1. No category

Risk Management Plan

e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
Risk Management Plan
1. Purpose
This document describes how we will perform the job of managing risks for e-Vote.
It defines roles and responsibilities for participants in the risk processes, the risk management
activities that will be carried out, the schedule and budget for risk management activities, and
any tools and techniques that will be used.
2. Definitions
2.1. Risk management
Risk management is the application of appropriate tools and procedures to maintain risk
within acceptable limits. It consists of several sub-activities.
2.2. Risk assessment
Is the process of examining a project and identifying areas of potential risk.
The Risk Assessment is concerned with identifying, characterizing, prioritising and deciding
whether to accept the exposure associated with each risk that threatens the project’s ability to
meet its objectives within schedule and budget.
2.3. Risk identification
Can be facilitated with the help of a checklist of common risk areas for software projects, or
by examining the contents of an organizational database of previously identified risks and
mitigation strategies (both successful and unsuccessful).
2.4. Risk analysis
Risk analysis involves examining how project outcomes might change with modification of
risk input variables.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 1 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
2.5. Risk prioritization
Helps the project focus on its most severe risks by assessing the risk exposure.
2.6. Risk exposure
Is the product of the probability of incurring a loss due to the risk and the potential magnitude
of that loss. We usually estimate the probability from 0.1 (highly unlikely) to 1.0 (certain to
happen), and the loss on a relative scale of 1 (no problem ) to 10 (total loss). Multiplying these
factors together provide an estimation of the risk exposure due to each item, which can run
from 0.1 through 10.
2.7. Risk avoidance
The risk avoidance strategy is to abstain from high risk activities. The obvious disadvantage of
this strategy is that it limits the activities performed with a consequent loss of the benefits
resulting from these activities.
2.8. Risk control
Is the process of managing risks to achieve the desired outcomes.
2.9. Risk reduction / risk mitigation
Risk Reduction is concerned with developing and executing countermeasures, monitoring
their execution and evaluating their effectiveness. Countermeasures and corrective actions
shall be agreed upon, based on the assessed impact of the risk, the project’s ability to accept
the risk, and the feasibility of mitigating the risk.
2.10. Risk management planning
Produces a plan for dealing with each significant risk, including mitigation approaches,
owners, and timelines.
2.11. Risk resolution
Is the execution of the plans for dealing with each risk.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 2 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
2.12. Risk monitoring
Involves tracking your progress toward resolving each risk item.
2.13. Risk
The chance of damage, loss, injury or destruction.
2.14. Probability
Probability is the likelihood of an event to occur.
2.15. Impact
The cost or consequence of an undesirable event.
3. Roles and Responsibilities
3.1. Project Manager
The Project Manager will assign a Risk Officer to the project, and identify this
individual on the project’s organisation chart. The Project Manager and other
members of the Project Coordination team shall meet monthly to review the
status of all risk mitigation efforts, review the exposure assessments for any
new risk items, and redefine the project's Top Ten Risk List.
3.2. Risk Officer
The Risk Officer has the following responsibilities and authority:

coordinating risk identification and analysis activities

maintaining the project’s risk list

notifying project management of new risk items

reporting risk resolution status to management
The Risk Officer should normally not be the Project Manager.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 3 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
3.3. Project Member Assigned a Risk
The Risk Officer will assign each newly identified risk to a project member,
who will assess the exposure and probability for the risk factor and report the
results of that analysis back to the Risk Officer. Assigned project members are
also responsible for performing the steps of the mitigation plan and reporting
progress to the Risk Officer biweekly.
4. Risk Categories
Possible risks are classified according to the following list. This list can function as checklist
for risk analysis. This list shall be used for filling the “Risk Category” Field in the document
“Risk Documentation Form”.
4.1. Supplier Issues
1
2
3
4
Failure of the third party
Failure by them to deliver satisfactorily
Contractual issues
Mismatch between the nature of the task and the procurement process
4.2. Organisational factors
1
2
3
4
5
6
Additional staff responsibilities alongside project work
The project culture, or lack of it, within the Customer organisation
Personnel and training issues
Skill shortage
Potential security implications
Culture clashes between Customer and Supplier
4.3. Specialist issues
1
2
3
4
5
How well requirements can be specified
To what extent the requirements can be met using currently available and
understood facilities and approaches
The extent to which a project involves innovative, difficult or complex processes
and / or equipment
The challenges and problems regarding quality, testing
The risks that the specified requirements will not be achievable in full, or that not
all requirements will
be correctly specified.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 4 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
5. Risk Documentation
5.1. Risk List
The risk factors identified and managed for this project will be accumulated in
a “Project Risk List” [PRL], which is located in e-Vote Templates.
(See Forms PROJECT RISK LIST [PRL]) The ten risk items that currently
have the highest estimated risk exposure are referred to as the project’s Top
Ten Risk List.
5.2. Risk Data Items
Information for each project risk will be stored in a Risk Documentation Form
[RDF]
The RDF is the primary form. Any team member can fill an RDF and send it by
e-mail to the Project Manager.
5.3. Closing Risks
A risk item can be considered closed when the planned mitigation actions have
been completed and the estimated risk exposure of (probability X impact) is
less than 2.
6. Activities
6.1. Activities Overview
The Risk Management Team (PM, SM,TC) provide the foundation for Risk Management
approach. TC acts as RO.
A risk assessment will be performed every month throughout the life of the project, by PM,
SM, TC.
The potential impacts on the project’s success, and how the results and recommended
contingencies to manage or mitigate the risks will be communicated to those
interested/involved parties.
Risk Reduction is continually performed throughout the life of the project. Risk Reduction is
concerned with developing and executing corrective measures, monitoring corrections and
evaluating their effectiveness. Corrective actions shall be agreed upon, based on the assessed
impact of the risk, the project’s ability to accept the risk, and the feasibility of mitigating the
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 5 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
risk.
A Project Risk Metric Model within e-Vote will be adopted, which can help the Project
Manager assess the overall project risk level. Distinct risk reduction actions are suggested
within the Model that can effectively lower the level of risk exposure for each type of risk that
the project faces.
6.2. Risk Identification
6.2.1. Task
The techniques that will be used to identify risk factors at the beginning of the project and on
an on-going basis are:
 A formal risk assessment workshop,

