Project Controls Expo, 18th Nov 2014 - "NEC3 Contracts – Managing Risk and Change" By Glenn Hide
Project & Change Risk Management
-
Upload
ben-omoakin-oguntala-developingafricadotnet -
Category
Documents
-
view
1.200 -
download
4
description
Transcript of Project & Change Risk Management
Project & change Risk management
A web based tool for Compliance/Information security team to engage projects and changes to the infrastructure
www.riesgoriskmanagement.comBy
www.riesgoriskmanagement.com
Introduction
Start cycle
Engage project team
Complete survey
Initial risk assessment
Risk management
Approval
Project manager - can create a project and manage the progress of his/her project through its milestones and can oversee how all its risks are identified and managed.
Fraud, Risk or Security (compliance) -can interface with the project team and have new projects, changes or business unit ideas assessed for risks and provide resolution.
www.riesgoriskmanagement.com
This solution is a web based, effective and collaborative solution to project risk management, it allows for an effective business process that allows both the project management team and the risk management team to address project issues as it progresses through its lifecycle.
Process overview
Project
Change
Suppliers
Ris
k as
sess
men
t
Ris
k m
itig
atio
n
Information security/compliance
Fraud
Security policies
PCI DSS
Data security
Business units ISO27001
FSA
Enga
gem
ent
Pro
ject
re
gist
er
Ris
k re
gist
er
Risk assuranceForum
Risk Acceptance
form
Risk review
Capturing project/change risk management lifecycle
www.riesgoriskmanagement.com
Information security project engagement solution overview
Project management
office
Project registration
Project Manager allocation
Project documentation
Project manager
Business analyst
Information security or compliance
Information security survey
Risk assessment
Pro
ject
re
gist
er
Risk mitigation R
isk
regi
ster
Risk assurance
forum
Ris
k ac
cep
tan
ce
form
Ris
k re
view
A simple web based tool that capture changes to your organisation’s framework providing a consolidated platform to manage potential risks to your estate.www.riesgoriskmanagement.com
The key participants
Programme management
Project approval
Change approval
Supplier or business unit
approval
Project funding control
Project management
Project management
Project team
Project milestone
Information security or compliance
FRS survey
FRS project allocation
Project Milestone
Gate approval
Risk Management
Light touch option (Fast
track)
Business impact
assessment
BIA stakeholders
Risk identification
Risk Assurance forum
Senior management
Risk Register
Risk acceptance
form
Risk review
The web based tool ensures that the key participants are engaged and the business processes ensures a consistent approach to all projects/changes.
www.riesgoriskmanagement.com
SPMB Programme
office
Project initiation
Project cost code
allocation
Handover to project
management
Project office
Project allocation to
PM
Upload project details
Complete FRS survey
Sys admin
System administration
SPMB(Programme office) users
FRS Fraud/Risk/Security
Users
RAF (Risk Assurance
Forum)Users
FRS manager
FRS resource allocation
Project risk management
Assign projects to
risk consultant
FRS consultant
Accept assigned projects
Assess project and
carry out risk
assessment
Raise project risk in the
risk register
RAFRisk Assurance
forum
Review project risk
register
Risk acceptance
form approval
Periodic review of the risk register
Assess project risk
survey results
Update project
resources
Find risk mitigations
The business process
The tool ensures that the business process engages the right units at the right time and ensures that there are no redundant or neglected elements within the operation.
www.riesgoriskmanagement.com
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
The lifecycle
The next sets of slides will take you through the lifecycle of the tool demonstrating how each stage is designed to address the objective of risk management and enforcement of compliance.
www.riesgoriskmanagement.com
System Admin: Account setup
Each account is set up via email and the user will be expected to change their default password upon first login
www.riesgoriskmanagement.com
Project list overview
www.riesgoriskmanagement.com
The list shows the number of projects and the activities throughout their lifecycle.
