HARVEST CITY: THE INTELLIGENT PROCUREMENT

SYSTEM PROJECT
RISK MANAGEMENT PLAN TEMPLATE

Submitted By:
Shweta Ramesh
Salina Kunwar
Nidhi Mehta
Mustafa Uzun
 VERSION HISTORY

Versio Implemented Revision Approved Approval Reason

n# By Date By Date
1.0 Risk Management Plan
First Draft
 TABLE OF
CONTENTS

1 INTRODUCTION 1
1.1 Purpose Of The Risk Management Plan 1
1.2 The Project Background 1
1.3 Parent Organization Background 1
1.4 Project Organization Structure 2
2 RISK MANAGEMENT PROCEDURE 4
2.1 Process 4
2.2 Risk Identification 5
2.3 Risk Analysis 5
2.3.1 Qualitative Risk Analysis 5
2.3.2 Quantitative Risk Analysis 6
2.4. Risk Response Planning
2.5. Risk Response Implementation
2.6. Risk Monitoring and Reporting

3 ROLES AND RESPONSIBILITIES 8

4 BUDGETING 9
5 TIMING 9
6 RISK BREAKDOWN STRUCTURE/ CATEGORIES 9
7 STAKEHOLDER RISK TOLERANCE 11
8 COMMUNICATION: REPORTING FORMATS 12
9 REFERENCES 13
1 INTRODUCTION
1.1 PURPOSE OF THE RISK MANAGEMENT PLAN
A project risk management plan is a structured document that outlines how to manage
the project's operations and outcomes and what risk management procedures should
be followed to lessen or avoid problems altogether. This Risk Management Plan
outlines the methods for identifying, evaluating, and managing risks related to the
Harvest City: The Intelligent Procurement System Project. Project risk management
involves necessary steps, including risk identification, analysis, response, control,
tracking, and reporting. The project risk management strategy is intended to lead the
project management team through the process. A project risk management plan that
positively affects the project is offered by the system for avoiding and controlling the
risks present in the project.
1.2 THE PROJECT BACKGROUND

The intelligent procurement system project study by Lynda M. Applegate and Ramiro
Montealegre is featured in the Harvard Business School (HBR) case study. The
Harvest City: The intelligent procurement system case study provides leadership and
management assessment and decision scenarios. It also covers business-related topics,
including marketing strategy, policies, IT, administration, negotiations, and project
management.

The case of Harvest City demonstrates how the modern conference center in the
Midwest of the United States employs an intelligent procurement system based on the
cloud and IoT. The choice to build a conference center in this region results from
extensive IT use in the planning process. There is a significant chance that it won't be
put into action. These mistakes cost money and affect many stakeholders. The Harvest
City Convention Center and Venso signed a $26 million deal on November 15 to
deliver a best-in-class IoT-based procurement system that makes buying direct and
indirect services easier. The activities, choices, and actions performed to incorporate
Harvest City's innovative procurement system are reviewed in this case to investigate
the problems with the automatic execution of the plan.
1.3 THE PARENT ORGANIZATION BACKGROUND
To give the locals a new and prominent gathering site, members of the town council in the
US's expanding Midwest decided to visualize promoting this region as a global business
travel destination in 2009. They decided to approve the construction of a conference center
in the city center. In 2010, Mayor Thompson established a task team of locals to select a
developer.

In 2012, Thompson hired John Casper as the project's management company's CEO. In
September 2012, an agreement for a grant of $60 million for the new facility was reached
with Thompson and the major players. The award will be funded by tax bonds and federal
monies and will supplement considerable financing from the city. A convention center, a
shopping center, a luxury apartment building, and a five-star hotel with 1,200 rooms were
all part of the complex.
Phase 1 of the project will see the construction of the hotel, conference center, and parking
garage. Phase 2 will see the development of retail centers and apartment buildings. Phase
1 of Harvest City was expected to require $100 million in federal funds, of which $80
million would be charged in 2013 and $20 million in 2014.

The convention center aims to promote the city as a top business travel destination while
also giving locals a trendy, upscale meeting spot inside the city. The project is being carried
out to prioritize the city's businesses and infrastructure. The system would be finished and
operating by September 1, 2016, according to a June 2014 agreement between Venso and
Harvest City's Convention Center. The project included the deployment of intelligent data
acquisition and the construction of an IT system.
1.4 THE PROJECT ORGANIZATION STRUCTURE

This process is called project management. It establishes the parameters within which
choices about structuring a proposal will be made. Budgets, timetables, personnel, and
equipment are all considered when determining how the project will be carried out.
Next, the stakeholders in the project are introduced to the organization.

