IT Project Management Methodology. Project Risk Management Guide. Version 0.3



Similar documents
Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

IT Project Management Methodology. Project Scope Management Support Guide

PROJECT RISK MANAGEMENT

IT Project Management Methodology. Project Execution Support Guide. Version 0.3

Negative Risk. Risk Can Be Positive. The Importance of Project Risk Management

Project Risk Management

Strategic Risk Management for School Board Trustees

Step by Step Project Planning

Project Risk Analysis toolkit

Risk/Issue Management Plan

Audit Committee, 28 November. HCPC Project Risk Management. Executive summary and recommendations. Introduction

Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee

FUNBIO PROJECT RISK MANAGEMENT GUIDELINES

Appendix V Risk Management Plan Template

National IT Project Management Methodology

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

Crosswalk Between Current and New PMP Task Classifications

Project Management Frequently Asked Questions:

MNLARS Project Audit Checklist

OE PROJECT CHARTER TEMPLATE

1.20 Appendix A Generic Risk Management Process and Tasks

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Policy : Enterprise Risk Management Policy

Risk and Contingency Planning. Today s Topics. Key Terms. A Vital Component of Your ICD-10 Program

Project Management Guidebook

Project Risk Management Handbook: A Scalable Approach

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

PROJECT RISK MANAGEMENT

Minnesota Health Insurance Exchange (MNHIX)

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

A SUGGESTED HARMONIZATION OF DMAIC WITH PMBOK PROJECT LIFE CYCLES FOR PHARMACEUTICAL LEAN SIX SIGMA PROJECTS

Risk Management. Software SIG. Alfred (Al) Florence. The MITRE. February 26, MITRE Corporation

Information Technology Project Oversight Framework

PMI Risk Management Professional (PMI-RMP ) - Practice Standard and Certification Overview

RiskManagement ESIEE 06/03/2012. Aloysius John March 2012

Risk Management Plan template <TEMPLATE> RISK MANAGEMENT PLAN FOR THE <PROJECT-NAME> PROJECT

Project Risk Management. Presented by Stephen Smith

An Approach to Proactive Risk Classification

PMI Risk Management Professional (PMI-RMP) Exam Content Outline

Module 7 Human Resources Management PMP Exam Questions

Project Scope Management in PMBOK made easy

Bridgend County Borough Council. Corporate Risk Management Policy

At the end of this chapter. Project Charter. What is a Project Charter? What is a Project Charter? Why is a Project Charter used?

Creating A Risk Management Plan

LEGAL PROJECT MANAGEMENT

Framework. 3/3/2011 By Karla Campbell Project Manager PMP Certificated UCOP

Project Management Professional (PMP) Examination Content Outline

Project Management Plan for

Risk Management Procedure

Project Zeus. Risk Management Plan

Road Asset Management Plan Risk Management : Appendix H CONTENTS. 1.0 Risk Management Risk Identification Risk Evaluation.

Motivations. spm adolfo villafiorita - introduction to software project management

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

RISK MANAGEMENT POLICY

Project Management Fact Sheet:

PROJECT MANAGEMENT PLAN CHECKLIST

How To Write A Workforce Strategy

The Project Management Life Cycle By Jason Westland (A book review by R. Max Wideman)

ESKISP Direct security testing

Welcome to the Data Analytic Toolkit PowerPoint presentation an introduction to project management. In this presentation, we will take a brief look

Risk management in public procurement of innovation

Program Management Professional (PgMP) Examination Content Outline

CPM -100: Principles of Project Management

Do not open this paper until instructed by the invigilator. Please note: This question paper must not be removed from the examination room.

A Risk Management Standard

Develop Project Charter. Develop Project Management Plan

Project Risk Management Basics: Cost and Schedule Impacts

WFP ENTERPRISE RISK MANAGEMENT POLICY

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

Input, Output and Tools of all Processes

PMP SAMPLE QUESTIONS BASED ON PMBOK 5TH EDITION

Risk Management Policy

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

Confident in our Future, Risk Management Policy Statement and Strategy

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

Corporate risk register

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Risk Management Primer

Jeff Oltmann on Mastering Projects Backpacker s Guide to Lightweight Project Management Overwhelmed

Supplier Training 8D Problem Solving Approach Brooks Automation, Inc.