A brainstorming session,

Interviews at the beginning of each life cycle phase,
or use of the RDF form available from the project’s web site for submitting risk factors.
Any consolidated lists of risk items that will be used to identify candidate risks for this project
MUST update this paper.
6.2.2. Participants
Any Team Member or participant can identify a risk and submit the relative document to the
Project Manager.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 6 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
6.3. Risk Analysis and Prioritisation
Stage
Task
1
The Risk Officer will assign each risk factor to an Risk Assigned Project
individual project member, who will estimate the Member [RAPM]
probability the risk could become a problem (scale
of 0.1-1.0) and the impact if it does (either relative
scale of 1-10, or units of dollars or schedule days,
as indicated by the Risk Officer)
2
The individual analysed risk factors are collected, Risk Officer [RO]
reviewed, and adjusted if necessary. The list of risk
factors is sorted by descending risk exposure
(probability times impact).
Preparation of “Contingency Plan”
Risk Officer [RO]
Description of estimation of such contingencies and
communicating the information to the Project
Manager or building those contingencies into the
project schedule
3
Participants
.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 7 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
6.4. Risk Management Planning
Stage
1
2
3
Task
Participants
The top ten risks are assigned to individual project Risk Officer [RO]
members for development and execution of a
“Risk Mitigation Plan”.
Assigned
For each assigned risk factor, recommend actions Risk
Project Member
that will reduce either the probability of the risk [RAPM]
materializing into a problem, or the severity of the
exposure if it does. Return the “Risk Mitigation
Plan” to the Risk Officer.
Risk Officer [RO]
The “Risk Mitigation Plans” for the assigned risk
items are collated into a single list. The completed
Top Ten Risk List is created and made publicly
available on the project’s intranet web site.
6.5. Risk Resolution
Stage
1
Task
Each individual who is responsible for executing a
risk mitigation plan carries out the mitigation
activities.
Participants
Risk Assigned
Project Member
[RAPM]
6.6. Risk Monitoring
Stage
1
2
3
Task
Participants
Describe the methods and metrics for tracking the Risk Officer [RO]
project’s risk status over time, and the way risk
status will be reported to management.>
Assigned
The status and effectiveness of each mitigation Risk
Project Member
action is reported to the Risk Officer every two [RAPM]
weeks.
The probability and impact for each risk item is Risk Officer [RO]
reevaluated and modified if appropriate.
4
5
If any new risk items have been identified, they Risk Officer [RO]
are analyzed as were the items on the original risk
list and added to the risk list.
The Top Ten Risk List is regenerated based on the Risk Officer [RO]
updated probability and impact for each remaining
risk.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 8 of 14
e-VOTE: An Internet-based Electronic Voting System
6
Any risk factors for which mitigation actions are
not being effectively carried out, or whose risk
exposure is rising, may be escalated to an
appropriate level of management for visibility and
action.
IST-2000-29518
Risk Officer [RO]
6.7. Lessons Learned
Stage
1
Task
Participants
A specific document is created by the PM when
Risk Officer [RO]
the risk is closed. The document shall be logged in
” Lessons Learned Log” [LLL] (see template in
section Forms) and shall contain information
about mitigation of specific risks. The LLL and the
Relative documents shall be stored in Web Site
restricted area for further assessment.
7. Schedule for Risk Management Activities
Activity
Description
Risk Identification
A risk workshop will be held on approximately <TBD>.
Risk List
The prioritized risk list will be completed and made available to
the project team by approximately <TBD>.
Risk Management The Risk Management Plan, with mitigation, avoidance, or
Plan
prevention strategies for the top ten risk items, will be completed
by approximately <TBD>.
Risk Review
The Risk Management Plan and initial Top Ten Risk List will be
