Audit Committee, 28 November. HCPC Project Risk Management. Executive summary and recommendations. Introduction



Similar documents
Shepway District Council Risk Management Policy

Project Risk Analysis toolkit

Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

1.20 Appendix A Generic Risk Management Process and Tasks

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Bedford Group of Drainage Boards

Bridgend County Borough Council. Corporate Risk Management Policy

Internal Audit Report Project Management

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management Plan template <TEMPLATE> RISK MANAGEMENT PLAN FOR THE <PROJECT-NAME> PROJECT

Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee

IT Project Management Methodology. Project Risk Management Guide. Version 0.3

Confident in our Future, Risk Management Policy Statement and Strategy

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Risk/Issue Management Plan

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Risk Management Policy

Clinical Risk Management: Agile Development Implementation Guidance

Version: 3.0. Effective From: 19/06/2014

Client Communication Portal Project

Business Continuity Management For Small to Medium-Sized Businesses

RISK MANAGEMENT STRATEGY

Audit Committee, 13 March Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Business Continuity Management Policy

Risk Management Policy and Process Guide

Internal Audit Strategic and Annual Plans 2015/16

Service Risk Assessment. Consultant PQC

ERM Program. Enterprise Risk Management Guideline

TEC Capital Asset Management Standard January 2011

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Plan Toolkit

National Occupational Standards. Compliance

Recommendations which have been implemented have been removed from this report. The original numbering of recommendations has been retained.

IMPLEMENTATION DETAILS

Risk Policy and Risk Management Procedures

PROCESS FOR RISK ASSESSMENT

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

Projects Office Tari Kaupapa. Project Methodology Template Examples

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

A Risk Management Standard

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

Risk Management Procedure

Xavier Catholic College Risk Management - Policy & Procedure

MEMBERS CONSIDER THE RISK STRATEGY AND RECOMMEND APPROVAL TO COUNCIL.

Compliance Management Framework. Managing Compliance at the University

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Assessment Tool and Guidance (Including guidance on application)

The Risk Management strategy sets out the framework that the Council has established.

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Information Governance Strategy

RISK MANAGEMENT POLICY

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Business Continuity (Policy & Procedure)

Internal Audit Report Disaster Recovery / Business Continuity Planning

Risk Management Strategy and Guidelines

Group Risk Management Policy

Single Stage Light Business Case Template

RISK MANAGEMENT POLICY. Version 3

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

Directing Change A guide to governance of project management

Safety Management Systems (SMS) guidance for organisations

St Patrick s Catholic School

Risk Management Plan

Risk Management Statement, Strategy and Policy. Index. Risk Management Statement page 2. Risk Management Strategy page 2

IT Services Risk Management Strategy

Core Infrastructure Risk Management Plan

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)

Northern Ireland Blood Transfusion Service

Risk Management & Business Continuity Manual

PUBLIC G5 - Supplier CFD Credit Cover. EMRS Guidance

Integrated Risk Management:

How To Ensure That Sovini Is A Successful Business

Business Planning, Risk Management and Quality. Mike Harris Immediate Past Chairman, AOQ-QLD Manager Business Systems, AECOM

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Length of Contract: 2 months (with an option to extend for a further 5 months).

Risk Management Policy and Framework

Purpose of Report To present a revised corporate risk register as at May 2013

Risk Management Strategy

Risk Management Policy Adopted by:

Maturity Model. March Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce

Risk Management Framework

Road Asset Management Plan Risk Management : Appendix H CONTENTS. 1.0 Risk Management Risk Identification Risk Evaluation.

Sickness Reporting Audit Final Report

Business Continuity Planning

Aegon Global Compliance

The English Nature and Joint Committee of Staff

Risk Management Framework

RISK MANAGEMENT TOOLKIT

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

G Cloud III Framework Lot 4 (SCS) Project Management

Step by Step Project Planning

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

RISK MANAGEMENT POLICY (Revised October 2015)

The Lowitja Institute Risk Management Plan

Transcription:

Audit Committee, 28 November HCPC Project Risk Management Executive summary and recommendations Introduction At its meeting on 29 September 2013 the Committee agreed that it would receive the Education Systems Build project risk register, in order to discuss the contents of such risk registers. The appendices set out the methods used by the Project Management Department for the identification, analysis, and management of project risks, and the Education System Build Project Risk Log as an example of a risk log which is currently in use. Decision This paper is for information only. No decision is required. Background information The Education System Build risk log is an example of a live risk log and as such it contains open risks where the risk is considered an ongoing threat. Resource implications None Financial implications None Appendices Appendix 1 HCPC Project Risk Management Appendix 2 Project Risk Matrix Appendix 3 Education System Build Project Risk Log dated 14 November 2013 Date of paper 12 November 2013 1