The Key to a Successful KM Project

The Lowitja Institute Risk Management Plan

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Risk Assessment Worksheet and Management Plan

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Introduction to the ITS Project Management Methodology

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

MISTAKE #1: Too Much Detail

Making project management indispensable for business results. Project Management 101

The 10 Knowledge Areas & ITTOs

Analyzing Risks in Healthcare. February 12, 2014

Business Continuity Position Description

Transcription:

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA IT Project Management Methodology Project Risk Management Guide Version 0.3 Project Risk Management Support Guide version 0.3 Page 1

Version Date Author Change Description 0.1 23 rd Mar, 2013 Gerald Kisongoch, PMP Draft development 0.2 4 th June, 2013 Gerald Kisongoch, PMP, PMI-RMP Overall revision of document 0.3 5 th June, 2013 Abdul Nsubuga, PMP General review and restructuring of the document Project Risk Management Support Guide version 0.3 Page 2

Table of Contents 1 INTRODUCTION... 4 1.1. Project Risk Management Overview... 4 1.2. Intended Audience... 4 1.3. Risk Management Approach... 4 1.3.1.2 Avenues for Risks Identification... 7 1.3.1.3 Documentation of Identified Risks... 7 1.3.3.4 Risk Strategies for Negative Risks (Threats)... 13 2 ROLES AND RESPONSIBILITIES... 16 Project Risk Management Support Guide version 0.3 Page 3

1 Introduction 1.1. Project Risk Management Overview 1.1.1 Risk management is an undertaking to lessen the of potentially undesirable events on a project and amplify the of a positive event. Risk should be thought of as the possibility of suffering a negative to the project; it can result into decreased quality, increased cost, delayed completion, or project failure. Managing projects risks enhances project success so it should be the project manager s responsibility that he/ she puts an effort in managing risks. 1.1.2 To be successful, an organization should have a risk management policy in place; and all stakeholders must be committed to addressing risk management throughout the project life cycle. This guide provides highlights on how to document policies and procedures for identifying and handling uncommon causes of project variation (i.e. risk). 1.2. Intended Audience 1.2.1 Generally, the risk management plan should apply to everyone on the project, including any consulting/contractor teams or resources. 1.3. Risk Management Approach The overall risk management approach should follow a standard risk management model. Below is a recommended model to be followed in our case in order to enhance standardization of IT projects risk management. Project Risk Management Support Guide version 0.3 Page 4

Table 1: Risk Management Process Process Risk Identification Risk Analysis Risk Response Planning Risk Monitoring and Control Objective To identify risks that might affect the project and documenting their characteristics. Sources of risk, potential risk events, and symptoms of risk are identified. To perform risk analysis; the value of opportunities to pursue verses the threats to avoid; and the opportunities to ignore verses the threats to accept are assessed refer to Section 4 for further guidance To develop risk management and contingency plans refer to Section 5 for further guidance. To ensure that corrective action plans are developed, implemented, and monitored see section 6 for further guidance. 1.3.1 Risk Identification 1.3.1.1 A project manager should lead a team to identify risks. Predefined risk categories can be developed in an organization to provide a structure that can help a project team to ensure that a systematic process is followed to identify risks. A Risk Breakdown Structure or categories in the following charts can be used as guides during risk identification exercise. Project Risk Management Support Guide version 0.3 Page 5

Chart 1: Sample Risk Categorization Chart 2: Sample Risk Breakdown Structure Project Risk Management Support Guide version 0.3 Page 6

1.3.1.2 Avenues for Risks Identification Risk identification is done throughout the project life cycle, although majority of the risks should be identified early on so that proper response planning and monitoring can occur. The following should be considered as potential sources for risk identification: 1. Project charter 2. Analysis of high-level deliverables 3. Analysis of the WBS and project implementation plan 4. Analysis of scope change requests 5. Analysis of project assumptions 6. Project team input (which can take the form of interviews, brainstorming sessions, and/or Delphi technique) 7. Stakeholder and sponsor input 8. Formal risk identification sessions 9. Previous lessons learned 10. Software Quality Assurance audits and reviews 11. Performance and status reports 12. Diagramming techniques such as cause and effect diagrams, process or system flows, and influence diagrams. 1.3.1.3 Documentation of Identified Risks All identified risks should be documented and entered into the risk register / matrix (a sample is provided below). Only Risk Identified and Risk Description columns are filled at this stage. A comprehensive job should be done during risks identification exercise. Project Risk Management Support Guide version 0.3 Page 7

Table2: Sample Risk Register / Matrix S. No. Risk Identified Risk Description Likelihood (Scale of 0.1-1) Impact (Scale of 0.1-1) Factor (likelihood x Impact) Category (L,M,H) Risk Owner Mitigation (Response Plan) Comments Status 1 Project Risk Management Support Guide version 0.3 Page 8

