Office of Administration
 Matt Blunt, Governor - Larry Schepker, Commissioner
 
 
 



Office of the Chief Information Officer

ITAB Risk Management Guidelines and Best Practices

The Information Technology Advisory Board approved the new Guidelines and Best Practices for the Missouri IT Risk Management Program. The program manual presents the guidance and approach for implementation of the program including the processes, templates and associated narratives necessary to support program implementation.

Missouri IT Risk Management Manual

Policy Statement

Risks associated with each Information Technology project must be identified, analyzed, and prioritized.  Identified risks must be controlled through the processes of project planning and monitoring.  Risk identification and management must be integrated components of project management and risks must be continuously assessed and analyzed during the life of the project.

Purpose

To ensure that risks associated with a project are well understood so they can be managed, planned for, and mitigated during the execution of the project.

Overview

Assessing a project’s risk will help project managers make more informed decisions and ensure more successful outcomes.  Risk assessment is not problem management, but is a process that reduces the likelihood of problems occurring.  The risk management process must be integrated with the other elements of project management to ensure consistency in the process.  Project risks involve exposure to events such as:

  • failure of the project to obtain anticipated benefits;
  • costs that exceed planned levels;
  • extended project schedules;
  • poor performance of a system.

Objectives

  1. Risk identification will be led by the project manager, with the assistance of team members with various perspectives, including user, management, and technical perspectives.  Risks are listed, analyzed for probability of occurrence and potential impact on the project.  Then the risks are prioritized.  Risk identification occurs at the beginning of a project and continues throughout the project.  Management must ensure that the project team openly and routinely discusses and analyzes risks throughout the life of a project.
  2. Risk management planning produces plans for addressing each major risk item and coordinates individual risk plans to the overall project plan. Risk planning ensures that project schedules and cost estimates are adjusted to ensure that adequate time is allocated to properly develop and execute risk mitigation measures when required.
  3. Risk management monitoring and control involves tracking the progress toward resolving high risk items and taking corrective action when necessary.  The appropriate risk items are highlighted as part of the project reviews and status reports.

Responsibilities

The project manager has primary responsibility for implementing the policy.

Evidence of Compliance

To demonstrate compliance with this policy, the following must be available, at a minimum:

  • Risk Management Plan
  • Form 5

Project Management