Programmatic, Matrix and project-based organizational structures are the three

categories. In this situation, a project will choose from one of three organizational
structures, each of which will depend on the corporate authority standards of the
project manager. We have decided on a project-based organizational structure for this
project. A project manager has complete control over the project under this
organizational structure. The structure of a project-based organization in this project
is highly technical and sensitive to change. Flexibility would be essential in a project-
based organizational structure. The project manager oversees the undertaking and
updates the board and project sponsor. The team members answer directly to the
project manager.
Project Sponsor: The sponsoring project is not a part of the project's regular
operations and has the power to offer aid to overcome project challenges. The project's
potential to accomplish the objectives of the parent organization is enhanced by the
project sponsor's support and guidance.

Project Manager: Project managers are responsible for most of the company's jobs.
Controls all project stages and the resources, employees, and work that are brought
into the project from the beginning to the finish.

Procurement Manager: One aspect of the project is the method used to purchase and
sell the required equipment and supplies.
Technical Manager: Organizes and controls the project's technological resources.
Additionally, an IT specialist is offered as technical assistance who may help
implement contemporary technology in the project.
Project Controls: Project control is the planning phase of a project that oversees its
advancement. Assesses the project's planning, estimating, and other related duties,
including cost reporting.

Project Quality: The project quality manager is concerned with the quality of the
project work since it is an indicator of project success.
2 RISK MANAGEMENT PROCEDURE

2.1 PROCESS
Project Risk Management is a proactive approach to deal with potential
uncertainties to ensure that they do not turn into full-blown issues or
challenges during the project lifecycle. It involves a series of processes
performed iteratively to ensure that the risk management plan reflects the
latest project scenario. It involves risk assessment through risk identification
and analysis, prioritization, risk mitigation, and monitoring. The ultimate aim
of risk management is to reduce the uncertainties associated with the project
to increase project profitability and the quality of delivery. The project charter
acts as the handbook that guides the team about the project's objectives and
key deliverables that have been agreed upon. The risk management plan is
developed to manage the anticipated contingencies to ensure that the purposes
of the project, as stated in the project charter, are duly fulfilled.
Risk identification is the first step in a realistic and sustainable risk
management process. Risk analysis follows this based on parameters like
potential financial loss, time loss, the severity of the impact, and the resource
requirement to manage the anticipated risk. Post-analysis, the risk is evaluated
and prioritized based on its severity.
This process also helps understand the link between the risk and the different
aspects of the business that mitigating this risk will affect. This is followed by
the heart of the process, which involves mitigating or managing the risk. Once
the said risk has been mitigated, the company cannot afford to put the plan
aside and focus on operations because as the project scenario changes, so will
the risk scenario. To catch up with these evolving facets, the risk management
plan must be continuously monitored and reviewed to reflect the most current
status of projects.
Image Source: https://www.invensislearning.com/blog/risk-management-process-steps/

