Assess Risks for an MIIS 2003 Project

Article
10/05/2010

Applies To: Windows Server 2003 with SP1

Previous Sections in This Guide

Risk management is a recurring process that continues throughout the project. When you create a vision statement, prepare a risk document that presents the top risks of the MIIS 2003 deployment. Deployment planning for an MIIS 2003 project might include the following risks:

Lack of executive support.
Conflicts with data owners.
Concurrent IT projects that impact identity data.
Inadequate training or experience by the design team.
Complex scenarios.
Inadequate testing, especially for data integrity and synchronization processes.

Four Essential Processes to Include in Risk Analysis

Your organization probably has its own process for assessing project risks. For an MIIS 2003 deployment, try to incorporate these four essential processes into your process.

Establish a process to analyze and prioritize project risks

The primary goal of risk analysis is to prioritize the items you identified in the planning process and determine which of these risks deserve commitment of resources for planning. At this stage in the process, your design team draws upon its own experience and information derived from other relevant sources regarding the risks inherent in projects of this scope. From these discussions, you construct a risks list. Use the list to analyze each risk according to your experience and the environment in which MIIS 2003 is to be deployed; and prioritize your risks for probability of occurrence, negative exposure on the deployment, and impact to the organization.

Build in assessments to the MIIS 2003 project plan and schedule

The goal of risk planning and scheduling is to develop detailed plans for controlling the top risks identified during risk analysis and to integrate them with your project management processes to ensure that they are completed.

Establish a process for ongoing risk tracking and reporting

The goal of tracking and reporting risk issues for an MIIS 2003 project is to create an action plan and follow through each issue to mitigation. However, if your organization does not already have a reporting mechanism in place, establish a process now that not only addresses the immediate project needs but also serves as a reporting method for the entire life cycle.

Establish a process to control ongoing risks through the design and deployment phases

The goal of risk control is to successfully apply the contingency plans that your project team created for top risks. During early stages of the project, you might see many factors affecting your design. As you move to the next phase — the dataflow design and metaverse planning — risks to your initial design increase. Therefore, establish a workable process now to keep the project on track.

Potential Risks During Different Stages of a Project

Identify the risks specific to each phase of the project, considering how risks affect personnel, processes, and technology.

Design and Planning

Working relationship with executive sponsorship.
Obtaining qualified team members.
Evaluating, identifying, and understanding your identity data and the data sources.
Scoping the project realistically for budget, cost, and schedule.

Lab testing and pilot deployment

Procuring appropriate testing facilities, including hardware and software.
Uncovering data synchronization issues.
Developing in-house tools and rules extensions.
Testing for capacity and performance issues.

Production deployment

Procuring appropriate hardware and software.
Obtaining qualified team members.
Proofing system capacity and security.

Operations

Preparing for legal implications pertaining to business rules.
Operating with insufficient IT infrastructure.

To obtain a template for this risk management document, see the MSF document templates at https://go.microsoft.com/fwlink/?LinkId=26228. For more information about preparing for risk management, see the MSF Risk Management Discipline white paper.

Assess Your Current IT Infrastructure