Appendix 1 Project Risk Management HCPC adheres to a PRINCE2 (PRojects IN Controlled Environments) project methodology, which provides a robust framework to manage the range of business process improvement projects that we undertake. Risk management is a key element of the project management process and initial risks to a project are first considered at the point at which the business case is drafted, which is the very outset of considering whether a project is viable. Risk identification Where a business case is agreed the project will proceed to the formal initiation stage, where the project board expands upon and analyses the risks identified in the business case; these are recorded in a project risk log which is used throughout the life of the project to track and manage risks. There will be an average of 6-8 risk logs being managed by the project management team at any one time. Identified risks are grouped in categories including communication, cost, legal, planning, quality, reputation, resources, and UAT, so that any patterns in the risks which are being recorded can be ascertained, and all are assigned to a risk owner who has responsibility to manage the risk. This would usually be the project lead or project manager. Scoring The risk is then scored using the risk matrix set out in Appendix 2. The project board considers the likelihood of a risk occurring; from rare risks, where the risk is very remote and will probably never occur during the life of the project, to almost certain risks, where it is expected that the risk will occur at some point during the project. The project board next consider the impact of the risk, from negligible risks, which if they did occur would have little impact, to significant risks which would adversely impact HCPC s reputation or have a significant financial impact. These scores are multiplied to provide a risk score which is plotted against the risk matrix. Where the project manager has concerns that a risk is scored highly, it will be escalated to the Project Portfolio Manager and EMT. Any project risks that pose significant reputational or financial risk may be escalated to the HCPC risk register. Counter Measures and Counter measures include preventing the risk, where the risk is completely removed, reducing the risk, where the entire risk cannot be mitigated, but it is possible to go some way towards addressing it, or transferring the risk, where the risk is transferred to a third party, usually through insurance. Risks may also be accepted where a decision is taken 2

that we should continue to monitor the risk, but that it is not possible to mitigate it at that time. The risk log includes a column for the mitigation to be recorded and maintained, and there is a separate column for scoring the risk after the mitigation has been put in place. Unless the risk is accepted, the likelihood or impact will have been reduced by the mitigation put in place. Conclusion The project risk log is a standard item at regular project board meetings and is frequently reviewed by the project board throughout the life of the project. As the project evolves, and greater clarity emerges, the likelihood and impact of risks will be revised. The mitigation in place may also be amended, and risks will close if the risk is no longer considered a viable threat to the project. New risks will also arise. At the end of a project the risk log is reviewed as part of the lessons learned meeting. It may then be reviewed in future similar projects to identify and prepare for the kinds of risks that may be encountered during the life of a similar project. The risk log is therefore very much a live document and is a key tool used by the project manager and project board to robustly and systematically identify, analyse, and manage the risks identified during the life of the project. 3

Appendix 2: Project Risk Matrix Negligible (1) Minor (2) Moderate (3) Severe (4) Critical (5) Inconsequential and no action currently required. May threaten an element of the project, but no significant time, cost or quality impact. May threaten an element of the project, and is likely to have significant time, cost or quality impact. May threaten an element of the project, and will have significant time, cost or quality impact. Could prevent successful delivery of project. Could put the organisation at financial and/or reputational risk. Almost Certain (5) Expected to occur during the life of the project. Likely (4) Low (5) Medium (10) High (15) High (20) Very High (25) Will probably occur during the life of the project. Low (4) Medium (8) Medium (12) High (16) High (20) Possible (3) Could occur at some time. Low (3) Low (6) Medium (9) Medium (12) High (15) Unlikely (2) Not expected to occur during the life of the project. Low (2) Low (4) Low (6) Medium (8) Medium (10) Rare (1) Will probably never happen during the life of the project. Insignificant (1) Low (2) Low (3) Low (4) Low (5) Key Rating 1 Insignificant 2-6 Low 8-12 Medium 15-20 High 25 Very High 4

