Risk Management Plan 03 25 2009

2009
CIV Procurement Project
RISKMANAGEMENTPLAN
Thisdocumentsetsouttheproceduresandprocesseswherebyinitialandongoingriskswillbeidentified, categorized,quantified,controlled,andreportedthroughouttheCIVProcurementProject.
CIVProcurementProject BlankPage
2009
11290PyritesWay,Suite150,RanchoCordova,CA95670
CIVProcurementProject
2009
RevisionHistory
RELEASEDATE 3/25/2009 AUTHOR LeslieJohnson SUMMARYOFCHANGE InitialRelease
2009
BlankPage
2009
TableofContents
1 2 3 Introduction............................................................................................................................. 1 RiskManagementObjective.................................................................................................... 2 RiskManagementProcess....................................................................................................... 3 3.1 4 5 RISKProcessFlow............................................................................................................ 4
RiskEscalation ......................................................................................................................... 9 CIVProcurementRiskManagementForms ......................................................................... 10
CIVProcurementProject BlankPage
2009
2009
Introduction
Thisdocumentsetsouttheproceduresandprocesseswherebyinitialandongoingriskswillbe identified,categorized,quantified,monitored,andreported. Itisimportanttodistinguishbetweenissuesandrisks.Issuesareitemsthathaveoccurredand requireresolution.Risksareuncertaineventsorconditionsthat,iftheyoccur,haveapositive ornegativeeffectonaprojectobjective.RiskManagementisaproactivelookatidentifying possibleeventsthatcouldaffecttheproject.Ifariskisrealized,itmaybecomeanissueandit willbedocumentedintheCIVProcurementProjectIssueManagementPlan.Referto the CIVProcurementProjectIssueManagementPlanlocatedintheCIVProcurement Libraryathttp://www.civ.org/ProcurementLibrary.shtmlformoredetails. Thepurposeofriskmanagementisto: 1. Identifyandanalyzepotentialthreatstothesuccessoftheproject; 2. Developmitigationstrategiesandplans; 3. Mitigateoreliminatenegativeimpactsontheproject; 4. EnsureallProjectStakeholdersareinvolvedinriskmanagementasappropriate;and 5. Developcontingencyplansforriskswhereitisunlikelyoruncertainthatthemitigation willbeeffective. TheCIVProcurementManagementteamisresponsibleforacontinuousriskappraisalprocess throughouttheCIVProcurementProjectlifecycle.DuringtheinitialphaseoftheProject,the CIVProcurementManagementteamiscomposedoftheCIVProjectDirectorandtheCIV ProcurementManager.Duringthisphase,theactivitieswillbefocusedonProjectinitiationand acquiringtheservicesofaPlanningConsultantthroughacompetitiveprocurement.Oncea PlanningConsultantiscontracted,theCIVProcurementProjectwillmoveintothenextphase, inwhichallactivitieswillbefocusedonacquiringtheservicesofaMaintenanceandOperations (M&O)contractor.Atthispointintheproject,theCIVProcurementManagementteamwill includePlanningConsultantstaff. Thisdocumentwillbereviewedatleastannuallyandupdatedasneeded.Currently,Project RiskMeetingsareheldmonthly.
1|P a g e
2009
RiskManagementObjective
TheobjectivesofRiskManagementare: 1. TominimizethreatstotheCIVProcurementProjectobjectives; 2. Toprovideasystematicapproachfor: Identifying,categorizing,andassessingrisks; Quantifyingcosteffectiveriskmitigationactions;and Monitoringandreportingprogressinreducingrisk.
TheoverallgoaloftheRiskManagementstrategyistoapplyaproactiveapproachtoreducing exposuretoeventsthatthreatentheaccomplishmentoftheCIVProcurementProjects objectivesby: 1. Incorporatingroutinebusinesspracticesthatminimizeoravoidrisks; 2. Ensuringrisksareidentifiedinatimelymanner,shouldtheyoccur; 3. Developingproactiveandcontingentresponsestoidentifiedrisks;and 4. Rapidlyimplementingriskresponses. Additionally,itisimportantnottoattempttodocumentallpossiblerisksandoutcomes,asthis canoftenintroduceimprobablescenarios,which: 1. Createunnecessaryconcernandconfusion; 2. Shiftfocusawayfromtherealorprobablerisks; 3. Dilutethepoolofrisks;leadingtodiminishingreturnsoneffort,and 4. Reducecredibilityfortheriskmitigationprocess.
11290PyritesWay,Suite150,RanchoCordova,CA95670 2|P a g e
2009
3 RiskManagementProcess
TheRiskManagementprocessisaninteractivecyclethatwillbeperformedduringregular reviewmeetingsthroughouttheCIVProcurementProjectlifecycle.Newrisksmayarisefroma varietyofsources:

1. 2.
Newriskspreviouslymissedorunforeseen; Newrisksidentifiedduringprojectactivities,suchas: Meetings; Workgroupsessions;and Documentreviews.
3.
Newrisksarisingfromtheinvestigationormitigationofanexistingrisk.
TheCIVProcurementProjectRiskManagementPlanisadaptedfromtheSoftwareEngineering Institute(SEI)RiskManagementapproach:
1.
IdentifyRiskidentificationisanongoingprocess,whichismonitoredandupdated regularly.Riskidentificationprovidesopportunities,cues,andinformationthatbringup majorrisksbeforetheyadverselyaffecttheCIVProcurementProject. Track/ControlRisktrackingandcontrolfollowstheprogressoftheriskandits probability,aswellasthestatusofanymitigation/contingencystrategiesthathavebeen executed.Whenchangestotheriskprofileoccur,thebasiccycleofidentify,analyze, andplanwillberepeated.Existingactionplansmaybemodifiedtochangetheapproach ifthedesiredeffectisnotbeingachieved. AnalyzeRiskanalysisincludesthedeterminationof: Impacttocost,schedule,orresources; Probabilityofoccurrence; Levelofcontrol; Exposureofpotentialriskitemoccurrence;and Priorityofeachrisk.
2.
3.
4.
PlanRiskplanningconsistsofthedevelopmentofdetailedplansforeithermitigation and/orcontingencyactionsforaspecificrisk. ImplementPlanimplementationistheactofexecutingthedecisionsmadeand documentedintheriskmitigationplans.Amitigationplanwillbeeithertiedtoatrigger eventandexecuteduponoccurrenceofthatevent,orimplementedimmediately. ReportInanefforttoprovidevisibilityofrisksandprogressinmitigatingthem,both verbalandwrittenreportswillbeprovidedasneeded,atleastonamonthlybasis.
5.
6.
CIVProcurementProject RISKProcessFlow
2009
3.1
Manage Risks
1. Identify Risk
No Risk or Issue? Issue No Risk Condition Triggered? Issue Management Risk Mitigation Required? 6. Monitor Risk Yes Handle as Issue? Yes 3. Determine Approach and Create Risk Mitigation Plan Escalation Management No Issue Management 8. Close Risk
Risk
Yes
2. Analyze Risk
4. Create Risk Contingency Plan
5. Implement Risk Mitigation Plan
7. Implement Risk Contingency Plan
Step Responsible 1. RiskOriginator Action IdentifyRisk AnypersonassociatedwiththeCIVProcurementProjectisexpectedto identifyanddocumentpotentialrisks.AnyProjectteammemberor stakeholdermayinformtheCIVProcurementManagerorPMOofa potentialrisk.Identifiedriskswillbedocumentedinmeetingminutes and/orsubmitteddirectlytotheCIVProcurementManagerorPMOviae mailusingtheCIVProcurementRiskForm(seeattachedAppendixA). RisksarethencategorizedaccordingtothepotentialimpactontheCIV ProcurementProject.Riskscanbecategorizedascost,schedule, technology,operations,orexternal.
CIVProcurementProject 2. CIV Procurement Manager and/orPMO TrackandControl
2009
TheriskareloggedintotheCIVProcurementRiskMatrixandassigneda statusofIdentified. DuringPhase1,theCIVProcurementManagerwillhaveresponsibilityfor documentingandtrackingriskidentificationactivitiesandcoordinatingrisk analysis. DuringPhase2,theProjectManagementOffice(PMO)supportprovidedby thePlanningConsultantwillhavethisresponsibility.
3. CIV Procurement Manager and/orPMO
AnalyzeRisk Similarandrelatedrisksaregroupedpriortoanalyzingtheprobability, impact,andlevelofcontrolforeachrisk. RiskImpactmeasurestheeffectthatariskwillhaveontheproject.Each riskwillberatedonitsimpact,ifitdoesoccur. IMPACTRATINGSCALE Low(1) Theriskdoesnotrepresentamaterialimpactontheproject budget,schedule,orquality. Medium Theriskwoulddisruptprojectprogress,extendtheschedule, (2) orreducethebudgetovertheshortterm,butismanageable. High(3) Theriskrepresentsasignificantnegativeimpactonproject budget,schedule,orqualityandthreatensoverallproject success.
RiskProbabilityisthelikelihoodthataneventwillactuallyoccur.Eachrisk willberatedontheprobabilityofitoccurring. PROBABILITYRATINGSCALE Low(1) Theriskisunlikelytooccurorwillprobablynotoccur. Medium Theriskmayoccurorhasa50/50chanceofoccurring. (2) High(3) Theriskisalmostcertainorverylikelytooccur.
2009
LevelofControlistheinfluencethattheCIVProcurementProjecthas regardingtheoutcomeoftherisk. LEVELOFCONTROLSCALE NoControl(1) NoneoftheStakeholderscancontroltheoutcomeof therisk. Minimal StateorFederalStakeholdershavetheauthorityto Control(2) controltheoutcomeoftherisk. Moderate TheCIVProcurementProjectManagementteamhas Control(3) theauthoritytocontroltheoutcomeoftherisk. HighControl TheCIVProcurementManagerhastheauthorityto (4) controltheoutcomeoftherisk. RiskExposurewillmeasuretheoverallthreatofrisksbyassumingarisk factor. AnumericscorewillbeusedtodetermineaLowexposure(1or2),Medium exposure(3or4)orHighexposure(6or9). Theriskexposureiscomputedusingprobabilityandlevelofcontrol. Thefollowingriskcalculationexpressestheoverallriskexposure. RiskExposure Factor = ProbabilityxImpact LevelofControl
DetermineRiskPriority UsingtheRiskExposureFactor,theCIVProcurementManagementTeam willthenreviewthenewlyidentifiedrisktoestablishitsrelativerankor priorityamongexistingrisks.CIVProcurementManagementTeammay adjustresourceassignments,actionplans,orotherprioritiestoensurethe riskisadequatelyaddressed.
2009
Step 4.
Responsible RiskOwner
Action DetermineApproachandCreateRiskMitigationPlan Thisstepinvolvesdevelopingactionstoaddressindividualrisks,prioritizing riskactions,andcreatinganintegratedriskactionplan. Note:theCIVProcurementRiskMatrixwillbeupdatedthroughouttheRisk Mitigationlifecycle. Therearesixresponsestoconsiderwhenformulatingriskactionplans. 1. Investigate.Risksthatrelatetoalackofknowledgemayoftenbe resolvedormanagedmosteffectivelybylearningmorebefore proceeding. 2. Accept.ThisdescribestheriskfactorsthatmaydirectlyaffecttheCIV ProcurementProject,butareoutsideofthesphereofinfluenceofthe engagement,andtherefore,canonlybeaccepted.Inaddition, acceptanceofrisksasaresponsemaybebasedontherelativecost effectivenessofanyavailableresponseorsolution.Forexample, acceptanceresponsecouldbecreatedfromalegislativeorlegalrisk, overwhichnocontrolcanbeleveraged.Theriskactionplanwill includedevelopmentofadocumentedrationaleforacceptingtherisk butnotdevelopingmitigationorcontingencyplans.Itisprudentto continuemonitoringsuchrisksintheeventthatchangesoccurin probability,impact,orlevelofcontrolrelatedtothisrisk. 3. Avoid.RiskavoidancepreventstheProjectfromtakingactionsthat increaseexposuretoomuchtojustifythebenefit. 4. Assign.Assignbasedresponsestargettheindividualorentitybest placedtoanalyzeandimplementtheresponsetotherisk,basedon theirexpertise,experience,andsuitability.Thisindividual/entity becomestheRiskOwner. 5. Mitigate.Mitigation(control)basedresponsesaretypicallythemost commonresponse.Theyidentifyanactionthatbecomespartofthe domainworkingplans,andwhicharemonitoredandreportedaspartof theregularperformanceanalysisandprogressreportingofthe engagement.Riskmitigationplanninginvolvesperformingactionsand activitiesaheadoftimeeithertopreventariskfromoccurring altogether,ortoreducetheimpactorconsequencesofitsoccurring.
CIVProcurementProject Step Responsible Action
