2009 C‐IV Procurement Project RISK MANAGEMENT PLAN This document sets out the procedures and processes whereby initial and ongoing risks will be identified, categorized, quantified, controlled, and reported throughout the C‐IV Procurement Project.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 1/18
2009 C‐IV
Procurement
Project
RISK MANAGEMENT
PLAN
This document sets out the procedures and processes whereby initial and ongoing risks will be identified,
categorized, quantified, controlled, and reported throughout the C‐IV Procurement Project.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 2/18
11290 Pyrites Way, Suite 150, Rancho Cordova, CA 95670
C‐IV Procurement Project 2009
Blank Page
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 3/18
C‐IV Procurement Project 2009
11290 Pyrites Way, Suite 150, Rancho Cordova, CA 95670
Revision History
RELEASE DATE
AUTHOR
SUMMARY OF CHANGE
3/25/2009 Leslie Johnson Initial Release
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 4/18
11290 Pyrites Way, Suite 150, Rancho Cordova, CA 95670
C‐IV Procurement Project 2009
Blank Page
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 5/18
C‐IV Procurement Project 2009
11290 Pyrites Way, Suite 150, Rancho Cordova, CA 95670
Table of Contents
1 Introduction ............................................................................................................................. 1 2 Risk
Management
Objective.................................................................................................... 2
3 Risk Management Process....................................................................................................... 3 3.1 RISK Process Flow............................................................................................................ 4
4 Risk Escalation ......................................................................................................................... 9 5 C‐IV Procurement Risk Management Forms ......................................................................... 10
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 6/18
C‐IV Procurement Project 2009
11290 Pyrites Way, Suite 150, Rancho Cordova, CA 95670
Blank Page
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 7/18
C‐IV Procurement Project 2009
11290 Pyrites Way, Suite 150, Rancho Cordova, CA 95670 1 | P a g e
1 Introduction
This document sets out the procedures and processes whereby initial and ongoing risks will be
identified, categorized, quantified, monitored, and reported.
It is
important
to
distinguish
between
issues
and
risks.
Issues
are
items
that
have
occurred
and
require resolution. Risks are uncertain events or conditions that, if they occur, have a positive
or negative effect on a project objective. Risk Management is a proactive look at identifying
possible events that could affect the project. If a risk is realized, it may become an issue and it
will be documented in the C ‐IV Procurement Project Issue Management Plan. Refer to
the
C ‐IV Procurement Project Issue Management Plan located in th e C‐IV Procurement
Library at http://www.c‐iv.org/ProcurementLibrary.shtml for more details.
The purpose of risk management is to:
1. Identify and
analyze
potential
threats
to
the
success
of
the
project;
2. Develop mitigation strategies and plans;
3. Mitigate or eliminate negative impacts on the project;
4. Ensure all Project Stakeholders are involved in risk management as appropriate; and
5. Develop contingency plans for risks where it is unlikely or uncertain that the mitigation
will be effective.
The C‐IV Procurement Management team is responsible for a continuous risk appraisal process
throughout the C‐IV Procurement Project lifecycle. During the initial phase of the Project, the
C‐IV
Procurement
Management
team
is
composed
of
the
C‐IV
Project
Director
and
the
C‐IV
Procurement Manager. During this phase, the activities will be focused on Project initiation and
acquiring the services of a Planning Consultant through a competitive procurement. Once a
Planning Consultant is contracted, the C‐IV Procurement Project will move into the next phase,
in which all activities will be focused on acquiring the services of a Maintenance and Operations
(M&O) contractor. At this point in the project, the C‐IV Procurement Management team will
include Planning Consultant staff.
This document will be reviewed at least annually and updated as needed. Currently, Project
Risk Meetings are held monthly.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 8/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
2 | P a g e
2 Risk Management Objective
The objectives of Risk Management are:
1. To minimize threats to the C‐IV Procurement Project objectives;
2. To provide a systematic approach for:
• Identifying, categorizing, and assessing risks;
• Quantifying cost‐effective risk mitigation actions; and
• Monitoring and reporting progress in reducing risk.
The overall goal of the Risk Management strategy is to apply a proactive approach to reducing
exposure to events that threaten the accomplishment of the C‐IV Procurement Project’s
objectives by:
1. Incorporating routine business practices that minimize or avoid risks;
2. Ensuring risks are identified in a timely manner, should they occur;
3. Developing proactive and contingent responses to identified risks; and
4. Rapidly implementing risk responses.
Additionally, it is important not to attempt to document all possible risks and outcomes, as this
can often introduce improbable scenarios, which:
1. Create unnecessary
concern
and
confusion;
2. Shift focus away from the real or probable risks;
3. Dilute the pool of risks; leading to diminishing returns on effort, and
4. Reduce credibility for the risk mitigation process.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 9/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
3 | P a g e
3 Risk Management Process
The Risk Management process is an interactive cycle that will be performed during regular
review meetings
throughout
the
C‐IV
Procurement
Project
lifecycle.
New
risks
may
arise
from
a
variety of sources:
1. New risks previously missed or unforeseen;
2. New risks identified during project activities, such as:
• Meetings;
• Workgroup sessions; and
• Document reviews.
3. New risks arising from the investigation or mitigation of an existing risk.
The C‐IV Procurement Project Risk Management Plan is adapted from the Software Engineering
Institute (SEI) Risk Management approach:
1. Identify ‐ Risk identification is an ongoing process, which is monitored and updated
regularly. Risk identification provides opportunities, cues, and information that bring up
major risks before they adversely affect the C‐IV Procurement Project.
2. Track/Control ‐ Risk tracking and control follows the progress of the risk and its
probability, as well as the status of any mitigation/contingency strategies that have been
executed. When changes to the risk profile occur, the basic cycle of identify, analyze,
and plan will be repeated. Existing action plans may be modified to change the approach
if the
desired
effect
is
not
being
achieved.
3. An aly ze ‐ Risk analysis includes the determination of:
• Impact to cost, schedule, or resources;
• Probability of occurrence;
• Level of control;
• Exposure of potential risk item occurrence; and
• Priority of each risk.
4. Plan‐
Risk planning
consists
of
the
development
of
detailed
plans
for
either
mitigation
and/or contingency actions for a specific risk.
5. Implement ‐ Plan implementation is the act of executing the decisions made and
documented in the risk mitigation plans. A mitigation plan will be either tied to a trigger
event and executed upon occurrence of that event, or implemented immediately.
6. Report ‐ In an effort to provide visibility of risks and progress in mitigating them, both
verbal and written reports will be provided as needed, at least on a monthly basis.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 10/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
4 | P a g e
3.1 RISK Process Flow
Manage Risks
1. Identify Risk
Risk or Issue?
2. Analyze Risk
3. DetermineApproach andCreate Risk
Mitigation Plan
4. Create RiskContingency Plan
Risk MitigationRequired?
5. Implement RiskMitigation Plan
IssueManagement
Issue
Risk
6. Monitor Risk
EscalationManagement
Risk ConditionTriggered?
Handle asIssue?
7. Implement RiskContingency Plan
IssueManagement
8. Close Risk
No
No
Yes
No
Yes
Yes
Step Responsible Action
1. Risk Originator Identify Risk
Any person associated with the C‐IV Procurement Project is expected to
identify and document potential risks. Any Project team member or
stakeholder may inform the C‐IV Procurement Manager or PMO of a
potential risk. Identified risks will be documented in meeting minutes
and/or submitted directly to the C‐IV Procurement Manager or PMO via e‐
mail using the C‐IV Procurement Risk Form (see attached Appendix A) .
Risks are then categorized according to the potential impact on the C‐IV
Procurement Project. Risks can be categorized as cost, schedule,
technology,
operations,
or
external.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 11/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
5 | P a g e
2. C‐IV
Procurement
Manager
and/or PMO
Track an d Control
The risk are logged into the C ‐IV Procurement Risk Matrix and assigned a
status of Identified . During Phase 1, the C‐IV Procurement Manager will have responsibility for documenting and tracking risk identification activities and coordinating risk
analysis.
During Phase 2, the Project Management Office (PMO) support provided by
the Planning Consultant will have this responsibility.
3. C‐IV
Procurement
Manager
and/or PMO
Analyze Risk Similar and related risks are grouped prior to analyzing the probability,
impact, and
level
of
control
for
each
risk.
Risk Impact measures the effect that a risk will have on the project. Each
risk will be rated on its impact, if it does occur.
IMPACT RATING SCALE
Low (1) The risk does not represent a material impact on the project
budget, schedule, or quality.
Medium
(2)
The risk would disrupt project progress, extend the schedule,
or reduce
the
budget
over
the
short
term,
but
is
manageable.
High (3) The risk represents a significant negative impact on project
budget, schedule, or quality and threatens overall project
success.
Risk Probability is the likelihood that an event will actually occur. Each risk
will be rated on the probability of it occurring.
PROBABILITY RATING SCALE
Low
(1)
The
risk
is
unlikely
to
occur
or
will
probably
not
occur.
Medium
(2) The risk may occur or has a 50/50 chance of occurring.
High (3) The risk is almost certain or very likely to occur.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 12/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
6 | P a g e
Level of Control is the influence that the C‐IV Procurement Project has
regarding the outcome of the risk.
LEVEL OF CONTROL SCALE
No Control (1) None of the Stakeholders can control the outcome of
the
risk.
Minimal
Control (2)
State or Federal Stakeholders have the authority to
control the outcome of the risk.
Moderate
Control (3)
The C‐IV Procurement Project Management team has
the authority to control the outcome of the risk.
High Control
(4)
The C‐IV Procurement Manager has the authority to
control the outcome of the risk.
Risk Exposure will measure the overall threat of risks by assuming a risk
factor.
A numeric
score
will
be
used
to
determine
a Low
exposure
(1
or
2),
Medium
exposure (3 or 4) or High exposure (6 or 9).
The risk exposure is computed using probability and level of control.
The following risk calculation expresses the overall risk exposure.
Determine Risk
Priority
Using the Risk Exposure Factor, the C‐IV Procurement Management Team
will then review the newly identified risk to establish its relative rank or
priority among existing risks. C‐IV Procurement Management Team may
adjust resource assignments, action plans, or other priorities to ensure the
risk is adequately addressed.
= Probability x Impact Risk Exposure
Factor Level of Control
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 13/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
7 | P a g e
Step Responsible Action
Determine Approach
and
Create
Risk
Mitigation
Plan
This step involves developing actions to address individual risks, prioritizing
risk actions, and creating an integrated risk action plan.
Note: the C ‐IV Procurement Risk Matrix will be updated throughout the Risk
Mitigation lifecycle.
There are six responses to consider when formulating risk action plans.
1. Investigate. Risks that relate to a lack of knowledge may often be
resolved or managed most effectively by learning more before
proceeding.
2. Accept. This describes the risk factors that may directly affect the C‐IV
Procurement Project, but are outside of the sphere of influence of the
engagement, and therefore, can only be “accepted.” In addition,
acceptance of risks as a response may be based on the relative cost‐
effectiveness of any available response or solution. For example,
acceptance response could be created from a legislative or legal risk,
over which no control can be leveraged. The risk action plan will
include development of a documented rationale for accepting the risk
but not developing mitigation or contingency plans. It is prudent to
continue monitoring
such
risks
in
the
event
that
changes
occur
in
probability, impact, or level of control related to this risk.
3. Avoid. Risk avoidance prevents the Project from taking actions that
increase exposure too much to justify the benefit.
4. Assign. Assign‐based responses target the individual or entity best
placed to analyze and implement the response to the risk, based on
their expertise, experience, and suitability. This individual/entity
becomes the Risk Owner.
4. Risk Owner
5.
Mitigate. Mitigation (control)‐based responses are typically the most
common response. They identify an action that becomes part of the
domain working plans, and which are monitored and reported as part of
the regular performance analysis and progress reporting of the
engagement. Risk mitigation planning involves performing actions and
activities ahead of time either to prevent a risk from occurring
altogether, or to reduce the impact or consequences of its occurring.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 14/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
8 | P a g e
Step Responsible Action
6. Share. Share‐based responses identify and negotiate the sharing of risk
exposure with one or more involved parties. It is used to reduce impact
when the
risk
influence
is
seen
as
being
shared
between
these
parties.
The parties in question are generally the client, a third party supplier, a
business partner, or some combination of these. Like the Transfer
response, the Share response leaves the risk intact, but “shares” the
responsibility for actions and planning, and any consequences of risk
fulfillment. This option is the most complex to implement, as it requires
close communication and coordination with the involved parties.
5. Risk Owner Create Risk Contingency Plan
Risk contingency
planning
involves
creating
one
or
more
fallback
plans
that
can be activated in case efforts to prevent the adverse event fail.
Contingency plans are necessary for all risks, including those that have
mitigation plans. They address what to do if the risk occurs and how to
minimize its impact.
Triggers are established for the contingency plan based on the type of risk or
the type of impact that may be encountered.
Triggers are indicators that tell the C‐IV Project a certain condition is about to
occur, or
has
occurred,
and,
therefore,
it
is
time
to
put
the
contingency
plan
into effect.
If the risk is to have a Mitigation Plan, continue with Step 5; otherwise,
proceed to Step 6.
6. Risk Owner Implement Risk Plan
When the trigger event occurs or is imminent, the Risk Owner will initiate the
mitigation plan and notify the C‐IV Procurement Manager and/or PMO of the
plan execution. The Risk Owner will notify all parties identified in the
mitigation/contingency plan
and
ensure
all
activities
are
coordinated.
The
Risk
Owner will also take the specific measurements to determine the effectiveness
of the activities. If it appears the activities are not producing the desired
effective, the Risk Owner will propose changes to address the deficiencies.
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 15/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
9 | P a g e
Step Responsible Action
7. Risk Owner,
C‐
IV
Procurement
Manager
and/or PMO
Report
The Risk Owner will inform the C‐IV Procurement Manager or PMO of risk
status updates as needed. The C‐IV Procurement Manager or PMO will
provide risk activity status and effectiveness reports to the C‐IV Procurement
Project Management team during monthly C‐IV Procurement Project Risk
Management Meeting.
8. C‐IV
Procurement
Manager
and/or PMO
Risk Closure
Where risks are determined not to be valid or have been removed through the
implementation of a mitigation plan/contingency plan, the risk is closed.
Consensus at
the
risk
meeting
must
be
achieved
before
a risk
is
closed.
4 Risk Escalation
The C‐IV Procurement Manager will be responsible for risk escalation. If consensus regarding a
risk cannot be reached within the C‐IV Procurement Management team, the risk will be
escalated to the next higher authoritative level for resolution. The Risk escalation process and
procedures mirror the Issue Tracking and Escalation Process as detailed in the C‐IV
Procurement Project Issue Management Plan. The C‐IV Procurement Project Issue Management
Plan can be access through the C‐IV Procurement Library located at:
http://www.c‐iv.org/ProcurementLibrary.shtml
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 16/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
10
| P a g e
5 C‐IV Procurement Risk Management Forms
The C‐IV Procurement Project will use the C‐IV Procurement Project Risk Management Form
(see Attachment
1)
and
C‐IV
Procurement
Project
Risk
Log
(see
sample
below).
Until Planning Consultant services are acquired, risk documentation will be stored on a
restricted drive on the C‐IV Project local area network (LAN) and the C‐IV Procurement Manager
will be responsible for risk tracking and control.
Following acquisition of Planning Consultant services, risk documentation will be stored on the
Planning Consultant’s Project local area network (LAN), and the Project Management Office
(PMO) will be responsible for risk tracking and control.
C‐IV Procurement Project Risk Log
ID Risk Name Risk Status Risk Category
Date
Raised
Risk
Originator Risk Description Owner Priority
Notes
(Date‐ Update, Analysis or Resolution)
Date Risk
Closed
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 17/18
C‐IV Procurement Project 2009
11290 Pyrites
Way,
Suite
150,
Rancho
Cordova,
CA
95670
11
| P a g e
RISK MANAGEMENT PLAN
ATTACHMENT 1
RISK MANAGEMENT FORM
7/31/2019 29047841-Risk-Management-Plan-03-25-2009
http://slidepdf.com/reader/full/29047841-risk-management-plan-03-25-2009 18/18
C‐IV Procurement Project 2009
C‐IV Procurement Projec
Risk Management
FormRisk Name
Issue Status Opened Assigned Deferred Escalated Closed
Date Raised
Risk Originator Name &
Contact Information
Risk Category Cost/Budget Schedule Resources Strategic Direction Process
Technology External
Risk Trigger Event Description
Risk Owner
Risk Mitigation Plan
Contingency Plan
Project Use Only
Date Received
Risk ID