In the case of this particular project in focus, the project sponsor and, thereby,
all the stakeholders involved did not have a risk management plan in place.
This project, therefore, is a clear example of the importance of having an
updated project risk management plan and underlines everything that can go
wrong with the delivery and operations of the project without a plan.
We have discussed the processes, techniques, and stakeholders involved in
getting through the risk management process in a project in the sections
below.
2.2 RISK IDENTIFICATION
Risk identification involves creating a dossier of all the anticipated risks that the
project, function, or organization could face in delivering a project. Since this is an
expansive list, it requires the contribution and involvement of all significant
stakeholders associated with the project and could be impacted by the risk.
Risk identification is carried out using the following techniques:
• Brainstorming – SMEs, higher ranking stakeholders like chief engineers,
team leads, design chiefs, operations heads, city council heads, mayors, etc.,
will brainstorm to find a list of anticipated risks the project could face.
• Gemba Walks – This is a process used to understand the current state of the
system/ project and the exact scenario of operation in real-time. It is a six
sigma methodology that involves identifying the wasteful contributors to the
process which can be eliminated, thus reducing risks
• Interviewing – Interviews can be conducted to understand the apprehensions
of all stakeholders to understand the problem areas they feel might pose a risk
to project delivery. This will help the project managers understand different
perspectives and call out potential conflicts to facilitate resolution early in the
project.
• Survey Questionnaires – For understanding the anticipated risks from a larger
audience, such as people working on-ground operations. The surveys should
be created so that all the people responding to them can understand the
language and the intent behind the questions, thus enabling them to answer
questions as honestly as possible.
• SWOT Analysis – Helps identify areas of improvement, strengths, and threats
using a standard framework. This can be used iteratively to help the project
team evaluate the project status at regular intervals.
2.3 RISK ANALYSIS
Risk analysis examines the changes to the project goals and outcomes that might
change because of an impending risk or an executed risk response. Risk analysis
analyzes all the risks which were identified in the previous step and score them
based on the following factors:
• Likelihood: Probability of occurrence
• Impact: Impact of risk materialization
• Velocity: Speed of risk impactMaterialization
 • Potential severity of the impact
After this, the risks are analyzed on two fronts, i.e., quantitatively and
qualitatively
2.3.1 Qualitative Risk Analysis
Qualitative risk analysis is generally used for all risks that have been
identified, while quantitative risk analysis applies to a smaller subset based on
the type of project and the availability of factual data to perform risk analysis.
Scenario analysis is one of the most commonly used techniques for
ascertaining the risk of the occurrence of events. These figures are established
based on the following parameters:
• Impact of the Event
• Probability of the Event
Risk levels are ascertained based on the score of the risks on these two
parameters. Projects usually have a custom range of risk tolerance which helps
them classify risks into different risk levels based on their ranking on the scale
of impact and probability.

Score on Severity Risk Zone/Level

and Impact
High Severity, Red Zone (Major Risk)
High Impact
Moderate Severity, Yellow Zone (Moderate Risk)
Moderate Impact

Low Severity, Low Green Zone (Low Risk)

Impact

Most firms also add a component of the likelihood of the risk occurring and
classify risks based on that front as follows:
• Highly Likely: Typically, risks with 91% or more chance of occurrence
fall into this category
• Likely: Risks in the 61-90 (%) occurrence fall in this category. These
risks require a continuous risk mitigation strategy
• Possible: Risks with 41-60 (%) chance of occurrence. Frequently
occurring risks fall under this category
 • Unlikely: Chance of occurrence is 11- 40 (%). They need to be
monitored but are not very likely to occur
• Highly Unlikely: Chance of occurrence is less than 10%

2.3.2 Quantitative Risk Analysis

Quantitative Risk Analysis is the process of quantifying the impact of the
risk on project objectives. This numerical information is frequently used
to determine the cost and time contingencies of the project (Meyer, W.
G., 2015).
Quantifying risks is a good practice in risk management because it helps
the project manager understand the impact and severity and relay it to
different stakeholders, thus seeking timely action and mitigating the risk.
Quantifying the risk helps the project manager ascertain the risk response
strategy and plan the future course of action accordingly. This gives them
the urgency and the criticality of the matter. It will also help the senior
management determine the required budget and procure funds to fund the
risk mitigation response adequately.
The following methods are used for Quantitative Risk Management:

• Failure Mode and Effects Analysis (FMEA)

• Expected Monetary Value
• Probability Analysis
• Program Evaluation Review Technique (PERT)
 For this project, we will use the Expected Monetary Value method to quantify
risk and urgency.
2.4 Risk Response Planning
Risk response planning is developing options and determining actions to enhance
opportunities and reduce threats to the project's objectives. It includes identifying and
assigning individuals or parties to take responsibility for each agreed risk response
(Risk Response Model, n.d.).
2.5 Risk Response implementation
This is a process where the response plans are implemented. This is a continuous
process, as is the risk identification and analysis, and it needs to be refreshed each
time any aspect of the risk management plan changes.
The inputs to this plan are the project management plan, project documents such as
the risk register and risk reports, and the organization process assets.
It also identifies the responsibilities of all the people involved in the risk management
process and assigns ownership for their actions. Although the techniques used for this
are subjective and differ based on the project type, the commonly used techniques are
expert judgment, interpersonal team skills, collaboration, documentation, and records
of the efforts undertaken to implement the risk response plan.
Change requests and project document updates like incident logs, lessons learned
register, and areas of improvement are identified as an output of this process.
2.6 Risk Monitoring And Reporting
This should be an integral part of the project management process and require regular
revisions. It should be reviewed externally and internally to maintain quality, and this
process's results should be taken as a pointer for continuous improvement. The firm's
monitoring and review process should comprise all risk management aspects.
As a part of the monitoring and reviewing of the response, any actions or events that
change the status of risk should be documented. Examples of changes are changes to
risk evaluation as a result of any improvements or issues, control breach logs, and any
new risks identified.
Senior management needs to conduct periodic checks and reviews of these reports.
 3 ROLES AND RESPONSIBILITIES
We all perform distinct roles in Harvest City: The Intelligent Procurement System
since there are many hazards and insufficient planning. Each risk has an assigned
owner overseeing all risk-related activities and, if needed, taking the necessary
precautions. We notify the responsible parties, the appropriate authorities, and the
relevant members of each danger. We have created a table that aids in risk
identification and makes each member aware of their responsibilities in risk. This will
assist us in identifying dangers and ensuring the project's success.

