3.5: Milestone 4 – Creating Controls- Checklist Analysis

Last updated
Save as PDF

Page ID: 48793

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

\( \newcommand{\dsum}{\displaystyle\sum\limits} \)

\( \newcommand{\dint}{\displaystyle\int\limits} \)

\( \newcommand{\dlim}{\displaystyle\lim\limits} \)

\( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)

( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)

\( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

\( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)

\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

\( \newcommand{\Span}{\mathrm{span}}\)

\( \newcommand{\id}{\mathrm{id}}\)

\( \newcommand{\Span}{\mathrm{span}}\)

\( \newcommand{\kernel}{\mathrm{null}\,}\)

\( \newcommand{\range}{\mathrm{range}\,}\)

\( \newcommand{\RealPart}{\mathrm{Re}}\)

\( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

\( \newcommand{\Argument}{\mathrm{Arg}}\)

\( \newcommand{\norm}[1]{\| #1 \|}\)

\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

\( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)

\( \newcommand{\vectorA}[1]{\vec{#1}} % arrow\)

\( \newcommand{\vectorAt}[1]{\vec{\text{#1}}} % arrow\)

\( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

\( \newcommand{\vectorC}[1]{\textbf{#1}} \)

\( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)

\( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)

\( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

\(\newcommand{\longvect}{\overrightarrow}\)

\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

\(\newcommand{\avec}{\mathbf a}\) \(\newcommand{\bvec}{\mathbf b}\) \(\newcommand{\cvec}{\mathbf c}\) \(\newcommand{\dvec}{\mathbf d}\) \(\newcommand{\dtil}{\widetilde{\mathbf d}}\) \(\newcommand{\evec}{\mathbf e}\) \(\newcommand{\fvec}{\mathbf f}\) \(\newcommand{\nvec}{\mathbf n}\) \(\newcommand{\pvec}{\mathbf p}\) \(\newcommand{\qvec}{\mathbf q}\) \(\newcommand{\svec}{\mathbf s}\) \(\newcommand{\tvec}{\mathbf t}\) \(\newcommand{\uvec}{\mathbf u}\) \(\newcommand{\vvec}{\mathbf v}\) \(\newcommand{\wvec}{\mathbf w}\) \(\newcommand{\xvec}{\mathbf x}\) \(\newcommand{\yvec}{\mathbf y}\) \(\newcommand{\zvec}{\mathbf z}\) \(\newcommand{\rvec}{\mathbf r}\) \(\newcommand{\mvec}{\mathbf m}\) \(\newcommand{\zerovec}{\mathbf 0}\) \(\newcommand{\onevec}{\mathbf 1}\) \(\newcommand{\real}{\mathbb R}\) \(\newcommand{\twovec}[2]{\left[\begin{array}{r}#1 \\ #2 \end{array}\right]}\) \(\newcommand{\ctwovec}[2]{\left[\begin{array}{c}#1 \\ #2 \end{array}\right]}\) \(\newcommand{\threevec}[3]{\left[\begin{array}{r}#1 \\ #2 \\ #3 \end{array}\right]}\) \(\newcommand{\cthreevec}[3]{\left[\begin{array}{c}#1 \\ #2 \\ #3 \end{array}\right]}\) \(\newcommand{\fourvec}[4]{\left[\begin{array}{r}#1 \\ #2 \\ #3 \\ #4 \end{array}\right]}\) \(\newcommand{\cfourvec}[4]{\left[\begin{array}{c}#1 \\ #2 \\ #3 \\ #4 \end{array}\right]}\) \(\newcommand{\fivevec}[5]{\left[\begin{array}{r}#1 \\ #2 \\ #3 \\ #4 \\ #5 \\ \end{array}\right]}\) \(\newcommand{\cfivevec}[5]{\left[\begin{array}{c}#1 \\ #2 \\ #3 \\ #4 \\ #5 \\ \end{array}\right]}\) \(\newcommand{\mattwo}[4]{\left[\begin{array}{rr}#1 \amp #2 \\ #3 \amp #4 \\ \end{array}\right]}\) \(\newcommand{\laspan}[1]{\text{Span}\{#1\}}\) \(\newcommand{\bcal}{\cal B}\) \(\newcommand{\ccal}{\cal C}\) \(\newcommand{\scal}{\cal S}\) \(\newcommand{\wcal}{\cal W}\) \(\newcommand{\ecal}{\cal E}\) \(\newcommand{\coords}[2]{\left\{#1\right\}_{#2}}\) \(\newcommand{\gray}[1]{\color{gray}{#1}}\) \(\newcommand{\lgray}[1]{\color{lightgray}{#1}}\) \(\newcommand{\rank}{\operatorname{rank}}\) \(\newcommand{\row}{\text{Row}}\) \(\newcommand{\col}{\text{Col}}\) \(\renewcommand{\row}{\text{Row}}\) \(\newcommand{\nul}{\text{Nul}}\) \(\newcommand{\var}{\text{Var}}\) \(\newcommand{\corr}{\text{corr}}\) \(\newcommand{\len}[1]{\left|#1\right|}\) \(\newcommand{\bbar}{\overline{\bvec}}\) \(\newcommand{\bhat}{\widehat{\bvec}}\) \(\newcommand{\bperp}{\bvec^\perp}\) \(\newcommand{\xhat}{\widehat{\xvec}}\) \(\newcommand{\vhat}{\widehat{\vvec}}\) \(\newcommand{\uhat}{\widehat{\uvec}}\) \(\newcommand{\what}{\widehat{\wvec}}\) \(\newcommand{\Sighat}{\widehat{\Sigma}}\) \(\newcommand{\lt}{<}\) \(\newcommand{\gt}{>}\) \(\newcommand{\amp}{&}\) \(\definecolor{fillinmathshade}{gray}{0.9}\)

