Collectively as a group – This assignment is focused on identifying risk, ranking and prioritizing – the primary focus of risk analysis. For this assignment, you will determine the “risk exposure” for your selected IT RFP projects.
At a minimum, you will need to include the following additional columns in your risk register (you can also add additional columns as you see necessary and informative):
- Probability – Use a numeric label such as a decimal (0.80) or a percentage (80% chance of happening).
- Impact – Use a numeric scale such as 1 (low) to 5 (high); 1 (low), 2 (moderate), or 3 (high); or some other scale that is meaningful to your team.
- Exposure – Also known as the Risk Probability Impact (RPI) number, which is calculated by multiplying the “probability” x “impact.”
- Rank – Use a number or color ranking system to prioritize your risks, so you will know which to focus on. For instance, you may use “1” for highest ranking risks based upon the RPI number and sequential numbers for lower ranked risks. Alternatively, you may use a color schema (i.e. such as the traffic light schema) with green indicating low level risks, yellow indicating moderate, and red indicating high. You may need to create categories or thresholds for each color category. A simple program such as MS Excel does allow you to use thresholds by incorporating “IF, THEN” statements or macros, if so inclined. Another option is a combination of numbers and colors – the choice is yours, but do some research so that you create something that is easily understandable and readable.
- Risk Triggers – Those indicators that indicate a risk is happening or about to occur.
- Risk Owners – Assign someone, multiple people, a subcontractor, or an entity to “own” the risk and handle it if it comes to fruition. This many not seem like it is important, but it is critical as we can all get busy and lose focus on the individual risks. This creates that “accountability” we have discussed throughout this program.
- Risk Strategies/Responses – how you plan to deal with the risks – both positive and negative.
- Contingencies – What is your plan ‘B’ should your initial risk strategy not work?
- Other Information – Any other information you would like to add.