The QMS Consultant shall conduct a Risk Assessment of the project to identify the current status of the project, identify risks and their likelihood of occurring, and provide an independent evaluation of the planned schedule, fiscal and personnel resources, and processes. If Consultant conducts a Risk Assessment early in the project lifecycle, Consultant may be requested to refresh the Risk Assessment one or more times throughout the project. At minimum, in developing or refreshing its Risk Assessment Report, the QMS Consultant must evaluate the project’s Integrated Project Plan for reasonableness, validity, thoroughness and accuracy with emphasis on the following: Project Plan including State Resource Plan; Project Requirements Management Plan; Project Change Management Plan; Project Issue Management Procedure; Communication Plan; Other critical Project processes; and Any authorized Task 3 Quality Control Reviews. As applicable and available, the QMS Consultant should perform a risk assessment on the project’s most recent Software Development Plan, Facility Plan, Configuration Management Plan, Data Conversion Strategy, Testing Strategy, Post-Implementation Support Strategy (for on-going operations and maintenance), Training Strategy, and Certification Checklist. For projects that are not for the purpose of traditional software development, the Risk Assessment should include artifacts that are comparable to those listed in this section within the context of the project’s actual purpose. This Risk Assessment should take into account work product and project-level considerations, including at a minimum: Feasibility of the technical solution; Sufficiency of security controls to safeguard protected or confidential information and to meet security requirements; Sufficiency of project components and processes; and Sufficiency of project budget, schedule, and resources. To satisfactorily produce this Deliverable, the QMS Consultant should be well versed in all aspects of the project, gaining such basic project knowledge through its review of the project’s available: Business Case, Charter; Work Plan and Work Breakdown Structure; Approved (original or current) baseline project budget and schedule; Integrated Project Plan and related supporting plans; and Other major project deliverables produced by the Authorized Purchaser or its other project consultants that relate to the project’s functional, non-functional, and security requirements. The Deliverable should include: Risk Identification (providing a description, level of impact, probability of occurrence, and measurable threshold to trigger the risk); Risk Avoidance Plan (recommending specific solutions to avoid the triggering of each risk); Risk Mitigation Plan (recommending specific risk mitigation solutions for each identified risk, including a cost-benefit analysis for each mitigation option along with specific recommendations)
