Risk Management Plan

Version No.: 1.0

Date: 17-May-07

Project Name: UTi UniTi - 4asONE

Project Code: C/062879

HCL Technologies Ltd.

Enterprise Application Services
No.35, (SP) Developed Plot Estate
Chennai – 600 032

Copyright Notice

This document contains proprietary information of HCL Technologies Ltd. No part of this document may
be reproduced, stored, copied, or transmitted in any form or by means of electronic, mechanical,
photocopying or otherwise, without the express consent of HCL Technologies. This document is
intended for internal circulation only and not meant for external distribution.
 Risk Management Plan

Revision History

Version No Date Prepared by / Significant Changes

Modified by

1.0 17-May-07 Krishnan S

829165050.doc HCLT Confidential Page 2 of 16

 Risk Management Plan

Table of Contents

1 Risk Identification.....................................................................................4

2 Risk Analysis and Ranking.........................................................................7

2.1 Impact................................................................................................................................. 7

2.2 Probability........................................................................................................................... 7

3 Mitigation Plan.......................................................................................11

4 Contingency Plan............................................................................................................14

829165050.doc HCLT Confidential Page 3 of 16

 Risk Management Plan

1 Risk Identification

One of the primary tasks of project management is risk management and containment. The
major risks associated with the project will be identified, and relevant interventions will be made
to contain them. The risk items shall be prioritized and monitored accordingly on a continual
basis, and corrective action will be taken, when necessary.

HCL is aware of the various risk factors associated with the assignment, the impact of the risk
factors on the project schedules and the quality and the measures to control and manage the
risk factors identified. The objective of the planning shall be to highlight the risk factors,
analyze the impact of the risks on project execution and identify strategies to control and
minimize the impact of the risk items.

Assessing the risk at project startup will be the first step in identifying and gaining control of
risk factors during project execution. The risk management process is as follows:

Risk Identification

Risk Analysis

Risk Prioritization

Risk Planning

Risk Monitoring

Risk Identification

 HCL maintains its own risk database based on it past experience.

 At the beginning of the planning phase, identification of other risks and a detailed analysis
of the risks associated with the project is done and documented.

 These risks are reviewed both periodically and on event driven basis throughout the project
lifecycle and the status will be updated to UTi in the Project Status Report.

829165050.doc HCLT Confidential Page 4 of 16

 Risk Management Plan

 New risks identified in the tracking stages are analyzed, documented and monitored from
then on.

Risks List:
Based on HCL’s Risk Database, the following risks are identified as potential ones for this
engagement:

Sl. Risk description Risk category

No.
1 Communication and reporting Communication
2 SA Specific Security Risk General
3 Security and Infrastructure IT Related
related issues
4 System/Network connectivity IT Related
Failure
5 On time Hardware / Software IT Related
Availability
6 MSA / SOW delays Management

7 Visa related issues Management

8 Any Delay in decision making Management
by core team
9 Schedule overrun - Schedule Management
risk due to unrealistic estimates
10 Vendor Support Management
11 Project Sponsor Management
12 Customer Conflict Management
13 Non-adherence to Quality Quality
requirements
14 Significant deviations from the Requirements
plan due to changes in related
requirements
15 System and Functional Requirements
Documentation not available or related
outdated
16 Ambiguous/Changing User Requirements
Requirements (or) lack of clear related
requirements
17 Lack of core team Resource
representation from UTi
18 Cultural sensitization and Resource
process integration
19 Resource Attrition Resource
20 Team cohesiveness Resource
21 Resource Availability Resource

829165050.doc HCLT Confidential Page 5 of 16

 Risk Management Plan

22 Facility Constraints in SA(20 Resource

seats)
23 Clarity on Roles & Resource
Responsibilities for the team /
Track Conflict
24 Team Spirit & Attitude Resource
25 Absenteeism / unplanned Resource
Leave Management
26 Application / Product Bugs Technical
27 Maturity of Technology Technical
28 Frequent Product Version Technical
Changes
29 Team expertise in Application Technical
Area

829165050.doc HCLT Confidential Page 6 of 16

 Risk Management Plan

2 Risk Analysis and Ranking

2.1 Impact
For the risks identified in the earlier section, the Risk impact is measured based on the
following Criteria:

 Cost that would be incurred if the risk occurs

 Schedule variation on risk occurrence
 Changes in Scope of Project
 Impact of the Risk on Quality

The following scale is used for this purpose.

Impact
Rating Cost Schedule Scope Quality
Insignificant
Cost Insignificant Scope changes Quality degradation
1 Increase Schedule slippage barely noticeable barely noticeable
Quality reduction
<5 % cost Schedule slippage Minor areas of scope only on certain
3 increase <5% are affected areas
5-10% cost Overall project Major areas of scope Significant Quality
5 increase slippage 5 to 10% are affected Reduction
Both Minor and Major
10-20% cost Overall project areas of scope are High Quality
7 increase slippage 10 to 20% affected Reduction
>20% Cost Overall project Scope changes to a Greatest impact on
9 Increase slippage slips > 20% greater extent Quality

2.2 Probability

The purpose of this step is to analyze the frequency of occurrence of risks/probability

during the course of the project. The following scale is used for rating the probability of
risk.

Frequency of Risk Occurrence Probability Rating

Less than 30% 0.1

Less than 50% but greater than or equal to 0.3

30%

829165050.doc HCLT Confidential Page 7 of 16

 Risk Management Plan

Less than 70% but greater than or equal to 0.5

50%

Less than 90% but greater than or equal to 0.7

70%

Greater than or equal to 90% 0.9

For all the 28 risks identified, Risk Analysis is done based on the Probability and Impact Scales
discussed above

From the Probability and Normalized Impact, Risk Index is calculated as shown below:

Sl. Risk description Initial

No Probability Impact Impact Impact Impact Normalized Risk Index
. on Cost on on on Impact - Initial
Schedule Scope Quality
1 Communication and 0.5 1 1 1 1 1 0.5
reporting
2 SA Specific Security 0.3 3 3 1 1 2 0.6
Risk
3 Security and 0.1 1 3 1 1 1.5 0.15
Infrastructure related
issues
4 Visa related issues 0.7 5 5 1 1 3 2.1
5 Any Delay in decision 0.7 5 5 3 3 4 2.8
making by core team
6 Schedule overrun - 0.5 7 7 3 3 5 2.5
Schedule risk due to
unrealistic estimates;
7 Vendor Support 0.3 5 5 5 5 5 1.5
8 Project Sponsor 0.1 7 7 1 1 4 0.4
9 Customer Conflict 0.3 5 5 7 7 6 1.8
10 Non-adherence to 0.1 5 5 1 9 5 0.5
Quality requirements
11 Significant deviations 0.5 9 9 9 3 7.5 3.75
from the plan due to
changes in
requirements
12 System and 0.5 5 7 7 3 5.5 2.75
Functional
Documentation not
available or outdated
13 Ambiguous/Changing 0.5 5 7 7 3 5.5 2.75
User Requirements
(or) lack of clear
requirements
14 Lack of core team 0.3 5 5 1 1 3 0.9
representation from
UTi
15 Cultural sensitization 0.1 1 1 1 1 1 0.1
and process
integration

829165050.doc HCLT Confidential Page 8 of 16

 Risk Management Plan

16 Resource Attrition 0.3 5 5 1 3 3.5 1.05

17 Team cohesiveness 0.1 3 3 1 1 2 0.2
18 Resource Availability 0.5 3 3 1 1 2 1
19 Facility Constraints in 0.1 1 1 1 1 1 0.1
SA(20 seats)
20 Clarity on Roles & 0.3 1 1 1 3 1.5 0.45
Responsibilities for
the team
21 Team Spirit & Attitude 0.1 5 5 1 3 3.5 0.35
22 Absenteeism / un 0.1 1 1 1 1 1 0.1
Planned Leave
Management
23 Application / Product 0.7 5 7 7 1 5 3.5
Bugs
24 System/Network 0.3 5 5 1 1 3 0.9
connectivity Failure
25 On time Hardware / 0.3 3 3 1 1 2 0.6
Software Availability
26 Maturity of 0.3 3 3 5 1 3 0.9
Technology
27 Frequent Product 0.7 5 5 5 1 4 2.8
Version Changes
28 Team expertise in 0.3 3 3 1 1 2 0.6
Application Area
29 MSA / SOW delay .7 5 7 7 3 5.5 3.85

Risk prioritization is done based on risk index as tabulated below:

Probability
0.1 0.3 0.5 0.7 0.9
1 0.1 0.5
1.5 0.15 0.45
2 0.2 0.6 1
2.5
Normalized Impact

3 0.9 2.1
3.5 0.35 1.05
4 0.4 2.8
4.5
5 0.5 1.5 2.5 3.5
5.5 2.75 3.85
6 1.8
6.5
7
7.5 3.75
8
8.5
9
Higher the impact and probability of occurrence, higher is the risk priority and the need for
action.

829165050.doc HCLT Confidential Page 9 of 16

 Risk Management Plan

The need for action required (with regard to each risk index) is as follows:

 Extreme: This risk requires immediate attention, and both contingency and mitigation
planning must be planned and implemented.

 High: Preventive solutions will be searched for and evaluated.

 Medium: If the risk is realized, related risk management techniques would be implemented.

 Low: The risk must be monitored.

829165050.doc HCLT Confidential Page 10 of 16

 Risk Management Plan

3 Mitigation Plan

The following table lists the various Risks earlier identified and the mitigation plan that will be
adopted by HCL-UTi Team.
Sl. No. Risk description Risk category Mitigation plan
1 Communication andCommunication Joint reviews by HCL and UTi at regular
reporting intervals as per plan
2 SA Specific Security General Safe & Secured Residential Location for
Risk HCL Project Team will be found out and
other necessary actions will be taken by
HCL engagement Manger at SA.
3 Security andIT Related Periodic security audits by both UTi and
Infrastructure related HCL to ensure compliance with security
issues norms
4 System/Network IT Related ISMS will ensure the restoration of System /
connectivity Failure Network as per the Std SLA norms

5 On time Hardware /IT Related Proper plan for procurement of HW/SW are
Software Availability in place and adequate lead time for
erection & installation is planned.

6 MSA / SOW Delay Management HCL & UTi Senior Management should
review and sort out the ambiguities in the
MSA / SOW document

7 Visa related issues Management Proactive resource planning and

deployment will be done to ensure timely
processing of Visa. Alternate visa types will
be evaluated till WP is processed for all
members.

8 Any Delay in decisionManagement Joint representation of HCL and UTi at

making by core team Steering Committee and appropriate
escalations to resolve issues

829165050.doc HCLT Confidential Page 11 of 16

 Risk Management Plan

9 Schedule overrun -Management Close monitoring by HCL of schedule

Schedule risk due to slippage to identify the causes and
unrealistic estimates appropriate escalations to the Steering
Committee
10 Vendor Support Management HCL will closely work with Oracle and other
third party service provider and ensure
continuous vendor support
11 Project Sponsor Management HCL/UTi will ensure Project Sponsor
Involvement on a Quarterly/bimonthly/Need
basis during Steering committee meetings
12 Customer Conflict Management HCL will maintain cordial customer
relationship through Communications /
meetings and work towards strengthening
the same.
13 Non-adherence toQuality Periodic review of quality norms by the QA,
Quality requirements Project Manager & Program Manager

14 Significant deviationsRequirements related Close monitoring by HCL of schedule

from the plan due to slippage to identify the causes and
changes in appropriate escalations to the Steering
requirements Committee

15 System andRequirements related HCL will conduct adequate workshops to

Functional gather complete business requirements
Documentation not and validate the same with business
available or outdated owners prior to gap fitment

16 Ambiguous/Changing Requirements related UTi has formed a strong team comprising

User Requirements GBA's from different countries and
(or) lack of clear Business Analyst team. They will bring the
requirements domain expertise and chart the
requirements clearly for UTi as a whole
17 Lack of core teamResource Strong GBA & Business Analyst Team has
representation from been formed by UTi. Resource availability
UTi has been charted out clearly by UTi and
based on this project plan is drawn
18 Cultural sensitizationResource HCL has a structured cultural sensitization
and process program for all the resources going onsite
integration for this project

829165050.doc HCLT Confidential Page 12 of 16

 Risk Management Plan

19 Resource Attrition Resource Ensure that all critical resources on both

sides are adequately backed up within the
team deployed and outside of the team as
well to the extent possible. Having frequent
formal and informal interactions with the
team by the HR/PM.

20 Team cohesiveness Resource HCL Onsite/Offshore PMs will have

frequent informal communication with the
teams for ensuring team togetherness
21 Resource Availability Resource HCL ensures resource availability through
external recruitment/Internal Career
Opportunities program
22 Facility Constraints inResource HCL ensures Right Onsite-Offshore mix
SA(20 seats) through internal resource monitoring
mechanism
23 Clarity on Roles & Resource Roles and responsibility of both UTi & HCL
Responsibilities for has been clearly charted and agreed upon.
the team / Track HCL Onsite PM will frequently interact with
Conflict the track leads (Fin. FF & In) and UTi to
avoid any such conflicts. HCL Offshore PM
will interact and mitigate any such conflicts
at offshore.
24 Team Spirit & Attitude Resource HCL Offshore/Onsite PMs frequently
evaluate their respective team members'
performance through regular interaction
with the team members and the evaluation
of the deliverables of individual member.
25 Absenteeism / unResource Resources have to plan well in advance for
Planned Leave vacations / holidays, and communicate the
Management same to the respective PMs so that project
won't suffer.
26 Application / ProductTechnical HCL / UTi Team will work closely with
Bugs Oracle to resolve any application bugs.
27 Maturity ofTechnical HCL has partnership with all the major third
Technology party service providers and HCL employees
are adequately trained in all the latest
technology upgrades in their areas.
28 Frequent ProductTechnical HCL and UTi will freeze on the Product
Version Changes version to be implemented and will plan
accordingly.

829165050.doc HCLT Confidential Page 13 of 16

 Risk Management Plan

29 Team expertise inTechnical HCL has already planned and conducted

Application Area trainings in Specific Application Areas and
products. HCL will also plan for any such
new trainings in future based on the project
requirements

829165050.doc HCLT Confidential Page 14 of 16

 Risk Management Plan

4 Contingency Plan

The following table lists the some of the High Sensitive Risks and their Contingency plan that
will be adopted by HCL-UTi Team.

Sl. Risk description Risk category Contingency Plan

No.
1 System/Network IT Related Bronze level Disaster recovery
connectivity Failure plan will be ensured as per MSA
2 On time Hardware / IT Related Alternative HCL Internal Training
Software Availability instance has been installed so
that the project resources don’t
loose their time.
3 Visa related issues Management Alternate visa (B Visa) has been
planned for all the resource
travelling to SA since Work visa
will take considerable processing
time. In the mean time Work visa
will be processed and Stamping
will be done to all the onsite
resources. If Work Visa has to be
planned, resource rotation plan
has to be planned for travel &
stamping.
4 Any Delay in decision Management During any such escalation,
making by core team Senior Management Team of
both UTi & HCL will intervene and
mitigate such issues.
5 Schedule overrun - Management Senior Management Team of
Schedule risk due to both UTi & HCL will discuss and
unrealistic estimates mutually resolve such issues.
6 Significant deviations Requirements Will be handled through Change
from the plan due to Related Control / New SOW as required.
changes in Have to plan for additional
requirements resources to reduce the
deviations due to change in
requirements
7 System and Functional Requirements UTi has to plan for immediate
Documentation not Related availability of such required
available or outdated documents and bear any
additional cost due to schedule
slippage because of this. HCL, if

829165050.doc HCLT Confidential Page 15 of 16

 Risk Management Plan

possible, on case to case basis,

at additional costs to UTi can
prepare the documents through
Change Requests / new SOW. If
not, standard product features will
be implemented in those cases.
8 Ambiguous/Changing Requirements Proper planning and
User Requirements (or) Related documentation during JAD
lack of clear session and sign off at
requirements appropriate stages will avoid such
issues. Intervention from GBAs /
UTi Project Mgr / UTi Senior
Mgmt is required to close such
issues on case to case basis.
9 Maturity of Technology Technical Recruitment / redeployment of
resources equipped with latest
technology
10 Frequent Product Technical Will be handled through Change
Version Changes Control / New SOW as required.
11 Team expertise in Technical Recruitment / redeployment of
Application Area resources with expertise in the
required application areas will be
inducted. For this engagement,
Oracle resource with expertise in
OTM has been deployed.
12 Application / Product Technical HCL / UTi Team will work closely
Bugs with Oracle to resolve any
application bugs. If the bugs are
not fixed HCL will suggest an
alternate solution. If still there are
some more bugs, the issue will be
escalated through proper
channels and appropriate
decision will be taken by the
Senior Management Team.
13 MSA / SOW Delays Management Arrange interim Letter of
Agreement for the project
continuity till the Contract is
signed between UTi & HCL.

829165050.doc HCLT Confidential Page 16 of 16