IVI Framework Viewer

Risk Management

B2

Establish an approach to manage programme and project risks, and to monitor their impact on performance.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Risk Management at each level of maturity.

1Initial
  • Practice
    Rely on the best endeavours of available personnel.
2Basic
  • Practice
    Evaluate risks and document mitigation actions within the IT function when a programme/project phase is completed.
    Outcome
    Some key programme/project risks are made explicit and identified risks can be addressed.
    Metrics
    • # of risks identified.
    • % of identified risks with documented mitigation plans.
3Intermediate
  • Practice
    Define and implement a formal risk management process in IT and some other business units.
    Outcome
    Structured assessments of programme/project risks are facilitated.
    Metrics
    • Frequency of risk assessments per programme/project.
    • # of risks identified.
    • % of identified risks with documented mitigation plans.
  • Practice
    Focus risk analysis on areas around the programme's strategic business outcomes as well as project deliverables, schedules and costs.
    Outcome
    Key risks that may potentially impact on programme/project parameters can be tracked.
    Metric
    # of risks identified.
  • Practice
    Evaluate and document risks and mitigation actions for most programmes/projects on a regular basis.
    Outcome
    Clear evaluation and documentation for most programmes/projects improve transparency and serve as input for post-implementation reviews.
    Metric
    % of identified risks with documented mitigation plans.
4Advanced
  • Practice
    Integrate programme/project risk management with organization-wide risk management, and jointly develop and monitor risk controls.
    Outcome
    Structured assessments of all programme/project risks are facilitated, in line with organization-wide risk management approaches.
    Metrics
    • Frequency of risk assessments per programme/project.
    • # of risks identified.
    • % of identified risks with documented mitigation plans.
    • Yes/No indicators re alignment of programme/project risk management policies with organization-wide risk management policies.
  • Practice
    Evaluate and document risks and mitigation actions for all programmes/projects on a regular basis.
    Outcomes
    • Clear evaluation and documentation for all programmes/projects provides complete transparency and serve as input for post-implementation reviews.
    • Increased awareness of stakeholders leads to timely mitigation.
    Metric
    % of identified risks with documented mitigation plans.
5Optimized
  • Practice
    Continually review programme/project risks, contingencies and mitigations with stakeholders, including those in the business ecosystem.
    Outcome
    Insight from all stakeholders, including those from the business ecosystem, provides a real-time perspective on risks and effectiveness of mitigation actions.
    Metrics
    • Frequency of risk reviews.
    • % of stakeholders involved in risk reviews.