Document Name Process for Risk Management Revision History # 1 2 3 4 5 6 7 8 9 1 0 Version 1.

0 Date 25-Mar-04 Rationale for change Initial Version

Doc.ID Version No. Date

RM 1.0 25-Mar-04

Change Description

Author Siva Kumar S. G

Reviewed and Approved by Vamsi Chelluri Page 1 of 5

Document Name Process for Risk Management

Doc.ID Version No. Date

RM 1.0 25-Mar-04

Table Of Contents PROCESS SUMMARY...........................................................................................................3 REFERENCES.........................................................................................................................3 DEFINITIONS AND ACRONYMS.......................................................................................3 ORGANIZATIONAL POLICY.............................................................................................3 PROCESS INPUTS.................................................................................................................3 ENTRY CRITERIA.................................................................................................................4 PROCEDURE..........................................................................................................................5 VALIDATION CRITERIA.....................................................................................................6 QUALITY RECORDS............................................................................................................6 PROCESS DELIVERABLES.................................................................................................6 MEASUREMENT AND ANALYSIS.....................................................................................6 EXIT CRITERIA.....................................................................................................................6 ANNEXURE.............................................................................................................................7

Author Siva Kumar S. G

Reviewed and Approved by Vamsi Chelluri Page 2 of 5

Document Name Process for Risk Management

Doc.ID Version No. Date

RM 1.0 25-Mar-04

Process Summary The Risk Management process describes the practices, procedures, and guidelines that when implemented would assist the organization to develop and execute a Software Risk Management Plan. The objective of this Plan is to identify risks that occur in an organization as early as possible and describe ways on revising the development strategy to mitigate those risks. Risk management helps in completing the project successfully by finding and resolving risks. References
CMMI Process Area Risk Management

Decision Analysis and Resolution ISO Clause Clause Name 9001 2000 7.1, 7.3.1, 7.3.4, 7.3.7 Planning of Product Realization

Definitions and Acronyms CRQ PM PT QT Change Request Project Manager Project Team Quality Team

Organizational Policy

Process Inputs Software Project Plan Contract Change requests Risk Database Author Siva Kumar S. G Reviewed and Approved by Vamsi Chelluri Page 3 of 5

Document Name Process for Risk Management

Doc.ID Version No. Date

RM 1.0 25-Mar-04

Entry Criteria Approved directive from PM to initiate risk management Approved Change Requests

Author Siva Kumar S. G

Reviewed and Approved by Vamsi Chelluri Page 4 of 5

Document Name Process for Risk Management

Doc.ID Version No. Date

RM 1.0 25-Mar-04

Procedure 1 Risk Identification (PM, PT, QT) 1.1 Select members from the same or different project who will help in identifying the potential risks for the particular project .At organizational level, the organization will establish Risk Management plan and identify risks specific to Organization also. 1.2 Establish organizations Risk Management Strategy. 1.3 Define Risk parameters used to analyze, categorize and prioritize risks . 1.4 Study the organization Risk Database and analyze the risks experienced earlier on similar projects. 1.5 Conduct Brainstorming session with the Stake Holders. 1.6 Freeze on the potential risks applicable to the particular project. Determine risk sources and categories. 1.7 Update the Risk Database if any new risk has been identified. 2 Analyze risks 2.1 Analyze the project-specific risks in terms of its impact on cost, schedule and product quality. Estimate the degree of impact if a risk were to occur. (PM, PT) 2.2 Estimate the probability for each risk to occur. Mark probability of occurrence and severity of impact on a scale of 1 to 5 and .1 to .5, with 1 being lowest probability or .1 lowest severity and 5 being the highest probability or .5 being the highest severity. (PM, PT) 2.3 Suggest risks which can possibly be combined and arrive at a consensus on which of the risks are combined. (PM, PT) 2.4 Based on the discussions, calculate the Risk Magnitude for each risk [Risk Magnitude = Probability of occurrence + 2* severity of Impact0]. (PM) 3 Risk Prioritization (PM, PT, QT) 3.1 Consolidate the identified risk 3.2 Identify the top five risks for the particular project and prioritize them accordingly. 4 Mitigation Planning and Implementation (PM, PT, QT) 4.1 Come out with a mitigation plan for all the identified risks The Mitigation actions can be identified after evaluating alternatives. (Refer : DAR Procedure) 4.2 If similar projects are running communicate (through mail/oral/written) and Cross check whether similar risks are identified and also lookout for any Potential risks, which is left out on both sides Author Reviewed and Approved by Page 5 of 5 Siva Kumar S. G Vamsi Chelluri

Document Name Process for Risk Management

Doc.ID Version No. Date

RM 1.0 25-Mar-04

4.3 Review the risk management plan periodically and update the plan if necessary 5 Implement risk mitigation 5.1 Monitor the various project activities for warning signals of a specific risk about to occur, if applicable. (RM, PM) 5.2 Initiate risk prevention activities and document in the Software Risk Management Plan. Also document the risk magnitude after the mitigation action implementation. Study the corrective actions to be undertaken if the risk were to occur. (PM) 5.3 Collect data about risk occurrence. Specify the preventive and corrective actions performed during each risk occurrence. (RM) 5.4 Specify the status and summary of risk occurrences in the Project Status Review Report. (PM, RM)

Validation Criteria Review of Software Risk Management Plan

Quality Records Review Report of Software Risk Management Plan

Process Deliverables Software Risk Management Plan Updated organizational Risk Database

Measurement and Analysis Total number of risks identified No. Of unforeseen risks that had occurred during a Project/product development

Exit Criteria Approved Software Risk Management Plan Author Siva Kumar S. G Reviewed and Approved by Vamsi Chelluri Page 6 of 5

Document Name Process for Risk Management Project closure / signoff

Doc.ID Version No. Date

RM 1.0 25-Mar-04

Annexure 1. Template for Software Risk Management Plan 2. List for Risks (Identify and include as part of Organizational Risk Database)

Author Siva Kumar S. G

Reviewed and Approved by Vamsi Chelluri Page 7 of 5