Context of the Risk Management Plan
The website has today become a must for any business; it is a point for direct contact with the customer where they can make inquiries, make purchases, ask questions, and create their own content related to the organization through social media sites. There are several risks to developing a website starting from the using the right approach to manage the entire project, the languages used to develop the website, the kind of links created, the triple constraints or scope, time and cost, the possibility it may not serve its purpose, and security risks. Given the fact that the website will be a transaction website processing payments and the pervasive nature of cyber security threats, it is important that an effective risk management plan is developed (Molenaar, Anderson & Schexnayder, 2010).
- The AS/NZS ISO 3100: 2009 defines what a risk is in the context of information security; risk is defined as the effect that uncertainty has on project objectives. According to the standard, risk management must consider and continue using risk treatment options to eliminate, reduce, remove or avoid the uncertainties in meeting project objectives. According to the AS/NZS ISO 3100: 2009, there are 11 risk management principles that must be adhered to including creating and protecting value, risks should be integral to organizational processes, forms part of decision making, addresses uncertainty explicitly, is systematic , timely and structured, and based on best available information. Further, the standard states that risk management measures must be tailored, consider cultural and human factors, be inclusive and transparent, be iterative, systematic, and responsive to change, and enhance continuous organization improvement. The risk management framework to be developed in the context of the Citi Stores website development will follow the 11 AS/NZS ISO 3100: 2009 guidelines and are aimed at continuous improvement and adhering to relevant regulations and legislation on information security. The Citi Stores Risk management plan first defines identifies risks to the project and the context identified. A risk assessment is then undertaken and risks identified and then analyzed. The risks are then evaluated by developing risk matrix and treatments applied to the risks; the outcomes monitored and risks re-assessed based on applied treatments. The process is undertaken by constant communication and consultation with stakeholders and montoring and reviews undertaken; all in conformance with the AS/NZS ISO 3100: 2009
- The relevant legislation that the Citi Stores website construction must adhere to include the Australia Protective Security Policy Framework (PSPF) and the Australia Information Security manual that is aimed at ensuring information security. The company will capture, manage, and use private client information that must be managed according to the PSPF and the ISM. Further, there must be compliance with the Australian Privacy Act of 1988 that regulates the handling of personal information that the website will pick up. Under the PSPF mandatory requirements on Governance number 6, all organizations must develop a risk management approach that covers all areas pf protective security; the Citi Stores project adheres to this requirement. The ISM requires implementing security controls that form part of an elaborate process of risk management, that this document does and a risk management team has been formed, with alloted responsibilities as per the privacy Protections Act of 1998
- The risk management process will be confined to the development of a new website for Citi Stores and how the website should function and meet its design and functional objectives. The risks management process will particularly focus on customer data and its security given that it will have an e-commerce function and how Citi Stores can keep both internal data, such as transactions details and customer details safely. It will also focus on risks that will plague the project and stop the objectives from being attained. The risk management plan will be undertaken by identifying and analyzing the risks, developing a risk matrix for the identified and analyzed risks, and then giving risk treatment to the risks. This risk management plan will also monitor the risks and evaluate the effectiveness of the treatments given to the risks. The scope of the risk assessment will also extend to developing the documentation policy for the risk document and creating a report on the risk management process.
- PEST
|
Political Regulations relating to web data security Rules and legislation on cyber security |
Economic Cost savings using a web portal to advertise Increased revenues from more customers obtained from web portal in addition to store customers |
|
Social Increased appetite to use the internet/ web to interact with products and manufacturers |
Technological Using cloud platforms to manage databases and client information Modern development languages Availability and uptime for the website |
(Aik, 2013)
- SWOT
|
Strengths Nice and functional global bar for navigation Website that is easy to navigate Attractive and easy to use interface |
Weaknesses Poor optimization for mobile use Long transaction completion and co9nfirmation process Difficulty for some people to read text (those with vision challenges) Use of a single language (English) |
|
Opportunities Fast loading website Linked with social media Point of customer services Enhance functionality with an application (for mobile) |
Threats Exclusive social media platforms engagement Inimitable application function (Aik, 2013) |
The aims and objectives of developing the Citi Stores website for marketing purposes to drive traffic, engage prospects and re-engage existing customers; help close sales by supporting communications for the sales team; provide customer support, make website and content updates easy, integrate with other IT systems while also meeting the performance, security, and scalability requirements as per the existing regulations and desired performance. Others are to reduce operation costs through automating and streamlining workflows, increase the Citi Stores bottom-line, and enable recruitment of the best staff. The key success factors include meeting the marketing, sales, customer support, operations, IT, and webmaster goals and objectives, as well as having the project completed on time and within budget, with no errors in performance. The acceptance of the project by client and having it perform optimally nand securely even under heavy load (many requests) also comprise key success factors
A PMO (project management office) was set to coordinate project activities, including stakeholder management. By engaging and communicating with key stakeholders, including the project sponsor and executive sponsor, the PM was able to involve and secure the support of these key stakeholders, to whom progress was communicated and reported as per the stakeholder management plan, including risk management. The key stakeholders were made aware of risks to the project and how they would influence the project from the very beginning during planning, hence securing their support.
- To ensure the project scope and deliverables were met, the stakeholders, using the stakeholder management plan, were engaged in order to generate the project objectives and deliverables list. This was to ensure the project team was aware of what was required and the constraints, as a first step in knowing what risks can affect the project. A risk management plan was then made and communicated to the stakeholders, and a scope management plan used to get approvals for changes in order to manage risks such as scope creep.
- The risks were identified using a combination of the Delphi technique where experts were anonymously consulted with a list of information required for the project risk management and their responses compiled. The results were sent back to the experts for review until consensus was arrived on risks and how to manage them. During internal response compilation, the brainstorming technique was used by the project team to isolate and define risks; this resulted in only relevant risks with a significant impact being considered and managed, after consensus with the anonymous experts The Delphi tool as used is shown in the image below;
- Risk Identification
Risk One: Being unprepared before starting the web development process
Risk Two: Lack of support by the project sponsor
Risk Three: Slow decision making process due to too many people/ stakeholders
Risk Four: Big requests for change at a late stage when the project is being done
Five: Overshooting budget
- Risk Evaluation (Criteria)
|
ID |
Risk |
Consequences |
Mitigation |
Rating of Consequence |
Likelihood |
Risk level |
Monitoring |
Risk Owner |
|
1 |
Being unprepared before starting the web development process |
Delays, extensive scope changes, failure to meet objectives, Overshooting constraints |
Gather all possible and required information upfront Adopt a suitable project management method such as agile |
VH |
H |
VH |
Initial project meeting Sufficient time for planning |
Project manager |
|
2 |
Lack of support by the project sponsor |
Delays and possible abandonment of project Failure to meet objectives Rejection of completed project |
Effective stakeholder management and engagement plan Sponsor involvement Effective communication and progress reporting |
VH |
M |
H |
Communication and reports to project sponsor |
Project manager |
|
3 |
Slow decision making process due to too many people/ stakeholders |
Delays in project Failure to meet project objectives |
Stakeholder management plan Stakeholder communication Reduce number of people involved in project decision making when project commences |
H |
H |
H |
Stakeholder identification and management plan |
Business sponsor Project manager Developers |
|
4 |
Big requests for change at a late stage when the project is being done |
Failure to meet deadlines Budget overshoot Reduced morale of project team |
Scope and change management Effective project planning using suitable project management methods such as agile (XP or SCRUM) that are flexible to changes Undertaking incremental development and constant testing and improvement |
VH |
VH |
VH |
Quality management plan Scope management document |
Project manager and scrum master |
|
5 |
Overshooting budget |
Delays failure to accept finished project Project abandonment |
Effective project management planning with resource allocation Monitoring and controlling budget |
VH |
VH |
VH |
Cost control Project monitoring |
Project manager Financial controller/ Project accountant |
- Risk Likelihood Matrix
|
Impact |
||||||
|
Very Low |
Low |
Medium |
High |
Very High |
||
|
Likelihood |
Very High |
Slow decision making process due to too many people/ stakeholders |
Being unprepared before starting the web development process Lack of support by the project sponsor |
|||
|
High |
Overshooting the project budget |
Big requests for change at a late stage when the project is being done |
||||
|
Medium |
||||||
|
Low |
||||||
|
Very Low |
Risk levels
|
Risk |
Level (1 to 5, where 5 is very high and 1 very low) |
|
Being unprepared before starting the web development process |
Very High (5) |
|
Lack of support by the project sponsor |
Very High (5) |
|
Slow decision making process due to too many people/ stakeholders |
High (4) |
|
Big requests for change at a late stage when the project is being done |
Very High (4.5) |
|
Overshooting budget |
High (4) |
Task 6: Risk Treatment Options and Risk Implementation and Monitoring
- Team roles
|
Team Member |
Initial identification |
Role |
|
Project manager |
Planning risks |
Identifying and ensuring risks are mitigated |
|
Scrum master |
Major scope change requests |
Direct management of all the risks |
|
Project accountant |
Overshooting budget |
Managing project financing |
|
