Risk Management: Guidelines and Best Practices

LINK

The risk management policy requires that risks associated with Information Technology projects must be identified, analyzed, and prioritized. Identified risks must be controlled through the processes of project planning and project tracking and oversight. Risk identification and management are integrated components of project management and must be continuously assessed and analyzed during the life of a project. The project manager acts as the risk analyst unless the identified risks are significant enough to designate an individual for the responsibility of risk management on a project.

Purpose
To ensure that risks associated with a project are well understood so they can be managed, planned for, and mitigated during the execution of the project.