Fillable Printable Risk Management Plan Sample
Fillable Printable Risk Management Plan Sample
Risk Management Plan Sample
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 1 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
Risk Management Plan
Private Placement Content Management
System
Kathy Cibotti
9/15/2009
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 2 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
Version History
Date Version Author Change & Section
9/15/2009 1.0 Kathy Cibotti Draft
9/15/2009 1.1 Kathy Cibotti Changes from Jordan Harris to refine process
flows and roles/responsibilities.
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 3 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
Table of Contents
1Risk Management Process...............................................................................................................5
2Risk Management Roles & Responsibilities...................................................................................5
3Risk Assessment................................................................................................................................6
3.1 Risk Categorization.............................................................................................................................6
3.2 Probability Rating...............................................................................................................................6
3.3 Impact Rating......................................................................................................................................7
3.4 Priority Score & Priority Rating.........................................................................................................7
3.5 Risk Management Tools.....................................................................................................................8
4Risk Monitoring and Control..........................................................................................................8
5Appendix............................................................................................................................................8
5.1 Attachments........................................................................................................................................8
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 4 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
Guidelines:
The purpose of the Risk Management Process is to provide a structured method to help: identify, analyze, plan,
monitor, control and communicate risks that threaten the success of a project. This process is comprised of two
required templates the: Risk Management Plan and Risk Register. Depending upon the project needs, the project
manager has the option of using these standard templates or customizing the plan and register to suit the specific
needs of the project.
The Risk Management Plan describes the risk management and control: workflows, assessment processes,
supplemen tary tools, roles and responsibilities.
The Project Manager completes the Risk Management Plan during the planning stage of the project and reviews the
plan with the entire team to secure buy-in. The Risk Register is also created during the planning stage and updated
through standard risk manag ement processes throu ghout the life of the project. Review of risks, their impacts and
status should be built into regular team work sessions or supplementary risk management sessions depending upon
the nature of the project.
All sections must be completed for all projects, regardless of level. The intricacies of the plan are contingent upon
the complexity level of the project.
Document Filling Instructions:
Fill the information in the Text boxes.
Do not leave any section blank.
The cells in the table may be filled in by clicking in the corresponding row/column and typing. To add additional
rows to the table, TAB after placing the cursor in the last row and last column.
[Text enclosed in quotes and displayed in red such as "Tab to add rows" should be deleted before saving the
document.]
When inserting an image, such as a workflow or chart: 1) only insert the image in the appropriate text box, 2) save
the imag e as a Word document; and, 3) insert the ima ge as a file.
[To insert an image as a file: 1) from the menu bar, select “Insert”, 2) select “File”, 3) select the Word file
document; and, 4) click “Insert.”]
After finishing the document, please re-generate the complete Table of Contents to reflect the correct page
numbering. (Select the Table of contents; right-click; select “update field s” and select “update pa ge numbers only”
command).
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 5 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
1Risk Management Process
Insert high level workflow or textual description of the risk: identification, analysis, monitoring, and mitigation/elimination
process that will be followed.
Risks can be identified by any member of the project team. They can be sent via email or raised during a team
meeting. The project manager is responsible for logging the risks and assigning a team memb er to analyze. Risk
owners and team members can recommend that a risk be closed; but the Steering Committee must authorize the
closure of high and medium level risks.
2Risk Management Roles & Responsibilities
Insert a table of responsibilities or amend the process flow in #2 above to identify key risk management participants and their
roles (see sample fo r example formats).
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 6 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
RolesResponsibilities
Team
members
Raise risks. Ensure the PM is informed of the risks.
Project
Manager
Logs risks. Assigns an analyst to assess i mp act, probability and develop an action plan.
Maintains the risk log including detailed status information from each review ses sion in the
register.
Conducts regular risk review sessions with steering committee and project team to review risks.
Follows-through with risk owners independently of team meetings.
Escalates high impact risks to senior management for awareness and assistance.
