7.3. Reporting & Documentation
The purpose of risk reporting is to ensure management receives all
necessary information to make timely and effective decisions. This
allows for coordination of actions by the risk team, allocation of resources,
and a consistent, disciplined approach. A primary goal of risk reporting
should be to provide the PM with an effective early warning of developing
risk.
Risk documentation is the recording, maintaining, and reporting of
identifications, analyses, mitigation planning and implementation, and
tracking results. Risk tracking should be done as part of technical
reviews, risk review board meetings, or periodic program reviews.
Documentation includes all plans and reports for the PM and decision
authorities and reporting forms that may be internal to the program
office. This is consolidated in the Risk Mitigation Plan.
Risk reporting should present standard likelihood and consequence screening
criteria, as well as the Risk Reporting Matrix presented in Section 4.2. The
details regarding consequences for cost, schedule, and performance should be
documented in each Risk Mitigation Plan. The plotted position on the
risk reporting matrix should show the PM’s current assessment of the risk’s
likelihood and the estimated severity of its effect on the program if
mitigation fails. As risk mitigation succeeds in a program, a yellow or
red risk’s position on the Risk Reporting Matrix will migrate in successive
assessments from its current location toward the green. Each risk
description should include three key elements (Figure 6 provides an
example):