Appendix 3: Education System Build Project Risk Log Date Identified Risk Category Risk Name Risk Description Risk Owner Probable Consequences Risk Counter measure Post Post Risk Status Date of Last Update Author 006 16 January 2013 Technolog y 007 16 January 2013 Communic ations Supplier Understanding Supplier Communication Risk of lack of clarity of understanding of HCPC requirements by ConsultCRM and Deltascheme. Risk that communication between ConsultCRM and Deltascheme is not effective and that there is therefore a lack of clarity of understanding of the distinct role each will play in the project. That we proceed in the project build stage using mistaken assumptions which need to be addressed at a later date. Lack of understanding of roles and responsibilities. Could result in delays to project and divergence from requirements, increasing costs and scope. 3 4 12 1) Playback of understanding following workshops. 2) Proof of Concept. 3) Adequate time for reflection and feedback. 4) SMEs not relying on current processes to inform workshops, rather sticking to principle of what Education does, and are not overloading suppliers with information. 5) Specification of key assumptions. 1) Communication not only through HCPCfacilitated meetings and teleconferences and so we will need parties to communicate outside of our meetings and form a clear understanding of role and responsibilities. 2) Contractual arrangement that Deltascheme formally subcontracting under ConsultCRM for build stage of the project. Therefore need to ensure lines of communication are clear when we move into the build phase (agreed that we would not pursue this and would retain a contractual relationship with suppliers). 3) Undertaking in work order for build stage that ConsultCRM will take the lead on communication issues. 16 January 2013 Paul 24 September 2013 Paul 008 05 February 2013 Technolog y Data Migration Risk that data may prove difficult to export into Dynamics. That data cannot be migrated easily and risk that we will need to manually enter data, which will have an adverse impact on resources. 3 4 12 Robust data migration plan, confirming all data, locations and how long data migration will take. 30 April 2013 Paul 5

Appendix 3: Education System Build Project Risk Log Date Identified Risk Category Risk Name Risk Description Risk Owner Probable Consequences Risk Counter measure Post Post Risk Status Date of Last Update Author 009 13 February 2013 UAT Sprint Cycles Risk that sprint cycles may require additional resources to support, and so may adversely impact on Education and particularly IT resources. There may also be an impact on Deltascheme resources. 1) That supporting sprint releases impacts on IT ability to provide support to other areas of HCPC. 2) That other planned project activities within the Education project, and other projects supported by IT, are impacted. 3) That Deltascheme are unable to support Sprint cycles. 4 3 12 1) If impact is unacceptable we may need to revert to using a traditional UAT cycle. 2) Prioritisation of Education project above other projects. 2 2 4 13 February 2013 Paul 011 14 February 2013 Technolog y Functionality Risk that optimum use of SP/CRM functionality is not achieved. 016 23 May 2013 Resources IT Resources There is a risk that resources will be limited as we initiate other major projects later in the year and, in particular, IT resources will be stretched across several major projects. 017 17 July 2013 Resources Supplier Resources Risk that EnergySys component (interface) may not be included in a scheduled NetRegulate release due to lack of EnergySys resources or due to reliance on other suppliers: CRM system and design documentation would need to be in place in order for NetRegulate interface to be implemented, and the interface would need to be deployed to the test environment in conjunction with another NetRegulate release. Solution design not optimised. That the plan for the Education project will need to be extended due to lack of available resources at required times. That EnergySys cannot deliver according to the proposed project timescale. 3 2 6 5 4 20 1) Knowledge transference between ConsultCRM and Deltascheme. HCPC needs to continually reaffirm the separation of roles between CRM and EDRMS platforms. 2) QA/validation through Microsoft consultancy, possibly through ConsultCRM. Effective project prioritisation by HCPC to factor in conflicting demands of various projects, and clear consistent project plan of activities. Project prioritised as most critical project currently in the portfolio. Liaise with EnergySys on suitable release date for NetRegulate changes and synchronise these with other NetRegulate components and dependencies required from other suppliers. Ensure that this is included within the scope of a forthcoming NetRegulate release and include in project portfolio planning. 2 2 4 4 4 16 14 February 2013 Graham White 16 May 2013 Paul 17 July 2013 Paul 6

Appendix 3: Education System Build Project Risk Log Date Identified Risk Category Risk Name Risk Description Risk Owner Probable Consequences Risk Counter measure Post Post Risk Status Date of Last Update Author 018 24 September 2013 Supplier Solution That during the build stage of the project it becomes apparent that the shortlisted vendor is unable to meet all essential requirements. That the product proposed is not fit for purpose as it does not meet all essential requirements set out in the RFP. 019 24 September 2013 Cost Solution That during the build stage of the project it becomes apparent that no suitable solution can be found at an appropriate cost. 1) That the scope of the project would need to be widened to rectify any shortfall in the requirements which are uncovered during the course of the project. 2) That the scope of the project would need to be narrowed so as not to include elements that the vendor is unable to deliver. That the scope of the project would need to be narrowed so as not to include elements that the vendor is unable to deliver due to cost constraints. 3 4 12 During sprint cycles review feedback, and undertake regular discussions; Ensure that we have sufficient review days prior to build; Ensure cost contingency is in place; In using Agile approach, plan for changes to occur in advance of each Sprint cycle. During sprint cycles review feedback, and undertake regular discussions; Ensure that we have sufficient review days prior to build; Ensure cost contingency is in place; In using Agile approach, plan for changes to occur in advance of each Sprint cycle. 2 4 8 24 September 2013 Paul 24 September 2013 Paul 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information