Project registration (1)
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
For each project, the Programme team can provide as much details as possible about the project.
www.riesgoriskmanagement.com
Project registration (2)
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
The programme team will be able to see the list of project and the approval dates, this provide them with the ability to have corporate governance for the projects.
www.riesgoriskmanagement.com
Project registration (3): project status
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
The aim of the project status is to allow the users to capture what stage the project is throughout its lifecycle, green indicated passed and red indicates current position. www.riesgoriskmanagement.com
General project information
Project sponsors and dates
Project milestones
Project registration (4): project status
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
www.riesgoriskmanagement.com
Project manager allocation (1): Assigning a project manager
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
A project manager is allocated to the project and this triggers an alert to the Project manager, creating his account, if new and moving the project to his queue to acknowledge.
www.riesgoriskmanagement.com
Project manager allocation (2): project acknowledgement
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
www.riesgoriskmanagement.com
Project manager allocation (3): project list & dashboard
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Project list displays the number of projects the project manager has been allocated, he can also henceforth add his own projects.
For each project there is a dashboard that displays the details of the project as it progresses.
www.riesgoriskmanagement.com
Project manager allocation (4): Project team
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
The project manager is able to add the project team on to the project, these can include the Business analyst, Architect, Test team, developers e.t.c. The aim is to ensure all participants are working from a central repository and all information can be communicated centrally.
www.riesgoriskmanagement.com
Project documentation
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
All team members will be able to provide their relevant information about the project.
If the project has a Teamroom where documentations are stored the URL can be added in order to other participants to view.
If there are other sites that are related these can be added as central sites as well.
If required, documentation may be attached locally. Types of documentations include: PID, BRS, HLD, LLD, test plan and others.www.riesgoriskmanagement.com
Information security survey(1): overview
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Each project will complete an information security survey, this survey will provide an initial assessment of the project and automatically score the project.
The PM can delegate this task to any member of the project team or can complete it himself or herself.
If the Project is scored as low then there is no further engagement required, however if medium or high a business impact assessment will be carried out.www.riesgoriskmanagement.com
Information security survey(2): Fraud, risk or security survey
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
A series of questions designed to capture the business impact that the project may have. The questions can be customised to fit your particular environment.
Once completed, the submit button triggers the automatic assessment.
www.riesgoriskmanagement.com
Information security survey(2): survey result
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
The result shows how the project has been scored and the result against each section.
Projects can score:-High -Medium -LowThe projects scored medium or high are more likely to have security risks and require an in-depth assessments.
www.riesgoriskmanagement.com
Information security survey(3): project survey result
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Each project, will have its survey resulted listed against and will be visible to all the participants in the project.
Projects that score medium or high will automatically be placed onto the Fraud, Risk or security (compliance) radar for a business impact assessment.
www.riesgoriskmanagement.com
Risk assessment (1): Project allocation to Consultant
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Fraud, Risk or Security(compliance) team will receive all Medium and High risks. The team manager can assign the project to a Consultant and the project will be listed on the Consultant’s queue.
www.riesgoriskmanagement.com
Risk assessment (2): Invitation of state stakeholders
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
If the Consultant requires to invite other stakeholders or specialists (i.e. Penetration Testers, Legal, PCI DSS QSA, Firewall operations, e.t.c.) or can carry out the operation.
www.riesgoriskmanagement.com
Risk assessment (2): Business Impact Assessment
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Consultant can create the Business impact assessment for the project by uploading the completed the risk assessment document and also get add the assessment of other stakeholders.
www.riesgoriskmanagement.com
Risk assessment (3): Business Impact Assessment
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Consultant can upload BIA risk assessment document or add the URL where the BIA is held and set the BIA status. Once completed the project now reflects that the business impact assessment has been carried out or is in progress. www.riesgoriskmanagement.com
Risk mitigations(1): project risk registrations
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
New risks for the project can be registered against the project. The risk will include the business impact, likelihood of occurrence, residual risks and risk owner.
The risks are stored in the risk register for the Risk assurance forum (Senior managers) to accept, reject, transfer or mitigate.
Ris
k re
gist
er
www.riesgoriskmanagement.com
Risk mitigations(2): Risk Register
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
The risk register contains the risk register for all the projects and the Risk Assurance Forum can assess each risk and decide on a resolution of the risks.
www.riesgoriskmanagement.com
Risk mitigations(3): Risk Register
Project registration
Project Manager allocation
Project documentation
Information security survey
Risk assessment
Risk mitigation R
isk
regi
ster
Once the Risks are resolved the project can be moved forward for approval and progressed through the project milestones.
www.riesgoriskmanagement.com
Contact details
• Ben Oguntala
• +44 7812 029 867
• www.riesgoriskmanagement.com
www.riesgoriskmanagement.com