项目风险管理模板.doc

Risk Management Planfor<project><author><date><version>Table of Contents Table of ContentsiiRevision HistoryiiPurpose1Roles and Responsibilities1Risk Documentation1Activities2Schedule for Risk Management Activities3Risk Management Budget4Risk Management Tools4Appendix. Sample Risk Documentation Form4Revision HistoryNameDateReason For ChangesVersion<author>initial draft1.0 draft1PurposeThis document describes how we will perform the job of managing risks for <project>. It defines roles and responsibilities for participants in the risk processes, the risk management activities that will be carried out, the schedule and budget for risk management activities, and any tools and techniques that will be used. Roles and ResponsibilitiesProject ManagerThe Project Manager will assign a Risk Officer to the project, and identify this individual on the projects organization chart. The Project Manager and other members of the Project Management team <list names or roles> shall meet <state frequency; biweekly suggested> to review the status of all risk mitigation efforts, review the exposure assessments for any new risk items, and redefine the project's Top Ten Risk List.Risk OfficerThe Risk Officer has the following responsibilities and authority:<describe what the risk officer will do; might include coordinating risk identification and analysis activities, maintaining the projects risk list, notifying project management of new risk items, reporting risk resolution status to management; the Risk Officer should normally not be the Project Manager.>Project Member Assigned a RiskThe Risk Officer will assign each newly identified risk to a project member, who will assess the exposure and probability for the risk factor and report the results of that analysis back to the Risk Officer. Assigned project members are also responsible for performing the steps of the mitigation plan and reporting progress to the Risk Officer biweekly.Risk DocumentationRisk ListThe risk factors identified and managed for this project will be accumulated in a risk list, which is located <state where risk list is located; could be an appendix to this plan, or in a separate document, or in a database or tool somewhere>. The ten risk items that currently have the highest estimated risk exposure are referred to as the projects Top Ten Risk List.Risk Data ItemsThe following information will be stored for each project risk: <list and define risk data items. Some suggestions: Risk ID, classification, description, probability, impact, risk exposure, first indicator that risk is becoming a problem, mitigation approaches, owner, date due, contingency plan, contingency plan trigger>Closing RisksA risk item can be considered closed when it meets the following criteria: <example: the planned mitigation actions have been completed and the estimated risk exposure of probability times impact is less than 2>ActivitiesRisk IdentificationTaskParticipants<State the techniques that will be used to identify risk factors at the beginning of the project and on an on-going basis. This may involve a formal risk assessment workshop, a brainstorming session, interviews at the beginning of each life cycle phase, or use of an anonymous form available from the projects web site for submitting risk factors. Describe any consolidated lists of risk items that will be used to identify candidate risks for this project.><state who is involved in identifying project risks>Risk Analysis and PrioritizationTaskParticipantsThe Risk Officer will assign each risk factor to an individual project member, who will estimate the probability the risk could become a problem (scale of 0.1-1.0) and the impact if it does (either relative scale of 1-10, or units of dollars or schedule days, as indicated by the Risk Officer).Assigned Project MemberThe individual analyzed risk factors are collected, reviewed, and adjusted if necessary. The list of risk factors is sorted by descending risk exposure (probability times impact).Risk Officer<If the project planning activities will incorporate schedule or budget contingencies based on risk analysis, describe the process of estimating such contingencies and communicating the information to the Project Manager or building those contingencies into the project schedule here.>Risk Management PlanningTaskParticipantsThe top ten risks, or those risk factors having an estimated exposure greater than <state exposure threshold> are assigned to individual project members for development and execution of a risk mitigation plan. <Or, a group brainstorming session is used to define mitigation plans for individual risk items and to assign responsibility to individuals.>Risk OfficerFor each assigned risk factor, recommend actions that will reduce either the probability of the risk materializing into a problem, or the severity of the exposure if it does. Return the mitigation plan to the Risk Officer.Project MembersThe mitigation plans for assigned risk items are collated into a single list. The completed Top Ten Risk List is created and made publicly available on the projects intranet web site.Risk OfficerRisk ResolutionTaskParticipantsEach individual who is responsible for executing a risk mitigation plan carries out the mitigation activities.Assigned IndividualRisk MonitoringTaskParticipants<Describe the methods and metrics for tracking the projects risk status over time, and the way risk status will be reported to management.>Risk OfficerThe status and effectiveness of each mitigation action is reported to the Risk Officer every two weeks. Assigned IndividualThe probability and impact for each risk item is reevaluated and modified if appropriate.Risk OfficerIf any new risk items have been identified, they are analyzed as were the items on the original risk list and added to the risk list.Risk OfficerThe Top Ten Risk List is regenerated based on the updated probability and impact for each remaining risk.Risk OfficerAny risk factors for which mitigation actions are not being effectively carried out, or whose risk exposure is rising, may be escalated to an appropriate level of management for visibility and action.Risk OfficerLessons LearnedTaskParticipants<If the project will be storing lessons learned about mitigation of specific risks in a database, describe that database and process here and indicate the timing of entering risk-related lessons into the database.>Risk OfficerSchedule for Risk Management ActivitiesRisk IdentificationA risk workshop will be held on approximately <date>.Risk ListThe prioritized risk list will be completed and made available to the project team by approximately <date>.Risk Management PlanThe risk management plan, with mitigation, avoidance, or prevention strategies for the top ten risk items, will be completed by approximately <date>.Risk ReviewThe Risk Management Plan and initial Top Ten Risk List will be reviewed and approved by the Project Manager on approximately <date>.Risk TrackingThe status of risk management activities and mitigation success will be revisited as part of the gate exit criteria for each life cycle phase. The risk management plan will be updated at that time. <If the project is tracking cumulative risk exposure, that will be updated and reviewed during at this time, also.>Risk Management Budget<Describe the budget available for managing the projects risks>.Risk Management Tools<Describe any tools that will be used to store risk information, evaluate risks, track status of risk items, or generate reports or charts depicting risk management activity and status. If specific questionnaires or databases will be used during risk identification, describe them here. If lessons learned about controlling the risk items will be stored in a database for reference by future projects, describe that database here.>Appendix. Sample Risk Documentation FormRisk ID: <sequence number>Classification: <risk category, e.g., from SEI taxonomy>Report Date: <date this risk report was last updated>Description: <Describe each risk in the form “condition consequence”.>Probability: <Whats the likelihood of this risk becoming a problem?>Impact: <Whats the damage if the risk does become a problem?>Risk Exposure: <Multiply Probability times Loss to estimate the risk exposure.>First Indicator: <Describe the earliest indicator or trigger condition that might indicate that the risk is turning into a problem.>Mitigation Approaches: <State one or more approaches to control, avoid, minimize, or otherwise mitigate the risk. Mitigation approaches may reduce the probability or the impact.>Date Started: <State the date the mitigation plan implementation was begun.>Date to Complete: <State a date by which the mitigation plan is to be implemented.>Owner: <Assign each risk mitigation action to an individual for resolution.>Current Status: <Describe the status and effectiveness of the risk mitigation actions as of the date of this report.>Contingency Plan: <Describe the actions that will be taken to deal with the situation if this risk factor actually becomes a problem.>Trigger for Contingency Plan: <State the conditions under which the contingency plan will begin to be implemented.>