Risk management plan and business continuity management report
PMN607 – Strategic risk management PMN607 – Strategic risk management Assessment 2 – Criteria Reference Assessment (CRA) Risk management plan and Business Continuity Management Report (60% of overall unit assessment) Criteria Weighting 7 6 5 4 3,2,1 Mark 1. Development of risk management plan – risk context including internal and external contexts, analysis criteria; and discussion. 25% Excellent and detailed description of the risk context with all components (internal and external context, stakeholders, project/ program context, approach to identification and description of risk events, analysis criteria, evaluation criteria etc.) fully addressed. Excellent discussion and justification, including suggestions for optimal decision making. Good description of the risk context with one or two components not fully addressed. Good discussion and justification (including decision making suggestions) but not fully detailed in one or two areas. Reasonable description of the risk context with at least two- thirds of the components fully addressed. Reasonable discussion and justification (including decision making suggestions) but not fully detailed in several areas. Satisfactory description of the risk context with most of the components addressed. Satisfactory discussion and justification (including decision making suggestions) but some limitations. Poor or inadequate description of the context with less than half of the components being addressed, or adequately addressed. Very limited discussion and justification. /15 2. Development of detailed risk register component of risk management plan, including discussion and justification. 25% Excellent risk register with the required number of risk events identified, and all attributes in the register being clearly and succinctly addressed. The identification, description, analysis, evaluation and other details are consistent with the context, and are correct. Clear discussion and justification on the approach and content of the register. Good risk register with the required number of risk events identified, and all attributes in the register being addressed. The identification, description, analysis, evaluation and other details are generally consistent with the context, and are mostly correct. Good discussion and justification on the approach and content of the register, but not fully developed in one or two areas. Reasonable risk register with at least two-thirds of risk events identified, and attributes in the register being addressed. The identification, description, analysis, evaluation and other details are mostly consistent with the context, but a few errors. Reasonable discussion and justification on the approach and content of the register, but not fully detailed in several areas. Satisfactory risk register with most of risk events identified, and most attributes in the register being addressed. The identification, description, analysis, evaluation and other details are mostly consistent with the context, but some errors. Satisfactory discussion and justification on the approach and content of the register, but some limitations. Poor or inadequate register provided, with less than half of the required number risk events and attributes in the register being addressed. The approach is not, or only partially consistent with the context and there are many errors. Very limited discussion and justification. /15 3. Identification and analysis of designated number of risk events using quantitative risk analysis techniques, and associated discussion and justification. 10% Excellent and complete identification, analysis and discussion on the risk events analysed using a quantitative technique. The required number of risk events analysed and reported. Analysis is correctly undertaken. Good identification, analysis and discussion on the risk events analysed using a quantitative technique, with one or two errors. The required number of risk events analysed and reported. Analysis is correctly undertaken. Reasonable identification, analysis and discussion on the risk events analysed using a quantitative technique, with several errors. At least two- thirds of the required number of risk events analysed and reported. One or two errors in the analysis. Satisfactory identification, analysis and discussion on the risk events analysed using a quantitative technique, with some limitations. Most of the required number of risk events analysed and reported. Some errors in the analysis. Poor or incomplete identification, analysis and discussion on quantitative risk analysis of risk events. Less than half of the required number of risk events analysed, the technique was not appropriate or incorrectly applied. /6 PMN607 – Strategic risk management Assessment 2 – Criteria Reference Assessment (CRA) Risk management plan and Business Continuity Management Report (60% of overall unit assessment) 4. Preparation of risk response/ treatment plans for designated number of risk events, as part of risk management plan. Discussion and justification to be included. 10% Highest level risk events are identified (based on residual risk level) and treatment plans are produced for the required number of risk events. The plans are excellent with all necessary attributes for the plans to be executed, monitored and controlled included. Clear and succinct discussion and justification for the plans. Highest level risk events are correctly identified and treatment plans are produced for the required number of risk events. The plans are good with the necessary attributes for the plans to be executed, monitored and controlled included, but one or two errors. Good discussion and justification for the plans but with one or two gaps. Highest level risk events are mostly identified, and treatment plans are produced for the required number of risk events, but with one or two errors. The plans are reasonable with at least two- thirds of the attributes for the plans, included. Reasonable discussion and justification for the plans. Most of the highest level risk events are identified, and treatment plans are produced for the required of risk events, but with some limitations. The plans are satisfactory with most of the attributes for the plans, included. Satisfactory discussion and justification for the plans, with some limitations. The highest level risk events are not clearly or adequately identified. Treatment plans are poorly structured and less than half of the risk events, and attributes needed for effective management of the plans, are included. Inadequate discussion and justification. /6 5. Development of Business Continuity Management Report including: business impact analysis and continuity strategy 10% Excellent report with clear and complete description, justification and discussion on the business impact analysis; continuity strategy. Good report with clear description, justification and discussion on the business impact analysis; continuity strategy. One or two errors. Reasonable report with reasonable description, justification and discussion on the business impact analysis; continuity strategy. Some errors. Satisfactory report with satisfactory description, justification and discussion on the business impact analysis; continuity strategy. Most of the requirements are addressed but with some limitations. Poor or inadequate report provided. Business impact analysis and continuity strategy not complete, with inadequate discussion and justification. /6 6. Oral presentation on Business Continuity Management Report, only; and quality of presentation. 10% Independence from notes (or slides), clear and audible voice, logical flow, concise, coherent and engaging presentation. Competent and thorough content delivery that complements the slides. Delivered within the timeframe. High quality and professional looking ppt slides as evidenced by clear, attractive, creative, colourful, easy to read slides. All key features of the BCM report are sighted and presented in sufficient detail to clearly support the points made in the presentation. Some reference to note (or slides), clear audible voice, logical flow, relatively concise, coherent and interesting presentation. Very good content delivery that complements the presentation slides. Delivered within the timeframe. Very good quality ppt slides as evidenced by clear, attractive, creative, colourful, readable slides. All key features of the BCM report are sighted and presented in sufficient detail to adequately support the points made in the presentation. Read mostly from notes (or slides) but clear audible voice, logical flow, good presentation but some points can be lengthy and difficult to follow. Good content and delivery that complements in some ways, the presentation slides. Went a little over or under time. Good quality ppt slides as evidenced by clear and readable slides. Most key features of the BCM report are sighted and presented in some detail, with a few parts missing, supports to a large extent the points made in the presentation. Read entirely from notes (or slides), voice halting but audible, flow of logic just detectable, an average presentation that can be difficult to follow in parts. Limited content delivery beyond presentation slides. Did not keep to the timeframe. Average quality ppt slides as evidenced by cluttered but readable slides. Some key features of the BCM report are sighted, but are lacking in sufficient detail,