Example Risk Assessment Report

Example Risk Assessment Report

Your project has been calculated as  HIGH RISK  based on the answers you provided.

There are factors at play which can be reasonably expected to significantly increase the likelihood of project failure.

Consider engaging external specialist help to fully assess and manage all project risks, thoroughly review your working practices to ensure you are following standard industry practices, seriously consider implementing the recommendations coming out of our risk assessment (where relevant) and seek specialist help for areas in which your own capabilities are lacking.

We provide specialist help in situations like this through our Programme Assessment Service

Risk Ratings Explained.  Read more about our risk ratings and what they mean

Our assessment model identified the following risk factors for your project:

Programme Management

  • Project budget may be insufficient for the planned work
  • Project progress and benefits realisation are unclear

Reputational Risk

  • Reputational damage if the system does not work correctly

Stakeholder Management

  • Project sponsor / commissioner is missing

Business Readiness

  • Changes to business operations or structure

Delivery Management

  • Issues experienced with the project
  • Fixed delivery date and fixed budget with no contingency

External Dependencies / 3rd Parties

  • External components or systems need to be ready

Procurement & Supplier Management

  • Multiple suppliers involved in delivering the project

Showing all 9 risk factors.

Your project risk rating of  HIGH RISK  is broken down as follows:

Our assessment model suggests the following actions to reduce your risk of project failure:

Programme Management

  • Model the required project budget given known system requirements and any stated delivery dates
  • Develop a business case to obtain additional project budget to make up the short fall
  • Negotiate changes to the system scope and delivery schedules to align planned work to available budget
  • Ensure there is a clearly defined methodology for managing the project and coordinating work
  • Consider a staged / gated delivery approach to encourage clearly defined, incremental packages of work that can be planned and coordinated
  • Periodically review realised project benefits to date compared to those planned in the business case
  • Seek specialist help to potentially run, oversee or provide external project governance and compliance

Reputational Risk

  • Understand and adhere to all applicable industry certifications and standards
  • Understand and adhere to all legal requirements in domestic markets
  • Test and validate the correct operation of each and every new system release
  • Consider engaging the services of expert, external quality assurance firms to supplement your own testing
  • Ensure appropriate liability and damages insurances are in place

Stakeholder Management

  • Engage with project stakeholders and senior management to appoint a new sponsor who will be singularly responsible for the project
  • Compile a list of project risks and their impact for continuing to operate the project without a sponsor and present these to senior management
  • Consider making a proposal to stop / temporarily pause the project until a new sponsor is appointed

Business Readiness

  • Understand the necessary changes to the current business structure and/or business operations
  • Develop a future operating model for the system which includes and takes into account all necessary business changes and new business capabilities
  • Validate early on a comprehensive technical architecture which can fully support the future operating model
  • Build early prototypes of the system and deploy these into business like, sandboxed environments for "real world" testing and evaluation

Delivery Management

  • Further clarify the exact details of the project issues experienced
  • Determine which project issues warrant remediation and act accordingly
  • Ensure high level scope is well defined and delivery methodology understood by all project members, including stakeholders and the delivery team
  • Prioritise features into "Day 1" and "non-Day 1" and seek to descope or delay anything deemed not "Day 1"
  • Estimate the delivery effort for the fixed project scope and ensure there is enough "slack" given the project resource profile
  • Model the earliest delivery date for the fixed project scope across a range of resourcing scenarios
  • Ensure team members are available, present and committed (and consider incentives / penalties regarding the fulfilment of contractual obligations)

External Dependencies / 3rd Parties

  • Check integration contracts and system specifications of external components to ensure they are well defined (ie. APIs or otherwise)
  • Review the delivery plan for all external dependencies to ensure they will be tested, deployed and available in good time
  • Seek early integration with external components or systems well ahead of time
  • Consider specifying contractual penalties and/or damages for suppliers who fail to deliver external dependencies in time

Procurement & Supplier Management

  • Review supplier contracts and ensure contractual responsibilities are clear
  • Review supplier contracts and ensure contractual KPIs are defined and supplier performance is regularly reviewed
  • Ensure a periodic re-competition of supplier contracts is advertised and conducted on the open market
  • Ensure incumbent suppliers are encouraged to bid for re-tendering of contracts to encourage their good performance in the lead up to the re-tendering

Showing all 34 project recommendations.

You completed the following short questionaire about your IT project.

There were 15 mandatory questions and 30 optional questions which followed.


1. Has the project been previously attempted but unsuccessfully?

2. Is a global rollout planned across countries with different cultures, spoken languages and/or regulations?

3. Will there be a big bang release with any existing systems turned off at point of deployment?

4. Are there major political, government or regulatory changes anticipated that would have an impact?

5. Do you believe the project budget is insufficient for the planned work?

6. Is there risk of death or serious injury to life for incorrect operation or conduct?

7. Would the company / organisation suffer reputational damage should the system not work correctly?

8. Does the project lack or no longer have a sponsor / commissioner?

9. Will the new system require a change in how the business operates or is structured?

10. Has there been turnover in the role responsible for project management?

11. Are you unsure or concerned about the project being on track to deliver?

12. Is the project budget large compared to typical IT spend in the company / department?

13. Do multiple stakeholders have a say over project decisions?

14. Have there been any problems or issues with the project?

15. Does the project depend on external components or systems to be ready?

16. Could there be financial penalties or trade restrictions imposed for incorrect operation or conduct?

17. Are there suppliers are already working with no signed contract / PO?

18. Is there an incumbent supplier or consultancy in-place which the new system will replace?

19. Is there fuzzy or continually changing high-level scope of the system features and functionality?

20. Is the project trying to solve a complex / "wicked" problem with the new system?

21. Is the project using new technology in novel, unorthodox or untested ways?

22. Is there a fixed delivery date and fixed budget with no contingency?

23. Are there team members currently subject to disciplinary action related to their conduct?

24. Are there team members who don't all communicate using the same language?

25. Are multiple suppliers involved in delivering the project?

26. Was there lack of a competitive process when appointing suppliers and/or staff?

27. Is the technical team disconnected from interacting with, and understanding end system users?

28. Is the planned testing approach known to be lacking or less than ideally required?

29. Are there senior stakeholders who do not support or don't wish the project to succeed?

30. Could the technology sufficiently outdate before the intended benefits have been delivered?

31. Are there industry regulations or regulatory constraints which need to be understood and adhered to?

32. Is the system business critical and will require a very high level of uptime?

33. Will the new system handle personally sensitive or commercially sensitive information?

34. Are there team members who have worked together before but with difficulties?

35. Do you have a globally distributed delivery team which spans multiple countries / regions?

36. Are there private commercial contractual obligations which need to be understood and adhered to?

37. Do you pay suppliers or make purchases in currencies other than your own?

38. Are the compliance departments who should be involved absent or actively not included?

39. Are there special or unique performance or non-functional requirements which need to be met?

40. Do you work in a political environment that values consensus building over decision making?

41. Are there important project roles which are unstaffed and may remain so?

42. Are there Intellectual Property (IP) considerations which affect the project?

43. Is the delivery team a mix of permanent staff, suppliers, contractors and consultants?

44. Would the sudden departure of any team member cause significant issues?

45. Are there team members who have not worked together before?


Further guidance

Your answers were used by our assessment model to calculate a risk rating for your project, identify specific areas of concern and provide you with a list of recommendations.

Questions were asked in priority order with the most important ones coming first.

The questions are subjective and the model took this into account.

There are a number of things you can do now: