USA: +1(669)289-8683 
Sign in
Project Charter
Project Charter Document
Project Name:
Department:
Focus Area:
Product/Process:
Prepared By
Document Owner(s)
Project/Organization Role
Project Charter Version Control
Version
Date
Author
Change Description
[Replace this text with the name of the Document Owner.]
Document created
[Replace this text with the name of the Change Owner.]
[Replace this text with a list of changes for this Owner on this Date and Version.]
· [Change
1
]
· [Change
2
]
· [Change n]
TABLE OF CONTENTS
1
PROJECT CHARTER PURPOSE
3
2
PROJECT EXECUTIVE SUMMARY
3
3
PROJECT OVERVIEW
3
4
PROJECT SCOPE
3
4.1
Goals and Objectives
3
4.2
Departmental Statements of Work (SOW)
3
4.3
Organizational Impacts
3
4.4
Project Deliverables
3
4.
5
Deliverables Out of Scope
3
4.
6
Project Estimated Costs & Duration
3
5
PROJECT CONDITIONS
3
5.1
Project Assumptions
3
5.2
Project Issues
3
5.3
Project Risks
3
5.4
Project Constraints
3
6
Project Structure Approach
3
7
Project Team Organization Plans
3
8
PROJECT REFERENCES
3
9
APPROVALS
3
10
APPENDICES
3
10.1
Document Guidelines
3
10.2
Project Charter Document Sections Omitted
3
PROJECT CHARTER PURPOSE
[Replace the following text with your own statement of the Project Charter Purpose, or use the provided sample text.]
The project charter defines the scope, objectives, and overall approach for the work to be completed. It is a critical element for initiating, planning, executing, controlling, and assessing the project. It should be the single point of reference on the project for project goals and objectives, scope, organization, estimates, work plan, and budget. In addition, it serves as a contract between the Project Team and the
Project Sponsor
s, stating what will be delivered according to the budget, time constraints, risks, resources, and standards agreed upon for the project.
PROJECT EXECUTIVE SUMMARY
[Replace this text with a high-level view of:
· project goals
· objectives
· scope
· assumptions
· risks
· costs
· timeline
· approach
· organization]
PROJECT OVERVIEW
[Replace this text with the rationale and business justification for undertaking this project.]
PROJECT SCOPE
Goals and Objectives
Goals
Objectives
[Replace this text with Project Goals. For example: The project will provide an improved system for managing product returns.]
[Replace this text with Objectives for each Goal. For example:
1. Develop a system by June that tracks an end-to-end process for 100% of product returns.
2. Integrate new system with Sales in order to improve customer satisfaction 40% by year end.]
Departmental Statements of Work (SOW)
Departmental SOW
Owner/Prime
Due Date/Sequence
Organizational Impacts
Organization
Impact to and Participation of Organization
Project Deliverables
Milestone
Deliverable
1. [Milestone Description]
· [Deliverable 1—description]
· [Deliverable 2—description]
· [Deliverable n—description]
2. [Milestone Description]
· [Deliverable 1—description]
· [Deliverable 2—description]
· [Deliverable n—description]
3.
·
Deliverables Out of Scope
[Replace this text with a description of key logical areas not considered part of the boundaries of this project. Examples of these Out-of-Scope Deliverables may include data, processes, applications, or business management.]
Project Estimated Costs & Duration
Project Milestone
Date Estimate
Deliverable(s) Included
Confidence Level
[Milestone 1]
[mm/dd/yy]
[Deliverable 1]
[Deliverable 2]
[High/Medium/Low]
[Milestone 2]
[mm/dd/yy]
[Deliverable 1]
[Deliverable 2]
[High/Medium/Low]
PROJECT CONDITIONS
Project Assumptions
· [Assumption 1]
· [Assumption 2]
· [Assumption 3]
Project Issues
Priority Criteria
1 − High-priority/critical-path issue; requires immediate follow-up and resolution.
2 − Medium-priority issue; requires follow-up before completion of next project milestone.
3 − Low-priority issue; to be resolved prior to project completion.
4 − Closed issue.
#
Date
Priority
Owner
Description
Status & Resolution
1
[mm/dd/yy]
[Issue 1 description]
[Replace this text with Status and Proposed or Actual Resolution.]
2
[mm/dd/yy]
[Issue 2 description]
[Replace this text with Status and Proposed or Actual Resolution.]
Project Risks
#
Risk Area
Likelihood
Risk Owner
Project Impact-Mitigation Plan
1
[Project Risk]
[High/Medium/Low]
[Replace this text with a description of the Mitigation Plan.]
2
[Project Risk]
[High/Medium/Low]
[Replace this text with a description of the Mitigation Plan.]
Project Constraints
· [Replace this text with a description of a Constraint.]
· [Constraint 2]
· [Constraint 3]
Project Structure Approach
[Replace this text with a description of how the project will be structured and what approach will be used to manage the project.
· What are the dependencies of the project?
· How will you Plan and Manage the project?]
Project Team Organization Plans
Project Team Role
Project Team Member(s)
Responsibilities
[Role Title]
[Name(s)]
[Replace this text with a description of the Role Responsibilities.]
PROJECT REFERENCES
Milestone
Deliverable
[Name of Document/Reference]
[Description with available hyperlinks]
APPROVALS
Prepared by
__________________________________
Project Manager
Approved by __________________________________
Project Sponsor
__________________________________
Executive Sponsor
__________________________________
Client Sponsor
APPENDICES
Document Guidelines
Project Charter Document Sections Omitted
Confidential
Document1
Last printed on 3/23/2004 11:48:00 AM
Confidential Page 8 2/2/2018
Client:
Project:
: Revision:
Ideal State
Gap to be Corrected
Problem/Project Statement
Major Risks Identified
State
Case for Change
Key Business Assumptions
| Performance Criteria | Target |
| Summarize Key Performance Requirements | |
Scope Statement
1
3
4
2
| Key Project Milestones |
Prelim IRR =
Project Charter
Summarize Project End Requirements
Identify key gaps between current state and ideal state
Total Estimated Project Cost =
Identify key project risks
Identify the current state
List key assumptions
| Approval | Init |
| Client: | |
| Platform Manager/Director: |
Summarize reason for project
Briefly describe the scope of work. More detail will be provided on the second page
State the problem or project
Organizational Impacts
List organizational impacts (or that there is no organizational impact).
Excluded from Scope
Included in Scope
Itemize what is to be included in the scope of the project. Include product, and project inclusions. Identify roles and responsibilities for the project, i.e., managed completely, provide only resources, etc.
Project Charter
5
6
Itemize what is not to be included in the scope of the project.
| VISION OF SUCCESS | |||||||||||||||||||||||||||
| PROJECT MILESTONES & SCHEDULE | |||||||||||||||||||||||||||
| RESOURCES Internal resources: needed to complete the project. External resources: needed to complete the project. Equipment: needed to complete the project. Materials: needed to complete the project. |
< TITLE>
| CONTEXT / ISSUES What is the problem or opportunity and why is it important? What is the purpose, the business reason for choosing this project? What are the anticipated benefits to customers and staff from the project? What performance measure needs to improve? Note: The bulleted items in this document help to explain what the section is and what you should be thinking about when you fill this project charter out. The bullets are not meant to be addressed individually. |
|||
| GOALS What specific, measurable , attainable, relevant, time-bound results do you want or need to accomplish? Show visually how much, by when, and with what impact. NOTE: Be careful not to state a solution as a goal! |
|||
| SCOPE (IN BOUNDS) | SCOPE (OUT OF BOUNDS) | ||
| Customers/Stakeholders | Team Members Team Leader: Team Members: |
||
| CUSTOMER REQUIREMENTS What are the customers specific requirements or expectations? |
| Project Milestones | Owner | Proposed Date | Actual Date |
| Each milestone or significant accomplishment should be listed with the respective person or group responsible to complete it, and planned date. The actual date can be left blank. | |||
A3 PROJECT CHARTER:
Date:
Sponsor:
An A3 Project Charter is a visual tool for communicating critical project information on one page. It helps ensure all parties working on the project are clear about what they need to accomplish and their role in the project.
Typical CI Project Benefits:
Improved quality and timeliness of services
Improved productivity and reduced service costs
Redeploy staff resources to higher priority areas
Enhanced service consistency
Easier to onboard and train new employees
Improved customer and staff satisfaction
Increased capacity for improving work
How will the project benefit/impact the end user customer (quality, timeliness, costs, results)?
How will the project benefit/impact staff and stakeholders?
How will the organization reinvest or reassign staff time that is saved?
What new work will the organization take on because of freed up staff time?
What are expected cost savings: <> one-time cost savings and <> ongoing/annual cost savings?
1
| RESOURCES Time commitment for a 4 day Kaizen, excluding time to implement changes: Sponsor (6-10 hrs.); Team Leader (40 hrs.); Team Members (32 hrs.); Facilitator (40-50 hrs.) External Resources: Equipment: Materials: |
< TITLE>
| CONTEXT / ISSUES |
| GOALS |
| CUSTOMER REQUIREMENTS (CTQ) |
Project Milestones Owner Proposed Date Actual Date
1. Set project scope and goals (prepare Project Charter, engage team, collect data) Sponsor/Team Leader, Facilitator
2. Understand the current situation Facilitator/ Team
3. Analyze the current situation (root causes) Facilitator/ Team
4. Define a vision of success Facilitator/ Team
5. Generate, evaluate and select improvements Team/ Sponsor
6. Implement changes and make adjustments Team Leader/ Staff
7. Measure performance Sponsor/Team Leader
8. Document standard work and lessons learned Team
9. Sustain improvement Team Leader/Process Owner
A3 PROJECT CHARTER:
Date:
Sponsor:
2
>Instructions
Overview harm or assist e.g. a dangerous chemical, competitors, government.
itigation Strategy
” column of the risk plan template to determine a threshold that requires the development of a contingency plan. For example, a total score of or higher may be the threshold which triggers the need for a contingency plan to be developed. owever, there may be a need to develop a contingency plan for a risk event that scores much lower due to likelihood, but has a high impact. In the end, the project manager must be comfortable with the decision around when to develop a contingency plan.
