module 02

Introduction

This section explains and highlights the purpose and importance of the risk monitoring plan. It provides a general description of why risk monitoring is essential to effectively managing operational risk and describes what is needed before risk monitoring can begin.

<<ENTER TEXT HERE – BE SURE TO DELETE THE GREEN INSTUCTIONS>>

Top Ten Risks

It is important to explicitly state the top ten risks to the project in the Risk Monitoring Plan. This will make management aware of the top risks for the project and the nature of the risks.

Fill out the risks and descriptions in the section below. Be sure to delete the green instructions.

The top ten high probability and high impact risks to this project are:

<<Risk #1>>

Briefly explain the risk here.

<<Risk #2>>

Briefly explain the risk here.

<<Risk #3>>

Briefly explain the risk here.

<<Risk #4>>

Briefly explain the risk here.

<<Risk #5>>

Briefly explain the risk here.

<<Risk #6>>

Briefly explain the risk here.

<<Risk #7>>

Briefly explain the risk here.

<<Risk #8>>

Briefly explain the risk here.

<<Risk #9>>

Briefly explain the risk here.

<<Risk #10>>

Briefly explain the risk here.

This section provides a general description for the approach taken to identify and manage the operational risks associated with XYZ Technology Services. It should be a short paragraph or two summarizing the approach to risk monitoring. Make sure to include the following:

· How will you conduct your risk assessment?

· How you will keep track of controls and their effectiveness?

· How often will risks be reassessed?

Hint: This is just meant to be a high-level overview. You will get into detail in subsequent sections.

Risk Identification

This section explains the process by which the operational risks were identified. It should describe the method(s) for how you identified risks, the format in which risks are recorded, and the forum in which this process was conducted. Typical methods of identifying risks are expert interview, review historical information from similar projects and conducting a risk assessment meeting with the project team and key stakeholders.

For the purposes of this assignment you may use the following for this section:

Be sure to delete the green instructions.

Risk identification was conducted using the following method:

Risk Assessment Meeting

A risk assessment meeting was held with key team members and stakeholders. The risks identified during this meeting were added to the Risk Register.

This section is where you will describe the risk assessment matrix and how you used it to determine the risk prioritization number. It should be a minimum of 3 paragraphs and be sure to include the following:

· Describe the likelihood table and what each level means

· Describe the impact table and what each level means

· Describe how RPN (Risk Prioritization Number) is determined

· What actions are taken for the various risk levels?

· How did you determine what the top 10 risks were?

Hint: You may use the risk assessment matrix worksheet located in the Risk Register as reference.

Risk Monitoring

This section should discuss how the top ten risks will be actively monitored. Be sure to include the following:

· How can you find out if controls you put in place are working?

· How often will you reassess the risks?

· Who will you include?

· How will report status changes?

· What documentation will you require?

Risk Mitigation and Avoidance

Once risks have been qualified, the team must determine how to address those risks which have the greatest potential probability of occurring. This section explains the considerations which must be made and the options available to managing the top ten risks.

You may fill in the risks and mitigation strategies below. Be sure to delete the green instructions.

<<Risk #1>>

Briefly explain mitigation strategy here.

<<Risk #2>>

Briefly explain mitigation strategy here.

<<Risk #3>>

Briefly explain mitigation strategy here.

<<Risk #4>>

Briefly explain mitigation strategy here.

<<Risk #5>>

Briefly explain mitigation strategy here.

<<Risk #6>>

Briefly explain mitigation strategy here.

<<Risk #7>>

Briefly explain mitigation strategy here.

<<Risk #8>>

Briefly explain mitigation strategy here.

<<Risk #9>>

Briefly explain mitigation strategy here.

<<Risk #10>>

Briefly explain mitigation strategy here.

Every project must maintain a risk register in order to track risks and associated mitigation strategies. This section describes the risk register criteria as well as where the risk register is maintained and how these risks are tracked in the project schedule.

For the purposes of this assignment, you may use the following text for this section:

The Risk Register is a log of all identified risks, their likelihood and impact to the organization, the business unit they belong to, control strategy, and possible outcome if the risk occurs. The register was created through the initial Risk Assessment Meeting held by our IT Security Analyst. During this meeting, the team identified and categorized each risk. Additionally, the team assigned each risk a score based on the likelihood of it occurring and the impact it could potentially have.

The Risk Register will be maintained as an appendix to this Risk Monitoring Plan.

XYY Technology Services Page 1 of 1 Confidential