Chap4 Developing a Risk Management Plan Flashcards
POAM
~ POA&M ~ Plan of Action and Milestones
this plans use to track the project progress
assignment of responsibility: who respond for each task
management follow-up: determine the project status, timeline
It is also useful for audited project
No specific format, it’s a living document ~ update regularly
Gantt chart is a POAM
stakeholder & true stakeholder
is an individual or a group has a stake or interest in the success of a project
true stakeholder is a stakeholder that has a vested interest in project and wants to see it succeed
PM responsible for?
make project is: cost is under control quality is maintained on schedule stay within scope tracking & managing issue info available to all key stakeholders raise issues & problems ensure members and stakeholders aware responsibilities and deadlines
valid contents of risk management plan
Objectives, Scope, recommendations, POAM, CBA, other reports
Objectives of a risk management plan
road map for plan»_space; where you’re going and when reach there ~ goal of project
scope of a risk management plan
scope identifies the boundaries of the RMP. It could include the entire org or a single system. Avoid the plan get out of control
Fish bone diagram
suitable to use cause & effect diagram
cause ~ threat»_space; trying to find the root cause
effect ~ outage
cause & effect diagram
used to discover and document the findings
main purpose of a risk management plan?
to mitigate risk
common objectives of RMP
list of threats list of vulnerabilities cost associated with risks recommendations to reduce risks cost associated with recommendations cost-benefit analysis reports
implementation of the plan tasks?
document management decisions
document and track implementation of accepted recommendations
a POAM
cost of an outage
direct and indirect cost
direct»_space; lost sale revenue, if srv down 1h, how much? or cost of system recover
indirect»_space; reputation, recover the goodwill
recommendations and cost
to mitigate the risks
reduce the impact of the threats
» how much?»_space; cost and benefit analysis (CBA)
document accepted recommendations
& track implementation
management accept/defer/modify recommendations»_space; document their choices
track implementation: track the choices and implementation
scope creep
creep: sự kinh sợ
uncontrolled changes»_space; additional requirements»_space; scope grows»_space; cost grow, missed deadlines
key stakeholder
a stakeholder who has authority to make decisions abt the project, including the ability to grant additional resources. (CIO, CEO, Vice president)
individual responsibilities
risk identification
risk assessment»_space; identify the likelihood and impact of each risk»_space; matrix
risk mitigation
reporting
affinity diagram
purposes:
identify problem
generate ideas»_space; brainstorming
gather ideas into related groups
break down the solution into steps & how long does it take each step
Example: update the server
break down: check the stablest version, requirements, test compatible on a virtual environment, update…»_space; total cost 10 days
List of findings
the causes and the effects that can possibility happen
CBA
cost-benefit analysis
determines how to manage risk. If the cost is higher than the risk, the risk might be accepted.
Benefits should be calculated in terms of currency.
CBA is calculated as:
CBA = loss before implementation - loss after implementation - implementation cost
should get accurate data, but this is usually difficult. It is often underestimated.
CAPEX-OPEX TCO, On-going cost, training cost
Success of a solution is often overestimated.