2009
6. Share.Sharebasedresponsesidentifyandnegotiatethesharingofrisk exposurewithoneormoreinvolvedparties.Itisusedtoreduceimpact whentheriskinfluenceisseenasbeingsharedbetweentheseparties. Thepartiesinquestionaregenerallytheclient,athirdpartysupplier,a businesspartner,orsomecombinationofthese.LiketheTransfer response,theShareresponseleavestheriskintact,butsharesthe responsibilityforactionsandplanning,andanyconsequencesofrisk fulfillment.Thisoptionisthemostcomplextoimplement,asitrequires closecommunicationandcoordinationwiththeinvolvedparties. CreateRiskContingencyPlan Riskcontingencyplanninginvolvescreatingoneormorefallbackplansthat canbeactivatedincaseeffortstopreventtheadverseeventfail. Contingencyplansarenecessaryforallrisks,includingthosethathave mitigationplans.Theyaddresswhattodoiftheriskoccursandhowto minimizeitsimpact. Triggersareestablishedforthecontingencyplanbasedonthetypeofriskor thetypeofimpactthatmaybeencountered. TriggersareindicatorsthattelltheCIVProjectacertainconditionisaboutto occur,orhasoccurred,and,therefore,itistimetoputthecontingencyplan intoeffect. IftheriskistohaveaMitigationPlan,continuewithStep5;otherwise, proceedtoStep6.
5.
RiskOwner
6.
RiskOwner
ImplementRiskPlan Whenthetriggereventoccursorisimminent,theRiskOwnerwillinitiatethe mitigationplanandnotifytheCIVProcurementManagerand/orPMOofthe planexecution.TheRiskOwnerwillnotifyallpartiesidentifiedinthe mitigation/contingencyplanandensureallactivitiesarecoordinated.TheRisk Ownerwillalsotakethespecificmeasurementstodeterminetheeffectiveness oftheactivities.Ifitappearstheactivitiesarenotproducingthedesired effective,theRiskOwnerwillproposechangestoaddressthedeficiencies.
CIVProcurementProject Step Responsible 7. RiskOwner, CIV Procurement Manager and/orPMO Action Report
2009
TheRiskOwnerwillinformtheCIVProcurementManagerorPMOofrisk statusupdatesasneeded.TheCIVProcurementManagerorPMOwill provideriskactivitystatusandeffectivenessreportstotheCIVProcurement ProjectManagementteamduringmonthlyCIVProcurementProjectRisk ManagementMeeting.
8.
CIV RiskClosure Procurement Whererisksaredeterminednottobevalidorhavebeenremovedthroughthe Manager and/orPMO implementationofamitigationplan/contingencyplan,theriskisclosed. Consensusattheriskmeetingmustbeachievedbeforeariskisclosed.
RiskEscalation
TheCIVProcurementManagerwillberesponsibleforriskescalation.Ifconsensusregardinga riskcannotbereachedwithintheCIVProcurementManagementteam,theriskwillbe escalatedtothenexthigherauthoritativelevelforresolution.TheRiskescalationprocessand proceduresmirrortheIssueTrackingandEscalationProcessasdetailedintheCIV ProcurementProjectIssueManagementPlan.TheCIVProcurementProjectIssueManagement PlancanbeaccessthroughtheCIVProcurementLibrarylocatedat: http://www.civ.org/ProcurementLibrary.shtml
2009
5 CIVProcurementRiskManagementForms
TheCIVProcurementProjectwillusetheCIVProcurementProjectRiskManagementForm (seeAttachment1)andCIVProcurementProjectRiskLog(seesamplebelow). UntilPlanningConsultantservicesareacquired,riskdocumentationwillbestoredona restricteddriveontheCIVProjectlocalareanetwork(LAN)andtheCIVProcurementManager willberesponsibleforrisktrackingandcontrol. FollowingacquisitionofPlanningConsultantservices,riskdocumentationwillbestoredonthe PlanningConsultantsProjectlocalareanetwork(LAN),andtheProjectManagementOffice (PMO)willberesponsibleforrisktrackingandcontrol. CIVProcurementProjectRiskLog

