This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
The "plan" step is divided into separate but related types of planning documents: Risk Action Plans, Contingency Plans, and Business Continuity Preparedness Documents. The following table provides steps to develop risk action plans for the identified risks. Sample Tables of Contents are provided for the other plans.
Risk Planning Steps | Description | Responsibility |
---|---|---|
1. Conduct a Risk Planning Workshop. | Identify key stakeholders from the Year 2000 Project in order to conduct a workshop intended to develop risk action plans for mitigating the identified risks. | Year 2000 Project Manager |
2. Select Risks | Answer "Who's risk is it?"
Review the risks identified in Risk Information Sheets (RIS) to determine their validity and to determine whether the Year 2000 PO is responsible for managing each risk. Using the Responsibility Decision flowchart (CRM Guidebook, Chapter 6, Part 2), for each risk, determine: |
Year 2000 Project Manager |
a. Does the Year 2000 PO have the responsibility to deal with
this risk?
|
||
b. Does the functional organization
have the responsibility to deal with this risk?
|
||
3. Analyze the Risks and Decide an Approach for Managing the Risks. | Answer "What can be done about it?"
For each risk that the Year 2000 PO is responsible for (or other organization as in step #1 - b) determine whether the risk is well understood, then determine the appropriate approach for managing the risk. Using the Approach Decision flowchart (CRM Guidebook, Chapter 6, Part 2), for each risk, determine: |
Year 2000 Project Manager |
a. Does the Year 2000 PO understand
the risk and is the risk clearly documented in the Risk Information
Sheet?
|
||
b. Can the Year 2000 PO accept this
risk without doing anything to manage or control its probability
and impact (this is validating the "response" on the Risk
Information Sheet)?:
|
||
c. Can the Year 2000 PO do anything
with regards to this risk? Does the Year 2000 PO need to act on
this risk?
|
||
4. Generate Action Plans | Answer "How much and what should be
done?"
For each risk that the Year 2000 PO is responsible for, and for which a "Mitigation (avoid)" or "Watch (control)" approach for managing the risk is required (resulting from step 3-c), develop various strategies to deal with the risks. This can be accomplished using a brainstorming technique. Once various alternative strategies have been clearly identified, choose the best strategy (or combination thereof) which minimizes the probability of occurrence as well as minimizes the negative impact of the risk. The selected strategy must then be elaborated by developing a risk action plan for each risk. The risk action plan is a series of action items that will direct a Year 2000 PO or departmental resource in implementing the mitigation strategy. The risk action plan is to be attached to the Risk Information Sheet. |
Year 2000 Project Manager |
5. Assign Year 2000 PO Risk Owner | For each risk that requires a risk action plan (those for the Year 2000 PO as well as those delegated to the department or transferred to another organization such as TBS), assign a risk owner. This person will be responsible for tracking and reporting status on each risk and associated activities (such as the development of risk action plans). | Year 2000 Project Manager |
6. Ensure Risk Action Plans are Developed | For each risk that was delegated to
the department or transferred to another organization, the Year
2000 PO must ensure that risk action plans are being developed for
risks requiring avoidance or control.
The Year 2000 PO must still track activities for this risk since it is still a risk which can have negative impacts on the Year 2000 Project. |
Risk Owners |
7. Implement Action Plans | For each risk action plan that was
developed and for which there was a risk mitigation (or avoidance)
strategy required, each risk owner responsible for a risk must
implement the risk action items on the Risk Information Sheet by
the target implementation date.
The implementation activities will be tracked and monitored for problems with the implementation. |
Risk Owners |
Note: The responsibility currently assigned to the Year 2000 Project Manager can be delegated to other members of the organization including audit.