reviewed and approved by the Project Manager on
approximately <date>.
Risk Tracking
The status of risk management activities and mitigation success
will be revisited as part of the gate exit criteria for each life cycle
phase. The risk management plan will be updated at that time.
8. Risk Management Budget
The [contract] does not provide special person/hours for risk management. The cost of risk
management is charged to the project person/hours in general.
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 9 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
9. Risk Management Tools
10. Plans
All following plans refer to an individual risk.
Guidelines on the content of this plan are.
Risk Idetification
Actions
Roles
Timelines
Conclusions - Estimations
10.1. Risk Mitigation plan
10.2. Risk Contingency Plan
10.3. Risk Management Plan
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 10 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
11. Forms
11.1. Lessons Learned Log [LLL]
Lessons Learned Log (Use to summarise any Lessons Learned during LLL
the Management. This will be updated by the Project Manager during Ref:
the Management Stage and notified to the Project Board at the End Stage
Assessment Meeting. A Lessons Learned Report will be produced using Version:
this Log as its basis in the CP Process, and authorised by the Project
Board at the Project Closure Meeting)
Programme:IST
Project:e-Vote
Author:
Date:
Reference
Lessons Learned & Reference
e-VOTE/WP-1/D1.3/Final/13-12-2001
Date &
Location
Page 11 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
11.2. PROJECT RISK LIST [PRL]
PROJECT RISK LIST
(Risks of the project are logged from RDFs by order
of Risk Factor. The 10 First are faced as most
important).
DOC CODE
PROGRAMME/PROJECT:
IST/e-Vote
AUTHOR
ORDER
DATE UPDATED
Risk
ID1
RISK DESCRIPTION
Risk
Assigned
Member
PRL
CLASSIFICATION:
Int.
PROB
ABILI
TY
(a)
IMPACT
(b)
Risk
Exposure
(a x b)
1
2
3
4
5
6
7
8
9
10
1
Risk ID is transferred to document RDF (Risk Documentation Form)
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 12 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
11.3. Risk Documentation Form [RDF]
Risk Documentation Form
(Primary document where a risk is registered. A summary of
RDF’s is written to the Risk List and obtains a Risk ID)
PROGRAMME/PROJECT:
IST/e-Vote
AUTHOR
Risk Category
Organisation
DOC CODE
RDF
Risk ID: <Sequence
Number>
CLASSIFICATION
Int.
Report Date: <Date this risk report was last updated>
Description: <Describe each risk in the form “condition – consequence”. >
Probability: <What’s the
likelihood of this risk
becoming a problem? >
Impact: <What’s the damage
if the risk does become a
problem? >
Risk Exposure: <Multiply
Probability times Loss to estimate
the risk exposure. >
First Indicator: <Describe the earliest indicator or trigger condition that might indicate that the
risk is turning into a problem. >
Improvement Approaches: <State one or more approaches to control, avoid, minimize, or
otherwise limit the risk. Limitation approaches may reduce the probability or the impact. >
Date Started: <State the date
the Improvement plan
implementation was begun. >
Date to Complete: <State a
date by which the
improvement plan is to be
implemented. >
Owner: <Assign each risk
improvement action to an
individual for resolution. >
Current Status: <Describe the status and effectiveness of the risk limitation actions as of the date
of this report. >
Contingency Plan: <Describe the actions that will be taken to deal with the situation if this risk
factor actually becomes a problem. >
Trigger for Contingency Plan: <State the conditions under which the contingency plan will begin
to be implemented. >
e-VOTE/WP-1/D1.3/Final/13-12-2001
Page 13 of 14
e-VOTE: An Internet-based Electronic Voting System
IST-2000-29518
11.4. Risk Mitigation Log
Risk Mitigation Log
(Log document where all risks are registered. A summary of the
mitigation Strategy for every risk is stated in the appropriate
column. The cost of event in person Hours
PROGRAMME/PROJECT:
IST/e-Vote
AUTHOR
Organisation
ID
Risk event
Risk
exposure
e-VOTE/WP-1/D1.3/Final/13-12-2001
DOC CODE
RML
CLASSIFICATION
Int.
Mitigation
Strategy
Page 14 of 14

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz