The Risk Management plan provides the basis for decision making when managing risks for a project. This plan provides a formatted document for recording risk management planning decisions and values for the project.

Section I: Risk Management RASIC Chart

This section outlines the responsibilities of selected stakeholders for each step in the Risk Management Process.

Steps	Project Manager	Risk Owner	CCB	Project Team
1. Establish Risk Mgmt Plan	R	--	C	A
2. Identify and Document Risks	R	S	S	S
3. Evaluate Risk and Assign (Perform Initial Review)	R	S	S	S
4. Develop Mitigation/Contingency Plans	I	R	I	I
5. Monitor Risks	S	R	S	A
6. Review Risks	R	S	A	A
R=Responsible A=Approve S=Support I=Information C=Consult

Section II: Project Risk Management Planning Decisions

Risk Activity High Level Risk Assessment Risk Management Planning Risk Identification Log Review

Frequency __ Annually __ Semi-Annually __ Quarterly __ Monthly __ Plan Project Work __ Re-Planning __ Monthly __ Every Other Week __ Weekly

Risk Levels and Definitions

Project-level - Risk related to the project as a whole. These risks will span multiple CRs and multiple releases, and may be related to risks in other projects. This section documents the risk levels that the project shall use, and provides a definition of each level.

CR Risks Risks unique to a specific change request.

.>

Risk Recording, Tracking and Handling

Regardless of the type of risk (CR, Release or Project), all risks will be evaluated to determine how they will be handled. A value of Accept, Mitigate, Transfer, or Avoid will be designated for each risk.

All risks will be tracked in the projects Risk ID List, where they are maintained and periodically reviewed by the appropriate parties. Risk reviews are done according to these guidelines:

Project-level Risks At a minimum, these risks are reviewed monthly with the project team during the team meetings.

CR Risks Reviewed monthly by the project team in project status meetings. If necessary, they are escalated to the CCB.

As each risk is recorded, the PM will record the following fields (each field will carry a value between .01 - .99):

Probability

Impact

Risk Monitoring Activities

Risks will be monitored by the Project Manager by reviewing the risks listed in the teams Risk List. As risks are reviewed, the PM (or designated individual) is responsible for:

Executing Mitigation, Transfer or Avoidance Plans when they are developed for a risk.

Executing a Contingency Plan when a triggering event occurs.

Collecting information on risks and maintaining the Risk List so the stakeholder have the latest information when reviewing risks.

Updating the Risk List as status changes occur for each risk.

The identification of new risks can occur at any time. When a new risk is identified by a team member, it is brought to the attention of the PM who assumes ownership of the risk.

Risk Category Values

The project will use the following list when determining the category of risk, however it is noted that additional categories not noted in the checklist may be identified.

Scope

Schedule

Resource

Risk Source Values

The project will use the following list when determining the source of risk, however it is noted that additional sources not noted in the checklist may be identified.

Internal

Strategic

External

Risk Exposure Threshold

All Risks assessed to have a Risk Exposure (the product of Probability and Impact) equal to or greater than .30 shall have a documented Risk Handling Plan.

Section III: Parameter Thresholds and Criteria

Parameter/Threshold	.01 - .24	.25 - .49	.50 - .74	.75 .99
Probability - Likelihood of becoming a problem?	With routine management, likely to solve itself	May occur if not addressed	Will occur if special attention is not paid to it	Guaranteed to become a problem unless action is taken
Impact - What is the overall impact, considering all factors?	Negligible impact; no attention from management	Noticeable impact at the higher levels of management	Serious impact at all levels of management	Very serious impact; potential Corporate attention