Defined
ikelihood
Impact to Critical Path or Field Work
0,000
$ 0,000 to 0,000
$ 500,000 Risk Plan es
Schedule Cost Quality Safety Scope Total Score H H H M L L 5
/1/ – / /11
Yes ERROR:#REF! 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: 0 Drivers to monitor: Page &P of &N
Y H H M L L H 75 ● ● ● Y H L H H L M 75 ● √ ● Y H L H H L M 75 ● √ ● Melton Y H H M L L H 75 ● ● ● Norlin Y H H L M L L 55 ● ● ● Norlin Y M H H H L L 51 ● ● ● Y H M L M L L 45 ● ● ● Norlin Y H M L M L L 45 ● ● ● Moccia Y M H M M L L 39 ● ● ● Y M M H L L M 39 ● ● ● Sitkauskas Y H M L L L L 35 ● ● ● Sitkauskas Y H M L L L L 35 ● ● ● Y H M L L L L 35 ● ● ● Y M L M L M L 27 ● ● ● Jamerson Y M L L M M L 27 ● ● ● Jamerson Y M M L L M L 27 ● ● ● Jamerson Y M M L L L M 27 ● ● ● Melton Y M M L L L M 27 ● ● ● Melton Y M M L L L M 27 ● ● ● Melton Y M M L M L L 27 ● ● ● Sitkauskas Y M L M M L L 27 ● ● ● Y M M M L L L 27 ● ● ● Switala Y M M L M L L 27 ● ● ● Melton Y H L L L L L 25 ● ● ● Switala Y M L L M L L 21 ● ● ● Sitkauskas Y M M L L L L 21 ● ● ● Melton Y L H H M L H 19 ● ● ● Y L H H M L H 19 ● ● ● Kret Y L H H H L M 19 ● ● ● Melton Y L M H M L M 15 ● ● ● Norlin Y M L L L L L 15 ● ● ● Jamerson Y M L L L L L 15 ● ● ● Norlin Y M L L L L L 15 ● ● ● Jamerson Y M L L L L L 15 ● ● ● McCormick Y M L L L L L 15 ● ● ● Y L M H L L M 13 ● ● ● Norlin Y L H H L L L 13 ● ● ● Hull Y L H H L L L 13 ● ● ● Hull Y L M L H L L 11 ● ● ● Kret Y L H M L L L 11 ● ● ● Jamerson Y L H M L L L 11 ● ● ● Kret Y L M H L L L 11 ● ● ● Moccia Y L M H L L L 11 ● ● ● McCormick Y L M L M L L 9 ● ● ● Moccia Y L M L M L L 9 ● ● ● Moccia Y L M M L L L 9 ● ● ● Hull Y L M M L L L 9 ● ● ● Melton Y L M M L L L 9 ● ● ● Melton Y L M L L M L 9 ● ● ● Jamerson Y L M L M L L 9 ● ● ● Hull Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts Y L L M L L M 9 ● ● ● Melton Y L L H L L L 9 ● ● ● Kret Y L L H L L L 9 ● ● ● Kret Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Hull Y L L H L L L 9 ● ● ● Kret Y L L M L L L 7 Hull Y L L L M L L 7 ● ● ● Switala Y L L L L M L 7 ● ● ● Jamerson Y L L L L M L 7 ● ● ● Jamerson Y L L M L L L 7 ● ● ● Kret L L L L L L 5 ● ● ● Sitkauskas (SH) L L L L L L 5 ● ● ● McCormick Y L L L L L L 5 ● ● ● Sitkauskas Y L L L L L L 5 ● ● ● Sitkauskas Y L L L L L L 5 ● ● ● Sitkauskas Regardless of rating this issue should be tracked closely Y L L L L L L 5 ● ● ● Melton Y 0 ● ● ● Y 0 ● ● ● Norlin See # 88 Y 0 ● ● ● Norlin 0 ● ● ● 0 ● ● ● 0 ● ● ● 0 ● ● ● 0 ● ● ● 0 ● ● ● 0 ● ● ● 0 ● ● ● 0 ● ● ● Detroit Edison Confidential Page &P of &N
# Detroit Edison Confidential Page &P of &N Risk Mitigation Results
Event Did not Occur / No Action Taken Event Did not Occur / Mitigation Succesful Risk Transferred Risk Avoided Risk Accepted Event Occurred – Impacts Mitigated Event Occurred – Treatment Ineffective Duplicate / Combined with Risk 0 0 0 0 0 0 0 0 # of Risk Events Identified and Closed (impact on outdoor construction work)
permits
High = 5 Components of a Risk L 3 3 3 2010 Q2 2010 Q3 2010 Q4 20 70 Begin Process Identify Key Stakeholders Plan and Schedule Risk Assessment Conduct Risk Identification Session Conduct Risk Quantification Session Develop Risk Response Strategy Develop Contingency Plan Send out Request for Updates Monthly Update Cycle Integrate Identified Risks into Forecast Integrate Identified Risks into Schedule Incorporate Risks into Status Update Compile Updated Risk Plan Update Risk Plan Update Risk Plan Repeat Monthly Update Cycle Until Project is Complete Provide Final Update to Risk Plan File Risk Plan in Historical Archive Monitor & Control Risks Update Risk Plan Publish Risk Plan Review Industry/ Vendor Information for Lessons Learned & Project Specific Risks to Consider Review Historical Risk Database For Related Risks Review Current Projects for Related/Common Risks Provide Input Provide Input Document Interdependencies in Work Scope
Risk Management Process Victor Allen April 3, 2 0 1 2
1 What are risks? Project Management Institute definition of risk: “an uncertain event or condition that, if it occurs, has a positive or negative effect on at least one project objective“ (i.e. scope, time, cost, quality, safety, etc…) 2 What are risks? Risk/Issue/Action? (Risk) Which of the following are risks? Which of the following are risks? Which of the following are risks? Which of the following are risks? Which of the following are risks? 5 Characteristics of a Risk Event Why do we manage risks? “If you don’t manage the risks, the risks will manage you” ~ Victor Allen Program Risk Manager Risk Management Database Risk Response Planning Reviews Internal Risk Management Framework The Risk Register Impacts Risk Register – Impacts Defined Responding to Risks What are you going to do to respond to this risk? The Risk Register 1 Contracted vendor under performs resulting in schedule delays, rework and cost overruns – Negotiate contract with alternate vendor to perform services. The Risk Register The Risk Register Tips for Successful Risk Management 19
Divisional Information Officer · Resolve issues regarding policy, process and procedures that cannot be resolved at lower levels
· Provide project budget
· Assist in risk mitigation, when necessary
· Assist in corrective action decisions, when necessary
Project Sponsor(s) · Actively demonstrate support for the project on a regular basis
· Resolve issues regarding policy, process and procedures that cannot be resolved at lower levels · Meet with Interim Leadership Team at regularly scheduled intervals
· Assess project progress and take appropriate action
Project Steering Committee · Resolve issues regarding policy, process and procedures that cannot be resolved at lower levels · Communicate key messages and decisions within respected organization
· Sub-team to review and approve requests to customize application
Interim Leadership Team · Overall Scope Definition
· Review and Resolve issues regarding policy, process and procedures that cannot be resolved at lower levels
· Risk management (risk planning, risk identification, risk quantification, risk response development, and risk control ) · Identification and creation of project contingency plans
· Resource acquisition (people, time, budget and materials)
· Communication to all stakeholders
· Manage the overall project schedule, budget, and scope
· Ensure project quality standards and procedures are being followed and contribute to overall program quality management
· Review Key Deliverables
· Take corrective action, when appropriate.
· Report project status to project sponsors and steering committee
· Coordinate and manage the efforts of all teams
· Manage stakeholder expectations
· Ensure good communication both vertically and horizontally throughout the project
· Establish project standards and procedures
· Facilitate project meetings with Executive Sponsors and Steering Committee
· Establish quality measures for the project
Technical Team Leader · Define Technical Scope within area of responsibility
· Issue documentation and resolution within area of responsibility
· Risk identification and management within area of responsibility
· Identification and creation project contingency plans
· Resource acquisition, people, time, budget and materials within area of responsibility
· Coordinate communication to all affected parties (business and technical) within area of responsibility
· Manages technical project team within area of responsibility
· Deliverable identification and creation within area of responsibility
· Takes Corrective action, when appropriate,within area of responsibility
· Report project status to Interim Leadership Team within area of responsibility
· Gain approvals for all deliverables within area of responsibility
· Assist in establishing project standards and procedures
· Follow up on action items from meeting minutes
· Facilitate project team meetings, as needed
· Ensure project quality standards and procedures are being followed and contribute to overall program quality management · Coordinate all project activities within area of responsibility
· Maintain project schedule within area of responsibility
· Reporting of budget and schedule variance within area of responsibility
· Documentation coordination and maintenance within area of responsibility
· Ensure all time spent on the project has been collected within area of responsibility
· Project meeting minutes
Business Project Leader · Lead business analysis effort performed by business analysts and subject matter experts
· Provide business representation and leadership for business areas impacted by the project within area of responsibility
· Control day-to-day aspect of the team within area of responsibility
· Coordinate, communicate, and actively engage all other teams to ensure synergy is achieved for the program as a whole
· Ensure good communication within your team and cross-functionally
· Regularly assess and ensure alignment of business processes across all business areas
· Ensure that project standards and practices are consistently followed
· Define Business Scope within area of responsibility
· Track and resolve issues within area of responsibility
· Risk identification and management
· Identification and creation of project contingency plans
· Resource acquisition, people, time, budget and materials within area of responsibility · Takes Corrective action, when appropriate, within area of responsibility
· Report project status to Interim Leadership Team within area of responsibility · Assist in establishing project standards and procedures
· Follow-up on action items from meeting minutes within area of responsibility
· Facilitate project team meetings
· Ensure project quality standards and procedures are being followed and contribute to overall program quality management · Collect project meeting minutes within area of responsibility
· Monitor project milestones and meet established deadlines within area of responsibility
· Manage the refinement of business requirements
Project Leader
· Control day-to-day aspects of combine or upgrade project team
· Perform project management processes
· Tracks and resolves issues
· Monitor milestones and meet established deadlines
· Execute formal and management reviews
· Manages refinement of models of business requirements
· Leads design and organization of procedures
· Analyzes technical business processes
· Communicates with Project Manager, Business Project Manager and Project Team
Business Partner (Business Team Members) · Familiar with business processes and customizations
· Assist in the creation of project deliverables
· Ensure communication to the Business Unit is occurring
· Identify and communicate project issues, risks, constraints and assumptions to the Project Manager
· Assist in risk mitigation, when necessary · Assist in issue resolution
· Assist in project scope definition
· Provide deliverable verification and acceptance
· Attend project team meetings
· Identify customizations and assist Developers in resolving issues
· Develop and execute test plans
· Modify and test queries
· Follow project quality standards and procedures
· Provide status of tasks and deliverables to Project Manager
Business Analyst · Familiar with business processes
· Assist in the creation of project deliverables
Technical Analyst · Creation of the project deliverables
· Ensure communication between all affected parties is occurring
· Identify and communicate project issues, risks, constraints and assumptions to the Project Manager · Coordinate with Project Leader and Business Partner to complete detailed test plans for all phases of testing
· Develop data verification and acceptance methods
· Develop procedures for handling test case failure
· Follow project quality standards and procedures · Provide status to Project Manager
Technical Developer · Creation of the project deliverables · Software development and analysis
· Regression / unit / system testing
· Work closely with functional resources to ensure business needs are met
· Document all changes
· Attend project team meetings
Database Administrator · Review scripts and modify, if necessary, for customer standards
· Monitor database and provide database support
· Perform backups, recoveries
· Troubleshoot and tune database
· Enforce standards
Systems / Web Administrator · Assess the server-related needs for team
· Develop and maintain web architecture design
· Manage logins, passwords and system security
· Manager server / system and web server
Network Administrator · Provide network and server support
· Design and support the existing and future LAN / WAN for PeopleSoft Internet Architecture
· Manage network security and connectivity
· Troubleshoot
· Set up workstations
· Network configurations
Training Team Leader · Assess training needs for project team members
· Develop training strategy for project team members
· Develop, coordinate, and recommend training for project team members
· Evaluate success of training for project team members and adjust, as appropriate
· Assess training needs for target training audience
· Develop training strategy for target training audience
· Develop, coordinate, and recommend training for target training audience
· Conduct training for target training audience, train-the-trainers, and others, as needed
· Evaluate success of training for target training audience and adjust, as appropriate
· Identify and assess various training delivery mechanisms
· Manage site selection and coordination of training equipment, materials, and supplies
· Enable the scheduling of employees for training
· Control day-to-day aspect of the training team
· Ensure good communication within area of responsibility
· Ensure that project standards and practices are consistently followed within area of responsibility
· Track and resolve issues within area of responsibility · Identification and creation of project contingency plans within area of responsibility
· Resource acquisition, people, time, budget and materials within area of responsibility · Report project status to Organization Readiness Leader within area of responsibility
· Gain approvals for all deliverables within area of responsibility · Establish quality procedures and standards for project deliverables within area of responsibility
· Coordinate all project activities within area of responsibility
Management Table (Change Review Board) · Review project budget
· Resolve issues regarding policy, process and procedures that cannot be resolved at lower levels · Review change requests that require changes to scope, time or budget
· PMT & business stakeholders and/ or their delegates comprise the CRB (composed of PMT, Business Unit, Others) and review and accept all project changes
· Review and Approve or Reject Requested “material” changes to a project considering impact to project and portfolio
· Approve/Reject requests to “re-baseline” a project schedule, budget, or scope
Assignment #2
INT6143, Enterprise Network Infrastructure 1 HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. HTTP is covered in Chapter Wireshark: This lab uses Wireshark to capture or examine a packet trace. A packet trace is a record of telnet: This lab uses telnet to set up an interactive two-way connection to a remote computer. telnet is Browser: This lab uses a web browser to find or fetch pages as a workload. Any web browser will do.