Project manager/ developers |
Slow decision making |
Ensure decision making is fast so it does not affect project schedule |
- Risk treatment and management/ action plan
|
Project/Function/Activity: Risk treatment plan |
|||
|
Risk: Being unprepared before starting the web development process |
Risk ID #: 1 |
||
|
Summary: Effective planning for project upfront and gathering all information |
|||
|
Action Plan 1. Proposed actions Gather all information on project and system requirements Use agile methods that can easily handle changes Effective plan for project management |
|||
|
2. Resource equipment Project planning document Requirement document Continuous and incremental website development and testing |
|||
|
3. Responsibility (overall accountability for Actions) project manager |
|||
|
4. Timing (specific milestones) User requirement document Planning phase for project Stakeholder engagement |
|||
|
5. Repeating and monitoring required Weekly progress reviews Daily sprint meetings Continuous testing |
|||
|
6. Monitoring record User requirement document Project management plan |
|||
|
Compiled By: Scrum master |
Date: Sept 22 2017 |
Reviewed by: Project manager |
Date: Sept 25 2017 |
|
Project/Function/Activity: Risk treatment plan |
|||
|
Risk: Lack of support by the project sponsor |
Risk ID #: 2 |
||
|
Summary: Involve the stakeholder from start of project and communicate with them |
|||
|
Action Plan 1. Proposed actions Stakeholder involvement in entire process Effective communications with stakeholders Reporting regularly to project sponsor |
|||
|
2. Resource equipment Stakeholder management and communication document |
|||
|
3. Responsibility (overall accountability for Actions) Project manager |
|||
|
4. Timing (specific milestones) Weekly stakeholder briefing and progress reports |
|||
|
5. Repeating and monitoring required Stakeholder management document |
|||
|
6. Monitoring record, Stakeholder communication document |
|||
|
Compiled By: Scrum master |
Date: Sept 29 2017 |
Reviewed by: Project manager |
Date: Oct 2, 2017 |
|
Project/Function/Activity: Risk treatment plan |
|||
|
Risk: Big requests for change at a late stage when the project is being done |
Risk ID #: 3 |
||
|
Summary: Solicit for user requirements exhaustively and effectively manage project scope. Also, use a project management approach/ method that responds better to change and allows several tests, such as agile |
|||
|
Action Plan 1. Proposed actions Exhaustive user requirements solicitation Involving client throughout the process; having the client or their representative such as the business sponsor embedded with the project team Effective management of the project scope using Agile XP methodology that entails frequent testing and evaluation and allows for postponement of changes to the next iteration |
|||
|
2. Resource equipment User requirements document Project management plan documents Scope management document |
|||
|
3. Responsibility (overall accountability for Actions) Project manager |
|||
|
4. Timing (specific milestones) Weekly progress reviews Displaying work breakdown structure where all developers and client can see them |
|||
|
5. Repeating and monitoring required Work breakdown structure Gantt chart |
|||
|
6. Monitoring record User requirements document WBS Scope management document |
|||
|
Compiled By: Scrum master |
Date: Oct 06, 2017 |
Reviewed by: Project manager |
Date: Oct 09, 2017 |
|
Project/Function/Activity: Risk treatment plan |
|||
|
Risk: Overshooting budget |
Risk ID #: 11 |
||
|
Summary: Undertake accurate cost estimations before commencement, plan effectively, and strictly control and monitor project progress, especially scope |
|||
|
Action Plan 1. Proposed actions Use accurate costing methods for activities, such as historical data, quotations Strict monitoring of progress of activity execution Budgetary control Strict control of changes and project scope |
|||
|
2. Resource equipment Project management software and project management tool (Gantt chart) |
|||
|
3. Responsibility (overall accountability for Actions) Project manager Project financial controller |
|||
|
4. Timing (specific milestones) Weekly progress review reports Stakeholder meetings |
|||
|
5. Repeating and monitoring required project management software Gantt chart |
|||
|
6. Monitoring record project management software |
|||
|
Compiled By: Scrum master |
Date: Oct 13, 2017 |
Reviewed by: Project manager |
Date: Oct 16, 2017 |
- Risk Register (See Appendix B)
- The risk treatment was developed based on consultation with experts and brainstorming with the project team. The stakeholders were involved at every stage of the risk management plan through scheduled weekly meetings and regular communication based on the stakeholder management plan. Their approval and support was sought for every risk treatment option
