Content
Mandatory Risk Process
Mandatory Process is endorsed policy, best practice and lessons learned through the application of the acquisition process. If this guidance is not followed the reasons need to be recorded in the project history and the results of the deviation discussed with, or reported back to, the guidance sponsor.
- An IPT leader should adopt a formal and open Risk Management approach appropriate to the stage and nature of the project.
- A Risk Management Strategy and Risk Management Plan should be produced for all Projects and be either referenced from or included within the Project’s Through Life Management Plan. Not having these will need to be explained in the TLMP.
- Risk Management should be an integral part of the project management process and should inform project decisions and forecasts. It should also inform an organisations's Corporate Risk Management activities.
- The Risk Management Process should include the activities of Identify, Analyse, Plan and Manage.
- Acceptable levels of risk should be agreed at all major decision
- Risk information, in conjunction with project data, should be used to generate the 10%, 50% and 90% confidence figures for Time & Cost. These are required for Project Approvals
- Integrated Project Teams (IPTs) and their contractors should, when appropriate, operate a common Risk Management Process that utilises common Risk information.
- Contractors’ Risk Management requirements should be included in Invitation To Tenders (ITTs) and subsequent contracts.
- Risk ownership should be assigned to the party best able to manage the risk.
- Risks should be described using terminology understood both by MOD and contractors. Descriptors such as high, medium and low in respect of probability and impact must be defined.
For DE&S refer to Standing instructions No.2