CEO Mayor PM Project IT Team Other

Coordinator Stakeholders

Excessive R A
expectations
leading to project
failure
Procurement I R S S
Delay/Failure
System security R I R
failure
Server failure and I R
misplacing the
documents
Lack of security I S R
tools because of
shortage from
vendors
Delay in starting I S R S
production
Unidentified I R
error after project
implementation
Lack of A R S
Coordination at
final deployment
Unplanned I I R S
hardware and
software that
must be
accommodated

CEO Mayor PM Project IT Team Stakeholders

Coordinator
Leadership R A I S
change
Testing I A S A R
takes more
time due to
fewer
resources
The final I R R
product
does not
meet the
requirement
s
Sub-system I R A S
Changes
Vendor A I R
demands
for
changing
design
specificatio
n that is
already
finalized
Too many R R I I
stakeholder
s in the
high-
interest and
high-power
domain

Where,
R – Responsible
A – Authority
S – Support
I – Inform

4 BUDGETING
The project manager, Sponsor, and financers are all involved in the budgeting
decisions of the project. Additional fund allocations required to mitigate risks in
the event of occurrence will be approved by the project sponsor and financed
based on the funding procured by the Sponsor in conjunction with the promoters
and financing agencies. The budget required for risk management is determined
based on negotiations with all stakeholders, and the priority of scope agreed
upon. The project manager is responsible for preventing or reducing risk, and
the Sponsor is responsible for financing.
5 TIMING
Risk management strategy assessment shall be conducted from time to time. The
risk to the project has to be monitored and is to be tracked continuously once
completed. The purpose of this is for the updated risk management strategy.
For any risk in the foreseeable future to be managed, it is vital to assess risk
management from time to time. If there are possibilities for the risk, risk
resolution has to be implemented, which is best suitable at that particular time.
Various strategies will be analyzed during this process and time to find the best
alternative.
Once the project is completed and reaches its milestone, it is necessary to check
whether the risk response has been initiated. The baseline and the possibilities
for the new risk has to be updated. With the timely monitoring of the risk, there
will be a proper discussion about the effect and the closure of the risk for the
best possible strategies. All the stakeholders will be informed about the risk for
 a smooth operation. This will minimize the risk of uncertainty, accountability,
and conflict within the project team.
Therefore, with the regular assessment of risk management, the possible risk is
reported in the risk log, and the risk control plans have been reviewed with the
discussion that will be conducted among the team for the best outcome.
6 RISK BREAKDOWN STRUCTURE/ CATEGORIES
Risk breakdown structure (RBS) is a hierarchical representation of risks that
helps identify and organize different risk categories. Typically, RBS includes
several levels, such as:
Strategic: Risks associated with an organization's overall goals and objectives,
such as changes in market conditions or competitive landscape.
Operational: Risks associated with the day-to-day operations of an organization,
such as supply chain disruptions or IT failures.
Project-specific: Risks associated with a specific project or initiative, such as
schedule delays or cost overruns.
These different risk categories can be integrated into a risk register, a document
or tool used to identify, assess, and track risks. The risk register can help ensure
that none of the risks are missed and can be used to communicate risks to
stakeholders.
RBS can also be used to identify which risks are related and the main risks that
can affect the project. Additionally, it can be used to identify the risks that are
specific to a particular department, process, or activity.
The different categories of risk in RBS can help to:
Ensure that all risks are identified and considered
Prioritize risks and focus attention on the most critical risks
Develop a risk management plan to address the most significant risks and reduce
their impact.
Therefore, RBS is a structured approach to identifying and organizing risks that
help ensure that none are missed and can be used to communicate risks to
stakeholders.
7 STAKEHOLDER RISK TOLERANCES
The level of risk that will be tolerated in a project can vary depending on the
project's stakeholders and their level of risk tolerance. Stakeholder analysis can
be used to identify the stakeholders, understand their interests and concerns, and
determine their level of risk tolerance.
The level of risk tolerance can be influenced by factors such as the stakeholders'
business objectives, budget, and timelines, as well as the potential impact of risks
on the project's outcomes. For example, a stakeholder with a higher tolerance for
risk may be willing to accept a longer timeline and higher costs in exchange for
a higher potential for success. In comparison, a stakeholder with a lower
tolerance for risk may prioritize sticking to a tighter timeline and budget over
pursuing a higher potential for success.
Once the level of risk tolerance is understood, it can guide how much risk work
needs to be done in the project. For example, if the stakeholders are willing to
accept a higher level of risk, the project team may need to do less risk work to
mitigate the risks. On the other hand, if the stakeholders have a lower tolerance
for risk, the project team may need to do more risk work to mitigate the risks
and ensure that the project stays within the stakeholders' risk tolerance.
It's important to note that the risk tolerance level can change over the project as
the stakeholders' perspectives and priorities change. Therefore, it's essential to
continue to assess the stakeholders' risk tolerance and adjust the risk work as
needed.
 8 COMMUNICATION: REPORTING FORMATS
The project will be completed with the team, and the decisions of the
stakeholders play a significant role. All the milestones, progress, baseline
updates, and challenges during the assessment will be used for vital decisions.
Clear communication from time to time is essential for the success of the project.
Thus, the stakeholders must be informed and communicated clearly about the
risk on time to initiate the proper resolution considering the input, perspective,
opinions, and expectations. It can be at the project's baseline, during the project,
end, or after the project is running.
Communication Plan:

