Skip to main content
M3 Playbook > Phase 3: Engagement > 3.4 Maintain and Execute Risk Processes
Play Icon

3.4 : Maintain and Execute Risk Processes

Program Management
  1. Shared

    Integrate risk processes between customer and provider, updating Risk Management Plan

    customer
    provider
  2. Shared

    Maintain / update Risks, Actions, Issues, and Decisions (RAID) Log

  3. Shared

    Coordinate across all work streams on new / updated risks and implementation status (~every 2 weeks)

  4. Shared

    Develop and employ mitigation strategies continuously throughout Phase 3

  5. Shared

    Report new and on-going risks/issues

  6. Shared

    Include discussion on mitigation efforts in meetings with decision-makers and in Status Reports

  7. Shared

    Perform Risk Assessment, as appropriate

3.4 Lessons Learned

  • Develop joint Risk Management Plan and establish PMO risk function before transition to coordinate risk management efforts
  • Regularly meet on risk, incorporating updates into reporting and escalation; document in RAID Log to facilitate communication
  • Define risk roles for staff / executives at customer agency and provider; train teams on risk identification and mitigation
  • Train and empower risk liaisons to drive accountability

Stakeholders

Recommended stakeholders, inputs, & outputs may vary by implementation; however, agencies that contributed to this Playbook reported these factors as increasing the likelihood of success.

Customer

  • Executive Sponsor
  • Business Owner
  • Program Manager
  • Risk Manager
  • PMO Lead
  • PMO Team

Provider

  • Executive Sponsor
  • Business Owner
  • Program Manager
  • Risk Manager
  • PMO Lead
  • PMO Team

Inputs

Outputs

USSM.GSA.gov

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit USA.gov