Table of Contents
Risk Management Justification
The project involves transitioning from a paper recording system to an electronic record keeping system. The organization has been using a paper recording system for a long time now which has proven to be tasking, expensive, unreliable, and it requires a lot of manual work. The organization has therefore decided to transition to an electronic record keeping system that will integrate all the organization’s information in a database for easy access and ease in data storage and filing. The project is a risky and expensive undertaking by the organization but its success can bring major benefits to the organization. The risk management process for the project is an important step in ensuring the success the project as it will involve a continuous process of identification and assessment of possible risks as well as monitoring tasks in order to effectively manage the project. the foreseeable project risks can be documented in a risk plan and the organization use a set of actions that would prevent such risks from occurring or minimize the effects of the risks should they occur. This paper will develop a risk management strategy and plan for the organization that will involve managing all the project’s risks.
Risk management process
Risk management is the process of identifying the potential risks in a project, assessing the likelihood and the extent of the risks, as well as coming up with the appropriate responses to the risks in case they occur. Risk management should be priority in every project particularly those involving information technology as it will ensure the management of costs, schedule, scope, quality and success of the project. The transition of the paper recording system to an electronic recording system is a risky project that could fail to live up to its expectations. It is possible for it top end in a complete disaster to the organization. The technology of the electronic recording system is associated with numerous risks associated with the technology itself including the risks associated with new innovation, unfamiliarity of the technology to the staff, organizational change issues, internal project issues, as well as external issues and concerns regarding the technology. Employees could also feel as if they are unskilled or the electronic system could make them feel like they are using control of ways of working. Possible risks are limitless and so before project implementation, it is necessary to have a risk management strategy and plan in order to address these risks and concerns. A risk management plan would also enable the organization to prevent these risks from happening or reduce the impacts of the risks in case they occur by having an appropriate response plan. Risk management is a priority for the organization as it would enable the organization feel confident and hopeful about the project.
In order to develop the risk management plan, the following steps will be taken: project risk identification, project risk assessment, project risk response strategy, project risk responsibility plan, project risk monitoring and control, project risk WBS & Budget Updates and project risk communication plan.
The process is summarized below:
Project Risks Identification
Project risks identification involves the actions or procedures to be used to identify the risk factors and their characteristics before the project commences and during the implementation of the project. Identification of project risks can take different forms including known risks, known-unknown risks and unknown-unknown risks. Known risks are those that can be clearly identified and have a higher likelihood of occurring such as staff turnover during the implementation of the project. Known-unknown risks are risks that could happen without a clear impact of the risks. For instance, the scope of the project could change during the implementation process but it would be difficult to identify the nature of the change. Unknown-unknown risks are the things that one cannot expect them to happen during the implementation process but they happen anyway. For example, the organization could undergo an unforeseen financial difficulty that could affect the success of the project.
Various methods can be used to identify the project risks including a brainstorming session with the project management team, a formal risk assessment workshop, interviews with the technology provider and experts, or even discussing risks involved in previous projects. Project risks identification can also occur based on assessment for instance through assessing strengths, weaknesses, opportunities and threats. These techniques are important as they will enable the project team point out some of the possible risks and make out the appropriate response plan. Any project team member could participate in identifying possible risks and submitting the list of the possible risks to the project manager who will then work with the members to analyse the extent of the risks and develop responses to them.
Project Risks Assessment
Project risk assessment involves determining the likelihood and the extent of the identified risks. Risks are defined by their probability which refers to the likelihood of the risk occurring, and impact, which refers to the effect the risks would have on the project. In order to assess the risks, the project manager or the risk officer can assign the identified risks to individual project members would then estimate the probability of the risk happening on a scale of 1 to 10 and then its impact on the project in terms of different impacts like no impact, low impact, moderate impact, major impact and critical impact. The impact could also be measured in terms of units of dollars or schedule days as the project manager or risk officer specifies.
The risk factors analysed by individuals can then be collected by the project manager and the factors reviewed and adjusted if necessary and the list of risk factors sorted based on the probability and impact. Once the risks have been analysed and prioritized, the risk officer can then prepare a contingency plan that would give a description of the estimations and communicating the information to the project manager who would then incorporate the contingencies into the project schedule. Risk assessment is an activity that involves all the team members and it enables the risk officer and the project manager to analyse the consequences of the risks by identifying their impact on the project. the project risk assessment also enables the project team to come with the necessary response plan to respond to the risks by preventing them or reducing their impact if they occur.
Project Risks Responses Strategy
Once the risks have been identified and assessed, a risks response strategy is then prepared to address the risks. In order to be effective, the project risks responses strategy should be appropriate by using the correct level of response, affordable, achievable, assessed, actionable, and accepted by the project scope. There are various risks responses strategies that the organizational can use in addressing the risks associated with the transitioning of paper recording system to electronic recording system. One response strategy could be avoiding risks with high probabilities and impacts. The organization would need to change the implementation of the project in order to avoid such risks.
Another strategy would be accepting the risks that have low likelihood and impacts and going ahead with the project. Since such risks have a low impact, the project can go on as planned. Another response strategy is mitigating the risk which involves providing solutions to risks with high probability and low impacts. Risks that have low likelihoods and high impacts can be addressed through the transfer strategy whereby assets could be insured or the documents could have a backup filing system and thereby transferring the risk to the insurer. The risk response strategy should be based on the type and the nature of the risk, ability to reduce or control it, the severity of the impact, cost effectiveness and the availability of resources.
The following table summarizes the project’s risks, probability, impact and the recommended response strategy.
|Risks||Probability||Estimated impact||Risk response strategy|
|Software does not perform as expected||High (8)||Critical impact.
