Summary

Monitor risks against those identified in the project plan.

Description

Refer to the Project Planning (PP) (CMMI-ACQ) process area for more information about identifying project risks.


Refer to the Risk Management (RSKM) (CMMI-ACQ) process area for more information about identifying potential problems before they occur so that risk handling activities can be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.


The acquirer monitors the overall project risk. Many risks are the sole responsibility of the acquirer and can include information that should not be shared with the supplier (e.g., source selection sensitive, re-competition, internal staffing).

There can also be risks that require careful coordination with suppliers and the establishment of appropriate mechanisms for the escalation of risks and risk status (e.g., feasibility of the technology to meet end-user functionality and quality attribute requirements). Shared risks can require jointly planned mitigations.

Example Work Products



  1. Records of project risk monitoring


Example Supplier Deliverables



  1. Records of supplier risk monitoring


Subpractices



1. Periodically review the documentation of risks in the context of the project’s current status and circumstances.

This review includes the risks defined in the solicitation package, risks identified by the supplier in their proposal, and risks raised as part of regular supplier status reporting.



2. Revise the documentation of risks as additional information becomes available.

As projects progress (especially projects of long duration or continuous operation), new risks arise. It is important to identify and analyze these new risks. For example, software, equipment, and tools in use can become obsolete; or key staff can gradually lose skills in areas of particular long-term importance to the project and organization.



3. Communicate the risk status to relevant stakeholders.

 

Examples of risk status include the following:
  • A change in the probability that the risk occurs
  • A change in risk priority