Task 7: Risk Monitoring and Evaluation
|
Risk |
Monitoring Tool |
Monitoring Performance after risk treatment |
|
Being unprepared before starting the web development process |
Initial project meeting Sufficient time for planning |
Greater anticipation, good preparation for project, risk impact reduces |
|
Lack of support by the project sponsor |
Communication and reports to project sponsor |
Stakeholder management plan used and communications made with project sponsor, risk reduced and sponsor fully supports project |
|
Slow decision making process due to too many people/ stakeholders |
Stakeholder identification and management plan |
Key stakeholders identified and an appropriate communications put in place and used for communication; decisions are now made faster leading to reduced risk |
|
Big requests for change at a late stage when the project is being done |
Quality management plan Scope management document |
Project planned properly at initiation and a scope management strategy and document used; agile method used to absorb shocks of unexpected changes in scope; the result is reduced risks of scope change |
|
Overshooting budget |
Cost control Project monitoring |
Costing done accurately using suitable tools and effective toll for project management used, risk reduced significantly but not eliminated |
- See Appendix B
- See Appendix B
In a complex project and organization like Citi Stores, risk management effort s re further made complex by risks associated with information management and record keeping. These risks are usually not transparent to the risk manager, adding another dimension to business risk. The risk management document will be developed and handled by the SCRUM master; only the SCRUM master is designated to make changes in the risk management document. Primarily, the document will be electronic and be stored online/ in a cloud environment and changes made as and when needed. Whenever required, the risk management report will be printed for purposes of meeting reviews or reporting. After the project is completed, the risk management document will be printed and archived, both in electronic and hard copy format for future reference and for purpose of learning and reference in future projects.
Task 1: Risk Management Framework
The documents (or documentation) to be governed under this policy and therefore, the required documents include the risk management framework, the critical success factors and the project deliverables. Further, the project management plan wills also be documented along with the stakeholder and scope management plan for the project. The stakeholder communication plan that forms part of the stakeholder document will also be documented as well as the project risk management plan. The risk management plan will include the risk register, the risk treatment plan, the risk matrix, the risk consequences matrix document, as well as the monitoring and evaluation document.
Organizational Performance Review and Extent of Documentation Needed
The organizational performance with regard to this policy and the project execution through a performance review document will be appraised using the earned value management method where the schedule, scope, and cost performance will be appraised against the plans, project deliverables, and project objectives. The documentation will be reviewed and updated (risk register updating) for three years at the minimum while the earned value management documentation will be maintained and updated for seven years after project execution. The project success will be appraised based on the return on investment (ROI) in terms of technical performance (more customer enquiries and sales), efficient customer service, managerial improvement, technical innovativeness, and the performance of the business.
Citi Stores and its contractors/ consultants will implement document management policies that comply with regulatory and legal duties to retain documents; this policy also aims at adhering to the PMBOK best practice and guidelines for Organizational Process Assets (OPA), including procedures and processes
The policy of Citi Stores also requires that the organization possesses all documents needed for normal purposes, and for effective project management where risks are identified and dealt with before they happen
All employees, project team members, contractors, officers and directors of Citi Stores will be required to follow the regulations and rules as set in this policy statement regarding the risk management document. The policy applies to all forms of the risk management document, including electronic formats.
The risk management document will be part and parcel of the inputs for the website development project where input from the document will be used to enhance the delivery of a quality project and general project management
Recording Policy
The SCRUM master will solely be responsible for creating and managing the entry of information and data into the risk management document. All entries will be made, altered, adjusted, or removed only by the SCRUM master, and reporting for entries will be shared with the project manager on a weekly basis. The primary record of the risk management plan is in electronic format; this is because it is easy to alter and make changes to the electronic document and then print it to have a physical document that can be stored and reviewed. The person in charge of recording and managing the risk document then creates a report at the end of the project detailing, in brief, the risk management process and steps as used in the project.
Task 2: Scope and Stakeholders
Document retention policy
The project team will maintain a complete, high quality and accurate records of the project execution and the risk management document. The risk management document will be retained for the immediate use period. However, the document will also be retained for use for a minimum period of one year from the time it was initiated. The document will then be archived, in both the hard and soft copies and be retained by the organization for another seven years at the minimum
The project risks were identified before the project commenced, even before the initial project planning. This was to ensure that the project team was not caught unawares by any events that could create risks for the project. Before developing the risk management framework, effort was made to identify the context of the risk management framework, referring to the relevant legislation, standards, and regulations on risk management and information security. After establishing the framework, a PEST and SWOT analysis of the project and project risks was developed and the risks identified. In identifying the risks, the project objectives and deliverables were used as guidelines and foundations with which to identify and analyze the risks to the project. The risks were then discussed to justify whey they are considered as risks and a risk analysis undertaken. The risk analysis entailed identifying the risks, establishing the consequences or the identified risk being realized, and then the mitigation measures for the risk defined. The mitigation measures formed the basis of developing actions to manage the risks either by transferring, eliminating, reducing, or preventing. The risks were then classified on the basis of their likelihood of occurrence and impact in order to establish the risk levels for each risk. Monitoring was then undertaken using various tools as stipulated in the risk analysis framework and treatments applied, based on the identified mitigation measures.
The risks were then evaluated for effectiveness of the risk treatment actions to determine the next course of action. Monitoring was done continuously and risks that had been mitigated removed or their priority reduced and new risks identified as development was in progress. For the Citi Stores website development project, risk monitoring was a continuous process where metrics and judgment were used to determine the effect of the risk treatments applied to risks and their outcome, especially in enhancing the quality of project delivery and being able to meet all project objectives and deliverables. As the project execution progressed, the environment was continuously scanned and monitored and any assumptions made were checked and reviewed on a regular basis.
Communication process
The staff and stakeholders were communicated with through an effective process by first communicating the project goals clearly in an inclusive manner with all staff members given a chance to make a contribution. The meeting expectations and outcomes were also communicated to relevant stakeholders and staff with input and feedback regularly sought from stakeholders. The primary communication methods were written (electronic) and verbal during meetings and updates were provided regularly to stakeholders and staff alike, on a need to know basis.
The risk of unpreparedness was reduced to medium after treatment, the risk of stakeholders not supporting the project reduced to very low after risk treatment, while the risk of slow decision making became very low after treatment of an effective stakeholder management plan. The risk of major requests for scope change were medium after treatment through a scope management plan while the risk of overshooting budget also became medium after treatment (See Appendix B).
The project has been an eye opener for me on how to manage risks in projects and the importance of effective project risk management. Documentation and the documentation policy also became a great lesson for me in this project, especially on the WHY of document management. However, I believe I still need to make improvements on the choices of treatments for risks given that some risks that have a very significant impact just went to medium after treatment, rather than very low or being completely eliminated. It is important to develop risk treatment options that eliminate or greatly reduce risks
References
Aik, S. (2013). SWOT Analysis On Sites And Apps With Usability Testing. Netizenexperience.com. Retrieved 30 October 2017, from
https://www.netizenexperience.com/blog/swot-analysis-on-websites-and-mobile-apps-with-usability-testing/
Basu, R. (2017). Managing Quality in Projects. Abingdon: Routledge
Molenaar, K. R., Anderson, S. D., & Schexnayder, C. J. (2010). Guidebook on risk analysis tools and management practices to control transportation project costs. Washington, D.C: Transportation Research Board.
Young, T. L. (2013). Successful Project Management. London: Kogan Page.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
