- By Dr Sheikh Asadullah
Total Tasks: 03
Submission due date 07 November 2021 (Sunday)
Assessment Task 1 (Knowledge Test)
Total 9 Questions to be answered. Power Point Slides available in the MOODLE can be useful for the answers. Students may refer to other resources.
- What is risk according to ISO 31000?
- What is the purpose of risk management?
- How do organisational ethics affect risk management strategies?
- What are the 11 risk management principles within AS/NZS ISO 31000:2009 Risk Management Principles and Guidelines.
- What is a residual risk?
- Why are risks analysed and documented?
- What are the focuses of risk identification?
- Outline possible response strategies to program risks identified as threats.
- Outline possible response strategies to program risks identified as opportunities.
Assessment Task 2 (Risk Management Plan)
Assuming that your organization has been awarded contracts to undertake the following projects:
Project 1 – Website redevelopment and hosting and maintenance services for Destination: Australia
This project is for the technical upgrade of the Archives’ website DESTINATION: AUSTRALIA. In
order to ensure the best value for money and optimal functionality (for the website and related
exhibition interactive) going forward, it is necessary for the website to be transferred from a
proprietary CMS to a commonly available CMS (including, but not limited to, an Open Source
CMS).
The website will enable the National Archives of Australia to collect user contributed data about
the photographic collection featured on the site. The interface must be modern, engaging and
user-friendly, designed to meet the needs of people of all ages, and differing levels of
computer and English literacy. The website must interact successfully with an exhibition
interactive via an existing API. There is an option for hosting, maintenance and support services
to be provided from contract execution until 31 December 2019.
Project 2 – Re-development of Intranet
A redevelopment of the Clean Energy Regulator staff Intranet into SharePoint 2013
Project 3 – Database for community engagement – Software As A Service Customer Relationship Managementsystem (SAAS CRM)
The National Radioactive Waste Management Facility project is currently in Phase 2, best described as the technical assessment and continued community consultation phase. One site has been chosen to progress to this stage while other as yet unknown sites may also progress to this stage. The project team requires a database (Software As A Service Customer Relationship Management system (SAAS CRM) to effectively and confidentially manage large volumes of data, including names, addresses, opinions of community members and contact details. This will assist in ongoing community engagement.
The system must be fully operational (tried and tested) within two weeks of the commencement of the proposed contract. The project, and related community engagement, will be ongoing for years. Access to maintenance and advice will be desirable.
Your task is to create a comprehensive Program Risk Management Plan that covers the following:
- Program Overview – This section defines the program vision, its business value, and projected outcome. It mayinclude a summary of the program scope, dependencies and constraints. This introductory portion may alsoinclude success criteria for measuring program outcomes.
- Schedule Management – A roadmap or work breakdown structure may be included in this section along witha description of how scheduling will be managed, updated, and monitored. Roles and responsibilities relatedto scheduling should be made clear.
- Change Management – Provide a clear process for handling program changes, including who can submitchange requests, how and where those requests will be tracked, and who can approve changes.
- Communications Management – A detailed communications plan can help prevent project issues and ensurethat information is distributed appropriately. Use this section to define the frequency and type ofcommunication to be provided, who will be providing and receiving the communications, and other guidelines or expectations.
- Cost Management – This section may include detailed information on program budget and expenditures as well as the parties responsible for managing costs, who can approve changes to the program budget, how project budgets will be measured and monitored, and guidelines for reporting. Funding and funding issues.
- Procurement Management – Describe responsibilities related to procurement throughout a program lifecycle. Identify who is responsible for vendor relationships, dealing with contracts, purchasing, and other activities.
- Project Scope Management – Will the project scope be defined in a scope statement, WBS, or another method? How will the scope be measured? Who is responsible for managing and approving the program scope? Address these questions as well as any guidelines related to the scope change process that were not identified in the change management section.
- Risk Management – Describe how risks will be reported, monitored, and assessed, including how they can be submitted and who is responsible for dealing with them.
- Staffing Management – This section lists program requirements for staffing, including specific resources and the timeframes in which they are needed, plus training. It describes how staff will be managed for the duration of the program.
- Stakeholder Management – Use this section to identify stakeholders and strategies for managing them, including who is responsible for collecting and reporting stakeholder information.
- Program Governance – Describe any governing groups, what authority they have, and their responsibilities within the program. You can include information on how often they will meet, how escalated decisions should be presented to and handled by the governing groups, how their decisions will be communicated, and when program reviews will occur.
As a basis the Template Ashould be used and adapted as required. As you develop the plan, include reference to AS/NZS ISO 31000:2009 Risk Management Principles and Guidelines and outline how the proposed risk management system meets the requirements of the standard. Insert this information into the plan where relevant.
