PMC.SP 1.3 Monitor Project Risks

The acquirer monitors the overall project risk. Many risks are the sole responsibility of the acquirer and can include information that should not be shared with the supplier (e.g., source selection sensitive, re-competition, internal staffing).

There can also be risks that require careful coordination with suppliers and the establishment of appropriate mechanisms for the escalation of risks and risk status (e.g., feasibility of the technology to meet end-user functionality and quality attribute requirements). Shared risks can require jointly planned mitigations.

Example Work Products

1. Records of project risk monitoring

Example Supplier Deliverables

1. Records of supplier risk monitoring

Subpractices

1. Periodically review the documentation of risks in the context of the project’s current status and circumstances.

This review includes the risks defined in the solicitation package, risks identified by the supplier in their proposal, and risks raised as part of regular supplier status reporting.

2. Revise the documentation of risks as additional information becomes available.

As projects progress (especially projects of long duration or continuous operation), new risks arise. It is important to identify and analyze these new risks. For example, software, equipment, and tools in use can become obsolete; or key staff can gradually lose skills in areas of particular long-term importance to the project and organization.

3. Communicate the risk status to relevant stakeholders.