DiPaolo Brittany FPX 5334 2-1

Risk Management Plan Project Name: Bausch + Lomb Project Learner Name: Brittany DiPaolo Course Name: FPX5334: Project Risk Assessment and Control Date: November 2, 2023 Table of Contents Sec$on 1 – Introduc$on to the Plan 4 ______________________________________________________________________________ 1.1 Benefits of Risk Management 4 _______________________________________________________________________________________ 1.2 Project Goals and Objec?ves 4 ________________________________________________________________________________________ 1.3 Company Background 4 _____________________________________________________________________________________________ 1.4 Risk Iden?fica?on 6 _________________________________________________________________________________________________ Sec$on 2 – Risk Scope, Components, and Value 6 ____________________________________________________________________ 2.1 Scope of the Risk Management Plan 6 __________________________________________________________________________________ 2.3 Expected Monetary Value 10 _________________________________________________________________________________________ 2.4 Determine the Risks 11 ______________________________________________________________________________________________ Risk iden?fica?on techniques involve accessing threats and vulnerabili?es to determine the likelihood of iden?fied threat sources exploi?ng vulnerabili?es and causing one or more adverse events. 11 ___________________________________________________________ Stakeholder interviews, brainstorming, checklists, assump?on analysis, the Delphi technique, and affinity diagrams are some of the tools used for determining risks. 11 ___________________________________________________________________________________________ Stakeholder interviews involve defining specific ques?ons and repea?ng them for every customer. 11 ________________________________ Brainstorming involves gathering team members and other dependent partners and shareholders and holding a brainstorming exercise. 11 _ Checklists involve determining if the company has a risk checklist from past projects and reviewing it. 11 _____________________________ Assump?on analysis involves asking stakeholders to iden?fy their project assump?ons and reviewing them for poten?al risk. 11 __________ The Delphi technique involves a group of experts answering ques?ons to arrive at a group decision. 11 _______________________________ 1

The affinity diagram involves brainstorming risks and recording them on a s?cky note. Risks are then sorted into groups or categories and recorded. 11 __________________________________________________________________________________________________________ 2.5 Evaluate and Assess the Risks 11 ______________________________________________________________________________________ 2.6 Qualita?ve and Quan?ta?ve Processes 11 ______________________________________________________________________________ Sec$on 3 – Risk Analysis and Assessment 12 ________________________________________________________________________ 3.1 Major and Minor Risks 12 ____________________________________________________________________________________________ 3.2 Risk Probability 12 __________________________________________________________________________________________________ 3.3 Risk Matrix Template 12 _____________________________________________________________________________________________ 3.4 Risk Data Quality Strategy 13 _________________________________________________________________________________________ 3.5 Risk Reviews 13 ____________________________________________________________________________________________________ Sec$on 4 – Correc$ve Ac$on and Monitoring 13 _____________________________________________________________________ 4.1 Risk Tolerance 13 ___________________________________________________________________________________________________ 4.2 Risk Mi?ga?on 13 __________________________________________________________________________________________________ 4.3 Correc?ve Risk Management Strategy 13 _______________________________________________________________________________ 4.4 Correc?ve Ac?on Plan 14 ____________________________________________________________________________________________ Sec$on 5 – Postmortem Plan 14 __________________________________________________________________________________ 5.1 Results 14 _________________________________________________________________________________________________________ 5.2 Follow Up 14 ______________________________________________________________________________________________________ Sec$on 6 – References 14 _______________________________________________________________________________________ 6.1 References 14 _____________________________________________________________________________________________________ Templates 15 _________________________________________________________________________________________________ Risk Matrix Legend Example 15 __________________________________________________________________________________________ Risk Matrix Example 15 _________________________________________________________________________________________________ Risk Monitoring and Control Example 16 ___________________________________________________________________________________ 2

Section 1 – Introduction to the Plan 1.1 Benefits of Risk Management Effective risk management is a crucial aspect of any project, allowing for efficient handling of project risks, reduction of negative risks, and maximization of potential opportunities. By rating and scoring risks related to staffing, design, budgets, and timelines, project leaders can accurately evaluate potential issues and make informed decisions. The benefits of risk management are numerous, including the ability to rapidly forecast probable issues, avoid catastrophic events, enable growth, stay competitive, improve business processes, and enable better budgeting (Benefits of Risk Management, n.d., paras. 2-12). 1.2 Project Goals and Objectives The project goal and objectives are as follows: - A study team will evaluate the value and risks associated with a no-value-add project. - A feasibility study will be conducted, followed by a design review and evaluation of national and international regulatory compliance. The plan will then be signed off by the project team and senior management. - A realistic project timeline will be created, which will include regulatory clinical trials and filings for devices and pharmaceuticals. - The plan will encompass all pre-product launch testing and training. - The team will adhere to all standardized product development processes, ensuring compliance adherence and quality performance. - Project leaders will follow project management practices and use Microsoft Project program to ensure proper project tracking and management. 1.3 Company Background Bausch + Lomb's website describes the company's mission and vision is to help people see better and live better all over the world.Through unwavering focus rooted in innovation, quality, and craftsmanship, they continue to pursue our lifelong vision of protecting and enhancing the gift of sight through every phase of life (Bausch Lomb, n.d., para. 2). PitchBook, a financial data and software company, reports that as of 2021, Bausch + Lomb employs 12,500 individuals and generated $3,765,000 in revenue. According to PitchBook, the company is headquartered in Laval, Quebec, Canada, and is currently the fourth-largest vision care firm in the United States by sales. Bausch + Lomb is the leading consumer vision care company in India and China. Previously a subsidiary of Bausch Health, the company became a public entity in May 2022. Bausch + Lomb operates in three segments: vision care and consumer (60% of revenue), surgical (20%), and ophthalmic pharmaceuticals (20%). The company is geographically diverse, with 48% of revenue generated in the Americas, 30% in EMEA, and 22% in the Asia-Pacific region (Bausch Lomb General Info, n.d., para. 1). 4

The process begins when a project idea is submitted to the steering team. The team is comprised of senior leadership representatives from marketing, strategy, research, development, engineering, and supply chain. Together, they review all of the ideas and select the most promising ones. In Phase 2, the project is handed over to a study team. This team investigates the project's feasibility, offering a way forward (time and budget) or recommending that the project be dropped. The study team reports back to the steering committee. If approved, the project moves on to Phase 3 - Development/Scale up and then to Phase 4 - Design/ Technology Transfer. During this time, regulatory clinical trials and filling are carried out. The project concludes with a launch at the end of Phase 5. Risks are identified and addressed throughout all stages of the cycle. 5 (Kohli, 2022)

There are five basic steps to manage risk as shown in the diagram below (Qualtrics // September 12, 2023) 7

The Risk Management Process begins by recognizing and identifying potential risks and recording them in a risk log and a risk breakdown structure. These artifacts are especially useful after project completion. Once the potential problem is identified, the team investigates the possible consequences and mitigations. After analysis, the project is prioritized, and a solution/mitigation is enacted based on priority. After resolution, the risk is monitored to avoid unintended consequences. Scoping Risk In order to effectively manage risks, Professor Georgi Popov of the University of Central Missouri has identified three essential tools and techniques that should be included in a Risk Management Plan. The first tool is to establish risk criteria, which involves defining key elements such as consequences, likelihood, risk levels, risk acceptability, risk treatments, and combined risk. This initial step helps to guide the rest of the process. Once the risk criteria have been established, safety professionals can then make use of various tools such as risk assessment matrices, failure mode and effects analysis, and risk heat maps to further evaluate the potential likelihood and consequences of identified risks and hazards (Setting the Scope and Limits, 2018, para. 4). These evaluations can be conducted through one of three methods: qualitative risk assessment, semi-quantitative risk assessment, or quantitative risk assessment. After the risk assessment has been conducted, the team must determine an acceptable level of risk. This involves taking into account factors such as the organization's objectives, culture, regulatory requirements, and technology. It is crucial that all stakeholders understand and agree on what constitutes an acceptable level of risk. By following these three essential steps, organizations can create a comprehensive and effective Risk Management Plan. Best Practices In order for a project to be successful, it is crucial for the organization to have clear and effective management practices in place, particularly when it comes to risk management. There are several best practices that can be implemented in order to ensure that risks are identified and managed in a timely and effective manner. Firstly, stakeholder involvement is essential. This includes not only employees and managers, but also clients, subcontractors, and unions. Each of these groups has a stake in the success or failure of the project, and understanding their risk tolerances, ability to respond to risk mitigation, and communication needs is vital for effective risk management. Another important element is the creation of a risk culture within the organization. This refers to the beliefs, attitudes, and values that an organization holds with regard to risk. Encouraging risk awareness throughout the organization can help to ensure that risks are identified and managed at all levels. 8

2.3 Expected Monetary Value Project managers use Expected Monetary Value (EMV) as a quantitative risk analysis technique to compare and quantify projects. This technique relies on specific numbers and quantities to perform calculations. Using high-level approximations like high, medium, and low is not sufficient. As a three-step process, the EMV formula requires determining the probability of an outcome, the monetary value or impact of the outcome, and multiplying them to calculate the EMV. If the risk mitigation has multiple possible outcomes, calculate the EMV for each outcome and add them together to get the overall EMV. In most cases, a positive EMV is worth pursuing. When choosing between multiple options, compare the overall monetary value for each potential scenario to determine the best option. There are three risk elements that a project manager must consider: cost, schedule, and quality/performance. Risk identification is critical at the beginning of a project when uncertainty is high, and there are a lot of unknown project details. Issues of time and budget are easy to underestimate. The best risk determination practices include starting early in the project, conducting frequent risk evaluations on a set schedule (weekly), and repeating the process during change control and major milestones. Additional risks can be determined for agile projects during sprint planning, release planning, daily standup meetings, and prior to each sprint. 10

2.4 Determine the Risks Risk identification techniques involve accessing threats and vulnerabilities to determine the likelihood of identified threat sources exploiting vulnerabilities and causing one or more adverse events. Stakeholder interviews, brainstorming, checklists, assumption analysis, the Delphi technique, and affinity diagrams are some of the tools used for determining risks. Stakeholder interviews involve defining specific questions and repeating them for every customer. Brainstorming involves gathering team members and other dependent partners and shareholders and holding a brainstorming exercise. Checklists involve determining if the company has a risk checklist from past projects and reviewing it. Assumption analysis involves asking stakeholders to identify their project assumptions and reviewing them for potential risk. The Delphi technique involves a group of experts answering questions to arrive at a group decision. The affinity diagram involves brainstorming risks and recording them on a sticky note. Risks are then sorted into groups or categories and recorded. 2.5 Evaluate and Assess the Risks A Risk Breakdown Structure (RBS) is a graphical representation that breaks down a project's risks into higher-level categories and sub-levels. It's a useful tool that rolls up all the risk details of a project, making it easier for executive management to have a higher- level view of the project status. In most cases, a work breakdown structure has three levels, which include project level, work package, and task level. 2.6 Qualitative and Quantitative Processes When it comes to risk analysis, the project team can apply qualitative or quantitative risk analysis techniques. Qualitative risk analysis involves measuring risks' severity based on impact, likelihood, and precision. Risk impact is measured on a scale of 1-5, and likelihood is measured as low, medium, or high. 11

3.4 Risk Data Quality Strategy Define the process and tools to be used to determine the quality of data for use in assessing project risk. • How reliable is the data? • What is the evidence of reliability?) 3.5 Risk Reviews Define the process to be followed for risk reviews to be conducted throughout the project life cycle. Insert your completed Risk Monitoring and Control Template. See the end of this document for an example. • What is being done to proactively reduce risk in the future? • What is being done to communicate risks? Section 4 – Corrective Action and Monitoring 4.1 Risk Tolerance Evaluate the organizational and departmental tolerance for risk. • Discuss the di ff erent risk tolerances within the organization.) 4.2 Risk Mitigation Identify risk mitigation approaches in support of the project. • How will you implement the mitigation approaches? • Have you identified specific triggers to initiate mitigation? 4.3 Corrective Risk Management Strategy Describe your strategy for corrective risk management. • Explain whether you will use auditing, strategic planning, or another type. • Describe the corrective action process and responsibilities. • Will you be performing a risk postmortem? If not, why not?) 13

4.4 Corrective Action Plan Assess corrective plan procedures in support of the project. • Is your documentation available to others? • Is it reviewed by the team or others? Section 5 – Postmortem Plan 5.1 Results Identify and describe how results data will be collected and reviewed to determine corrective actions. • Did your postmortem results lead to any concrete changes? Explain. 5.2 Follow Up Evaluate the organization's view of risk management and approach, resulting from project outcomes. • Did this project change the organization's approach and management of risk? Describe the impact of postmortem results on the organization. Recommend corrective plan procedures to e ff ectively manage risk. • What recommendations would you make for future risk management projects? • What resources did you use to support your assertions? Section 6 – References 6.1 References Include a minimum of two references in APA style. 14

• Response to Risk: Avoid, mitigate, transfer and accept. • Action Plan: A detailed explanation of the steps for risk mitigation(s). • Person Responsible: Who will manage the mitigation strategy? • Status: Status of mitigation process. Risk Monitoring and Control Example Risk # Risk Probability Impact Response to Risk Action Plan Person Responsible Status Continue Review and Action Plan Owner Time Estimate Monitoring Process [Define monitoring process of current and new risks] Review [Define stages or timeframes for specific types of review] Reporting [provide types of communication channels and deliverables] 16

Citations Kohli, S. (2022, June 29). 5 stages of the Product Development Lifecycle . Jam by Sam. https://jambysam.com/5-stages-of-the-product- development-lifecycle/ Lomb Company Profile: Stock Performance & earnings - pitchbook. (n.d.). https://pitchbook.com/profiles/company/10341-73 MSG Management Study Guide . 5 Functions of Management: Planning, Organizing, Staffing, Directing and Controlling. (n.d.). https://www.managementstudyguide.com/management_functions.htm Qualtrics // September 12. (2023, June 28). How to use analytics for risk management . Qualtrics. https://www.qualtrics.com/blog/risk-management-analytics/ Usmani, F., (2022, October 7). Expected monetary value (EMV): A guide with examples . Home Page. https://pmstudycircle.com/ expected-monetary-value-emv/ 17