Date Raised Risk Originator Notes (DateUpdate,AnalysisorResolution) DateRisk Closed
ID
RiskName
RiskStatus
RiskCategory
RiskDescription
Owner
Priority
2009
RISKMANAGEMENTPLAN ATTACHMENT1 RISKMANAGEMENTFORM
2009
RiskName IssueStatus Opened Assigned Deferred Escalated Closed DateRaised RiskOriginatorName& ContactInformation RiskCategory Cost/Budget Schedule Resources StrategicDirection Process Technology External RiskTriggerEventDescription RiskOwner RiskMitigationPlan ContingencyPlan ProjectUseOnly DateReceived RiskID
CIV ProcurementProject RiskManagementForm

Risk Management Plan 03 25 2009

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Risk Management Plan 03 25 2009

Transféré par

Droits d'auteur :

Formats disponibles

2009

CIV Procurement Project

RiskEscalation ......................................................................................................................... 9 CIVProcurementRiskManagementForms ......................................................................... 10

TheobjectivesofRiskManagementare: 1. TominimizethreatstotheCIVProcurementProjectobjectives; 2. Toprovideasystematicapproachfor: Identifying,categorizing,andassessingrisks; Quantifyingcosteffectiveriskmitigationactions;and Monitoringandreportingprogressinreducingrisk.

TheRiskManagementprocessisaninteractivecyclethatwillbeperformedduringregular reviewmeetingsthroughouttheCIVProcurementProjectlifecycle.Newrisksmayarisefroma varietyofsources:

Newriskspreviouslymissedorunforeseen; Newrisksidentifiedduringprojectactivities,suchas: Meetings; Workgroupsessions;and Documentreviews.

4. Create Risk Contingency Plan

5. Implement Risk Mitigation Plan

7. Implement Risk Contingency Plan

CIVProcurementProject 2. CIV Procurement Manager and/orPMO TrackandControl

3. CIV Procurement Manager and/orPMO

DetermineRiskPriority UsingtheRiskExposureFactor,theCIVProcurementManagementTeam willthenreviewthenewlyidentifiedrisktoestablishitsrelativerankor priorityamongexistingrisks.CIVProcurementManagementTeammay adjustresourceassignments,actionplans,orotherprioritiestoensurethe riskisadequatelyaddressed.

CIVProcurementProject Step Responsible Action

TheRiskOwnerwillinformtheCIVProcurementManagerorPMOofrisk statusupdatesasneeded.TheCIVProcurementManagerorPMOwill provideriskactivitystatusandeffectivenessreportstotheCIVProcurement ProjectManagementteamduringmonthlyCIVProcurementProjectRisk ManagementMeeting.

CIV RiskClosure Procurement Whererisksaredeterminednottobevalidorhavebeenremovedthroughthe Manager and/orPMO implementationofamitigationplan/contingencyplan,theriskisclosed. Consensusattheriskmeetingmustbeachievedbeforeariskisclosed.

RISKMANAGEMENTPLAN ATTACHMENT1 RISKMANAGEMENTFORM

CIV ProcurementProject RiskManagementForm

Vous aimerez peut-être aussi