Use your browser to find a reasonably simple web page with a short URL, making sure it is a plain HTTP Divide the URL into the server name, and the path portion, e.g., www.mit.edu and “/index.html”. If your Use telnet to fetch the page. What you will do is telnet to port 80 on the server, the standard HTTP port, 1. Run telnet and connect to server on port 80. You can do this from a terminal or command http://www.wireshark.org/ http://www.mit.edu/index.html Assignment #2 INT6143, Enterprise Network Infrastructure 2 putty to telnet, fill in the server and port on the configuration screen, and select “telnet” and 2. Once you are connected, issue an HTTP GET command by typing the three lines below. The first GET /index.html HTTP/1.1 3. Observe the response that comes back. If the connection does not close by itself, you may close Congratulations, you have issued your own GET and seen the inner workings of the web! Our interaction Figure 1: Performing an HTTP GET with telnet Assignment #2 INT6143, Enterprise Network Infrastructure 3 Inspect your request and response to answer the following questions:
1. What version of HTTP is the server running? Capture a trace of your browser making HTTP requests as follows; alternatively, you may use a supplied 1. Use your browser to find two URLs with which to experiment, both of which are HTTP (not 2. Prepare your browser by reducing HTTP activity and clearing the cache. Apart from one fresh 3. Launch Wireshark and start a capture with a filter of “tcp port 80”. We use this filter be- Assignment #2 INT6143, Enterprise Network Infrastructure 4 Figure 2: Setting up the capture options
4. Fetch the following sequence of URLs, after you wait for a moment to check that there is no a. Fetch the first static image URL by pasting the URL into the browser bar and pressing b. Wait 10 seconds, and re-fetch the static image URL. Do this in the same manner, and c. Wait another 10 seconds, and fetch the second home page URL.
5. Stop the capture after the fetches are complete. You should have a window full of trace in which Assignment #2 INT6143, Enterprise Network Infrastructure 5 Figure 3: Trace of HTTP traffic showing the details of the HTTP header
To focus on HTTP traffic, enter and apply a filter expression of “http”. This filter will show HTTP re- Assignment #2 INT6143, Enterprise Network Infrastructure 6 intermediate TCP packets and see only the HTTP requests and responses. With this filter, your Wireshark Select the first GET in the trace, and expand its HTTP block. This will let us inspect the details of an HTTP Explore the headers that are sent along with the request. First, you will see the GET method at the start • Host. A mandatory header, it identifies the name (and port) of the server. be accepted in the response, e.g., text/html, including its encoding, e.g., gzip, and language. The request information is sent in a simple text and line-based format. If you look in the bottom panel Select the response that corresponds to the first GET in the trace, and expand its HTTP block. The Info for • Server. The kind of server and its capabilities. You are likely to see a variety of other headers too, depending on your browser, server, and choice of Answer the following questions:
1. What is the format of a header line? Give a simple description that fits the headers you see. Turn-in: Answers to the above questions.
The second fetch in the trace should be a re-fetch of the first URL. This fetch presents an opportunity for Assignment #2 INT6143, Enterprise Network Infrastructure 7 therefore does not need to be downloaded again. HTTP caching mechanisms should identify this oppor- Select the GET that is a re-fetch of the first GET, and expand its HTTP block. Likely, this will be the second Now find the header that will let the server work out whether it needs to send fresh content. We will ask Finally, select the response to the re-fetch, and expand its HTTP block. Assuming that caching worked as Answer the following questions: 3. What is the name of the header the browser sends to let the server work out whether to send 4. Where exactly does the timestamp value carried by the header come from? explain your answer.
Turn-in: Answers to the above questions. Now let’s examine the third fetch at the end of the trace. This fetch was for a more complex web page To summarize the GETs for the third page, bring up a HTTP Load Distribution panel. You will find this Looking at this panel will tell you how many requests were made to which servers. Chances are that Assignment #2 INT6143, Enterprise Network Infrastructure 8 These other servers may include third parties such as content distribution networks, ad networks, and Figure 4: HTTP Load Distribution panel
For a different kind of summary of the GETs, bring up a HTTP Packet Counter panel. You will also find this Assignment #2 INT6143, Enterprise Network Infrastructure 9 Figure 5: HTTP Packet Counter panel
You might be curious to know what content is being downloaded by all these requests. As well as seeing For a more detailed look at the overall page load process, use a site such as Google’s PageSpeed or Assignment #2 INT6143, Enterprise Network Infrastructure 10 Figure 6: Start of waterfall graph for www.washington.edu (from pageloadtest.org)
There is no turn-in for this step.
We encourage you to explore HTTP on your own once you have finished this lab. Some suggestions:
• Look at how an HTTP POST works. We focused on the GET method above. POST is used to up- • Study how web pages lead to a pattern of HTTP requests. Many popular web sites have rela- • Look at how HTTP GETs map to TCP connections once you have also done the TCP lab. With . . . . . . . . . http://www.washington.edu/ Assignment #2 INT6143, Enterprise Network Infrastructure 11 while in case another request is coming. The number of concurrent connections and how long • Look at video streaming HTTP traffic. We have looked at web HTTP traffic, but other applica- [END]
Assignment #2
INT6143, Enterprise Network Infrastructure 1 HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. HTTP is covered in Chapter Wireshark: This lab uses Wireshark to capture or examine a packet trace. A packet trace is a record of telnet: This lab uses telnet to set up an interactive two-way connection to a remote computer. telnet is Browser: This lab uses a web browser to find or fetch pages as a workload. Any web browser will do.
Use your browser to find a reasonably simple web page with a short URL, making sure it is a plain HTTP Divide the URL into the server name, and the path portion, e.g., www.mit.edu and “/index.html”. If your Use telnet to fetch the page. What you will do is telnet to port 80 on the server, the standard HTTP port, 1. Run telnet and connect to server on port 80. You can do this from a terminal or command http://www.wireshark.org/ http://www.mit.edu/index.html Assignment #2 INT6143, Enterprise Network Infrastructure 2 putty to telnet, fill in the server and port on the configuration screen, and select “telnet” and 2. Once you are connected, issue an HTTP GET command by typing the three lines below. The first GET /index.html HTTP/1.1 3. Observe the response that comes back. If the connection does not close by itself, you may close Congratulations, you have issued your own GET and seen the inner workings of the web! Our interaction Figure 1: Performing an HTTP GET with telnet Assignment #2 INT6143, Enterprise Network Infrastructure 3 Inspect your request and response to answer the following questions:
1. What version of HTTP is the server running? Capture a trace of your browser making HTTP requests as follows; alternatively, you may use a supplied 1. Use your browser to find two URLs with which to experiment, both of which are HTTP (not 2. Prepare your browser by reducing HTTP activity and clearing the cache. Apart from one fresh 3. Launch Wireshark and start a capture with a filter of “tcp port 80”. We use this filter be- Assignment #2 INT6143, Enterprise Network Infrastructure 4 Figure 2: Setting up the capture options
4. Fetch the following sequence of URLs, after you wait for a moment to check that there is no a. Fetch the first static image URL by pasting the URL into the browser bar and pressing b. Wait 10 seconds, and re-fetch the static image URL. Do this in the same manner, and c. Wait another 10 seconds, and fetch the second home page URL.
5. Stop the capture after the fetches are complete. You should have a window full of trace in which Assignment #2 INT6143, Enterprise Network Infrastructure 5 Figure 3: Trace of HTTP traffic showing the details of the HTTP header
To focus on HTTP traffic, enter and apply a filter expression of “http”. This filter will show HTTP re- Assignment #2 INT6143, Enterprise Network Infrastructure 6 intermediate TCP packets and see only the HTTP requests and responses. With this filter, your Wireshark Select the first GET in the trace, and expand its HTTP block. This will let us inspect the details of an HTTP Explore the headers that are sent along with the request. First, you will see the GET method at the start • Host. A mandatory header, it identifies the name (and port) of the server. be accepted in the response, e.g., text/html, including its encoding, e.g., gzip, and language. The request information is sent in a simple text and line-based format. If you look in the bottom panel Select the response that corresponds to the first GET in the trace, and expand its HTTP block. The Info for • Server. The kind of server and its capabilities. You are likely to see a variety of other headers too, depending on your browser, server, and choice of Answer the following questions:
1. What is the format of a header line? Give a simple description that fits the headers you see. Turn-in: Answers to the above questions.
The second fetch in the trace should be a re-fetch of the first URL. This fetch presents an opportunity for Assignment #2 INT6143, Enterprise Network Infrastructure 7 therefore does not need to be downloaded again. HTTP caching mechanisms should identify this oppor- Select the GET that is a re-fetch of the first GET, and expand its HTTP block. Likely, this will be the second Now find the header that will let the server work out whether it needs to send fresh content. We will ask Finally, select the response to the re-fetch, and expand its HTTP block. Assuming that caching worked as Answer the following questions: 3. What is the name of the header the browser sends to let the server work out whether to send 4. Where exactly does the timestamp value carried by the header come from? explain your answer.
Turn-in: Answers to the above questions. Now let’s examine the third fetch at the end of the trace. This fetch was for a more complex web page To summarize the GETs for the third page, bring up a HTTP Load Distribution panel. You will find this Looking at this panel will tell you how many requests were made to which servers. Chances are that Assignment #2 INT6143, Enterprise Network Infrastructure 8 These other servers may include third parties such as content distribution networks, ad networks, and Figure 4: HTTP Load Distribution panel
For a different kind of summary of the GETs, bring up a HTTP Packet Counter panel. You will also find this Assignment #2 INT6143, Enterprise Network Infrastructure 9 Figure 5: HTTP Packet Counter panel
You might be curious to know what content is being downloaded by all these requests. As well as seeing For a more detailed look at the overall page load process, use a site such as Google’s PageSpeed or Assignment #2 INT6143, Enterprise Network Infrastructure 10 Figure 6: Start of waterfall graph for www.washington.edu (from pageloadtest.org)
There is no turn-in for this step.
We encourage you to explore HTTP on your own once you have finished this lab. Some suggestions:
• Look at how an HTTP POST works. We focused on the GET method above. POST is used to up- • Study how web pages lead to a pattern of HTTP requests. Many popular web sites have rela- • Look at how HTTP GETs map to TCP connections once you have also done the TCP lab. With . . . . . . . . . http://www.washington.edu/ Assignment #2 INT6143, Enterprise Network Infrastructure 11 while in case another request is coming. The number of concurrent connections and how long • Look at video streaming HTTP traffic. We have looked at web HTTP traffic, but other applica- [END] Semester Project Instructions
The semester project is a hands-on learning opportunity to reinforce the material learned throughout the course of this semester. The semester project work will allow you to bring to life some of the concepts taught during the course and galvanize your understanding of the material. In addition, the semester project work will provide you with practical skills and experience that are highly sought after in the work place. It may seem a little overwhelming at first, however, I will be your guide and I will be teaching you during your journey. This project will require a considerable amount of time to complete, so you should begin working on this by the second week of class. It will require that you conduct some research, apply newly obtained skills, and interact with your instructor. If you get stuck, remember, don’t spin your wheels or get frustrated – contact me for help.
· Each student will be assigned by the instructor to one project to work on (assignments will be available the second week of class – see full list below). · You may work independently or select one other person in the class to work with. If you select one other person in the class to work with, both students must send the instructor an email by the end of the third week of class to confirm who their partner is and both students will receive the same grades for this assignment. Otherwise, I will expect you to complete your assigned project on your own. · Research your selected project to fully understand it. You may do this by examining companies in that line of work or historical projects of a similar nature. · Research the purpose and format of the various types of ‘project plan deliverables’ that you will produce (see below). · Thoroughly review the materials that I have provided on Blackboard as a wealth of information is available that will assist you with your project. · Communicate with your instructor on a regular basis as you will need to confirm your assumptions, gain clarity, and gather additional requirements · Produce draft versions of your ‘project plan deliverables’ (see below) to share with your instructor as you progress to ensure that you are on the right track. · Turn in the final version of your ‘project plan deliverables’ (see below) when they are due.
1. Project Charter (Must use MS-Word or MS-PowerPoint) · The project charter provides an overview of the project purpose and objectives (scope, cost, schedule) · Project charters are an agreement between the client and the project manager as to what needs to be done, when, and how much it will cost. · Project charters come in many forms, however, for this class I have provided the template that you must use. 2. Project Organizational Chart (Must use Visio or MS-PowerPoint) · The project organization chart shows pictorially what roles are needed for the project and the reporting hierarchy · Project organization charts differ from company organization charts. Company organization charts focus on formal position people hold within a company (i.e. Director of Marketing) rather than temporary roles people play on projects (i.e. Testing team leader, Project Manager, Construction Laborer, Quality Inspector, etc…) · Project organization charts are a useful tool for team members to see where they fit into the big picture 3. Project Roles and Responsibilities (Must use MS-Word) · Project roles and responsibilities describe what the specific duties are for each role on the project organization chart
· Project roles and responsibilities are a useful tool for team members to understand what they are expected to do during the project · Project responsibilities are often bulleted one line sentences of a half dozen or more responsibilities that a role is expected to perform 4. Project Risk Register (Must use MS-Word or MS-Excel) · Project risks identify what could potentially go wrong during the course of the project – not overall company risk. · Generally this is in the form of a sentence or two which describes the risk and the impact (i.e. Management decisions are not made in a timely manner resulting in a delay in schedule) · Your project should have a minimum of a dozen risks and they should be as specific as possible. · Project risk management focuses on mitigation – minimizing the probability that a risk will occur and/or the impact if it occurs. It also focuses on contingency – what would you do if the risk actually occurred. · Your risk register should include at a minimum for each risk identified: risk event description, probability, impact, risk response actions, and a contingency plan. 5. Project Schedule (MS-Project or MS-Excel) · The project schedule is an organized list of activities that need to completed for a project set against a timeline to allow progress tracking · The Project schedule must include descriptions of the activities, estimated durations, precedence relationships, start date, finish date, milestones and assigned resources. · The Project schedule should include at a minimum 50 activities and a maximum of 100 activities using a work breakdown structure format and a minimum of 5 milestones. Note: This is an opportunity to explore the use of Microsoft Project – which is a highly sought after skill in the work place around the world. However, it will require additional time and self-training on your part. I will help you along the way. If you would prefer not to learn or use Microsoft Project, you have the option to create your project schedule using Microsoft Excel.
Projects List
# Project Description Cost Duration 1 Construction of a small office building $5M 18 Months 2 Construction of a community park $3M 6 Months 3 Construction of a police station $15M 18 Months 4 Construction of an amusement park $100M 12 Months 5 Construction of a suspension bridge $100M 36 Months 6 Accounting software implementation at a medium-sized company $25M 18 Months 7 Development of a new experimental drug to treat asthma $200M 48 Months 8 Convert data center from IBM servers to Dell servers $30M 9 Months 9 Retrofit apartment building with new fire suppression system $15M 4 Months 10 Relocate historical school house to a new location 2 miles away $1M 3 Months 11 Construct a new McDonald’s restaurant $5 6 Months 12 Development of a new experimental drug to treat diabetes $200M 48 Months 13 Design and engineer a new all electric vehicle $75M 24 Months 14 Design and engineer a new 15 speed automatic transmission $35M 15 Months 15 Design and engineer an optical recognition automatic teller machine (ATM) $10M 18 Months 16 Customer billing system software implementation at a large-sized company $150M 24 Months 17 Construct 10 miles of a new expressway $100M 48 Months 18 Construct 60 miles of new pipeline to transport natural gas $75M 24 Months 19 Re-locate a major automobile manufacturing facility 50 miles away $135M 6 Months 20 Construct a warehouse for an automobile parts supplier $10M 12 Months 21 Construct a homeless center in Mexico $30M 24 Months 22 Inventory Management software implementation at a Large-sized company $20M 18 Months 23 Develop a new subdivision of homes in Lyon Township, MI $60M 24 Months 24 Build a brand new factory in Michigan to manufacture wind turbine blades $100M 36 Months 25 Host the special Olympics in Southfield, MI $5M 18 Months Professor Allen 4
2
Risk Plan
Risk Event Description
What is the event?
A Source of a risk or hazard – the thing which has the potential
to
An Event or Incident – Something that occurs such that the source of risk has the impact concerned e.g. a leak, competitor expands into or leaves your market, new or revised regulations, or some level of observation reaching a particular trigger level.
A Consequence, outcome or impact on a range of stakeholders or assets e.g. environmental damage, loss or increase of market/profits, regulations increase or decreased competitiveness
Risk Drivers
What are the conditions, actions, or events that are likely to trigger the risk event to occur or is a leading indicator to the risk event occurring?
There are two beneftits to identifying risk drivers:
– Focus attention on the probable root cause(s) to aid in developing a Risk Response Strategy
– Identify events or trends that should be monitored
Response/
M
What action(s) will be taken to limit the likelihood of these event occurring or limiting the impacts?
Accept:
This response accepts or ignores the risk. This may be the appropriate choice when the impact or likelihood of the risk is so low that it does not warrant further attention or if you have no control whatsoever over the impact or likelihood of the risk. (e.g. the risk that your project will be terminated or be placed on hold due to a company merger).
Transfer:
This response involves moving all or part of the risk to another party. (e.g. purchase automobile insurance and transfer the risk to the insurance company, for a small monthly fee of course). Transferring risk comes with a cost.
Mitigate:
This response involves reducing the likelihood that the risk will happen, reducing the impacts of the risk or both. This is what most people are referring to when they are discussing risk management. Most risks can be mitigated with some effort. Although it is unlikely that you can reduce the impact and likelihood of occurrence to zero, this would in essence be eliminating the risk, it is often possible to significantly reduce them. For example, if you have a technical team member who is critical to the success of the project and if that person left, the project schedule would be at risk, you may be able to mitigate the risk by training a backup person to reduce the impact or offer that individual a bonus or incentive to stay reducing the likelihood of occurrence.
Avoid:
This response focuses on eliminating the risk from the project. This sounds like a great choice, so you might ask why we don’t choose this all the time. The reason, it often comes at great cost. To eliminate a risk generally requires that you remove the source of the risk from scope. For example, you may have a schedule risk associated with a new version of software that has not been released yet by the vendor. Although the customer may be expecting this software as part of their project, removal from scope would eliminate this risk.
These general response strategies can be used in combination to address a single risk event. This may be done in the event that your chosen strategy is not working effectively or as a way to attack certain types of risks. For example, you may begin by mitigating a risk reducing both the likelihood and impact. The remaining risk could then either be avoided by a smaller scope reduction, transferred to a vendor or accepted.
Contingency Plan
What action(s) will be taken if this event occurs?
Complete the “Contingency Plan” column for all risk events that the Project Manager deems necessary to adequately address the risks of the project.
The contingency plan describes what needs to be done in the event that the risk actually occurs. When the risk event actually occurs, it is no longer a risk event; it is simply an event and may require a response or plan to be activated. The project manager will need to determine what the criteria are to trigger the need for a contingency plan. One method is to use the “
Total Score
8
5
H
Risk Timeframe
Critical date(s) or period of exposure
Some risks are related to specific events, milestone dates or time periods. These critical dates should be documented to focus attention on the associated risk at the appropriate time.
Impacts
Risk impact level Matrix
L
Low
Medium
High
Unlikely
Likely
Almost Certain
Impacts Low Medium High
Schedule
No
Potential to Affect Critical Path or Field Work
Certain to Affect Critical Path or Field Work
Cost
Less Than
$
1
0
10
$
50
Greater Than
Quality
Minor impact to product deliverables
Moderate impact to product deliverables
Major impact to product deliverables
Safety
No Impact to worker safety
Minor impact to worker safety
Major impact to worker safety
Scope
< 1%
2% to 5%
> 5%
H
M
Y
L No
Project Name: Risk Plan
Date: ##/##/##
Impacts
#
Risk Event Description
What is the event?Category
Sub-project, Project Phase, Location etc.
(Optional)
Likelihood
Risk Event Drivers
What are the conditions, actions, or events that are likely to trigger the risk event to occur or is a leading indicator to the risk event occurring?
Response/ Mitigation Strategy
What action(s) will be taken to limit the likelihood of these event occurring or limiting the impacts?
Contingency Plan
What action(s) will be taken if this event occurs?
Owner
Risk Timeframe
Critical date(s) or period of exposureOrganizational or Cross-Project Impacts
Comments
Status
1
Insufficient number of skilled internal technical resources available to support the development of the new system.
Development
7
Drivers to monitor:
– Development schedules slips
– Excessive overtime is needed to keep pace with the schedule
– High number of quality errors discovered during the testing cycle
Drivers that have occurred:
–Planned Actions:
– Train additional internal resources
– Hire additional contractors
– Add contingency to the budget to allow for overtime work
Completed Actions:
–Planned Actions:
– Outsource portions of the development to an outside vendor
– Adjust project schedule and budgetJane Smith
3
11
6
30
ERROR:#REF!
2 0
Drivers to monitor:
–
Drivers that have occurred:
–
Planned Actions:
–
–
Completed Actions:
–
Planned Actions:
–
–
3 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
4
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
5 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
6 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
7 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
8 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
9
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
10 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
11 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
12
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
13
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
14
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
15
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
16
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
17
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
18
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
19
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
20
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
21
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
22
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
23
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
24
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
25
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
26
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
27
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
28
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
29
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
30 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
31
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
32
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
33
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
34
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
35
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
36
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
37
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
38
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
39
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
40
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
41
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
42
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
43
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
44
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
45
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
46
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
47
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
48
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
49
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
50 0 Drivers to monitor:
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
51
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
52
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
53
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
54
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
55
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
56
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
57
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
58
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
59
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
60
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
61
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
62
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
63
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
64
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
65
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
66
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
67
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
68
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
69
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
70
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
71
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
72
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
73
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
74
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
75
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
76
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
77
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
78
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
79
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
80
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
81
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
82
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
83
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
84
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
85
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
86
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
87
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
88
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
89
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
90
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
91
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
92
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
93
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
94
–
Drivers that have occurred:
– Planned Actions:
–
–
Completed Actions:
– Planned Actions:
–
– ERROR:#REF!
Closed Risks
!Ox
Open Item
Completed Activity
Applies to All
H
M
L
AMI Project: Risk Plan
Date: 01/27/
2010
Applies to All Project List
#
Risk Event Description
What is the event? Applies to All Likelihood Impacts Total Score Risk Event Drivers
What are the conditions, actions, or events that are likely to trigger the risk event to occur or is a leading indicator to the risk event occurring? Response/ Mitigation Strategy
What action(s) will be taken to limit the likelihood of these event occurring or limiting the impacts? Contingency Plan
What action(s) will be taken if this event occurs? Owner
Risk Timeframe
Critical date(s) or period of exposure Comments
●
Schedule Cost Quality Safety Scope
√
68
Corporate financial position changes and does not support project execution plan
Norlin
4
System integration scope is not well defined
Melton
3
System integration costs are higher than expected
Combine 3&4?
1
Project may not be funded to end and benefits may not be realized
97
Inadequate # of IT human resources to support the project (project & operations)
53
Required firmware/software upgrade negatively impacts production devices
Moccia
86
Operational business units / contractors not staffed properly to support project
55
Lack of adequate vendor documentation
87
AMI failures or problems at other utility adversely affects project
Sitkauskas
6
MPSC disallows a component of the plan impacting benefit realization or cost recovery(example: remote disconnect)
57
Organization human resources not adequate to accept and utilize as required (too busy, other focus)
49
Catastrophic storm occurs impacting Communications (meters to AMI)
Switala
48
Catastrophic storm occurs impacting rollout schedule
Jamerson
105
Higher than expected work required at customer site due to aging infrastructure
101
Failure to follow proper installation procedures impacts customers
100
Higher than expected inclement weather conditions
96
Inadequately defined design freeze date & procedure
95
Later than expected IT system change
94
Higher than anticipated number of IT system changes
78
Loss of key personnel without effective knowledge transfer or replacement (DTE & Contractors)
59
Future state business processes not properly defined prior to milestone date
McCormick
56
Discover a problem in the field that was not anticipated causing cost and schedule overruns
7
Security vulnerability discovered with outward equipment(meters, cell relays, home area network, other)
104
DTE may not have adequate diagnostic tools to support post-meter installation
58
Ineffective change management strategy Leads to low employee engagement
May affect ability to realize benefits
2
New firmware technology does not perform to specifications
16
Itron is acquired by a competitor which leads to technology change
Kret
15
Itron goes out of business / defaults on contract
8
Security breach takes place with outward equipment(meters, cell relays, home area network, other)
Safety is M for SmartCircuits
108
Significant schedule delay may result in technology obsolescence
102
Customer complaints may be higher than expected
98
Ineffective stakeholder engagement
73
Installation causes higher levels of property damage than projected
61
Takes longer than anticipated for Operations to understand and effectively utilize new technology & processes
39
DOE payments to DTE come in later than expected.
Hull
83
Project cost is grossly underestimated
70
DOE terminates grant for convenience
Would return to original project plan pre-DOE
34
DOE grant is not executed – Never reach agreement
Scope =H for other projects
81
Higher than expected failure rates of meters
43
Itron may not be able to keep up with the schedule
42
Itron may not provide materials according to the schedule
17
Itron could introduce security risk into product
9
DTE employee misuse role resulting in sabotage
107
Lack of effective Testing Plan
84
Itron system fails to perform according to standards
82
DOE(or other Federal) rule change impacts project execution plan
80
New technology standards require infrastructure change
79
Communication technology may change impacting meter operation / communication(AT&T)
72
Union employees go on strike
65
DOE rejects customer behavior study plan
Hull: Review Impacts
64
DOE rejects risk analysis/benefits plan
63
DOE rejects project execution
62
DOE rejects cyber security plan
52
Single point vulnerability with communications architecture
38
Supply chain does not do proper debarment due diligence
37
Supply chain does not include necessary flow-down provisions to vendors
36
DOE audit disallows some costs
35
Unanticipated action related to Davis-Bacon Act
33
Improper costs are included in DOE accounting
32
Time keeping for DOE reporting is inaccurate or incorrect
31
DTE time keeping system cannot provide necessary information for DOE Reporting
30
Accounting for DOE reporting is inaccurate or incorrect
29
DTE accounting system cannot provide necessary information for DOE Reporting
28
Vendors do not provide in kind-services (Cost share)
27
Terms of DOE grant are violated
26
Vendors / contractors do not provide timely info for DOE Reporting
25
Vendors / contractors do not provide proper info for DOE Reporting
24
DOE Reporting is not completed in a timely manner
23
Report to DOE is inaccurate
Regardless of Rating DOE related Items need to be closely tracked.
22
Third party claims that the technology we are using violates a patent or trade secret
110
Project does not take appropriate steps to maintain confidentiality of Customer data
Would affect company not necessarily the project
60
Project Team not adequately trained in new processes & technology
51
Installer commits crime/fraud in the field
50
Safety incident occurs resulting in process change or training
40
Contractor/sub-contractor fails DOE audit
18
Interveners or grassroots groups negatively impact customer opinions
(SH)
12
DTE call center volume may increase due to 5,000 meter changes per day increasing wait time significantly
91
Negative media as a result of ineffective employment communications
67
Communication plan with regulators is inadequate (does not explain benefits and detriments of the system)
Regardless of rating this issue should be tracked closely
66
Communication plan with customers is inadequate (does not explain benefits and detriments of the system)
21
Prolonged data center outage impacts AMI system
106
Lack of effective Quality Management Plan
Stasek
See # 88
93
Project or vendor scope is not adequately defined
88
Inadequate project management
Need to expand
120
119
118
117
116
115
114
113
112
Legend
● Open Item
√ Completed Activity
Applies to All (Printable)
AMI Project: Risk Plan Date: 01/27/2010
Identified Risks that Apply to All Smart Current Projects
Risk Event Description
What is the event? Applies to All Likelihood Impacts Total Score Risk Event Drivers
What are the conditions, actions, or events that are likely to trigger the risk event to occur or is a leading indicator to the risk event occurring? Response/ Mitigation Strategy
What action(s) will be taken to limit the likelihood of these event occurring or limiting the impacts? Contingency Plan
What action(s) will be taken if this event occurs? Owner
Risk Timeframe
Critical date(s) or period of exposure Comments
●
Schedule Cost Quality Safety Scope √
68 Corporate financial position changes and does not support project execution plan Y H H M L L H 75 ● ● ● Norlin
4 System integration scope is not well defined Y H L H H L M 75 ● √ ● Melton
3 System integration costs are higher than expected Y H L H H L M 75 ● √ ● Melton Combine 3&4?
1 Project may not be funded to end and benefits may not be realized Y H H M L L H 75 ● ● ● Norlin
97 Inadequate # of IT human resources to support the project (project & operations) Y H H L M L L 55 ● ● ● Norlin
53 Required firmware/software upgrade negatively impacts production devices Y M H H H L L 51 ● ● ● Moccia
86 Operational business units / contractors not staffed properly to support project Y H M L M L L 45 ● ● ● Norlin
55 Lack of adequate vendor documentation Y H M L M L L 45 ● ● ● Moccia
87 AMI failures or problems at other utility adversely affects project Y M H M M L L 39 ● ● ● Sitkauskas
6 MPSC disallows a component of the plan impacting benefit realization or cost recovery(example: remote disconnect) Y M M H L L M 39 ● ● ● Sitkauskas
57 Organization human resources not adequate to accept and utilize as required (too busy, other focus) Y H M L L L L 35 ● ● ● Sitkauskas
49 Catastrophic storm occurs impacting Communications (meters to AMI) Y H M L L L L 35 ● ● ● Switala
48 Catastrophic storm occurs impacting rollout schedule Y H M L L L L 35 ● ● ● Jamerson
105 Higher than expected work required at customer site due to aging infrastructure Y M L M L M L 27 ● ● ● Jamerson
101 Failure to follow proper installation procedures impacts customers Y M L L M M L 27 ● ● ● Jamerson
100 Higher than expected inclement weather conditions Y M M L L M L 27 ● ● ● Jamerson
96 Inadequately defined design freeze date & procedure Y M M L L L M 27 ● ● ● Melton
95 Later than expected IT system change Y M M L L L M 27 ● ● ● Melton
94 Higher than anticipated number of IT system changes Y M M L L L M 27 ● ● ● Melton
78 Loss of key personnel without effective knowledge transfer or replacement (DTE & Contractors) Y M M L M L L 27 ● ● ● Sitkauskas
59 Future state business processes not properly defined prior to milestone date Y M L M M L L 27 ● ● ● McCormick
56 Discover a problem in the field that was not anticipated causing cost and schedule overruns Y M M M L L L 27 ● ● ● Switala
7 Security vulnerability discovered with outward equipment(meters, cell relays, home area network, other) Y M M L M L L 27 ● ● ● Melton
104 DTE may not have adequate diagnostic tools to support post-meter installation Y H L L L L L 25 ● ● ● Switala
58 Ineffective change management strategy Leads to low employee engagement Y M L L M L L 21 ● ● ● Sitkauskas May affect ability to realize benefits
2 New firmware technology does not perform to specifications Y M M L L L L 21 ● ● ● Melton
16 Itron is acquired by a competitor which leads to technology change Y L H H M L H 19 ● ● ● Kret
15 Itron goes out of business / defaults on contract Y L H H M L H 19 ● ● ● Kret
8 Security breach takes place with outward equipment(meters, cell relays, home area network, other) Y L H H H L M 19 ● ● ● Melton Safety is M for SmartCircuits
108 Significant schedule delay may result in technology obsolescence Y L M H M L M 15 ● ● ● Norlin
102 Customer complaints may be higher than expected Y M L L L L L 15 ● ● ● Jamerson
98 Ineffective stakeholder engagement Y M L L L L L 15 ● ● ● Norlin
73 Installation causes higher levels of property damage than projected Y M L L L L L 15 ● ● ● Jamerson
61 Takes longer than anticipated for Operations to understand and effectively utilize new technology & processes Y M L L L L L 15 ● ● ● McCormick
39 DOE payments to DTE come in later than expected. Y M L L L L L 15 ● ● ● Hull
83 Project cost is grossly underestimated Y L M H L L M 13 ● ● ● Norlin
70 DOE terminates grant for convenience Y L H H L L L 13 ● ● ● Hull Would return to original project plan pre-DOE
34 DOE grant is not executed – Never reach agreement Y L H H L L L 13 ● ● ● Hull Scope =H for other projects
81 Higher than expected failure rates of meters Y L M L H L L 11 ● ● ● Kret
43 Itron may not be able to keep up with the schedule Y L H M L L L 11 ● ● ● Jamerson
42 Itron may not provide materials according to the schedule Y L H M L L L 11 ● ● ● Kret
17 Itron could introduce security risk into product Y L M H L L L 11 ● ● ● Moccia
9 DTE employee misuse role resulting in sabotage Y L M H L L L 11 ● ● ● McCormick
107 Lack of effective Testing Plan Y L M L M L L 9 ● ● ● Moccia
84 Itron system fails to perform according to standards Y L M L M L L 9 ● ● ● Moccia
82 DOE(or other Federal) rule change impacts project execution plan Y L M M L L L 9 ● ● ● Hull
80 New technology standards require infrastructure change Y L M M L L L 9 ● ● ● Melton
79 Communication technology may change impacting meter operation / communication(AT&T) Y L M M L L L 9 ● ● ● Melton
72 Union employees go on strike Y L M L L M L 9 ● ● ● Jamerson
65 DOE rejects customer behavior study plan Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts
64 DOE rejects risk analysis/benefits plan Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts
63 DOE rejects project execution Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts
62 DOE rejects cyber security plan Y L M L M L L 9 ● ● ● Hull Hull: Review Impacts
52 Single point vulnerability with communications architecture Y L L M L L M 9 ● ● ● Melton
38 Supply chain does not do proper debarment due diligence Y L L H L L L 9 ● ● ● Kret
37 Supply chain does not include necessary flow-down provisions to vendors Y L L H L L L 9 ● ● ● Kret
36 DOE audit disallows some costs Y L L H L L L 9 ● ● ● Hull
35 Unanticipated action related to Davis-Bacon Act Y L L H L L L 9 ● ● ● Hull
33 Improper costs are included in DOE accounting Y L L H L L L 9 ● ● ● Hull
32 Time keeping for DOE reporting is inaccurate or incorrect Y L L H L L L 9 ● ● ● Hull
31 DTE time keeping system cannot provide necessary information for DOE Reporting Y L L H L L L 9 ● ● ● Hull
30 Accounting for DOE reporting is inaccurate or incorrect Y L L H L L L 9 ● ● ● Hull
29 DTE accounting system cannot provide necessary information for DOE Reporting Y L L H L L L 9 ● ● ● Hull
28 Vendors do not provide in kind-services (Cost share) Y L L H L L L 9 ● ● ● Hull
27 Terms of DOE grant are violated Y L L H L L L 9 ● ● ● Hull
26 Vendors / contractors do not provide timely info for DOE Reporting Y L L H L L L 9 ● ● ● Hull
25 Vendors / contractors do not provide proper info for DOE Reporting Y L L H L L L 9 ● ● ● Hull
24 DOE Reporting is not completed in a timely manner Y L L H L L L 9 ● ● ● Hull
23 Report to DOE is inaccurate Y L L H L L L 9 ● ● ● Hull Regardless of Rating DOE related Items need to be closely tracked.
22 Third party claims that the technology we are using violates a patent or trade secret Y L L H L L L 9 ● ● ● Kret
110 Project does not take appropriate steps to maintain confidentiality of Customer data Y L L M L L L 7 Hull Would affect company not necessarily the project
60 Project Team not adequately trained in new processes & technology Y L L L M L L 7 ● ● ● Switala
51 Installer commits crime/fraud in the field Y L L L L M L 7 ● ● ● Jamerson
50 Safety incident occurs resulting in process change or training Y L L L L M L 7 ● ● ● Jamerson
40 Contractor/sub-contractor fails DOE audit Y L L M L L L 7 ● ● ● Kret
18 Interveners or grassroots groups negatively impact customer opinions (SH) L L L L L L 5 ● ● ● Sitkauskas
12 DTE call center volume may increase due to 5,000 meter changes per day increasing wait time significantly (SH) L L L L L L 5 ● ● ● McCormick
91 Negative media as a result of ineffective employment communications Y L L L L L L 5 ● ● ● Sitkauskas
67 Communication plan with regulators is inadequate (does not explain benefits and detriments of the system) Y L L L L L L 5 ● ● ● Sitkauskas Regardless of rating this issue should be tracked closely
66 Communication plan with customers is inadequate (does not explain benefits and detriments of the system) Y L L L L L L 5 ● ● ● Sitkauskas Regardless of rating this issue should be tracked closely
21 Prolonged data center outage impacts AMI system Y L L L L L L 5 ● ● ● Melton
106 Lack of effective Quality Management Plan Y 0 ● ● ● Stasek See # 88
93 Project or vendor scope is not adequately defined Y 0 ● ● ● Norlin See # 88
88 Inadequate project management Y 0 ● ● ● Norlin Need to expand
120 0 ● ● ●
119 0 ● ● ●
118 0 ● ● ●
117 0 ● ● ●
116 0 ● ● ●
115 0 ● ● ●
114 0 ● ● ●
113 0 ● ● ●
112 0 ● ● ●
Legend
● Open Item
√ Completed Activity
Mitigation Results
Other
Risks to Consider
Risk Categories to Consider
Capital Project Portfolio
1
Funding availability (likelihood of approval)
2
Project justification (IRR, need, fleet strategy…)
3
Timing of the project
4
Regulatory influence
5
Commitment to the project (FosGen, GenOpts)
Engineering
6
Overall project concept
7
Scope (definition, supporting documentation, realistic goals, stability…)
8
As-built conditions (known, assumed, documented…)
9
Technology (existing at DTE, established, new concept…)
10
Design (complexity, integration, past similar experience…)
11
Configuration management
12
ESO resources (availability, experience, knowledge, track record…)
13
A/E resources (availaibility, experience, knowledge, track record…)
14
Schedule (likelihood to meet agreed upon deadlines)
15
Cost (likelihood to control the engineering cost within the agreed upon budget)
Project Management
16
Project team composition (experience level, competence and skills, compatibility, track record…)
17
Roles and responsibilities (established, understood, agreed…)
18
Communication (stakeholders identified)
19
Scope (expectations understood and agreed upon, realistic goals, stability…)
20
Plant Management commitment to the project
21
Weather
22
Past experience on a similar project (lessons learned incorporated…)
23
Plant operational constraints
24
Outage constraints (limited flexibility and opportunities, labor and contractors mandates, micro management, additional requirements…)
25
Cost estimating (scope quality, WBS, task duration, unit costs, labor plan, outage project or not…)
26
Scheduling (scope, WBS, task duration, dependencies, integration with outage or plant operation…)
27
Adherence to the PMP process by all project team members
Supply Chain Management
Material
28
Lead time
29
Raw material (availability, cost fluctuation…)
30
Material origin (logistics, imports…)
31
Competitive situation
32
Vendor performance (level of service, reliability, track record…)
33
Technology (existing at DTE, established, new…)
34
Schedule (likelihood to meet agreed upon deadlines…)
35
On site storage requirements
Contracted Labor
36 Competitive situation
37
Vendor selection (new or well established relationship, past performance, reliability…)
38
Availability and workload (contractor, supervision, key personnel…)
39
Union labor (availability, productivity, skills…)
40
Safety record
41
Construction
42
Contract terms (firm bid, T&M, …)
43
Cost (potential for exceeding contracted labor budget…)
44 Schedule (likelihood to meet agreed upon deadlines…)
Construction
45
Access to site
46
Access to equipment (lifting, rigging, scaffolding…)
47 Weather
48
Safety requirements
49
Training requirements (safety and other)
50
Labor plan (DeCo labor or contractor)
51
DeCo labor (availability, crew consistency, productivity, …)
52
Lay down areas
53
Plant operational constraints (equipement availability, shut down potential…)
54
Outage constraints (limited flexibility and opportunities, equipment availability, shut down potential…)
55
Site conditions (soil quality…)
56
Cost (potential for exceeding the construction budget…)
57
Schedule (constraints, deadlines, key dependencies…)
Other
58
Soil Assessment
59
Excavation
60
Planning and Coordinating with Vendors
61
Inclement Weather
62
Regulations and Policy
63
Inadequate Bearing Soil Layer
64
Working on or near Water
65
Special Equipment Availability
66
Improper Engineering
67
Improperly Trained Workforce
68
Poor Planning
69
Communications Problems
70
Logistics
71
Theft
72
Craft Shortage
73
Permit Delay/Inspection Delay
74
Hazardous Materials
75
Missing/Inadequate Drawings or Specifications
76
Scope Creep/Change Requests
77
Late Delivery of Material/Supplies
78
Lay down/Confined Space
79
Contract Award Process
80
Technological Advancement
Score Defined
Medium = 3
Low = 1
Total Score = (Schedule + Cost + Quality + Safety + Scope) x Likelihood
Components of a risk
•A Source of a risk or hazard – the thing which has the potential to harm or assist e.g. a dangerous chemical, competitors, government.
•An Event or Incident – Something that occurs such that the source of risk has the impact concerned e.g. a leak, competitor expands into or leaves your market, new or revised regulations, or some level of observation reaching a particular trigger level.
•A Consequence, outcome or impact on a range of stakeholders or assets e.g. environmental damage, loss or increase of market/profits, regulations increase or decreased competitiveness
•A Cause (what and why) for the presence of the hazard or the event occurring e.g. design, human intervention, funding, prediction or failure to predict competitor activity, failure to or expansion of market presence
•Controls and their level of effectiveness e.g. detection systems, clean up systems, policies, security, training, and market research.
•When could the risk occur and Where would it occur.List of Values
H ●
M √
Life of Project
2010 2010 3
2010Q1
2011
2010 Q2
2011 1/11
2010 Q3
20101201
2010 Q4
2010 Dec 1
2011
2010 Q1
2011 Q1
2011 Q2
2011 Q3
2011 Q4
2011 12 01
2011 Q1
2011 Q2
2011 Q3
2011 Q4
Rd 2 Directions
1)
Major correction to wording
(“wordsmithing” can be done later)
2)
Does this risk apply to all SmartCurrent projects
(AMI, Smart Home, Smart Circuit)
3)
Identify Likelihood
*
# of Risks Identified
109
4)
Identify Impacts *
Available Time
240
5)
Identify Owner
Minutes/Risk
2.2
3.5
*
Risk Plan is a living document – these ratings can/will change
56%
New Process Map
Major Enterprise Projects
DRAFT:
<
Project Risk Plan Management : Process Map
Project Manager / Risk Plan Manager
Project Stakeholders
Risk
Owners
Financial Analyst
Scheduler
Monthly Update Coordinator
Training Session
My Definition of risk:
“A negative risk event is something that has not yet happened on your project, but if it did happen it would negatively impact your project to the extent that it would be worthwhile to reduce the likelihood that it will occur or reduce the negative impact if it occurred”
“A positive risk event is something that has not yet happened on your project, but if it did happen it would positively impact your project to the extent that it would be worthwhile to increase the likelihood that it will occur or increase the positive impact if it occurred”
3
4
An undesirable event that has not yet happened
(Issue)
An undesirable event that has happened and needs attention
(Action)
Work that needs to be done
The project may go over budget
I ran over a pot hole coming into work today and my tire is flat
Decisions in the site engineering area are not being made in a timely manner
Using unproven technology may require frequent re-design work resulting in a schedule delay
The project may go over budget
This is more of an impact than a risk. There are many reasons why a project may go over budget. The real question is what are the things that would cause you to go over budget? The answer to this question is the risk. Here are some examples of a better way to write this risk statement:
It may take more time than planned to secure internal employees to work on this project which will require us to hire consultants resulting in a cost overrun on the project.
The contractor productivity level may be less than quoted in the contract resulting in a cost overrun.
I ran over a pot hole coming into work today and my tire is flat
This is not a risk because it already happened. It has now become an issue that you have to deal with. Time to execute your contingency plan – hopefully you have a spare or AAA.
Decisions in the site engineering area are not being made in a timely manner
This is not a risk because it already happened. Decisions are already not being made timely, so the risk has occurred. It has now become an issue that you have to deal with.
Using unproven technology may require frequent re-design work resulting in a schedule delay
This is a risk.
Risk is clear and understandable to anyone who reads it
Risk describes the impact or “so what” factor
Risk has not yet happened
Risk is something your actually worried about.
Risk affects your project, not another project or the company in general
10
To improve our chance of project success
Meeting your objectives
Meeting your budget
Meeting your schedule
Working Safely
Delivering with quality
Satisfying your customers and stakeholders
Avoid surprises
11
“The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning” ~ Charles Tremper
Project Risk Manager(s)
Project 1
Project 2
Project 3
Risk Register
Risk Assessment Reports
Risk Scorecard
Processes and Methods
Mitigation Planning
Contingency Planning
12
External
Audit
DOE
Expert
Corporate Risk
General Audit
Compliance
13
Project X: Risk Plan
#
Risk Event Description
What is the event? Category
Sub-project, Project Phase, Location etc.
(Optional) Likelihood Schedule Cost Quality Safety Scope Total Score Risk Event Drivers
What are the conditions, actions, or events that are likely to trigger the risk event to occur or is a leading indicator to the risk event occurring? Response/ Mitigation Strategy
What action(s) will be taken to limit the likelihood of these event occurring or limiting the impacts?
1 Contracted vendor under performs resulting in schedule delays, rework and cost overruns Contract H H M M M L 75 Drivers to monitor:
– Schedule slippages and missed milestones.
Drivers that have occurred:
– Re-work occurring.
– Change orders issued.
Planned Actions:
– Conduct weekly monitoring of schedule adherence.
– Implement change review process to manage scope, time, cost changes effectively.
– Develop and implement quality management plan for vendor work.
Completed Actions:
– Negotiate cost plus incentive fee contract based upon milestone completion
14
Risk impact level Matrix
Likelihood Low Medium High
Unlikely Likely Almost Certain
Impacts Low Medium High
Schedule No Impact to Critical Path or Field Work Potential to Affect Critical Path or Field Work Certain to Affect Critical Path or Field Work
Cost Less Than $ 250,000 $ 250,000 to $1,000,000 Greater Than $ 1,000,000
Quality Minor impact to product deliverables Moderate impact to product deliverables Major impact to product deliverables
Safety No Impact to worker safety Minor impact to worker safety Major impact to worker safety
Scope < 1% 2% to 5% > 5%
15
Risk: I may run out of gas on my way to work in the morning and be late for an important meeting which will make my boss very angry.
Responding to a risk mean that you are going to try one or more of the following:
Mitigate the risk: try to reduce the likelihood it will occur and/or the impact if it occurs (i.e. fill up your tank with gas the night before).
Transfer: give some or all of the risk to a third party (i.e. hire a cab)
Avoid: Eliminate the possibility (i.e. walk to work or stay at nearby hotel)
Accept: Do nothing and take your chances
16
#
Risk Event Description
What is the event? Contingency Plan
What action(s) will be taken if this event occurs? Owner
Risk Timeframe
Critical date(s) or period of exposure Organizational or Cross-Project Impacts Comments
– Complete work with internal resources. Jane Doe On-going No (01/12) Vendor has repeatedly failed weld inspections on structural steel.