Furthermore, during risk identification, the following information should be documented: 1. Risk category 2. Risk trigger 3. Potential outcome 4. Raised By 5. Date Raised 6. Source 1.3.1.4 Risk Riggers The risk trigger is the event that would need to happen in order for the potential outcome to occur. A project manager should always encourage the risk owners to pay attention to risk triggers of assigned risks throughout the project life. Risk triggers are usually expressed with some sort of dependency, or qualifier. For example, a risk trigger for a possible flood threat could be rain. Any form of rain therefore alerts the risk owner to ensure the contingency plan for a flood is ready to execute if the rain causes a flood. 1.3.2 Risk Analysis 1.3.2.1 After identifying all possible risks, proceed to analyze the risks to ascertain their probability or likelihood of occurrence and their on the specific tasks and overall project should they occur. Impacts can be assessed against project cost, schedule, scope, and/or quality. If the risk event affects more than one dimension and the scores are different, the higher definition should be utilized. 1.3.2.2 Table 3 and table 4 provide probability and definitions respectively, which should be applied on all IT projects for purposes of standardization and comparability of IT projects in government. Project Risk Management Support Guide version 0.3 Page 9

Table 3: Risk Probability Definition Probability Category Probability Description Very High 0.9 Risk event expected to occur High 0.7 Risk event more likely than not to occur Probable 0.5 Risk event may or may not occur Low 0.3 Risk event less likely than not to occur Very Low 0.1 Risk event not expected to occur During risk analysis the potential of each risk should be analyzed, and an appropriate level (0.05, 0.10. 0.20, 0.40, or 0.80) be selected based on the guidelines defined in table 4 below. Table 4: Risk Impact Definition Project Very Low Low Moderate High Very High Objective 0.05 0.10 0.20 0.40 0.80 Cost Insignificant < 5 % cost 5-10% cost 10-25% cost > 25% cost cost Schedule Insignificant < 5% 5-10% 10-20% > 20% schedule schedule schedule schedule schedule Scope Barely Minor areas Major areas Changes Product noticeable ed ed unacceptable becomes to sponsor effectively useless Quality Barely Only very Sponsor Quality Product noticeable demanding must reduction becomes applications approve unacceptable effectively ed quality to sponsor useless reduction Project Risk Management Support Guide version 0.3 Page 10

1.3.2.3 Once the appropriate risk and probability are selected, the risk factor or priority (product of probability and ) can be determined. The matrix in table 5 below shows the combination of and probability that in turn yield a risk priority (shown by the red, yellow, and green colored shadings). Risk priority is utilized during response planning and risk monitoring/control. It is critical to understand the priority for each risk as it allows the project team to properly understand the relative importance of each risk. Table 5: Risk Factor or Priority Analysis Probability Risk Factor 0.90 0.05 0.09 0.18 0.36 0.72 0.70 0.04 0.07 0.14 0.28 0.56 0.50 0.03 0.05 0.10 0.20 0.40 0.30 0.02 0.03 0.06 0.12 0.24 0.10 0.01 0.01 0.02 0.04 0.08 Impact 0.05 0.10 0.20 0.40 0.80 1.3.2.4 Risks that fall into the red-shaded cells of the matrix are the highest priority, and should receive the majority of risk management resources during response planning and risk monitoring/control. Risks that fall into the yellow-shaded cells of the matrix are the next highest priority, followed by risks that fall into the green-shaded cells. 1.3.2.5 Develop a similar matrix for opportunities. It is a good risk management practice to start with identification and management of Project Risk Management Support Guide version 0.3 Page 11

positive risks as this gives the team the much needed motivation and optimism with regards to the project. 1.3.2.6 After the above analysis, you should be able record: Likelihood; Impact; Factor (likelihood x Impact); Category (Low, Medium, High) and Risk Owner in the risk register defined in table2 above. 1.3.3 Response Planning 1.3.3.1 After completing risks identification and analysis, you should proceed to formulate a response plan of action to lessen the risks. During response planning, strategies and plans are developed to minimize the effects of the risk to a point where the risk can be controlled and managed. 1.3.3.2 Higher priority risks should receive more attention during response planning than lower priority risks. Every risk threat should be assigned an risk owner during response planning. 1.3.3.3 Risk Strategies for Positive Risks (Opportunities) The following response plan to opportunities could be considered: Enhance Risk enhancement increases the probability an opportunity will occur by focusing on the trigger conditions of the opportunity and optimizing the chances. Exploit Risk exploitation should be used on opportunities when the organization wishes to assure the opportunity is realized. For example hiring the best experts or assuring Project Risk Management Support Guide version 0.3 Page 12

