Risk Assessment Checklist

Download link : Risk Assessment Checklist

Risk Assessment Checklist

Project Name   Project Code  
Program Manager   Project Manager  

1       Engineering Process

1.1      Requirements






Are the requirements stable


Are the external interfaces changing
Are there requirements you know should be inthe specification but aren’t?
(IF Yes)Will you be able to get these requirements into the system?
Does the customer have unwritten requirements/expectations?
Are the external interfaces completely defined?
Are you able to understand the requirements as written?
There are no ambiguities or problems of interpretation?
Are there any requirements that may not specify what the customer really wants?
Do you and the customer understand the same thing by the requirements?
How do you validate the requirements?
Are there any requirements that are technically difficult to implement?
Do requirements specify something never done before, or that your company has not done before?
Is the system size and complexity a concern?

1.2      Design






Are there any potential problems in meeting functionality requirements?
Does any of the design depend on unrealistic or optimistic assumptions?
Are there any requirements or functions which are difficult to design?
Are the internal interfaces well defined ?
Is there a process for defining internal interfaces?
Is hardware being developed in parallel with software?
Are there any problems with performance?
Scheduling asynchronous
Real-time events
Real-time response
Recovery timelines
Response time
Database response, contention, or access
Has a performance analysis been done?
Is the product difficult or impossible to test?
Does the design include features to aid testing?
Hardware Constraints
Does the hardware limit your ability to meet any requirements?Architecture, Memory capacity, Throughput, Real-time response, Response time, Recovery timelines, Database performance, Functionality, Reliability, Availability
Non-Developmental Software (If re-used or re-engineered software Exists)
Are you reusing or reengineering software not developed on the program?
(If Yes) Do you foresee any problems?Documentation, Performance, Functionality, Timely delivery, Customization
If COTS software is being used
Are there any problems with using COTS (commercial off-the-shelf) software?Insufficient documentation to determine interfaces, size, or performance

Poor performance

Requires a large share of memory or database storage.

Difficult to interface with application software

Not thoroughly tested

Not bug free

Not maintained adequately

Slow vendor response

Do you foresee any problem with integrating COTS software updates or revisions?

1.3      Code and Unit Test






Are any parts of the product implementation not completely defined by the design specification?
Are the selected algorithms and designs easy to implement?
Is there sufficient time to perform all the unit testing you think should be done?
Will compromises be made regarding unit testing if there are schedule problems?
Do you begin unit testing before you verify code with respect to the design
Has sufficient unit testing been specified?
Are the design specifications in sufficient detail to write the code?
Is the design changing while coding is being done?
Are there system constraints making the code difficult to write?Timing


External storage

Is the language suitable for producing the software on this program?
Are there multiple languages used on the program?
(if YES) Is there interface compatibility between the code produced by the different compilers?
Is the development computer the same as the target computer?
If developmental hardware is being used
Are the hardware specifications adequate to code the software?
Are the hardware specifications changing while the code is being written?

1.4      Integration and Test





Will there be sufficient hardware to do adequate integration and testing?
Is there any problem with developing realistic scenarios and test data to demonstrate any requirements?Specified data traffic

Real-time response

Asynchronous event handling

Multi-user interaction

Are you able to verify performance in your facility?
Does hardware and software instrumentation facilitate testing?
Will the target hardware be available when needed?
Have acceptance criteria been agreed to for all requirements?
Are the external interfaces defined, documented, and baselined?
Are there any requirements that will be difficult to test?
Has sufficient product integration been specified?
Has adequate time been allocated for product integration and test?
IF COTS Will vendor data be accepted in verification of requirements allocated to COTS products?
Has sufficient system integration been specified?
Has adequate time been allocated for system integration
Are all contractors part of the integration team? And test?
Will the product be integrated into an existing system?
Will system integration occur on customer site?

1.5      Engineering Specialties






Does the architecture, design, or code create any maintenance difficulties?
Are the maintenance people involved early in the design?
Is the product documentation adequate for maintenance by an outside organization?
Are reliability requirements allocated to the software?
Are availability requirements allocated to the software?
Are safety requirements allocated to the software?
Will it be difficult to verify satisfaction of safety requirements?
Are the security requirements more stringent than the current state of the practice or program experience?
Human Factors
Will the system be difficult to use because of poor human interface definition?
Is the software requirements specification adequate to design the system?
Are the hardware specifications adequate to design and implement the software?
Are the external interface requirements well specified?
Are the test specifications adequate to fully test the system?

2       Development

2.1      Development Process


Yes No NA Remarks
Are there formal, controlled plans for all development activities?

  • Requirements analysis
  • Design
  • Code
  • Integration and test
  • Installation
  • Quality assurance
  • Configuration management
Do the plans specify the process well?
Are developers familiar with the plans?
Is the development process adequate for this product?
Is the development process supported by a compatible set of procedures, methods and tools?
Process Control
Is the software development process enforced, monitored and controlled using metrics?
Are distributed development  sites coordinated?
Are the project members experienced in use of the process?
Do all staff members understand the process?
Product Control
Is there a requirements traceability mechanism that tracks requirements from the source specification through test cases?
Is the traceability mechanism used in evaluating requirement change impact analyses?
Is there a formal change control process?
Are changes at any level mapped up to the system level and down through the test level?
Is there adequate analysis when new requirements are added to the system?
Do you have a way to track interfaces?
Are the test plans and procedures updated as part of the change process?

2.2      Development System


Yes No NA Remarks
Are there enough workstations and processing capacity for all staff?
Is there sufficient capacity for overlapping phases, such as coding, integration and test?
Does the development system support all phases, activities, and functions?
Do people find the development system easy to use?
Is there good documentation of the development system?
Have people used these tools and methods before?
Is the system considered reliable?

  • Compiler
  • Development tools
  • Hardware
System support
Are the people trained in use of the development tools?
Do you have access to experts in use of the system?
Do the vendors respond to problems rapidly?

2.3      Management Process


Yes No NA Remarks
Is the program managed according to the plan?
Is re-planning done when disruptions occur?
Are people at all levels included in the planning of their own work?
Are there contingency plans for known risks?
Are long-term issues being adequately addressed?
Project Organization
Are the roles and reporting relationships clear?
Management  Experience
Are the managers experienced in software development, software management, the application domain, the development process, or on large programs?
Program Interfaces (Interface with customer, other contractors, senior and/or peer managers.)
Does management communicate problems up and down the line?
Are conflicts with the customer documented and resolved in a timely manner?
Does management involve appropriate program members in meetings with the customer?

  • Technical leaders
  • Developers
  • Analysts
Does management work to ensure that all customer factions are represented in decisions regarding functionality and operation?

2.4      Management Methods


Yes No NA Remarks
Are there periodic structured status reports?
Does appropriate information get reported to the right organizational levels?
Do you track progress versus plan?
Personnel Management
Are project personnel trained and used appropriately?
Are program members at all levels aware of their status versus plan?
Quality Assurance
Are there adequate procedures and resources to assure product quality?
Configuration  Management
Do you have an adequate configuration management system?
Is the Configuration Management function adequately staffed?
Is coordination required with an installed system?
(If Yes) Is there adequate configuration management of the installed system?
Does the configuration management system synchronize your work with site changes?

2.5      Work Environment


Yes No NA Remarks
Quality Attitude
Are all staff levels oriented toward quality procedures?
Does schedule get in the way of quality?
Do people work cooperatively across functional boundaries?
Do people work effectively towards common goals?
Is management intervention sometimes required to get people working together?
Is there poor awareness of mission or goals; poor communication of technical information among peers and managers?
Is there a non-productive, non-creative atmosphere?
Do people feel that there is no recognition or reward for superior work?


3       Program Constraints

3.1      Resources


Yes No NA Remarks
Has the schedule been stable?
Is the schedule realistic?
Is there anything for which adequate schedule was not planned?
Are there external dependencies which are likely to impact the schedule?
Are there any areas where the required technical skills are lacking?
Do you have adequate personnel to staff the program?
Is the staffing stable?
Do you have access to the right people when you need them?
Is the budget stable?
Is the budget based on a realistic estimate?
Is there anything for which adequate budget was not allocated?
Do budget changes accompany requirement changes?
Are the development facilities adequate?
Is the integration environment adequate?

3.2      Contract


Yes No NA Remarks
Type of Contract
Is the contract type a source of risk to the program?(fixed price,  cost plus award fee etc.)
Is the required documentation burdensome( Excessive amount, picky customer, long approval cycle)
Are there problems with data rights?

  • COTS software
  • Developmental software
  • Non-developmental Items
Does the program have any dependencies on outside products or services

3.3      Program Interfaces


Yes No NA Remarks
Is the customer approval cycle timely?
Does the customer understand the technical aspects of the system?
Does the customer understand software?
Does the customer interfere with process or people?
How effective are your mechanisms for reaching agreements with the customer?
Does management present a realistic or optimistic picture to the customer?
Corporate Management
Is there a lack of support or micro management from upper management?
Are you relying on vendors for deliveries of critical components?

  • Compilers
  • Hardware
  • COTS
Are politics affecting the program?

  • Company
  • Customer
Are politics affecting technical decisions?

4       Others

4.1      On-Site


Yes No NA Remarks
Personal constraints
Type of Contract
Project Manager Project SQA
Program Manager Date

[1] Double Click the checkbox and select the options “Checked” or “Not Checked” as appropriate


Project Proposal Template

Download Link : Proposal Template

<Company Logo>





<Client Logo>

<Client Name>


<Services Offered / Project name>

<Date: dd-mm-yyyy>












<Company Name>


<Company Address>




Table of Contents

1.    Response to RFP.. 3

2.    Executive Summary.. 3

3.    Company Profile.. 3

4.    Scope of Work.. 3

5.    Architecture.. 3

6.    Assumptions. 3

7.    Work Estimate.. 3

8.    Cost Estimate.. 3

9.    Terms and Conditions. 3

10.      Company’s Experience.. 3

<Followed by document specific sections>

1.    Response to RFP

<Highlight the RFP / Solicitation identification number and a brief introduction to the document>

2.    Executive Summary

<This section should give an overall summary of the proposal and briefly mention the highlights of each section>

3.    Company Profile

provide information about the company>

4.    Scope of Work

<This section should in detail mention the solution or services being offered. This might contain the following elements:

i) Our understanding of the problem

ii) Proposed solution

iii) Modules of the software to be developed

iv) Features of the system >

5.    Architecture

<This section should describe in detail the proposed architecture for the system>


6.    Assumptions

<This section should list the assumptions made while making this proposal>


7.    Work Estimate

<This section should describe the work estimate required for executing the project>

8.    Cost Estimate

<This section should describe the cost estimate for executing the project>

9.    Terms and Conditions

<This section should list the terms and conditions laid down by “Company Name” to execute the project>

10. Company’s Experience

<This section should describe the past experience of “Company Name” in handling similar projects>

Apart from the above sections the proposal might also include project / client specific sections and appendices.

Proposals and Contracts [Sample]

Download Link : Proposals and Contracts Procedure_1

Proposals and Contracts Procedure






Version No

Requested By

Authorized By

















  1. 1.     Objectives

The objective of this procedure is to define and establish the process of generating and submitting proposals, and of reviewing and finalizing contracts.

  1. 2.     Scope

The scope of this procedure applies to all proposals submitted to prospects and contracts finalized with the customers.

  1. 3.     References


  1. 4.     Outstanding Issues
  • None
  1. 5.     Responsibilities
  • It is the responsibility of the Project Manager in charge of that account to make business / commercial proposal under the guidance of the Business Development Manager (BDM).
  • The Chief Executive Officer (CEO) / Vice President (VP) / BD Manager as the case maybe, is responsible for pricing policy for the company’s projects and applications, which will be reviewed from time to time. In case of exceptions, where special sanction is required for deviation from standard pricing and technical specifications, any one of them, as may be the case, would give the final approval for the same.
  • BD Team is responsible for
    • Collecting RFP for any required projects
    • Sales of company’s products/projects
    • Generating leads in the company’s business line.
    • Coordinate with client during the initial project phase and whenever required during the life cycle of the project.
    • Primary requirements gathering from client
    • BD team should maintain a list of clients and do follow-up for all Projects with help of Project manager or Project Lead.
  • Project Manager / Project Lead is Responsible for
    • Preparation of project proposal, estimation and forward to the VP for review and approval
    • Coordinate between client and VP during proposal preparation
    • Initial project resource allocation
    • Analyzing of Client requirements to a granular level before the start of a project.
    • Collecting and Analyzing End-User Requirements for the project.
    • Handling Change Request from the clients during project execution.
    • Tracking of Project Profitability and submitting to the Management.
  • The VP prepares the contract based on inputs provided by the PM/PL and the BD Team
  • The Project Manager is responsible for appointing a Project team to be assigned for each customer project which is being executed.
  • During the contract period, VP/PM is responsible for collecting feedback from customer at regular intervals.
  • Project core team should analyze the customer feedback and should report it to the concerned Lead or Project manager.
  1. 6.     Inputs


  1. 7.     Outputs
  • Signed Contract


  1. 8.     Control Mechanism
  • The VP approves all contracts, as applicable, between the company and external clients.
  • Proper information sharing mechanism should be established to resolve the communication gap between VP/PM and Development Team, so that VP/PM is able to resolve client related issues regarding the project (Project status, Technical issues).


  1. 9.     Procedure



  • A detailed proposal will be prepared by the concerned Project Manager / Lead The proposal addresses the following:
    • The company’s tool proposed for the particular hardware & network operating system and back-end, as applicable, and suggested by the client.
    • Additional technical information, as needed, about topology, networking, architecture etc., if applicable and required.
    • Brief description of the current situation and business needs
    • Client’s Acceptance Criteria for the project
    • List of known gaps, if any, major deviations, as compared to existing templates
    • Price of development tool / software license used (runtime or development version as needed)
    • Price of hardware, operating system and other software if intended to be supplied by  the company
    • Free or charged training and price thereof
    • Free or charged implementation support, if required
    • Arrangement for travel, lodging, boarding of project personnel if any onsite inspection is to be carried out
    • Price of other services, such as Data Entry services, if intended to be supplied by the company’s Payment terms
    • Any exclusions
    • Guarantee and AMC charges
    • Validity of the offer
    • Rates and taxes as applicable
    • Projects teams along with support teams, if applicable and required, will carry out the risk analysis based on known parameters and interaction with the prospects. They may, if required and applicable, suggest the time and cost estimates to be incorporated in the Proposal.
    • The concerned PM/PL will submit the proposal and follow it up periodically.
    • The complete Risk Analysis and Feasibility cum Business Study will be carried out by the Projects Team.
    • The feasibility cum business study will be conducted to make sure that the requirements of the prospect application, as understood at this stage, are within the capabilities of the company to achieve.
    • It could also cover business workflow, Management Information System (MIS) requirements, user groups and types of functional users, interfaces with other systems and document flow, as applicable.
    • The extent of the study will depend upon the technologies and the risks involved (financial, technical human resource as well as time schedule).
    •  It is necessary to carry out the feasibility cum business study before accepting the order, estimation methodology, in cases where the company does not have application templates.
    • The feasibility cum business study report should highlight
      • Feasibility of executing the project/activity in the organization.
      • Risk involved in the proposed project
      • New functionality’s (those which are not available in the existing templates)
      • A hardware and/or software platform where experience within the company is judged to be inadequate and additional training is required.
      • Estimated time frame and estimates
      • Deliverables
      • The VP along with Project Manager Reviews of Contracts and Proposals before it is been delivered.
      • It is in both the company and the customer’s interests to have risks identified. However, the company may choose to exclude some internal risks from the contract.
      • The final agreement to proceed will be given initially by the VP, after formal Presentation of the Proposal and Review risks.
      • The PM/VP clears the review actions and initiates action for amending the contract accordingly.
      • The VP approves the final Contract Review record.
      • The VP maintains the contracts file and sends a copy with the status for every review to the respective Project Manager.
      • If there is any amendment received by the Project team, it will be informed and discussed by relevant teams to look in to commercial aspect of the same. All such changes affecting the Project Documentation will be controlled in the Configuration Management system.
      • The company, for any changes or amendment to the contract will consider the minutes of the review meeting, approved by the customer, as acceptance by the customer.