Chap4 Developing a Risk Management Plan

Question 1

POAM

Answer 1

~ POA&M ~ Plan of Action and Milestones
this plans use to track the project progress
assignment of responsibility: who respond for each task
management follow-up: determine the project status, timeline
It is also useful for audited project
No specific format, it’s a living document ~ update regularly
Gantt chart is a POAM

Question 2

stakeholder & true stakeholder

Answer 2

is an individual or a group has a stake or interest in the success of a project
true stakeholder is a stakeholder that has a vested interest in project and wants to see it succeed

Question 3

PM responsible for?

Answer 3

make project is:
cost is under control
quality is maintained
on schedule
stay within scope
tracking & managing issue
info available to all key stakeholders
raise issues & problems
ensure members and stakeholders aware responsibilities and deadlines

Question 4

valid contents of risk management plan

Answer 4

Objectives, Scope, recommendations, POAM, CBA, other reports

Question 5

Objectives of a risk management plan

Answer 5

road map for plan&raquo_space; where you’re going and when reach there ~ goal of project

Question 6

scope of a risk management plan

Answer 6

scope identifies the boundaries of the RMP. It could include the entire org or a single system. Avoid the plan get out of control

Question 7

Fish bone diagram

Answer 7

suitable to use cause & effect diagram
cause ~ threat&raquo_space; trying to find the root cause
effect ~ outage

Question 8

cause & effect diagram

Answer 8

used to discover and document the findings

Question 9

main purpose of a risk management plan?

Answer 9

to mitigate risk

Question 10

common objectives of RMP

Answer 10

list of threats
list of vulnerabilities
cost associated with risks
recommendations to reduce risks
cost associated with recommendations
cost-benefit analysis
reports

Question 11

implementation of the plan tasks?

Answer 11

document management decisions
document and track implementation of accepted recommendations
a POAM

Question 12

cost of an outage

Answer 12

direct and indirect cost
direct&raquo_space; lost sale revenue, if srv down 1h, how much? or cost of system recover
indirect&raquo_space; reputation, recover the goodwill

Question 13

recommendations and cost

Answer 13

to mitigate the risks
reduce the impact of the threats
» how much?&raquo_space; cost and benefit analysis (CBA)

Question 14

document accepted recommendations

& track implementation

Answer 14

management accept/defer/modify recommendations&raquo_space; document their choices
track implementation: track the choices and implementation

Question 15

scope creep

Answer 15

creep: sự kinh sợ

uncontrolled changes&raquo_space; additional requirements&raquo_space; scope grows&raquo_space; cost grow, missed deadlines

Question 16

key stakeholder

Answer 16

a stakeholder who has authority to make decisions abt the project, including the ability to grant additional resources. (CIO, CEO, Vice president)

Question 17

individual responsibilities

Answer 17

risk identification
risk assessment&raquo_space; identify the likelihood and impact of each risk&raquo_space; matrix
risk mitigation
reporting

Question 18

affinity diagram

Answer 18

purposes:
identify problem
generate ideas&raquo_space; brainstorming
gather ideas into related groups

break down the solution into steps & how long does it take each step
Example: update the server
break down: check the stablest version, requirements, test compatible on a virtual environment, update…&raquo_space; total cost 10 days

Question 19

List of findings

Answer 19

the causes and the effects that can possibility happen

Question 20

CBA

Answer 20

cost-benefit analysis
determines how to manage risk. If the cost is higher than the risk, the risk might be accepted.
Benefits should be calculated in terms of currency.
CBA is calculated as:
CBA = loss before implementation - loss after implementation - implementation cost
should get accurate data, but this is usually difficult. It is often underestimated.
CAPEX-OPEX TCO, On-going cost, training cost
Success of a solution is often overestimated.