PM-05-01-Risk_Monitoring_Log

APX-01-02T
Ver 3.01 / 28-May-12

Risk Monitoring Log

Account Name:

Project ID:

Project Name:

Note: * indicates mandatory field

Sr.
No.

Risk
Applicability

Risk Description

Risk
Risk
Phase *
Identification Assessment
Date *
Date *

Risk Category *

L&T Infotech Internal Use

Risk
Response *

Status of
Risk *

Anticipated
Impact *

1 of 18

PM-05-01-Risk_Monitoring_Log

L&T Infotech Internal Use

2 of 18

PM-05-01-Risk_Monitoring_Log

APX-01-02T
Ver 3.01 / 28-May-12

Account Name:

Project ID:

Note: * indicates mandatory field

Sr.
No.

Risk
Applicability

Risk Description

Risk
Mitigation Action Plan Responsibility *
Identification *
Date *

L&T Infotech Internal Use

Target Date

Probability * Impact
*

Risk Severity

3 of 18

PM-05-01-Risk_Monitoring_Log

L&T Infotech Internal Use

4 of 18

PM-05-01-Risk_Monitoring_Log

APX-01-02T
Ver 3.01 / 28-May-12

Account Name:

Project ID:

Note: * indicates mandatory field

Sr.
No.

Risk
Applicability

Risk Description

Risk
Identification Actual Impact
Date *

Risk Occurrence
Actual Action

L&T Infotech Internal Use

Remarks

5 of 18

PM-05-01-Risk_Monitoring_Log

L&T Infotech Internal Use

6 of 18

PM-05-01-Risk_Monitoring_Log

APX-01-02T
Ver 3.01 / 28-May-12
Guidelines for using RML template

Note: RML template helps in keeping track of identified and materialized risks, their classification, assessment, prioritization, likely impact and the
action plans for risk response. This also helps in keeping track of changes in risk priorities and action plans.

Field name

Guideline

Risk Applicability
Risk Description
Risk Identification
Date

Detail the risk that is envisaged or identified

Mention the date on which the risk was identified.

Risk assessment Date Mention the date on which the risk is assessed / monitored.

L&T Infotech Internal Use

7 of 18

PM-05-01-Risk_Monitoring_Log

Phase

Helps in identification of the phase during which the risk is likely to impact. It could be:
1) Sales/RFP
2) Contracting
3) Requirement
4) Design
5) Development
6) Testing
7) Rel. & Imp.
8) Warranty
9) Support
10) ERP-Planning and preparation
11) ERP-Blueprint
12) ERP-Realization
13) ERP-Go-Live

Risk Category

Refer to 'Guidelines - Risk Category' sheet for details on 'Risk Category'

Risk Response

Avoid Execute action plan prior to occurrence to avoid risk totally. Ideal for Risks with very high impact
Mitigate Reduce risk partially with appropriate action plan
Transfer - Transfer the impact to others like Client and business partners (in terms of exclusions, etc.) Taking appropriate
insurance is also a transfer strategy.
Accept - Accept the impact of risk. Select when the Risk index is low or when Cost of action plan exceeds the benefits.

Status of Risk

Enter the status of Risk on the date of assessment:

1) Monitored - When risk is still open
2) Impacted - Already impacted the project
3) Closed - Closed with / without impact.

L&T Infotech Internal Use

8 of 18

PM-05-01-Risk_Monitoring_Log

"Anticipated Impact" These helps to qualitatively evaluate impact (Anticipated / Actual) in terms of Effort, Cost and Schedule individually or in
and "Actual Impact" combination. Approximate cost, schedule and effort are worked out by PM in arriving at action plans for identified risk /
(on the project)
evaluating actual impact on materialized risk.
Note: Select cost only when there is a direct expense involved (E.g.. Additional HW for testing, Third party testing, Additional
tools procurement, Extended on-site non-billable stay), though effort involves cost.

Responsibility

Name of the person who holds the responsibility for implementing the identified action plan.

Target Date

Mention the target date for completion of mitigation implementation.

Probability

Select the probability of occurrence of risk with your judgment / in consultation with an expert / SM
3 - High
2 - Medium
1 - Low

Impact

Select the magnitude of impact of the risk

3-High
2-Medium
1-Low

Risk Severity

Risk severity is the product of risk impact and probability, which help in acknowledging the severity of risk, i.e.. High, Medium
or Low.

Actual Action

Narrate the actual action taken for minimizing the impact of a materialized risk.

Remarks

Briefly describe the actual impact of materialized risk and additional information (if any) in remarks.

Note

Changing Risk perception during tracking:

Risk perceptions for some of the identified risks changes over a period of time. It could be an increase in risk or changing
scenario reducing the risk. Hence some risks keep moving in and out of risk radar of high priority risks of Senior Managers.

L&T Infotech Internal Use

9 of 18

PM-05-01-Risk_Monitoring_Log

In order keep visible track of changes in Risk response type / Action plan and Risk severity based on revised risk assessments,
enter the revisions in the next line with an intermediate Sr.No.(Serial Number)
E.g.. For risk in Sr.No. 2, the PM wants to revise the Action plan and Risk Index after some time. He has to enter new values in
these columns by inserting a row. Sr.No. for this row will be 2.1. This provides history of changes in risk perception and related
fields.