17
Financial Analysis
#
Risk Event Description
What is the event? FA Review Required? $ Impact Source Probability Source EMV Comments
1 Contracted vendor under performs resulting in schedule delays, rework and cost overruns Y $ 500,000 PM input 0.9 Default $ 450,000
18
Schedule Analysis Risk Closure
#
Risk Event Description
What is the event? Scheduler Review Required? Critical Path ? Scheduler Response\ Comments
(Activity #, Quantified impact etc.) Closure Statement Notes / Lessons Learned
1 Contracted vendor under performs resulting in schedule delays, rework and cost overruns Y This risk will impact the Critical Path Built 20 days of contingency into the Schedule Steel Erection Work Package delays will impact Siding and Roof Construction Work Packages.
Executive Champion who understands Risk Management
Risk Manager who owns process, coaches and mentors
Good set of processes, tools, and templates
Risk Training for the team (concept and processes)
Make Risk Management a priority
Benchmark your process and effectiveness regularly
Establish Historical Risk Database and leverage the past
Work the Risk Plan
Develop Contingency Plans for high risk items
Don’t sweat the small risksRoles and Responsibilities
· Provide project budget
· Assist in risk mitigation, when necessary
· Assist in corrective action decisions, when necessary
· Provide project budget
· Assist in risk mitigation, when necessary
· Assist in corrective action decisions, when necessary
· Meet with Interim Leadership Team at regularly scheduled intervals
· Assess project progress and take appropriate action
· Coordinate communication to all affected parties (business and technical) within area of responsibility
· Deliverable identification and creation within area of responsibility
· Gain approvals for all deliverables within area of responsibility
· Coordinate all project activities within area of responsibility
· Maintain project schedule within area of responsibility
· Reporting of budget and schedule variance within area of responsibility
· Documentation coordination and maintenance within area of responsibility
· Ensure all time spent on the project has been collected within area of responsibility
· Ensure communication to the Business Unit is occurring
· Identify and communicate project issues, risks, constraints and assumptions to the Project Manager
· Assist in risk mitigation, when necessary
· Assist in issue resolution
· Assist in project scope definition
· Attend project team meetings
· Follow project quality standards and procedures
· Provide status of tasks and deliverables to Project Manager
· Attend project team meetings
· Ensure communication between all affected parties is occurring
· Identify and communicate project issues, risks, constraints and assumptions to the Project Manager
· Follow project quality standards and procedures
· Provide status to Project Manager
· Risk identification and management within area of responsibility
· Coordinate communication to all affected parties (business and technical) within area of responsibility
· Deliverable identification and creation within area of responsibility
· Takes Corrective action, when appropriate, within area of responsibility
· Assist in establishing project standards and procedures
· Follow-up on action items from meeting minutes within area of responsibility
· Facilitate project team meetings
· Maintain project schedule within area of responsibility
· Documentation coordination and maintenance within area of responsibility
· Monitor project milestones and meet established deadlines within area of responsibility
Lab Exercise – HTTP
2 of your text. Review that section before doing this lab.
traffic at some location on the network, as if a snapshot was taken of all the bits that passed across a
particular wire. The packet trace records a timestamp for each packet, along with the bits that make up
the packet, from the low-layer headers to the higher-layer contents. Wireshark runs on most operating
systems, including Windows, Mac and Linux. It provides a graphical UI that shows the sequence of pack-
ets and the meaning of the bits when interpreted as protocol headers and data. The packets are color-
coded to convey their meaning, and Wireshark includes various ways to filter and analyze them to let
you investigate different aspects of behavior. It is widely used to troubleshoot networks. You can down-
load Wireshark from www.wireshark.org.
installed on Window, Linux and Mac operating systems. It may need to be enabled under Windows. Se-
lect “Control Panel” and “More Settings” (Windows 8) or “Programs and Features” (Windows 7), then
“Turn Windows Features on or off”. From the list that is displayed, make sure that “Telnet Client” is
checked. If you cannot see the text you type when in a telnet session, you may need to use a telnet
command to set the “local echo” variable. Alternatively, if you are having difficulty enabling or using
Windows telnet, you may install the PuTTY client which uses a GUI to launch a telnet session.
URL with no special port number. Since HTTP is a text-based application protocol, we can see how it
works by entering our own HTTP requests and inspecting the HTTP responses. To do this you will use
telnet in the place of a web browser, using the URL you select as a test case. You might a top level page
of your school web server, e.g., http://www.mit.edu/index.html.
URL ends with a “/” then the path portion will be “/”. Or it may be that the path is really “/index.html”
and the browser and web server are performing the translation for you. To check if this is the real URL,
enter the URL with /index.html at the end into your browser and see if it works.
and then issue HTTP commands acting as the browser. Proceed as follows:
prompt by issuing a command such as “telnet www.mit.edu 80”. Or if you are using
Lab Exercise – HTTP
“Never” close window.
two lines identify the path and server. The last line is a blank line, to tell the server there are no
more headers. It is easily missed, but it is mandatory.
Host: www.mit.edu
it by typing the telnet escape character of “control-]” and then typing the command “q” for quit.
is shown in the figure below, with the parts that we typed highlighted. You may need to scroll back up to
see the beginning of your interaction. The details of your output will vary, but they should take the basic
form of a web interaction between your browser and a server: a command followed by various client
request headers, then the server response, first with a status code and header information, and then
with the requested document itself. If the status code is not a “200 OK” then something is wrong. Your
command syntax may have an error in it, or an incorrect URL may be the problem.
Lab Exercise – HTTP
2. How is the beginning of the content sent by the server recognized by the client?
3. How does the client know what type of content is returned?
trace. Now that we seen how a GET works, we will observe your browser as it makes HTTP requests.
Browser behavior can be quite complex, using more HTTP features than the basic exchange, so we will
set up a simple scenario. We are assuming that your browser will use HTTP in this simple scenario rather
than newer Web protocols such as SPDY, and if this is not the case you will need to disable SPDY.
HTTPS) URLs with no special port. The first URL should be that of a small to medium-sized image,
whether , .gif, or . We want some static content without embedded resources. You can
often find such a URL by right-clicking on unlinked images in web pages to tell your browser to
open the URL of the image directly. The second URL should be the home page of some major
web site that you would like to study. It will be complex by comparison. Visit both URLs to check
that they work, then keep them handy outside of the browser so you can cut-and-paste them.
tab that you will use, close all other tabs, windows (and other browsers!) to minimize HTTP traf-
fic. When you clear your browser cache, do not delete your cookies if you have a choice.
cause there is no shorthand for HTTP, but HTTP is normally carried on TCP port 80. Your capture
window should be similar to the one pictured below, other than our highlighting. Select the in-
terface from which to capture as the main wired or wireless interface used by your computer to
connect to the Internet. If unsure, guess and revisit this step later if your capture is not success-
ful. Uncheck “capture packets in promiscuous mode”. This mode is useful to overhear packets
sent to/from other computers on broadcast networks. We only want to record packets sent
to/from your computer. Leave other options at their default values. The capture filter, if pre-
sent, is used to prevent the capture of other traffic your computer may send or receive. On
Wireshark 1.8, the capture filter box is present directly on the options screen, but on Wireshark
1.9, you set a capture filter by double-clicking on the interface.
Lab Exercise – HTTP
HTTP traffic. If there is HTTP traffic then you need to find and close the application that is caus-
ing it. Otherwise your trace will have too much HTTP traffic for you to understand. You will paste
each URL into the browser URL bar and press Enter to fetch it. Do not type the URL, as this may
cause the browser to generate additional HTTP requests as it tries to auto-complete your typing.
“Enter” or whatever is required to run your browser.
without using the “Reload” button of your browser, lest it trigger other behavior.
the protocol of some packets is listed as HTTP – if you do not have any HTTP packets there is a
problem with the setup such as your browser using SPDY instead of HTTP to fetch web pages.
Lab Exercise – HTTP
quests and responses, but not the individual packets that are involved. Recall that an HTTP response car-
rying content will normally be spread across multiple packets. When the last packet in the response ar-
rives, Wireshark assembles the complete response and tags the packet with protocol HTTP. The earlier
packets are simply TCP segments carrying data; the last packet tagged HTTP includes a list of all the ear-
lier packets used to make the response. A similar process occurs for the request, but in this case it is
common for a request to fit in a single packet. With the filter expression of “http” we will hide the
Lab Exercise – HTTP
display should be similar to the figure showing our example.
request. Observe that the HTTP header follows the TCP and IP headers, as HTTP is an application proto-
col that is transported using TCP/IP. To view it, select the packet, find the HTTP block in the middle
panel, and expand it (by using the “+” expander or icon). This block is expanded in our figure.
of the request, including details such as the path. Then you will see a series of headers in the form of
tagged parameters. There may be many headers, and the choice of headers and their values vary from
browser to browser. See if you have any of these common headers:
• User-Agent. The kind of browser and its capabilities.
• Accept, Accept-Encoding, Accept-Charset, Accept-Language. Descriptions of the formats that will
• Cookie. The name and value of cookies the browser holds for the website.
• Cache-Control. Information about how the response can be cached.
you can read much of the request directly from the packet itself!
this packet will indicate “200 OK” in the case of a normal, successful transfer. You will see that the re-
sponse is similar to the request, with a series of headers that follow the “200 OK” status code. However,
different headers will be used, and the headers will be followed by the requested content. See if you
have any of these common headers:
• Date, Last-Modified. The time of the response and the time the content last changed.
• Cache-Control, Expires, Etag. Information about how the response can be cached.
content that you requested.
2. What headers are used to indicate the kind and length of content that is returned in a response?
us to look at caching in action, since it is highly likely that the image or document has not changed and
Lab Exercise – HTTP
tunity. We will now see how they work.
GET in the trace. However, look carefully because your browser may issue other HTTP requests for its
own reasons. For example, you might see a GET for /favicon.ico in the trace. This is the browser request-
ing the icon for the site to use as part of the browser display. Similarly, if you typed in the URL bar your
browser may have issued GETs as part of its auto-completion routine. We are not interested in this back-
ground browser activity at the moment.
you about this header shortly. The server will need to send fresh content only if the content has
changed since the browser last downloaded it. To work this out, the browser includes a timestamp
taken from the previous download for the content that it has cached. This header was not present on
the first GET since we cleared the browser cache so the browser had no previous download of the con-
tent that it could use. In most other respects, this request will be the same as the first time request.
expected, this response will not contain the content. Instead, the status code of the response will be
“304 Not Modified”. This tells the browser that the content is unchanged from its previous copy, and
the cached content can then be displayed.
fresh content?
5. How long did it take to complete this lab? Did you feel this lab was helpful or valuable? Please
that will likely have embedded resources. So the browser will download the initial HTML plus all of the
embedded resources needed to render the page, plus other resources that are requested during the ex-
ecution of page scripts. As we’ll see, a single page can involve many GETs!
panel under “Statistics” and “HTTP”. You can filter for the packets that are part of the third fetch by re-
moving the packets from the earlier part of the trace by either time or number. For example, use
“frame.number>27” or “frame.time_relative>24” for our trace.
your fetch will request content from other servers you might not have suspected to build the page.
Lab Exercise – HTTP
analytics networks. Our panel is shown below – the page fetch involved 95 requests to 4 different serv-
ers!
panel under “Statistics” and “HTTP”, and you should filter for the packets that are part of the third fetch
as before. This panel will tell you the kinds of request and responses. Our panel is shown in the figure
below. You can see that it consists entirely of GET requests that are matched by 200 OK responses. How-
ever, there are a variety of other response codes that you might observe in your trace, such as when the
resource is already cached.
Lab Exercise – HTTP
the URLs in the Info column, you can get a summary of the URLs in a HTTP Request panel under “Statis-
tics” and “HTTP”. Each of the individual requests and responses has the same form we saw in an earlier
step. Collectively, they are performed in the process of fetching a complete page with a given URL.
webpagetest.org. These sites will test a URL of your choice and generate a report of the page load
activity, telling what requests were fetched at what times and giving tips for decreasing the overall page
load time. We have shown the beginning of the “waterfall” diagram for the page load corresponding to
our trace in the figure below. After the initial HTML resource is fetched there are many subsequent
quick fetches for embedded resources such as JavaScript scripts, CSS stylesheets, images, and more.
