ARCHIVED - A Strategy for Implementing Risk Management in the Federal Government

• Previous Page
• Table of Contents
• Next Page

This page has been archived.

3. Action Plan

This section focuses on the plan that will be implemented to improve risk management practices. The plan defines the activities that need to take place between now and March 1998.

3.1 Key Components

Key components for the implementation of Risk Management improvements have been identified and include:

• Communications Program: Using various vehicles, introduce Heads of IT to the need for an improved Risk Management regime. Additional information is available in the document entitled "Communications Approach for the Implementation of the Enhanced Management Framework for IT Projects".
• Constitute the Risk Management Special Interest Group: The PMO will build on the previous Working Group and refine and expand it to include active or interested departments.
• Identify Volunteers: The PMO will continue to seek volunteer departments and projects to undertake pilots using the selected tools and techniques described in Section 2.2.5. Training in the selected tools and techniques will be provided.
• Continuous Risk Management Training: Identify possible sources of comprehensive Risk Management training and sponsor the first course offering.
• Assessments: Experiences with different tools and techniques will be assessed and lessons learned will be captured in the Lessons Learned database. The assessments will also provide input for direction setting and opportunities to leverage best practices already in place.
• Improvement Agenda: Departments will be encouraged to staff an Office of Primary Interest for the introduction of Risk Management improvements. They will be encouraged develop departmental strategies and plans for Risk Management. The PMO, the Special Interest Group and the Enhanced Framework Implementation Team will provide support. Government-wide Risk Management improvement activities will be highlighted by sharing ongoing and planned initiatives in departments.

3.2 Key Inputs

To carry out the activities above, the PMO needs various inputs in the form of people, funds, approvals and other resources. As a minimum, it is estimated that Risk Management implementation will require:

• One PMO resource dedicated to the deliverables identified above;
• 10% of PMO management time;
• Each participating department to staff the Risk Management Working Group and a Risk Management OPI;
• $50K dollars for consulting support and miscellaneous requirements such as training, tools, and consultation with the SEI or other resources.

3.3 Key Stakeholders

The key stakeholders in implementing the strategy include:

• Government Chief Information Officer (CIO): The CIO is the government-wide sponsor of Enhanced Framework implementation. He has ultimate responsibility for its government-wide implementation, including the Risk Management component;
• Project Management Office: The PMO will support the CIO and provide guidance and assistance to departments regarding the implementation of improvement activities;
• Departments: Departments will carry out most of the implementation activities. They will, in some instances, provide resources to support the development of the deliverables identified above. The improvements in departments will be leveraged through the Risk Management Special Interest Group and the Enhanced Framework Implementation Team;
• PWGSC: The department will ensure that acquisition vehicles used for IT goods and services embody the principles and practices required for appropriate Risk Management. The department will enforce their implementation with private sector suppliers;
• Internal Audit: Internal Audit in departments will measure Risk Management implementation status in projects. They will be in a position to provide guidance regarding future directions and priorities; and
• Industry: Industry will support the various departments insofar as they have the requisite skills and are requested to do so. Suppliers will be expected to comply with Risk Management practices as required under the terms and conditions of their contracts.

3.4 Key Milestones

The key milestones for the implementation strategy currently include:

Milestone	Date
1. Communications Program	December 15, 1997
2. Reconstitute Working Group	November 15, 1997
3. Identify Pathfinder Volunteers	November 30, 1997
4. Continuous Risk Management Training	November 30, 1997
5. Assessments	December 31, 1997
6. Improvement Agenda	March 31, 1998

Table 3: Key Milestones

3.5 Key Assumptions

In the development of this strategy the following key assumptions were made:

• Departments will be willing to use projects as opportunities to improve;
• Departments will be willing to fund improvement activities providing that they are contributing to their project objectives;

3.6 Risks

The following risks have been identified for the implementation of this strategy:

• There is a risk that one of the above assumptions will prove to be incorrect. Although it is felt that this risk is rather unlikely for all departments, the PMO mitigation strategy will be to emphasize the need for a risk regime as part of any submission for funds;
• There is a risk that departments will propose alternate pathfinder solutions. PMO will assess the merit of each of these solutions and will determine its applicability in the context of this improvement effort. Tools that clearly support the goals of the improvement effort will be accepted.

• Previous Page
• Table of Contents
• Next Page