Professional Documents
Culture Documents
RM 1.0 25-Mar-04
Change Description
RM 1.0 25-Mar-04
Table Of Contents PROCESS SUMMARY...........................................................................................................3 REFERENCES.........................................................................................................................3 DEFINITIONS AND ACRONYMS.......................................................................................3 ORGANIZATIONAL POLICY.............................................................................................3 PROCESS INPUTS.................................................................................................................3 ENTRY CRITERIA.................................................................................................................4 PROCEDURE..........................................................................................................................5 VALIDATION CRITERIA.....................................................................................................6 QUALITY RECORDS............................................................................................................6 PROCESS DELIVERABLES.................................................................................................6 MEASUREMENT AND ANALYSIS.....................................................................................6 EXIT CRITERIA.....................................................................................................................6 ANNEXURE.............................................................................................................................7
RM 1.0 25-Mar-04
Process Summary The Risk Management process describes the practices, procedures, and guidelines that when implemented would assist the organization to develop and execute a Software Risk Management Plan. The objective of this Plan is to identify risks that occur in an organization as early as possible and describe ways on revising the development strategy to mitigate those risks. Risk management helps in completing the project successfully by finding and resolving risks. References
CMMI Process Area Risk Management
Decision Analysis and Resolution ISO Clause Clause Name 9001 2000 7.1, 7.3.1, 7.3.4, 7.3.7 Planning of Product Realization
Definitions and Acronyms CRQ PM PT QT Change Request Project Manager Project Team Quality Team
Organizational Policy
Process Inputs Software Project Plan Contract Change requests Risk Database Author Siva Kumar S. G Reviewed and Approved by Vamsi Chelluri Page 3 of 5
RM 1.0 25-Mar-04
Entry Criteria Approved directive from PM to initiate risk management Approved Change Requests
RM 1.0 25-Mar-04
Procedure 1 Risk Identification (PM, PT, QT) 1.1 Select members from the same or different project who will help in identifying the potential risks for the particular project .At organizational level, the organization will establish Risk Management plan and identify risks specific to Organization also. 1.2 Establish organizations Risk Management Strategy. 1.3 Define Risk parameters used to analyze, categorize and prioritize risks . 1.4 Study the organization Risk Database and analyze the risks experienced earlier on similar projects. 1.5 Conduct Brainstorming session with the Stake Holders. 1.6 Freeze on the potential risks applicable to the particular project. Determine risk sources and categories. 1.7 Update the Risk Database if any new risk has been identified. 2 Analyze risks 2.1 Analyze the project-specific risks in terms of its impact on cost, schedule and product quality. Estimate the degree of impact if a risk were to occur. (PM, PT) 2.2 Estimate the probability for each risk to occur. Mark probability of occurrence and severity of impact on a scale of 1 to 5 and .1 to .5, with 1 being lowest probability or .1 lowest severity and 5 being the highest probability or .5 being the highest severity. (PM, PT) 2.3 Suggest risks which can possibly be combined and arrive at a consensus on which of the risks are combined. (PM, PT) 2.4 Based on the discussions, calculate the Risk Magnitude for each risk [Risk Magnitude = Probability of occurrence + 2* severity of Impact0]. (PM) 3 Risk Prioritization (PM, PT, QT) 3.1 Consolidate the identified risk 3.2 Identify the top five risks for the particular project and prioritize them accordingly. 4 Mitigation Planning and Implementation (PM, PT, QT) 4.1 Come out with a mitigation plan for all the identified risks The Mitigation actions can be identified after evaluating alternatives. (Refer : DAR Procedure) 4.2 If similar projects are running communicate (through mail/oral/written) and Cross check whether similar risks are identified and also lookout for any Potential risks, which is left out on both sides Author Reviewed and Approved by Page 5 of 5 Siva Kumar S. G Vamsi Chelluri
RM 1.0 25-Mar-04
4.3 Review the risk management plan periodically and update the plan if necessary 5 Implement risk mitigation 5.1 Monitor the various project activities for warning signals of a specific risk about to occur, if applicable. (RM, PM) 5.2 Initiate risk prevention activities and document in the Software Risk Management Plan. Also document the risk magnitude after the mitigation action implementation. Study the corrective actions to be undertaken if the risk were to occur. (PM) 5.3 Collect data about risk occurrence. Specify the preventive and corrective actions performed during each risk occurrence. (RM) 5.4 Specify the status and summary of risk occurrences in the Project Status Review Report. (PM, RM)
Process Deliverables Software Risk Management Plan Updated organizational Risk Database
Measurement and Analysis Total number of risks identified No. Of unforeseen risks that had occurred during a Project/product development
Exit Criteria Approved Software Risk Management Plan Author Siva Kumar S. G Reviewed and Approved by Vamsi Chelluri Page 6 of 5
RM 1.0 25-Mar-04
Annexure 1. Template for Software Risk Management Plan 2. List for Risks (Identify and include as part of Organizational Risk Database)