindividualorentitybest placedtoanalyzeandimplementtheresponsetotherisk,basedon theirexpertise,experience,andsuitability.Thisindividual/entity becomestheRiskOwner. 5. Mitigate.Mitigation(control)basedresponsesaretypicallythemost commonresponse.Theyidentifyanactionthatbecomespartofthe domainworkingplans,andwhicharemonitoredandreportedaspartof theregularperformanceanalysisandprogressreportingofthe engagement.Riskmitigationplanninginvolvesperformingactionsand activitiesaheadoftimeeithertopreventariskfromoccurring altogether,ortoreducetheimpactorconsequencesofitsoccurring.
11290PyritesWay,Suite150,RanchoCordova,CA95670 7|P a g e
2009
6. Share.Sharebasedresponsesidentifyandnegotiatethesharingofrisk exposurewithoneormoreinvolvedparties.Itisusedtoreduceimpact whentheriskinfluenceisseenasbeingsharedbetweentheseparties. Thepartiesinquestionaregenerallytheclient,athirdpartysupplier,a businesspartner,orsomecombinationofthese.LiketheTransfer response,theShareresponseleavestheriskintact,butsharesthe responsibilityforactionsandplanning,andanyconsequencesofrisk fulfillment.Thisoptionisthemostcomplextoimplement,asitrequires closecommunicationandcoordinationwiththeinvolvedparties. CreateRiskContingencyPlan Riskcontingencyplanninginvolvescreatingoneormorefallbackplansthat canbeactivatedincaseeffortstopreventtheadverseeventfail. Contingencyplansarenecessaryforallrisks,includingthosethathave mitigationplans.Theyaddresswhattodoiftheriskoccursandhowto minimizeitsimpact. Triggersareestablishedforthecontingencyplanbasedonthetypeofriskor thetypeofimpactthatmaybeencountered. TriggersareindicatorsthattelltheCIVProjectacertainconditionisaboutto occur,orhasoccurred,and,therefore,itistimetoputthecontingencyplan intoeffect. IftheriskistohaveaMitigationPlan,continuewithStep5;otherwise, proceedtoStep6.
5.
RiskOwner
6.
RiskOwner
11290PyritesWay,Suite150,RanchoCordova,CA95670 8|P a g e
CIVProcurementProject Step Responsible 7. RiskOwner, CIV Procurement Manager and/orPMO Action Report
2009
8.
RiskEscalation
11290PyritesWay,Suite150,RanchoCordova,CA95670 9|P a g e
CIVProcurementProject
2009
5 CIVProcurementRiskManagementForms
ID
RiskName
RiskStatus
RiskCategory
RiskDescription
Owner
Priority
11290PyritesWay,Suite150,RanchoCordova,CA95670 10|P a g e
CIVProcurementProject
2009
11290PyritesWay,Suite150,RanchoCordova,CA95670 11|P a g e
CIVProcurementProject
2009
RiskName IssueStatus Opened Assigned Deferred Escalated Closed DateRaised RiskOriginatorName& ContactInformation RiskCategory Cost/Budget Schedule Resources StrategicDirection Process Technology External RiskTriggerEventDescription RiskOwner RiskMitigationPlan ContingencyPlan ProjectUseOnly DateReceived RiskID
11290PyritesWay,Suite150,RanchoCordova,CA95670 12|P a g e