Monitoring Agencies: Risk Management Strategy - what to look for
Last updated: 6 July 2002
The monitoring agency has a crucial role in ensuring that projects are set up and managed in such a way as to mitigate risk to the Government. In evaluating the risk management strategy a monitoring agency needs to be assured that all risks have been identified and evaluated in an in depth manner. The monitoring agency needs to assess:
All of the documentation around identification of the risks including quantitative and qualitative analysis.
How the risk analysis was derived.
Whether all risk areas (i.e. strategic, business, investment, organisational, project, technology and political) have been fully and accurately identified.
How the risks have been weighted and the reasons for this.
What mitigation strategies are being proposed to treat each of the risks.
The monitoring and escalation processes proposed for the life of the project.
The degree of senior management involvement in the assessment of the risks, the treatment strategies and what their role will be in monitoring the strategy.
Whether the Chief Executive has sought independent expert review of the terms of reference and proposed contract for a major IT project.