Purpose Medium Frequency Audience

Kickoff -Risk In-person, Start of the Project

meeting assessment video project manager,
-Stakeholders' conference, and Project Sponsor,
involvement emails Venso, and
-Objectives additional
stakeholders

Project team - project status In-person, via Twice a week Project team
meeting video
conference, and
emails
Check-ins - Update Emails Once a week Stakeholders,
stakeholders Project sponsor,
and sponsors and investors
about the
progress
Project - Feedback and Video Once a month Project
Progress queries and conference manager,
Meetings update project Project sponsor,
status and
Stakeholders
UX Design - Provide In-person and After the Project team,
review progress of emails completion of Venso, and
intelligent each phase Project Sponsor
procurement
system and
receive
feedback

The whole team, including each member, is entitled to communicate with the
stakeholders about the risk. However, the project manager should monitor the
communication flow. The communication project plan must include the
following:
• Intend or goal of the communication plan
• Stakeholders' roles and responsibilities and the information to be shared
with them
• Communication method and its frequency
REFERENCES

1. Project Organization (2021), Retrieved from https://saylordotorg.github.io/text_project-

management-from-simple-to-complex-v1.1/s05-02-project-organization.html
2. Harrin. E. (2018), Pros and Cons of 3 Project Organizational Structures Retrievedfrom
https://www.thebalancecareers.com/pros-and-cons-of-project-organizational-
structures-4105214#functional-organizational-structure

3. Hughes. K. (2018), Project Organization 101: How to Structure Your Project Retrieved
from https://www.projectmanager.com/blog/project-organization-101
4. Harrin. E. (2018, October 29). Pros and Cons of 3 Project Organizational Structures.
Retrieved from www.thebalancecareers.com: https://www.thebalancecareers.com/pros-
and-cons-of-project-organizational-structures-4105214#functional-organizational-
structure
5. Team Reciprocity. (2020, May 7). Risk Management Process
https://reciprocity.com/risk-management-process/

6. Horvath. I. (2023, January 9). Five Steps of Risk Management Process.

https://www.invensislearning.com/blog/risk-management-process-steps/

7. Team Auditboard. (2021, March 8). What is a Risk Assessment Matrix, and Why Is It
Important?
https://www.auditboard.com/blog/what-is-a-risk-assessment-matrix/

8. Team Chartered Accountants. (n.d.).

https://www.cin.ufpe.br/~if717/Pmbok2000/pmbok_v2/wbs_11.5.html#:~:text=Risk%20response
%20planning%20is%20the,for%20each%20agreed%20risk%20response.