Treasury Board of Canada Secretariat
Symbol of the Government of Canada
Skip to content   Skip to institutional links

Common menu bar links

Breadcrumb Trail

Home  > Chief Information Officer Branch  > IT Project Review and Oversight  > Enhanced Management Framework

Institutional links

Chief Information Officer Branch

IT Project Review and Oversight

Enhanced Management Framework

Versions


ARCHIVED - A Guide to Effective Business Continuity in Support of the Year 2000 Challenge


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Appendix G  -  "Identify" Detailed Procedures

Process Overview

Risk identification can occur periodically at specified milestones/phases in a project and/or on a continuous basis throughout the project. The following table provides steps to identify risks under both scenarios.

Table G-1: Risk Identification at specified milestones/phases

Risk Identification Steps

Description

Responsibility
1. Identify workshop/ interview participants
The Year 2000 Project Manager should determine the number of "peer-level" workshops with various stakeholder groups involved in the Year 2000 Project that is required to identify risks. Typical groups include:
  • Year 2000 Project Office (PO) personnel;
  • Year 2000 Steering Committee;
  • Year 2000 business function owners;
  • Year 2000 asset owners;
  • Technical leaders, asset conversion team members, infrastructure and communications resources; and
  • Regional representatives.

The Year 2000 Project Manager should also establish the number of interviews with various executives involved in the Year 2000 Project required to complement the workshops. Typical interviews include:

  • Year 2000 Project Sponsor; and
  • Key governance structure members.
 Year 2000 Project Manager
2. Schedule the risk identification workshops/ interviews
Generally, a risk identification workshop requires 3 hours to conduct and an interview anywhere from ½ hour to 2 hours.

Workshops and interviews should all be scheduled before starting the process.

 Year 2000 Project Manager
3. Tailor the TBS Risk Taxonomy questionnaire
The TBS Risk Taxonomy questionnaire (refer to Appendix H) should be tailored to reflect the subject areas of the workshop/interview participants as well as to meet the workshop/interview duration. Year 2000 Project Manager
4. Conduct the risk identification workshops/ interviews

 

 Conducting the risk identification workshops/interviews involves:
  • Presenting an overview of the risk assessment (identification and analysis) process and its contribution to the business continuity process;
  • Reviewing and discussing each TBS Risk Management Taxonomy-based question or a subset( Appendix H), in order to identify risk areas (displaying the question on an overhead is a practical way of administering the questionnaire); and
  • Writing down notes from the discussion and documenting risk areas as they are identified.
 Year 2000 Project Manager
5. Develop a risk list
Using the notes from the workshops/ interviews, look for common risk areas or consensus across various groups/ interviewees and develop a risk list. Year 2000 Project Manager
  Each risk identified requires:
  • A statement of the risk which is comprised of a "condition" for the risk to exist as well as the "consequence" of the risk with respect to the business continuity objectives; and
  • A context of the risk which is intended to provide additional information about the risk. Risks should then be documented on a Risk Identification Sheet (Appendix I).
  

Note: The responsibility currently assigned to the Year 2000 Project Manager can be delegated to other members of the organization including audit.

Table G-2: Continuous Risk Identification Steps

Risk Identification Steps

Description

Responsibility
1. Create a Risk Information Sheets

 

 Any individual can identify a new risk by using the Risk Information Sheets (Appendix I). Each risk identified requires:
  • A statement of the risk which is comprised of a "condition" for the risk to exist as well as the "consequence" of the risk with respect to the business continuity objectives; and
  • A context of the risk which is intended to provide additional information about the risk.
 Year 2000 Project stakeholder (programmer, tester, application manager, functional resources, etc.)
2. Review the Risk
The risk information sheets should then be forwarded to the Year 2000 Project Office for initial review. Year 2000 Project stakeholder (programmer, tester, application manager, functional resources, etc.)
3. Forward the Risk Information Sheet to the Risk Owner and affected functions
Upon review and validation, the Project Office should then forward the risk to its owner for action planning as well as the function owners affected by the risk (if not the same person) in order to potentially trigger contingency plans. Year 2000 project Office

Note: The responsibility currently assigned to the Year 2000 Project Manager can be delegated to other members of the organization including audit.



Date Modified: 2003-12-16
 
Return to Top of Page
 Top of Page
Important Notices