The estimated cost of impact is about $500,000
|This could be avoided by testing and evaluating the software before implementing it into the organization
The organization could also try contacting other companies that have implemented the electronic record system.
|Software add-ons are not compatible with the system.||High (8)||Critical impact.
The cost of impact could be up to $400,000
|This risk should be avoided by not accepting the software that do not meet the system requirement. The software should be tested for compatibility with the organization’s software and hardware before implementation.|
|Reluctance of employees to embrace the transition||Medium (5)||Moderate impact.
The estimate impact costs $70,000
|The organization can offer staff training courses to familiarise the staff with the system.
The organization could also adopt a user friendly system and set up a help desk to assist the users.
The organization could also communicate the benefits of the transition and discuss employee concerns as they arise.
|Poor or lack of technical support from the vendor||Medium (4)||Moderate impact
Could cost the organization $50,000
|During contract negotiation, the organization can include a technical support standard and financial penalties in case the vendor does not meet the standards.
The organization should ensure that the vendors are locally available to be contacted in case of any problem.
|Lack of approved funding||Low (2)||Estimated cost of impact is $100,000||This risk can be accepted and the organization should ensure that it monitors the progress of the project and the funding process|
Project Risks Responsibility Plan
After developing the risk response strategy, there should be a response owner who will ensure the implementation of the response strategy to avoid and mitigate the risks. It is necessary to assign the right owner to each risk response so as to have the right people to be responsible for the risks. Blame should be avoided while assigning responses to the owner and cooperation and consensus should be maintained. Necessary resources should also be provided to ensure that the responses are implemented and that the project manager is able to monitor the risks regularly.
The project team members will have some responsibility for the project’s risks management. Other people who will be responsible for the risks are the project sponsor, the steering committee and the organization’s management team. It is therefore important that these groups of people to identify the risk factors and report the potential risks they foresee. The project manager will take the responsibility for different aspects of the risk management process including developing the risk management plan, monitoring the project and identifying new risks, implementing the response strategies, monitoring the progress and effectiveness of the risk management plan, and constantly reporting the progress to the project sponsor and the steering committee. The project members will also have different roles and responsibilities in the project implementation process for which they will take responsibility. It is important for the project team to serve both technical and managerial functions. In addition to the project manager, there should be a product manager, a software architect, and other team members for testing, development, documentation and deployment. There should also be a risk officer who will gather and sort all the identified and assessed risks and schedule risk review meetings. The project sponsor will have the ultimate responsibility over the project so as to ensure that the risk management plan is effective for the project.
Project Risks Monitoring & Control Plan
The project risks monitoring and control plan involves the process of tracking, evaluating and providing the appropriate responses in the implementation of project plans and risk management plans. Risk monitoring and control also involves documenting the success or failure of the risk response strategies while keeping records of risks that appear, those that are solved and those that disappear from the project. The risk monitoring and control plan should be a continuous process that involves the participation of the project manager, the project team members, project sponsor and other risk owners as the project implementation process continues, risks might change and this would require additional responses. The project risks and monitoring plan should have a risk response audit, periodic risk reviews, earned value analysis, measurement of technical performance and additional risk planning. A risk response audit will measures the effectiveness of the project risks response strategies, as well as their impact on time and cost of the project. The periodic risk reviews involves regular discussions to ascertain the level of the possible risks, the effectiveness of the responses and a review of remaining risks. Earned value analysis measure the performance and progress of a project and it could be used to monitor the risk management process. Technical performance of the project could be measured in the amount of success in completing the activities of the project. The project team’s competence with the technology should increase as the project implementation process continues. Additional risks planning should also be in place to communicate the emergence of new risks and their response strategies.
Project Risks WBS & Budget Updates
The work breakdown structure (WBS) of the project refers to the levels of work that the project team should execute in order to accomplish the goals and objectives of the project. In order to prepare a WBS for the project, the project team will need to define and organize the scope of the project using a hierarchical tree structure with each hierarchy having specific objectives and deliverables. The WBS update for the project is shown in the cart below:
Figure 1. Electronic recording system project Work Breakdown Structure
The WBS is developed based on the deliverables of the project and each work category has different project activities and tasks. The work is organized into six separate work categories including project management, implementation, application and technology infrastructure, electronic records governance, business process restructuring and supporting organizational infrastructure.
The project’s budget will be based on the phases of the project and the deliverables. The project risk budget update will be based on the following information in table 2.
|Project phase||Amount requested||Deliverables|
|Initiation||$50,000||Finalize business requirements, hire project manager and team, project scope, work breakdown schedule.|
|Planning||$100,000||Developing project schedule, team structure and requirement analysis.|
|Implementation||$600,000||Order and implement software and hardware. Technical testing, end user training, vendor support|
|Closeout||$0||Functional testing, transition to operations, vendor support|
Table 2. Project risk budget update
Project Risks Communications Plan
Communication is an important process in a risk management plan as it will communicate the expectation of the project. a project risk communication plan involves an outline of roles and responsibilities of the project team and its sponsors in communicating, reviewing and approving the project plan. A well implemented communication plan will enable the project team to meet the objectives and expectations of the project while ensuring communication across all levels with the project stakeholders. The communication plan will provide the relevant, consistent and accurate information regarding the project implementation process in order to achieve enthusiasm and full support for the project.
The project manager should ensure that information about the project is constantly communication among the project stakeholders. Information can also be communicated through the project’s website of the self help desk to provide specific information needed for the completion of the project. Information about the progress of the project will be communicated by the project manager to the target audience which is made up of the project team, project sponsor and organization management. Information will be communicated face to face, through emails and the web page. Routine meetings would also be held as needed to provide information on the project.
The communication strategy covers all the informational needs of the project stakeholder community. Many will receive routine information about the project. Others will be able to visit the project website and obtain the specific information that they are seeking and all may receive ad hoc communication from the project team at any time depending on the need.