Once you have developed the Program Risk Management Plan create a report that will outline a leadership strategy to ensure that the plan is correctly implemented. The strategy and report must outline how you will:
- manage the program in accordance with plans
- review progress, analyse variance and initiate risk responses
- ensure risks are assigned and monitored across the program at agreed intervals
- assess issues for impact and remedial actions authorised
Structure (probable) of the report based on the Template:
- Executive summary (about the report/document)
- Introduction (about the risk management approach)
- Program Overview
- Schedule Management
- Change Management
- Communications Management
- Cost Management
- Procurement Management
- Project Scope Management
- Staffing Management
- Stakeholder Management
- Program Governance
- Risk management
-Identification
-Analysis and Evaluation
-Risk Mitigation
-Risk Monitoring
-Roles and Responsibilities
Steering Committee
Program Manager
Program Team members
TemplateA: <Program Title> Risk Register (as at dd/mm/yy)(Please include at least 10 risks in the register.)
| Rating for Likelihood and Seriousness for each risk | |||
| L | Rated as Low | E | Rated as Extreme (Used for Seriousness only) |
| M | Rated as Medium | NA | Not Assessed |
| H | Rated as High |
| Grade: Combined effect of Likelihood/Seriousness | |||||
| Seriousness | |||||
| Likelihood | low | medium | high | EXTREME | |
| low | N | D | C | A | |
| medium | D | C | B | A | |
| high | C | B | A | A |
| Recommended actions for grades of risk | |
| Grade | Risk mitigation actions |
| A | Mitigation actions, to reduce the likelihood and seriousness, to be identified and implemented as soon as the program commences as a priority. |
| B | Mitigation actions, to reduce the likelihood and seriousness, to be identified and appropriate actions implemented during program execution. |
| C | Mitigation actions, to reduce the likelihood and seriousness, to be identified and costed for possible action if funds permit. |
| D | To be noted – no action is needed unless grading increases over time. |
| N | To be noted – no action is needed unless grading increases over time. |
| Change to Grade since last assessment | |||
| NEW | New risk | ¯ | Grading decreased |
| — | No change to Grade | | Grading increased |
| Id | Description of Risk | Impact on Program (Identification of consequences[1]) | L[2] | S[3] | G[4] | Change | Date of Review | Mitigation Actions (Preventative or Contingency) | Individual/ Group responsible for mitigation action(s) | Cost | Timeline for mitigation action(s) | WBS[5] |
| <n> | <A “newspaper headline” style statement. Also identify relevant triggers that may cause the risk to be realised.> | <Describe the nature of the risk and the impact on the program if the risk is not mitigated or managed> | <Change in Grade since last review> | <Date of last review> | <Specify planned mitigation strategies: · Preventative (implement immediately); · Contingency (implement if/when risk occurs).> | <Specify who is responsible for undertaking each mitigation action(s)> | <Specify timeframe for mitigation action(s) to be completed by> | |||||
| <n + 1> | ||||||||||||
Leadership Strategy to Implement the Plan
- Introduction
- Program Management as per Plan
- Reviewing Progress
- Analysis Variances and Initiating Risk Responses
- Intervals for Risk Assessment and Monitoring
- Assessment of Issues of Impacts and Remedial Actions Authorisation
- Conclusion
Task 3 – Risk Management Strategy Review
This assessment task requires you to populate a risk register for the program as outlined in Task 2. Using the information from the register:
1. Determine program residual risk.
2. Develop a management strategy for each residual risk identified.
3. review and analyse program risk outcomes from the available information
4. Summarise the lessons learnt in such a way that they may be applied to future programs.
Compile a management report to outline each of the above points.
Note: Use the risk register template (Template B)attached as a basis for this assessment task and add a minimum of 10 risks. The risks may be identified through stakeholder engagement and this engagement may be role played.
Structure (probable) of the Residual Risk Management report based on the Template:
- Introduction
- Residual Risk and Residual Risk Register
- Include Template B-Residual Risk Register (mentioned below)
- Management Strategy for each Residual risk identified
- Program Outcomes and Effectiveness of Risk Management Methodology
- Lessons learnt in such a way that they may be applied to future program
- Conclusion
Template B: <Program Title> Risk Register (as at dd/mm/yy)(Please include at least 10 risks in the register.)
