ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Sample Risk Management Plan - Part 5: Corrective Action and Monitoring

Updated on November 11, 2015

Published: November 16, 2011

Updated: November 22, 2011

Section 5: Corrective Action and Monitoring

Corrective action and monitoring provide an organization with a structure to determine when risk conditions are approaching trigger levels and corrective actions to mitigate risk are necessary.

Risk Monitoring typically involves members of the endeavor’s teams performing the following steps in an iterative, incremental, parallel … and ongoing manner:

  1. determine risks have changed
  2. identify the risk controls being used
  3. determine the effectiveness of actions and techniques
  4. develop or adjust the risk management plan
    (Open Process Framework 2009)

5.1 Type of Corrective Risk Management

A project such as the A&D High Tech Internet Store Project could greatly benefit by an analysis of Strengths, Weaknesses, Opportunities, and Threats (SWOT). However, this form of analysis should be performed earlier in the project so the benefits at this stage may be minimal.

Due to the amount of time remaining before the project deadline and because strategic decisions have already been made, a different form of corrective risk management is called for. In this instance, self-assessment will be the method of corrective risk management employed.

Project stakeholders, including representatives from Geneva, will periodically meet to assess the outstanding risks and corrective measures. For the project to succeed, Geneva must take on the role of a business partner, as opposed to a time and materials contractor, and participate honestly in these assessments.

Table 4: Vendor Supplier Risk (Hillson and Hulett, 2004)
Table 4: Vendor Supplier Risk (Hillson and Hulett, 2004)

5.2 Corrective Plan

“The purpose of the Corrective Action Plan … is to establish a risk management operational ‘standard for approving and directing the implementation of remedial actions to risks to” (Virginia Commonwealth University, 2005) the successful completion of the A&D High Tech Internet Store Application Project.

The Corrective Action Plan is used … to document a written statement that represents a standard of due care towards the retirement of a risk condition. The Corrective Action Plan details the procedures to be taken and the time-frames to correct deficiency conditions identified by the Risk Statements associated with a specific issue or Unit. (Virginia Commonwealth University, 2005).

The RBS and Risk Matrix will be the sources of input for identification of corrective actions that the Corrective Action Plan defines. The Project manager, team members, and stakeholders “participate in a structured process that is designed to identify, prioritize, document, analyze and re-mediate any reasonably anticipated threats” (Virginia Commonwealth University, 2005).

The outcome of the Corrective Action Plan is expected to:

  • Document the rationale or actions that are planned to ensure that actions cited by Risk Matrix are going to be initiated and as a “consequence to the `action(s)’ any risk situation is mitigated or re-mediated as part of the due diligence process and demonstrated good faith effort” (Virginia Commonwealth University, 2005)
  • Defines the time necessary to complete the mitigation process

The Corrective Action Plan is initiated by the project manager and is submitted to the CIO for:

  • Approval or rejection of recommendations
  • Approval or disapproval of resources
  • Determination of organization’s willingness to “assume the risk and ‘retire’ the plan without further action” (Virginia Commonwealth University, 2005).

5.3 Corrective Action for Risks

Two of the three major risks to this project relate to missing the Christmas deadline. The deadline itself is a risk and the contract with Geneva is closely related. As of May 26, Geneva had not identified specific resources for the project, which may indicate an opinion on the contractor’s part that the project is not a high priority. Geneva may experience an internal conflict over resources.

The answer to this dilemma is not easy, but in essence, the project management team must include "conflict over resources during the life of the project" as a major potential risk and plan for it accordingly by securing agreements and then monitoring the situation continuously. If a dispute does arise, there is a role here for the project champion and or the client to ensure that the allocated resources are not taken away. (Williams, 2009).

The remaining major risk is that problems may be encountered while developing the interface to the ERP system. Effective corrective actions to mitigate this risk entail beginning development of the interface early so that either the interface is complete in time to be integrated with the application or JD Edwards may be contracted for assistance. Negotiations with JD Edwards should begin immediately so they may be brought into the project if a trigger condition is reached.

Corrective actions for the intermediate risks are identified in the Risk Matrix. The minor risks should be assumed and dropped from the corrective action plan without further consideration. The effects of the minor risks would be minimal and could easily be absorbed if those risk conditions come to pass.

5.4 Evaluation

A&D High Tech has taken on some technology initiatives in the past that have proved to be successful despite the inherent risks involved with the development. An Enterprise Resource Planning (ERP) system implemented in 1999 reduced customer callbacks from 30 percent to less than one percent, according to Jeffrey (2007). The success was preceded by concerns that system maintenance may become problematic after the consultants hired to perform the system customization left.

The success of the ERP system led to a series of initiatives to improve systems in “handling the supply chain, payment process, customer relationship management (CRM), and order management” (Jeffrey, 2007, p. 2). These ventures into high tech projects indicate that A&D High Tech has a fair organizational tolerance for risk.

Departments within A&D also demonstrate a high tolerance for risk. Specifically, both the sales and IT departments demonstrate this tolerance by the pressure from the VP of sales to begin the project and the lack of pressure placed on Geneva to identify resources for the Internet store project prior to May by the IT department.

The two greatest risks to project success are missing the holiday deadline and the contract with Geneva. These two risks are directly related and the contract with Geneva influences the overall outcome. Mitigation strategy to offset the issues with the Geneva contract should include strict configuration management and change control. Configuration management would ensure that that each module of developed software meets the requirements for development and change control will help avoid scope creep.

A&D High Tech and the organizational departments that are the major players in the project demonstrate a relatively high tolerance for risk but the relationship with Geneva must be closely monitored and the contract risk mitigated for there to be any chance of meeting the deadline.

Dumbledore's Risk Management Series


Jeffery, M. (2007). A & D high tech (A): Managing projects for success. Project Risk Assessment and Control (pp. 1–16). New York, NY: McGraw-Hill.

Open Process Framework (2009). Risk monitoring. Available from

Virginia Commonwealth University (2005). Correction action plan standard. Information Security Risk Management Program Standards.

Williams, C., J. (2009). Project management: Risk management. Available from


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)