Risk Management
Establish an approach to manage programme and project risks, and to monitor their impact on performance.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Risk Management at each level of maturity.
- 1Initial
- Practice
- Rely on the best endeavours of available personnel.
- 2Basic
- Practice
- Evaluate risks and document mitigation actions within the IT function when a programme/project phase is completed.
- Outcome
- Some key programme/project risks are made explicit and identified risks can be addressed.
- Metrics
- # of risks identified.
- % of identified risks with documented mitigation plans.
- 3Intermediate
- Practice
- Define and implement a formal risk management process in IT and some other business units.
- Outcome
- Structured assessments of programme/project risks are facilitated.
- Metrics
- Frequency of risk assessments per programme/project.
- # of risks identified.
- % of identified risks with documented mitigation plans.
- Practice
- Focus risk analysis on areas around the programme's strategic business outcomes as well as project deliverables, schedules and costs.
- Outcome
- Key risks that may potentially impact on programme/project parameters can be tracked.
- Metric
- # of risks identified.
- Practice
- Evaluate and document risks and mitigation actions for most programmes/projects on a regular basis.
- Outcome
- Clear evaluation and documentation for most programmes/projects improve transparency and serve as input for post-implementation reviews.
- Metric
- % of identified risks with documented mitigation plans.
- 4Advanced
- Practice
- Integrate programme/project risk management with organization-wide risk management, and jointly develop and monitor risk controls.
- Outcome
- Structured assessments of all programme/project risks are facilitated, in line with organization-wide risk management approaches.
- Metrics
- Frequency of risk assessments per programme/project.
- # of risks identified.
- % of identified risks with documented mitigation plans.
- Yes/No indicators re alignment of programme/project risk management policies with organization-wide risk management policies.
- Practice
- Evaluate and document risks and mitigation actions for all programmes/projects on a regular basis.
- Outcomes
- Clear evaluation and documentation for all programmes/projects provides complete transparency and serve as input for post-implementation reviews.
- Increased awareness of stakeholders leads to timely mitigation.
- Metric
- % of identified risks with documented mitigation plans.
- 5Optimized
- Practice
- Continually review programme/project risks, contingencies and mitigations with stakeholders, including those in the business ecosystem.
- Outcome
- Insight from all stakeholders, including those from the business ecosystem, provides a real-time perspective on risks and effectiveness of mitigation actions.
- Metrics
- Frequency of risk reviews.
- % of stakeholders involved in risk reviews.