Steering
Committee
Address high impact risks that the PM and team cannot manager on their own.
Must be aware of significant project risks and costs associated with the risks.
Authorize the closure of high/medium level risks.
Risk
Owner
Regularly update team on status; action plans and state of risk.
3Risk Assessment
3.1Risk Categorization
List and describe the catego ries of potential risks. This structured taxonomy will b e used to help identify project risks. These
can be identified by asking ‘what could go wrong?’
1.Technology – new application of Microsoft Office SharePoint Services (MOSS) integrated with
Documentum
2.Business Process Changes – Enhancing workflows, training staff, implementing new workflows
3.Resource Constraints – Market changes have shifted focus of resources; may have to compen sate with
consultants that could impact the budget
3.2Probability Rating
The following probability ratings have been integrated into the Risk Register. Use these default ratings or refine as desired
by the pro ject. If the p robability ratings are modified, update the Risk Plan and Risk Register Risk to reflect the changes.
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 7 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
Probability Score©Description
Low 10
Unlikely to occur (e.g. less than a 25% chance of occurring during the course of the
project).
Medium 20
Likely to occur (e.g. > 25% and < 75% chance of occurring during the course of the
project).
High 30
Highly likely to occur (e.g. >75% and < 100% chance of occurring during the course of
the project).
3.3Impact Rating
The follo wing impa ct ratin g s ha ve been in tegr a ted in to th e Risk Register. Use these default ratings or refine as desired by the
project. If the impact ratings are modified, update the Risk Plan and Risk Register to reflect the changes.
Impact Score Description©
Low 10
Minor impact on the project (e.g. no impact to any milestone or deliverable dates)
Medium 20
Measurable impact on a specific milestone or deliverable and/or budget impact
High 30
Significant impact on key milestones, deliverables, and/or budget
3.4Priority Score & Priority Rating
The following Priority Score and Priority Ratings are automatically calculated in the Risk Register based upon Probability
Rating and Impact Ratings selected. Use the default Priority Scores and Priority Ratings or refine as desired by the project.
If the Priority Score or Priority Rating are modified, reflect changes in the Risk Plan and Risk Register.
Probability Rating Impact RatingPriority Score
Priority
Rating
Low Low 10
Low
Low Mediu
m
15
Medium
Low Hi
g
h 20
High
Mediu
m
Low 15
Medium
Mediu
m
Mediu
m
20
Medium
Mediu
m
Hi
g
h 25
High
Hi
g
h Low 20
High
Hi
g
h Mediu
m
25
High
Hi
g
h Hi
g
h 30
High
Commonwealth of Massachusetts
Information Technology Division
CW Risk Management Plan
Risk Management Plan SAMPLE 8 of 8 9/23/2009
Common Values -Common Goals
Common
Way
Common Values -Common Goals
Common
Way
3.5Risk Management Tools
Identify other risk analysis tools that will b e used, beyon d or instead, of CommonWay sta ndard templates and guidelines.
Only standard templates will be used.
4Risk Monitoring and Control
Specify the approach and frequency for tracking, analyzing, escalating, reporting, monitoring and resolving project risks
from inception to closing. This should include the establishment of any risk review committees. The monitoring and control
processes are tightly coupled with Risk Register.
The Risk Register will be updated, at minimum, weekly and will be used to guide all risk review sessions. Risk
monitoring and reporting will involve the following:
1.High and medium level risks will be monitored weekly during regular team meetings. This is an
opportunity for team members to provide updates and to ensure that they understand project risks.
2.All risks will be monitored on an ad-hoc basis between the Project Manager and the Risk Owner. Risk
owners are expected to give regular updates to risk as follows: weekly if the risk is high; monthly if the
risk is medium or low.
3.High and Medium level risks will be reviewed monthly with the Steering committee. The Steering
Committee must also authorize the closure of high and medium risks.
5Appendix
5.1Attachments
Document/System Na me Location/Link
None