 |
Florida Administrative Code (Last Updated: April 18, 2024) |
 |
74. Agency for State Technology |
|
D74. Departmental |
|
74-1. Project Management And Oversight |
1(1) The Agency will perform Risk & Complexity Assessments (R&C Assessments) for information technology (IT) projects to evaluate the risk and complexity factors for each IT project 28https://www.flrules.org/Gateway/reference.asp?No=Ref-0556930. The purpose of the assessments is to determine the minimum level of project management control necessary to manage a given project in order to reduce risk and increase the probability of success.
63(2) These assessments align projects by risk and complexity levels into one (1) of four (4) Risk and Complexity (R&C) Categories, which determine the amount of project management control required. The following diagram indicates the distribution of risk and complexity levels into the R&C Category:
108Complexity
109Low
110Medium
111High
112Risk
113Low
1141
1151
1162
117Medium
1182
1192
1203
121High
1223
1233
1244
125(a) Category 4 represents High Risk and High Complexity projects.
135(b) Category 3 represents High Risk and Medium Complexity projects, High Risk and Low Complexity projects, or Medium Risk and High Complexity projects.
158(c) Category 2 represents Medium Risk and Medium Complexity projects, Medium Risk and Low Complexity projects, or Low Risk and High Complexity projects.
181(d) Category 1 represents Low Risk and Medium Complexity projects or Low Risk and Low Complexity projects.
198(e) Specific lifecycle phase requirements for each category are identified in Rules 74-1.003, F.A.C. 212‒ Initiation; 74-1.004, F.A.C. ‒ Planning; 74-1.005, F.A.C. ‒ Execution; 74-1.006, F.A.C. ‒ Monitoring and Controlling; and 74-1.007, F.A.C. ‒ Closure.
233(3) The R&C Assessments are conducted using 240Form AST-F-0505A, AST Risk & Complexity Assessment Workbook 248(07/15). This workbook is used by Agencies to determine 257the cumulative R&C Category designation. The R&C Assessment Workbook 266is divided into seven (7) separate assessment worksheets which are conducted at four (4) key points in the project management life cycle. 288Form AST-F-0505A, AST Risk & Complexity Assessment Workbook, is hereby incorporated by reference in this Rule. Form AST-F-0505A can be found on the AST web site at: http://www.ast.myflorida.com/.
316(a) The Agency must complete a Pre-Charter R&C Assessment (consisting of a Risk worksheet and a Complexity worksheet) at the start of the Initiation phase of the project. During this assessment, the Agency will review priorities and business need, assess the project, and analyze factors that might impact project success. The resulting R&C Category establishes the project management control requirements to be applied during the project Initiation phase. (See Rule 74-1.003, F.A.C. 388‒ Initiation)
390(b) The Agency must complete an Initiation Gate R&C Assessment at the end of the Initiation phase following completion of project Initation documentation. During this assessment, the Agency will review Initiation documents, validate or amend 425the previous R&C assessment findings, and complete the Initiation Gate R&C Assessment 437(consisting of a Risk worksheet and a Complexity worksheet). This assessment will confirm or adjust the project’s cumulative risk & complexity level and resulting R&C Category, examine the effectiveness of Initiation phase activities, and set requirements for the project Planning phase. (See Rule 74-1.004, F.A.C. 482‒ Planning)
484(c) The Agency must complete a Planning Gate R&C Assessment at the end of the Planning phase, following completion of project planning documentation. During this assessment, the Agency will review project documents, validate or amend the previo521us R&C assessment findings, and complete the Planning Gate R&C Assessment (consisting of a Risk worksheet and a Complexity worksheet). This assessment will confirm or adjust the project’s cumulative risk and complexity level and resulting R&C Category, examine the effectiveness of Planning phase activities, and set requirements for the project Execution and Monitoring and Controlling phases. (See Rule 74-1.005, F.A.C. 581‒ Execution, and Rule 74-1.006, F.A.C. ‒Monitoring and Controlling)
590(d) The Agency must complete an Event-Driven R&C Assessment if the project experiences a significant change, or cumulative changes (in cost, schedule, or scope) from the project baseline. During this assessment, the Agency will review the change control request(s) and project documentation. The Agency will also review, validate or amend the previous R&C assessment findings, and complete the Event-Driven R&C Assessment (consisting of a Risk worksheet). This assessment will confirm or adjust the project’s cumulative risk & complexity level and resulting R&C Category and determine if review and amendment to project management baselines are needed.
685Rulemaking Authority 687282.0051(18) 688FS. Law Implemented 691282.0041, 692282.0051 FS. History‒New 7-16-15.