Lab Exercise – HTTP
load information to the server. You can study a POST by finding a simple web page with a form
and tracing the form submission. However, do not study login forms as you want to observe an
HTTP POST and not an encrypted HTTPS POST that is more typical when security is needed.
tively complex pages that require many HTTP requests to build. Moreover, these pages may
continue to issue “asynchronous” HTTP requests once they appear to have loaded, to load inter-
active displays or prepare for the next page, etc. You will see this activity when you find HTTP
requests that continue after a page is loaded.
HTTP 1.1, the browser can make one TCP connection to a server and send multiple requests.
Often after a single request the TCP connection will be kept open by the browser for a short
Lab Exercise – HTTP
they are kept open depends on the browser, so you will discover how your browser behaves.
tions make HTTP requests too. It is common for streaming video clients embedded in browsers
like Netflix to download content using a HTTP fetches of many small “chunks” of video. If you
look at other applications, you may find that many of them use HTTP to shift about content,
though often on a port different than port 80.
Objective
Requirements
Step 1: Manual GET with Telnet
Step 2: Capture a Trace
Step 3: Inspect the Trace
Step 4: Content Caching
Step 5: Complex Pages
Explore Your Network
Lab Exercise – HTTP
2 of your text. Review that section before doing this lab.
traffic at some location on the network, as if a snapshot was taken of all the bits that passed across a
particular wire. The packet trace records a timestamp for each packet, along with the bits that make up
the packet, from the low-layer headers to the higher-layer contents. Wireshark runs on most operating
systems, including Windows, Mac and Linux. It provides a graphical UI that shows the sequence of pack-
ets and the meaning of the bits when interpreted as protocol headers and data. The packets are color-
coded to convey their meaning, and Wireshark includes various ways to filter and analyze them to let
you investigate different aspects of behavior. It is widely used to troubleshoot networks. You can down-
load Wireshark from www.wireshark.org.
installed on Window, Linux and Mac operating systems. It may need to be enabled under Windows. Se-
lect “Control Panel” and “More Settings” (Windows 8) or “Programs and Features” (Windows 7), then
“Turn Windows Features on or off”. From the list that is displayed, make sure that “Telnet Client” is
checked. If you cannot see the text you type when in a telnet session, you may need to use a telnet
command to set the “local echo” variable. Alternatively, if you are having difficulty enabling or using
Windows telnet, you may install the PuTTY client which uses a GUI to launch a telnet session.
URL with no special port number. Since HTTP is a text-based application protocol, we can see how it
works by entering our own HTTP requests and inspecting the HTTP responses. To do this you will use
telnet in the place of a web browser, using the URL you select as a test case. You might a top level page
of your school web server, e.g., http://www.mit.edu/index.html.
URL ends with a “/” then the path portion will be “/”. Or it may be that the path is really “/index.html”
and the browser and web server are performing the translation for you. To check if this is the real URL,
enter the URL with /index.html at the end into your browser and see if it works.
and then issue HTTP commands acting as the browser. Proceed as follows:
prompt by issuing a command such as “telnet www.mit.edu 80”. Or if you are using
Lab Exercise – HTTP
“Never” close window.
two lines identify the path and server. The last line is a blank line, to tell the server there are no
more headers. It is easily missed, but it is mandatory.
Host: www.mit.edu
it by typing the telnet escape character of “control-]” and then typing the command “q” for quit.
is shown in the figure below, with the parts that we typed highlighted. You may need to scroll back up to
see the beginning of your interaction. The details of your output will vary, but they should take the basic
form of a web interaction between your browser and a server: a command followed by various client
request headers, then the server response, first with a status code and header information, and then
with the requested document itself. If the status code is not a “200 OK” then something is wrong. Your
command syntax may have an error in it, or an incorrect URL may be the problem.
Lab Exercise – HTTP
2. How is the beginning of the content sent by the server recognized by the client?
3. How does the client know what type of content is returned?
trace. Now that we seen how a GET works, we will observe your browser as it makes HTTP requests.
Browser behavior can be quite complex, using more HTTP features than the basic exchange, so we will
set up a simple scenario. We are assuming that your browser will use HTTP in this simple scenario rather
than newer Web protocols such as SPDY, and if this is not the case you will need to disable SPDY.
HTTPS) URLs with no special port. The first URL should be that of a small to medium-sized image,
whether , .gif, or . We want some static content without embedded resources. You can
often find such a URL by right-clicking on unlinked images in web pages to tell your browser to
open the URL of the image directly. The second URL should be the home page of some major
web site that you would like to study. It will be complex by comparison. Visit both URLs to check
that they work, then keep them handy outside of the browser so you can cut-and-paste them.
tab that you will use, close all other tabs, windows (and other browsers!) to minimize HTTP traf-
fic. When you clear your browser cache, do not delete your cookies if you have a choice.
cause there is no shorthand for HTTP, but HTTP is normally carried on TCP port 80. Your capture
window should be similar to the one pictured below, other than our highlighting. Select the in-
terface from which to capture as the main wired or wireless interface used by your computer to
connect to the Internet. If unsure, guess and revisit this step later if your capture is not success-
ful. Uncheck “capture packets in promiscuous mode”. This mode is useful to overhear packets
sent to/from other computers on broadcast networks. We only want to record packets sent
to/from your computer. Leave other options at their default values. The capture filter, if pre-
sent, is used to prevent the capture of other traffic your computer may send or receive. On
Wireshark 1.8, the capture filter box is present directly on the options screen, but on Wireshark
1.9, you set a capture filter by double-clicking on the interface.
Lab Exercise – HTTP
HTTP traffic. If there is HTTP traffic then you need to find and close the application that is caus-
ing it. Otherwise your trace will have too much HTTP traffic for you to understand. You will paste
each URL into the browser URL bar and press Enter to fetch it. Do not type the URL, as this may
cause the browser to generate additional HTTP requests as it tries to auto-complete your typing.
“Enter” or whatever is required to run your browser.
without using the “Reload” button of your browser, lest it trigger other behavior.
the protocol of some packets is listed as HTTP – if you do not have any HTTP packets there is a
problem with the setup such as your browser using SPDY instead of HTTP to fetch web pages.
Lab Exercise – HTTP
quests and responses, but not the individual packets that are involved. Recall that an HTTP response car-
rying content will normally be spread across multiple packets. When the last packet in the response ar-
rives, Wireshark assembles the complete response and tags the packet with protocol HTTP. The earlier
packets are simply TCP segments carrying data; the last packet tagged HTTP includes a list of all the ear-
lier packets used to make the response. A similar process occurs for the request, but in this case it is
common for a request to fit in a single packet. With the filter expression of “http” we will hide the
Lab Exercise – HTTP
display should be similar to the figure showing our example.
request. Observe that the HTTP header follows the TCP and IP headers, as HTTP is an application proto-
col that is transported using TCP/IP. To view it, select the packet, find the HTTP block in the middle
panel, and expand it (by using the “+” expander or icon). This block is expanded in our figure.
of the request, including details such as the path. Then you will see a series of headers in the form of
tagged parameters. There may be many headers, and the choice of headers and their values vary from
browser to browser. See if you have any of these common headers:
• User-Agent. The kind of browser and its capabilities.
• Accept, Accept-Encoding, Accept-Charset, Accept-Language. Descriptions of the formats that will
• Cookie. The name and value of cookies the browser holds for the website.
• Cache-Control. Information about how the response can be cached.
you can read much of the request directly from the packet itself!
this packet will indicate “200 OK” in the case of a normal, successful transfer. You will see that the re-
sponse is similar to the request, with a series of headers that follow the “200 OK” status code. However,
different headers will be used, and the headers will be followed by the requested content. See if you
have any of these common headers:
• Date, Last-Modified. The time of the response and the time the content last changed.
• Cache-Control, Expires, Etag. Information about how the response can be cached.
content that you requested.
2. What headers are used to indicate the kind and length of content that is returned in a response?
us to look at caching in action, since it is highly likely that the image or document has not changed and
Lab Exercise – HTTP
tunity. We will now see how they work.
GET in the trace. However, look carefully because your browser may issue other HTTP requests for its
own reasons. For example, you might see a GET for /favicon.ico in the trace. This is the browser request-
ing the icon for the site to use as part of the browser display. Similarly, if you typed in the URL bar your
browser may have issued GETs as part of its auto-completion routine. We are not interested in this back-
ground browser activity at the moment.
you about this header shortly. The server will need to send fresh content only if the content has
changed since the browser last downloaded it. To work this out, the browser includes a timestamp
taken from the previous download for the content that it has cached. This header was not present on
the first GET since we cleared the browser cache so the browser had no previous download of the con-
tent that it could use. In most other respects, this request will be the same as the first time request.
expected, this response will not contain the content. Instead, the status code of the response will be
“304 Not Modified”. This tells the browser that the content is unchanged from its previous copy, and
the cached content can then be displayed.
fresh content?
5. How long did it take to complete this lab? Did you feel this lab was helpful or valuable? Please
that will likely have embedded resources. So the browser will download the initial HTML plus all of the
embedded resources needed to render the page, plus other resources that are requested during the ex-
ecution of page scripts. As we’ll see, a single page can involve many GETs!
panel under “Statistics” and “HTTP”. You can filter for the packets that are part of the third fetch by re-
moving the packets from the earlier part of the trace by either time or number. For example, use
“frame.number>27” or “frame.time_relative>24” for our trace.
your fetch will request content from other servers you might not have suspected to build the page.
Lab Exercise – HTTP
analytics networks. Our panel is shown below – the page fetch involved 95 requests to 4 different serv-
ers!
panel under “Statistics” and “HTTP”, and you should filter for the packets that are part of the third fetch
as before. This panel will tell you the kinds of request and responses. Our panel is shown in the figure
below. You can see that it consists entirely of GET requests that are matched by 200 OK responses. How-
ever, there are a variety of other response codes that you might observe in your trace, such as when the
resource is already cached.
Lab Exercise – HTTP
the URLs in the Info column, you can get a summary of the URLs in a HTTP Request panel under “Statis-
tics” and “HTTP”. Each of the individual requests and responses has the same form we saw in an earlier
step. Collectively, they are performed in the process of fetching a complete page with a given URL.
webpagetest.org. These sites will test a URL of your choice and generate a report of the page load
activity, telling what requests were fetched at what times and giving tips for decreasing the overall page
load time. We have shown the beginning of the “waterfall” diagram for the page load corresponding to
our trace in the figure below. After the initial HTML resource is fetched there are many subsequent
quick fetches for embedded resources such as JavaScript scripts, CSS stylesheets, images, and more.
Lab Exercise – HTTP
load information to the server. You can study a POST by finding a simple web page with a form
and tracing the form submission. However, do not study login forms as you want to observe an
HTTP POST and not an encrypted HTTPS POST that is more typical when security is needed.
tively complex pages that require many HTTP requests to build. Moreover, these pages may
continue to issue “asynchronous” HTTP requests once they appear to have loaded, to load inter-
active displays or prepare for the next page, etc. You will see this activity when you find HTTP
requests that continue after a page is loaded.
HTTP 1.1, the browser can make one TCP connection to a server and send multiple requests.
Often after a single request the TCP connection will be kept open by the browser for a short
Lab Exercise – HTTP
they are kept open depends on the browser, so you will discover how your browser behaves.
tions make HTTP requests too. It is common for streaming video clients embedded in browsers
like Netflix to download content using a HTTP fetches of many small “chunks” of video. If you
look at other applications, you may find that many of them use HTTP to shift about content,
though often on a port different than port 80.
Objective
Requirements
Step 1: Manual GET with Telnet
Step 2: Capture a Trace
Step 3: Inspect the Trace
Step 4: Content Caching
Step 5: Complex Pages
Explore Your Network
Overview
Approach
Project Plan Deliverables
