Risk Analysis Report

Definition

Risk Analysis Report

the risk management work product that documents the results of analyzing the significant risks to the success of an endeavor

Classification

As illustrated in the preceding figure, Risk Analysis Report is part of the following inheritance hierarchy:

• Type: Concrete
• Superclass: Document
• Subclasses:
  • None

Responsibilities

The typical responsibilities of a Risk Analysis Report are to :

• formally document the analysis of each risk.
• Significantly reduce risk and thereby increases the probability of success.

Contents

A Risk Analysis Report typically has the following contents:

• Business Risks – For each risk:
  • Name and Description
  • Date Identified
  • Symptoms
  • Threats
  • Vulnerabilities
  • Estimated Probability of Occurrance
  • Estimated Impact
  • Planned Risk Control Actions
  • Owner
• Financial Risks – For each risk:
  • Name and Description
  • Date Identified
  • Symptoms
  • Threats
  • Vulnerabilities
  • Estimated Probability of Occurrance
  • Estimated Impact
  • Planned Risk Control Actions
  • Owner
• Schedule Risks – For each risk:
  • Name and Description
  • Date Identified
  • Symptoms
  • Threats
  • Vulnerabilities
  • Estimated Probability of Occurrance
  • Estimated Impact
  • Planned Risk Control Actions
  • Owner
• Resource Risks – For each risk:
  • Name and Description
  • Date Identified
  • Symptoms
  • Threats
  • Vulnerabilities
  • Estimated Probability of Occurrance
  • Estimated Impact
  • Planned Risk Control Actions
  • Owner
• Technical Risks – For each risk:
  • Name and Description
  • Date Identified
  • Symptoms
  • Threats
  • Vulnerabilities
  • Estimated Probability of Occurrance
  • Estimated Impact
  • Planned Risk Control Actions
  • Owner
• Security Risks – For each risk:
  • Name and Description
  • Date Identified
  • Symptoms
  • Threats
  • Vulnerabilities
  • Estimated Probability of Occurrance
  • Estimated Impact
  • Planned Risk Control Actions
  • Owner
• Appendices:
  • Major Issues
  • TBDs
  • Assumptions

Stakeholders

A Risk Analysis Report typically has the following stakeholders:

• Producer:
  • Project Team
• Evaluators:
  • Project Management Team
• Approvers:
  • Technical Leader
  • Project Manager
  • Customer Representative
• Maintainers:
  • Project Management Team
• Users:
  • Project Team

Phases

A Risk Analysis Report is typically produced and maintained during the following phases:

• Business Strategy: Completed
• Business Optimization: Completed
• Initiation: Completed
• Construction: Completed
• Initial Production: Completed
• Full-Scale Production: Completed
• Delivery: Completed
• Usage: Completed
• Retirement: Completed

Preconditions

A Risk Analysis Report can typically be started if the following preconditions hold:

• The project has started.
• The project management team is properly staffed and trained in risk management.

Inputs

A Risk Analysis Report typically has the following inputs:

• Work Products:
  • Contract
  • Statement Of Work
  • Management Plan
  • MasterSchedule
  • Process Description Document
  • Application Vision Statement
  • System Requirements Specification
  • System Architecture Document
  • Project Environments Description Document
• Stakeholders:
  • Program Management Team or Project Management Team
  • Requirements Team
  • Architecture Team
  • Environments Team
  • Technical Leader

Guidelines

• This is a living document that must be maintained and updated as risks change.
• Minimize redundancy between the risk analysis report and the disaster recovery plan.
• Use the procedure in the associated work flow to produce this work product.
• If you tailor this work product, then tailor its associated standard, template, and inspection checklist.

Conventions

Risk Analysis Report is typically constrained by the following conventions:

• Work Flow
• Content and Format Standard
• MS Word Template
• XML Template
• Inspection Checklist

Examples

• Example Risk Analysis Report