The monitoring agency has a crucial role in ensuring that projects are set up and managed in such a way as to mitigate risk to the Government. In evaluating the risk management strategy a monitoring agency needs to be assured that all risks have been identified and evaluated in an in depth manner. The monitoring agency needs to assess:
- All of the documentation around identification of the risks including quantitative and qualitative analysis.
- How the risk analysis was derived.
- Whether all risk areas (i.e. strategic, business, investment, organisational, project, technology and political) have been fully and accurately identified.
- How the risks have been weighted and the reasons for this.
- What mitigation strategies are being proposed to treat each of the risks.
- The monitoring and escalation processes proposed for the life of the project.
- The degree of senior management involvement in the assessment of the risks, the treatment strategies and what their role will be in monitoring the strategy.
- Whether the Chief Executive has sought independent expert review of the terms of reference and proposed contract for a major IT project.