| REPORT FOR: | (Optional) e.g. <Program Name> Steering Committee |
| PROGRAM MANAGER: | <Name> |
| PROGRAM OBJECTIVE: | As stated in the Program Business Plan. |
| Rating for Likelihood and Seriousness for each risk | |||
| L | Rated as Low | E | Rated as Extreme (Used for Seriousness only) |
| M | Rated as Medium | NA | Not Assessed |
| H | Rated as High |
| Grade: Combined effect of Likelihood/Seriousness | |||||
| Seriousness | |||||
| Likelihood | low | medium | high | EXTREME | |
| low | N | D | C | A | |
| medium | D | C | B | A | |
| high | C | B | A | A |
| Recommended actions for grades of risk | |
| Grade | Risk mitigation actions |
| A | Mitigation actions, to reduce the likelihood and seriousness, to be identified and implemented as soon as the program commences as a priority. |
| B | Mitigation actions, to reduce the likelihood and seriousness, to be identified and appropriate actions implemented during program execution. |
| C | Mitigation actions, to reduce the likelihood and seriousness, to be identified and costed for possible action if funds permit. |
| D | To be noted – no action is needed unless grading increases over time. |
| N | To be noted – no action is needed unless grading increases over time. |
| Change to Grade since last assessment | |||
| NEW | New risk | ¯ | Grading decreased |
| — | No change to Grade | | Grading increased |
| Description of Risk (including any identified ‘triggers’) | Impact on Program (Identify consequences [6]) | Assessment of Likelihood | Assessment of Seriousness | Grade (combined Likelihood and Seriousness) | Change | Date of Review | Mitigation Actions (Preventative or Contingency) | Responsibility for mitigation action(s) | Cost | Timeline for mitigation action(s) | Work Breakdown Structure |
| <A “newspaper headline” style statement. Also identify relevant triggers that may cause the risk to be realised.> | <Describe the nature of the risk and the impact on the program if the risk is not mitigated or managed> | <Change in Grade since last review> | <Date of last review> | <Specify planned mitigation strategies: · Preventative (implement immediately) · Contingency (implement if/when risk occurs).> | <Specify who is responsible for undertaking each mitigation action(s)> | <Specify timeframe for mitigation action(s) to be completed by> | This is to indicate that the identified mitigation action has been included in the WBS (workplan). | ||||
| Steering Committee unavailable. Identified triggers: · Steering Committee meetings repeatedly rescheduled due to lack of availability; · Members do not attend despite prior confirmation of attendance. | Lack of availability will stall progress (ie. delayed decisions will defer output finalisation, extend program timelines and staff resourceswill be required for longer than anticipated) | H | H | A | NEW | 15/02/06 | Preventative: · Highlight strategic connection – link Program Objective to relevant Agency strategic objectives · Confirm 2006 meeting schedule in January · Confirm SC membership · Widen representation (include other Agencies) | Program Manager | NA | 15/03/06 | Y |
| Inadequate funding to complete the program Identified triggers: · Funding is redirected; · Costs increase (poor quality materials/ inaccurate cost estimates) | Budget blow out means cost savings must be identified – ie. reduced output quality, timeframes are extended, outcomes (benefits) will be delayed and/or reduced. | M | M | B | No change | 15/02/06 | Contingency: Re-scope program, focusing on time and resourcing | Program Manager | TBC | TBC | N |
| Staff reject new procedures Triggers include · Staff don’t participate in training (not prepared for new roles); · New procedures not applied (work-arounds still used). | Rejection means additional time and resources required to achieve successful implementation – ie. outputs languish; more training is required (additional cost, time delays); potential for ‘falling back into old ways’ (more change mgt required); loss of credibility for program (perception of failure). | H | H | A | NEW | 15/02/06 | Preventative: High level reinforcement of policy changes; Provide opportunity for staff feedback prior to policy/procedure finalisation; Develop Training Plan that allows for repeat attendance (perhaps 2 stage training?); Identify staff ‘champions’ to promote adoption of new procedures (buddy system); Circulate information to staff that · promotes how new procedures have improved processes (eg. 10 steps reduced to 4 steps etc); · proportion of staff that have successfully completed the training. · Identifies local ‘buddies’ for troubleshooting. | Sponsor Program Manager Consultant Program Manager Program Manager | NA NA $3,000 NA NA | 21/02/06 21/02/06 30/03/06 30/03/06 30/04/06 | Y Y N N N |
[1] This can be useful in identifying appropriate mitigation actions.
[2] Assessment of Likelihood.
[3] Assessment of Seriousness.
[4] Grade (combined effect of Likelihood/Seriousness).
[5] Work Breakdown Structure – specify if the mitigation action has been included in the WBS or workplan.
[6]In larger programs, the consequences of the threat may not be evident, and noting them under each risk or in a separate column can be useful in identifying appropriate mitigation actions.