5.8.2 Risk Management Reports
The following are examples of basic reports that a PMO may use to manage
its risk program. Each office should tailor and amplify them, if necessary, to
meet specific needs.
Risk Information Form (RIF). The PMO needs a document that
serves the dual purpose of a source of data entry information and a report of
basic information for the IPTs. The RIF serves this purpose. It gives members
of the project team, both Government and contractors, a format for reporting
risk-related information. The RIF should be used when a potential risk event
is identified and updated over time as information becomes available and the
status changes. As a source of data entry, the RIF allows the database
administrator to control entries. To construct the database and ensure the
integrity of data, the PMO should design a standard format for a RIF.
Risk Assessment Report (RAR). Risk assessments form the
basis for many program decisions, and the PM will probably need a detailed
report of any assessment of a risk event. A RAR is prepared by the team that
assessed a risk event and amplifies the information in the RIF. It documents
the identification and analysis process and results. The RAR provides
information for the summary contained in the RIF, is the basis for developing
risk-handling plans, and serves as a historical recording of program risk
assessment. Since RARs may be large documents, they may be stored as files.
RARs should include information that links it to the appropriate RIF.
Risk-Handling Documentation. Risk-handling documentation
may be used to provide the PM with the information he needs to choose the
preferred handling option and is the basis for the handling plan summary that
is contained in the RIF. This document describes the examination process for
the risk-handling options and gives the basis for the selection of the
recommended choice. After the PM chooses an option, the rationale for that
choice may be included. There should be a plan for each risk-handling task.
Risk-handling plans are based on results of the risk assessment. This document
should include information that links it to the appropriate RIF.
Risk Monitoring Documentation. The PM needs a summary
document that tracks the status of high and moderate risks. He can produce a
risk-tracking list, for example, that uses information that has been entered
from the RIF. Each PMO should tailor the tracking list to suit its needs. If
elements of needed information are not included in the RIF, they should be
added to that document to ensure entry into the database.
Database Management System (DBMS). The DBMS that the PM
chooses may be commercial, Government-owned, or contractor-developed. It
should provide the means to enter and access data, control access, and create
reports. Many options are available to users.
Key to the MIS are the data elements that reside in the database. The items
listed in Table 5-7 are examples of risk information that might be included in
a database that supports risk management.
They are a compilation of several risk reporting forms used in current DoD
programs and other risk document sources. “Element” is the title of the
database field; “Description” is a summary of the field contents. PMs should
tailor the list to suit their needs.