the most technologically advanced resources are available to the project team. Share Risk sharing involves sharing responsibility and accountability with another to enable the team the best chance of seizing the opportunity. Accept Risk acceptance is any decision not to change to deal with a risk. Risk acceptance is either passively accepted by doing nothing or actively by establishing a contingency reserve. 1.3.3.4 Risk Strategies for Negative Risks (Threats) The following response plan to negative risks could be considered: Avoid Risk avoidance involves changing aspects of the overall project management plan to eliminate the threat, isolating project objectives from the risk s, or relaxing the objectives that are in threatened (e.g. extending the schedule or reducing the scope). Risks that are identified early in the project can be avoided by clarifying requirements, obtaining more information, improving communications, or obtaining expertise. Transfer Risk transference involves shifting the negative of a threat (and ownership of the response) to a third party. Project Risk Management Support Guide version 0.3 Page 13

Risk transference does not eliminate a threat; it simply makes another party responsible for managing it. Mitigate Risk mitigation involves reducing the probability and/or the of risk threat to an acceptable level. Taking early and pro-active action against a risk is often more effective than attempting to repair the damage a realized risk has caused. Developing contingency plans are examples of risk mitigation. Accept Acceptance is often taken as a risk strategy since it is very difficult to plan responses for every identified risk. Risk acceptance should normally only be taken for low-priority risks. Risk acceptance can be passive, where no action is taken at all, or active. The most common active approach to risk acceptance is to develop a cost and/or schedule reserve to accommodate known (or unknown) threats. 1.3.3.5 Documentation The results of response planning should be documented in the risk register (table 2 above). The following information should be entered in the register: 1) Response strategy (avoid, transfer, mitigate, or accept) 2) Response notes (description of plan) if a mitigation approach is taken, specific trigger points that require aspects of the contingency plan to be executed should be documented 3) Risk owner Project Risk Management Support Guide version 0.3 Page 14

1.3.4 Risk Monitoring and Control 1.3.4.1 After completing risks identification, analysis and developing strategies for response plan, you embark on controlling and managing risks. Planned risk responses should be executed as required over the project life cycle of the project, but the project should also be continuously monitored for new and changing risks. During risk monitoring and control the following tasks should be performed: 1) Identify, analyze, and plan for new risks 2) Risk owners should keep tracking identified risks and monitor trigger conditions 3) Review project performance information (such as progress/status reports, issues, and corrective actions) 4) Re-analyze existing risks to see if the probability,, or proper response plan has changed 5) Review the execution of risk responses and analyze their effectiveness 6) Ensure proper risk management policies and procedures are being utilized 7) Have specific risk review meetings 1.3.4.2 Documentation The results of risk monitoring and control should be documented in the risk register (table 2 above). The following information should be captured: 1) Status valid statuses are: i. Identified Risk documented, but analysis not performed Project Risk Management Support Guide version 0.3 Page 15

ii. iii. iv. Analysis Complete Risk analysis done, but response planning not performed Planning Complete Response planning complete Triggered Risk trigger has occurred and threat has been realized v. Resolved Realized risk has been contained vi. vii. 2) Comments Retired Identified risk no longer requires active monitoring (e.g. risk trigger has passed) Trigger Date if the risk has been triggered 2 Roles and Responsibilities The following key stakeholders will be responsible for different aspects during project risk management effort. Below find guidelines for the same. Role Project Sponsor Responsibilities Should participate in risk identification and risk activities during project charter formulation. Should also receive escalated risks and assist with mitigation and contingency actions for escalated risks. Project Manager Responsible for approval of the risk management plan, Project Team Quality Leads and participates in the risk management process, and Takes ownership of risk mitigation/contingency planning and execution. The project manager is ultimately responsible for the final decision on risk actions, in coordination with the project sponsors. Project team members participate in the risk identification process and discuss risk monitoring and mitigation activities at team meetings. They can be risk owners if deemed capable by the project manager The software quality assurance (SQA) lead is responsible for Project Risk Management Support Guide version 0.3 Page 16

Assurance Lead Other Project Stakeholders ensuring identified risks are managed as per the risk management plan. The SQA lead also assist in identifying new risks and/or proposing mitigation strategies and contingency plans, along with proposing improvements to the risk management plan and processes. Stakeholders assist in identifying, analysis, response plans and monitoring risk action effectiveness and participate in risk escalation, as necessary. Project Risk Management Support Guide version 0.3 Page 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information