L&T Infotech Internal Use

10 of 18

PM-05-01-Risk_Monitoring_Log

APX-01-02T
Ver 3.01 / 28-May-12
Guidelines for 'Risk Category'

Sr. No Category

Sales / Contracting/ Legal

1 Terms/ Liabilities:
2 Estimation:
3 Effort Variance:
4 Talent Acquisition:
5 Resource attrition:

6 Requirement Stability:
7 Requirement Complexity
8 Niche Technology

9 Project Environment

10 Test Data/Scripts
11 Effective tool selection

12 Communication:

L&T Infotech Internal Use

11 of 18

PM-05-01-Risk_Monitoring_Log

13 SLA/Penalty
14 Data Migration

15 Data Security
16 System Capacity

17 Change Management

18 Infrastructure

19 Business Continuity plan

20 Network Connectivity

21 Third Party Tool

22 Knowledge Transfer
23 Currency

24 Taxation

L&T Infotech Internal Use

12 of 18

PM-05-01-Risk_Monitoring_Log

25 Credit

26 Location/Geography

27 Natural Calamities

L&T Infotech Internal Use

13 of 18

PM-05-01-Risk_Monitoring_Log

Guidelines for 'Risk Category'

Risk Guidelines
Look for the risks in preproject phase i.e. RFP and contracting phase. Risks could be related to
contract's terms and conditions, liabilities related, certain financial clauses, warranty period etc.

Risks related to estimating the scheduling, costing, billing model(T&M/FP/Other combination),

resourcing plan etc.
Applicable to milestone based projects (FP projects). Risk related to cost overrun.
Risk related to acquiring the required skills resources.
Risk related to Key resources/dependent resources leaving the organization.
Risks pertaining to
- requirements being stable, or prone to changes impacting the overall subsequent phases.
- requirement ambiguity
Risks pertaining to the complexity of the requirements, and its feasibility
Risks related to entering into new technology work or new functional domain
Risks can arise if project's required environment setup is not in place. If the requirement performance
servers/tools/licenses/infrastructure/connectivity is not available, it could lead to sub-optimal
performance of the project.
Risk pertaining to
- Risk can surface if stakeholder for creating/providing the test data and test scripts is not identified
or ambiguous
- Risk can arise if the test data and test scripts are not provided in time
Risk can surface if the tool selected for the work is not effective or not helping the purpose of the
project/service

Risk can surface if communication protocol between the is not identified, or unclear to the team
members. Following can be the team combinations where the communication protocol plays a
critical role:
- Client - Offshore team
- Onsite - Offshore team
- Teams with third party team/stakeholder combination
- Support projects (critical in Level 1 support)

L&T Infotech Internal Use

14 of 18

PM-05-01-Risk_Monitoring_Log

Risk can surface if the support project

- Do not have the Service Level agreement defined with the client. This is because the service
levels which would satisfy the client is unspoken, hence any performance may not satisfy the client
and lead to client dissatisfaction
- Too stringent SLA with associated penalty - Risk can surface if the agreed upon SLA are too
optimistic and difficult to achieve. Also, if the SLAs are associated with the penalties, it could result
in loss of revenue.
Risk related to migrating the data from one server/system to another
Risk pertaining to
- Security of client information/data as agreed in the contract
- Security of organization servers/sites from external world/hacking etc.
- Securing the data from virus attack
Risk pertaining to capacity of the system
Risk related to
- Changes in the earlier defined requirements/ Scope creep
- Identifying changes reported along with incidents (in support projects)
Risks may arise if
- the required infrastructure for the project as agreed upon in contract/PMP is not available
- required facility for the optimum performance of the resources is not available
Risk can surface if
- The business continuity plan for the project is not in identified
- Business continuity plan is identified, however not tested
Risks are surface if the network connectivity is
- not as per the requirement
- link backup connectivity is not in place
Risk can surface due to dependency on third party tools used in the project
- Tool may not be meeting the client's requirements
- Tool may have residual bugs which would impact our deliverable
Risk can surface if
- Knowledge transfer plan (for the support project) is not in plan
- Sufficient knowledge transfer for the application to be maintained has not happened
- No or insufficient documentation is available for the systems to support
Currency related risks needs to be looked in pre-project (RFP/contracting) phase. Risk can surface if
the currency in which the invoicing is to be done lowers in foreign exchange rate.
Taxation related risks needs to be looked for in pre-project (RFP/Contracting) phase. There could be
specific taxation related rules/regulation application to specific geography/country. This needs to be
investigated and thought upon, prior to contract agreement.

L&T Infotech Internal Use

15 of 18

PM-05-01-Risk_Monitoring_Log

Credit related risks would be applicable during sales/RFP/Contracting/execution phase. This could be
an ongoing risk. Client credibility needs to be looked at the RFP phase, before signing the contract,
and throughout the project execution. If client's credibility is at stake for the ongoing
project/account, informed business decisions needs to be taken to minimize the risk exposure.

Risk needs to be thought upon pertaining to specific location/geography. Risk could be related to
1. Specific location security for the onsite resources
2. Availability of Visa for the specific location in time
3. Taxation, rules and regulations for specific location
4. HR rules compliance/Compensation for a specific location
5. Custom duties/octroi for a specific location
Risk can surface due to hazards/natural calamity prone geography. Strong and well tested BCP,
security measures for the resources should be thought upon.

L&T Infotech Internal Use

16 of 18

PM-05-01-Risk_Monitoring_Log

APX-01-02T
Ver 3.01 / 28-May-12

Risk Severity - Matrix

High
Probability Medium
Low

Low

Medium High
Impact

Risk Severity
High

Medium
Low

Recommended action
High - Needs to be brought into the notice of Corporate Risk Management Committee, BU
Risk Manager, BU Opeartions head, Senior Managers. Prefered risk response would be to
avoid the scenario or condition giving rise to the risk.
Medium - Requires PMs attention and SMs guidance in risk management.
Low - Requires PMs attention. Consider contingency response to execute when the risk
occurs. Alternatively accept the impact of risk if it is not worth responding.

L&T Infotech Internal Use

17 of 18

PM-05-01-Risk_Monitoring_Log

L&T Infotech Internal Use

18 of 18