CASE Associates Incorporated

Strategies for Improving Business and System Processes

Phone: (503) 598-3944
Fax: (503) 603-0821
daves@caseassociates.com

Risk Assessment Prosess


Approach and Processes for Identifying and Communicating Project Risks:

CAI consultants help the client prepare or review/critique Project Management Plan.  We use the principle documented in the Project Management Institutes' "Project Management Body Knowledge."  This plan is the baseline from which all project activities are organized, assigned resources, managed, and reviewed.  CAI’s Project Management approach meets project objectives by providing timely, thorough deliverables and by promoting effective communications between all project stakeholders.

CAI has learned many lessons managing projects.  The factors contributing to the potential success or failure of a project have been of particular interest to us.  Although each project and organization has its own unique characteristics, CAI has identified six factors that are consistent from project to project.  These factors are:

  1. Understanding the impact of the new system on the workflow, job procedures, job responsibilities, and business rules, plus the planning and dealing with the transition of the organization.
  2. Developing comprehensive verification and validation plans, procedures, test cases, and test scenarios that relate directly to the new system being developed, but also to the new workflows the new system will initiate.
  3. Installing, implementing, and training all affected parties on a thorough project management infrastructure, including process management, the project management methodology, configuration management, requirements management, documentation management, and organization change management.
  4. Managing all the models (requirement definitions and designs) relevant to the project (includes business process models, data models, architecture models, interface models, and user interface models).
  5. Involving the entire organization in the change process invoked by the project.
  6. Understanding, formulating, specifying, and evolving the technical architecture to support the business needs of each department and the information requirements and interfaces within and between departments. 

CAI consultants provide specific recommendations on how to manage the critical success factors (CSFs) and establish a standard Project Management Process.  CAI defines the process for managing and monitoring these CSFs for all projects.  CAI's process includes risk identification, determining risk mitigating solutions or process improvements when necessary.  CAI ensures that the knowledge transfer to the project staff is timely and complete.

CAI's experience has demonstrated to us that communication is the key to bringing a diverse organization together to work toward a common goal.  Interviews, quality reviews, proactive involvement, and frequent feedback cycles are conducted by CAI to ensure project success and staff involvement.  CAI believes that information system development involves more than just assembling the right hardware and software.  It includes management of the impact and change to job responsibilities, job procedures, and workflows.  We recognize today’s project initiatives include complex technical relationships with external parties such as ISPs, other governmental agencies and the general public.

CAI believes in the importance of transition management and effective communications.  Workflow diagrams, which describe business processes (inputs, outputs, procedures, and rules) are effective in conveying an understanding of business needs.  This concept facilitates and simplifies the process of defining, confirming, and documenting organization roles and responsibilities, organization capabilities and capacities, and information systems and business process improvements.  With respect to highly technical issues (e.g., network and data protocols, network operating systems, database middleware, etc.) the CAI team focuses communications with non-technical staff on business issues and business implications rather than on technology implementation issues.  This enables the business staff to focus on the business issues that are important to their organizational unit.

CAI will identify the project’s critical success factors (CSFs) or risk triggers as they apply to the system development process and the quality, completeness, accuracy, and timeliness of the deliverables.  Provide an issue tracking process and identify the trigger points (conditions) under which a CSF could turn into a risk.  Trigger points will be measurable through risk indicators.  When such a trigger point (CSF to risk) is determined, CAI will recommend specific risk mitigation solutions (includes a definition of options, potential effects and costs of the solutions, and a comparative summary of alternative solutions).

CAI will provide a written and oral assessment of project risks for the Project Steering Committee meetings.  The risk factors/areas to be monitored include but are not limited to:

·        Project organization and communications

·        Project staff skill-sets and training

·        Technical architecture and approach

·        Data conversion and interface requirements

·        Project planning and Project management

·        Change and configuration management

·        Project budget scope and timing

·        End user involvement

·        Organizational impacts

·        Development and management methodologies

·       Deliverable review and acceptance process and the verification and validation procedures used during system development and deployment

·       Overall user and management expectations

·     Risks specific to the Project Plus Risks specific to intra-agency and inter-agency data exchanges and interfaces

·       Other critical success factors identified in the Risk Assessment Instrument (part of Deliverable #1)

The Risk Assessment Report will include (but shall not be limited to):

1.                  Project critical success factors (CSF) and risk indicators that must be monitored monthly.

2.                  As assessment of the risk impact, consequence, and severity for each CSF and risk indicator.

3.                  Identification of the trigger points at which time significant intervention is required.

4.                  The recommend risk mitigating solutions and corrective actions.

5.                  For significant risks, assess alternative intervention strategies to address the risk area, the potential effects and costs of implementing the strategy, and a summary comparing the alternatives.