assessments work been fairly and/or equitably divided and delegated among team members who are qualified and capable to perform the work? Has everyone contributed?
<--- Score
33. Are the Risk assessments requirements complete?
<--- Score
34. What is in the scope and what is not in scope?
<--- Score
35. Is special Risk assessments user knowledge required?
<--- Score
36. Do you have organizational privacy requirements?
<--- Score
37. Are roles and responsibilities formally defined?
<--- Score
38. What is out of scope?
<--- Score
39. Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)?
<--- Score
40. What was the context?
<--- Score
41. Is the team sponsored by a champion or stakeholder leader?
<--- Score
42. What are the rough order estimates on cost savings/opportunities that Risk assessments brings?
<--- Score
43. Has your scope been defined?
<--- Score
44. How will variation in the actual durations of each activity be dealt with to ensure that the expected Risk assessments results are met?
<--- Score
45. Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers?
<--- Score
46. Are different versions of process maps needed to account for the different types of inputs?
<--- Score
47. Has the improvement team collected the ‘voice of the customer’ (obtained feedback – qualitative and quantitative)?
<--- Score
48. Are required metrics defined, what are they?
<--- Score
49. What sources do you use to gather information for a Risk assessments study?
<--- Score
50. What are the dynamics of the communication plan?
<--- Score
51. How are consistent Risk assessments definitions important?
<--- Score
52. If substitutes have been appointed, have they been briefed on the Risk assessments goals and received regular communications as to the progress to date?
<--- Score
53. What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point?
<--- Score
54. What key stakeholder process output measure(s) does Risk assessments leverage and how?
<--- Score
55. How do you catch Risk assessments definition inconsistencies?
<--- Score
56. Is there a critical path to deliver Risk assessments results?
<--- Score
57. How did the Risk assessments manager receive input to the development of a Risk assessments improvement plan and the estimated completion dates/times of each activity?
<--- Score
58. What specifically is the problem? Where does it occur? When does it occur? What is its extent?
<--- Score
59. What scope to assess?
<--- Score
60. How do you manage unclear Risk assessments requirements?
<--- Score
61. Are all requirements met?
<--- Score
62. Does the team have regular meetings?
<--- Score
63. Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be leveraged from these previous efforts?
<--- Score
64. How do you gather Risk assessments requirements?
<--- Score
65. Will team members regularly document their Risk assessments work?
<--- Score
66. How will the Risk assessments team and the group measure complete success of Risk assessments?
<--- Score
67. What is the scope of the Risk assessments effort?
<--- Score
68. Are employees required to attend information security awareness training?
<--- Score
69. Will team members perform Risk assessments work when assigned and in a timely fashion?
<--- Score
70. How often are the team meetings?
<--- Score
71. Is a fully trained team formed, supported, and committed to work on the Risk assessments improvements?
<--- Score
72. Are systems required to block system access after a pre-determine number of unsuccessful logon attempts?
<--- Score
73. Is the work to date meeting requirements?
<--- Score
74. What critical content must be communicated – who, what,
