RISK LOG Clause Samples

RISK LOG. The Recipient will maintain a Risk Log throughout the Project Monitoring Period in a format satisfactory to the Authority. The baseline Risk Log is attached below. An up to date Project Risk Log is to be submitted to the Authority in accordance with the reporting provisions within Schedule 5. The project does not spend to forecast RiDO ▇ ▇ Ensure robust project management systems are in place, based on previous experience. Lack of engagement from businesses/individuals RiDO L H The available support will be promoted proactively using a range of channels

RISK LOG. The tables below are examples of risks identified, potential impact and probability of risks on the projects and the project team mitigation response 2.4.5.1 CDK REGISTRY RISK PLAN RISKS PROBABILITY POTENTIAL MITIGATION Security Breach Medium Medium 1. Add web application security such as firewall 2. Ensure VPN connectivity 3. Add a two factor authentication 4. Apply a secure application RISKS PROBABILITY POTENTIAL MITIGATION segmentation Failure to transmit codes and messages to the appropriate networks Medium Medium 1. Perform frequent IT audits 2. Data encryption Data Loss on Relational Database Management System High High 1. Create storage backup on AWS server Data access and ownership High High 1. Create authorizations levels for access based on hierarchy 2. Use unique identifiers to de- identify personal identifiable information 3. End-to-end encryption of data Configuration Issues High High 1. Ensure compatibility with other with applications by downloading and updating necessary plugins for functionality Offline Server and Server Intrusion Medium Medium 1. Control network access via Amazon EC2 firewall settings 2. Isolate data in Virtual Private Clouds 3. Database encryption via Amazon S3 4. Create database backup creation via Amazon S3 2.4.5.2 ICURE HEPATITIS REGISTRY RISK PLAN RISKS PROBABILITY POTENTIAL MITIGATION Security and Privacy Issues Medium Medium 1. Two-factor authentication ▇.▇▇▇▇ should be encrypted when at rest or in motion Lack of Patient Participation Medium Medium 1. Helpline to assist patients 2. Access to computers at community health centers 3. Provide health counselors for stigmatized patients ▇.▇▇▇▇▇▇▇▇▇ outreach programs Funding Issues High High 1. Identify organizations that have aligned goals to seek for sponsorship. 2. Continuous applications of grants. Lack of Cooperation High High 1. Provide transparency of project details. 2. Engage all stakeholders from

RISK LOG. 9.17.1 The Customer has provided the risk log to the Supplier which is set out in Schedule 12 and which has been commented on by the Supplier as set out in Schedule 12. 9.17.2 Throughout the Term, the Supplier shall manage its own risk log (which shall be shared with the Customer and which the Customer shall be entitled to comment on) and shall update it every month as part of the monthly service report referred to in paragraph 4.2 of Part B of Schedule 2.2 to reflect: 9.17.2.1 any risks or new risks that the Supplier has identified; 9.17.2.2 any risks that are becoming an issue and need to be resolved; 9.17.2.3 any risks that can be removed; and/or 9.17.2.4 any other amendments that the Supplier reasonably believes should be made to the risk log. 9.17.3 The Parties acknowledge that the risk log may be developed from the form of the risk log that is included in schedule 12 but no amendment to the risk log shall be capable of leading to a Change.

RISK LOG. Project Title: Loan Management Programme with Fiduciary Monitoring: Support Unit To Monitoring Committee On Japanese ODA Loan Projects Award ID: Date: March 2009 1 Recruiting qualified international staffs and dispatch them to Baghdad may take time March 2009 Operational Could affect the project implementation schedule. P = 3 I = 4 UNDP will initiate the recruiting process by developing TOR and advertise the positions immediately after the commencement of this agreement Program Manager 3 Administration changes implementing agencies jeopardizing current commitment to project design and inputs. March 2009 Organizational Could affect the project implementation P = 2 I = 4 Relationships built at the technical level with the implementing agencies officials to ensure continuity in the event of change. The Monitoring Committee attempts to limit these changes as much as possible GoI/JICA and UNDP team 4 Weakness of procurement staff in using JICA’s Procurement Guidelines and international sound procurement practices and financial management March 2009 Operational Could affect the project implementation P = 4 I = 4 Technical assistance should be provided to PMTs in on JICA’s Procurement and financial management Guidelines, preparation of bidding document and bid evaluation. Training should also be provided as well as close supervision by JICA and the Support Unit Program Manager and Capacity building specialist 5 Limited ability of JICA’s procurement staff to supervise project in the field March 2009 Operational Could affect the project implementation P = 4 I = 4 The Support Unit and international consultants will conduct spot physical supervision and assist PMTs in reporting. Recruiting of local consultants to work with the Support Unit should be considered Program Manager

RISK LOG. ‌ The Risk Log shall be used to identify the major risks to the project. The PEMT should discuss the potential risks to the project and provide both elimination and mitigation strategies for the top threats on the Risk Log. All project risks will be captured and maintained on this log. If a risk is realized (comes to fruition) it is no longer a risk but an issue. If this occurs, the risk should be moved to the Issue log for tracking and resolution. Risk Log will be reviewed by PEMT every weeks.