Professional Documents
Culture Documents
Overview The Risk Management Plan identifies the risks that can be defined at this stage of the life cycle, evaluates them, and outlines mitigation actions. This Plan will be periodically updated and expanded throughout the life cycle as the project increases in complexity and risks become more defined. 1 1.1 INTRODUCTION Purpose In this section, present a clear, concise statement of the purpose of the Risk Management (RM) plan. Include the name and code name of the project, the name(s) of the associated system(s), and the identity of the organization that is responsible for writing and maintaining the RM plan. 1.2 Background This section briefly describes the history of the project and the environment in which the project will operate. (This information may be included through reference to other project documents.) Include the following information: 1.3 Identification of other systems with which the subject system interfaces Contractor support for development and maintenance System architecture, operating system and application languages Development methodology and tools used for the project
Scope This section presents a definitive statement of the scope of the RM planning contained in this document, including the limits and constraints of the RM plan.
1.4
Policy Include in this section policy decisions that affect how RM is conducted. This section also lists documents that are referenced to support the RM process. Include any project or standards documents that are referenced in the body of the plan or that have been used in the development of the document.
1.5
Approach In this section, describe the projects approach to risk management. Include the elements of identification, analysis, planning, tracking, control, and communications. Discuss the projects risk mitigation strategies in general and detail specific strategies that have significant impact across the project (e.g., parallel development, prototyping).
Once the risks have been identified, document them in this section as the risk identification list. Steps for developing the risk identification list are the following: Number each risk using sequential numbers or other identifiers. Identify the SDLC document in which the risk is applicable. For instance, if you are working on the CM plan and discover a CM risk, identify the CM plan as the related document. Describe the risk in enough detail that a third party who is unfamiliar with the project can understand the content and nature of the risk.
Use the risk identification list throughout the life-cycle phases to ensure that all risks are properly documented. 3 RISK ASSESSMENT The project management plan and the risk identification list are inputs to the risk assessment. Categorize the risks as internal or external risks. Internal risks are those that you can control. External risks are events over which you have no direct control. Examples of internal risks are project assumptions that may be invalid and organizational risks. Examples of external risks are Government regulations and supplier performance.