Example RFP Response
The following is an example RFP response that I wrote in response to a question that I was given as part of a hiring test. The answer is entirely hypothetical, but based on actual experience at prior employers.
1.1 Describe the risk management strategy used by the vendor and outline any software tools used in support.
The firm takes a multidimensional approach to risk management, assessing and mitigating risks to the firm, customers, products, and projects.
On a firm-wide level, physical, market, human, technology infrastructure risks and responses are assessed and reviewed quarterly. Our risk prioritization process assesses the likelihood of occurrence, and managed through process definition, physical facilities planning, business planning, training, redundancy and failover capabilities, disaster recovery and other scenarios run-throughs, and insurance. Risk review, assessment, and mitigation plans are collected by department managers, and reviewed and approved by senior management. The entire risk assessment and response process is managed and tracked using Logic Manager Enterprise Risk Management software suite.
On a project level, risk to project scope, schedule, resourcing, and quality are managed by each project manager, using JIRA risk management tools to document, assessment tools to score, and stakeholder meetings to prioritize and respond to each. Risk registers, along with issue registers and other project documentation, are standardized by the PMO to be used across all projects and permissioned to be accessible by all stakeholders for review. Projects are managed to schedule and cost baselines using MS Project. To ensure on-time delivery, a contingency budget is allocated to every project and a management reserve is available when resource availability stands in the way of on-time delivery and/or quality.
Both Logic Manager and JIRA maintain full audit trail and history of risk creation, transition, and resolution. Snapshots are taken daily, with weekly backups stored off-site for seven years. The ability of users of either system to create/edit/delete issues is permissioned on a per-user-role at the firm.