Milestone 4 – Designing Preventive Risk Controls: Proactive Structures for Managing Critical Risk Themes

Tool Applied: Preventive Control Checklist
Final Output: Control Strategy Design for One High-Priority Risk Theme

1. Scenario Briefing

MEMO
To: Risk Design Team
From: Kira L. Joshi, Chief Operating Officer, SMDC
Date: Week 5 – Risk Response Planning Phase
Subject: Request for Preventive Control Framework on High-Priority Risk Theme

Team,

We’ve now reached the point where risks can’t just be monitored—they must be actively addressed. Your Risk Breakdown Structure gave us visibility. Your Impact Matrix gave us focus. Your stakeholder validation effort in Milestone 3 highlighted where alignment is strong and where it's fragile. We now need your leadership on turning that insight into preventive structure.

Please choose one of the three to five high-priority risk themes from your validated list and build a formal Preventive Control Checklist for that domain. Your work should guide our team in identifying the actions, protocols, or processes needed to reduce the likelihood and magnitude of risks associated with that theme.

This is not a reactive mitigation plan. This is proactive control design.

The output will be shared with Engineering, UX, and Operations leads, and may also be adapted into our pilot evaluation framework. We’re especially interested in:

Who owns the control
When it happens
What success looks like
What warning signs exist if the control fails
How the control supports our values—especially around safety, trust, and inclusion

Design this framework as if it will be adopted tomorrow. Be specific, pragmatic, and rigorous.

We need clarity before we build anything else.

Kira

2. Action Strategy

Purpose of This Milestone

This milestone introduces one of the most vital distinctions in project risk management: preventing risk versus reacting to it.

Your job here is to select one high-priority risk theme, break it down into specific vulnerabilities, and design a checklist of preventive controls—steps that will reduce the chances that these risks materialize during SMDC’s MVP delivery.

You will learn how to define:

What a control is
Who owns it
When and how it must be applied
How it signals failure or success
How it connects to SMDC’s mission and operational constraints

By the end of this milestone, you will have created a shareable control guide that could be implemented by a real project team.

Step-by-Step Guide

Step 1: Select a Risk Theme to Target

Review your Milestone 3 synthesis memo. Choose one of your top 3–5 priority themes. It should be:

Specific enough to scope in this milestone
Actionable by the project team in the current MVP cycle
Supported by stakeholder consensus or urgency

Examples of strong candidate themes include:

Alert Interpretation Risk (clinicians overwhelmed or confused by system alerts)
Integration Failure Risk (glucose monitors or EHRs don’t sync reliably)
Privacy and Consent Gaps (patients unsure how their data is being used)
Accessibility Barriers (low-literacy or non-English speakers cannot use dashboard)
Siloed Development Risk (cross-functional miscommunication causing defects)

Define the theme title, its origin (RBS or stakeholder feedback), and the consequences if left uncontrolled.

Step 2: Identify Specific Risk Drivers Within the Theme

Break the theme into 3–5 specific risks. Each should be a standalone concern within the larger pattern.

Example (for “Alert Interpretation Risk”):

Clinicians do not receive alerts in preferred format (text/email)
Alerts fire too often, causing desensitization
Trends are flagged without clinical thresholds
Patients are unclear on alert urgency, leading to panic or neglect

This becomes the control target list.

Step 3: Define Control Principles

For each risk, define the control strategy using these elements:

Control Name – a short, precise label (e.g., Alert Channel Configuration Review)
Control Owner – the role or team responsible for executing the control
Timing – when and how often the control should occur
Mechanism – the task, check, or process used to apply the control
Evidence of Completion – what proves the control was done correctly
Warning Sign (Trigger) – what signals the control failed or is eroding
Dependencies or Notes – any tools, people, or processes the control relies on

Repeat this format for each individual risk under your selected theme.

Step 4: Assemble the Preventive Control Checklist

Create a structured checklist that a team could use during sprint planning, launch reviews, or pilot evaluations.

Each checklist item should follow this format:

Item label
Control owner
Instructions (what to do, when, and how)
Success metric
Trigger for concern
Status box (for live tracking or accountability)

Keep language clear, technical enough to be precise, but accessible to all roles.

Step 5: Include a Control Rationale Summary

Write a one-page narrative explaining:

Why this risk theme was selected
What failure would look like if left unaddressed
How your proposed controls reduce probability and/or consequence
How the controls support SMDC’s mission, values, and equity commitments
Any known limitations (e.g., if certain controls depend on vendor support or future budget)

3. Your Deliverable

Part 1: Preventive Control Checklist

Includes:

1 selected risk theme
3–5 specific risks
1 preventive control per risk
Control attributes as defined above
Clearly formatted table or checklist structure

Part 2: Control Rationale Summary

A one-page narrative addressing:

Theme selection
Risk profile and breakdown
Logic of controls
Success criteria
Fit within SMDC’s current project state

Optional: Include stakeholder quotes or persona insights if drawn from Milestone 3.

4. Toolkits and Learning Resources

Control Design Mini Guide (Appendix)
Sample Preventive Control Checklist
Milestone 3 Risk Theme Memo
SMDC User Personas or Stakeholder Profiles
Example from real-world healthcare dashboard project (if available)
Control Scoring Worksheet (for future milestones)

5. Critical Reflection

Answer the following prompts in 200–300 words:

How did breaking a broad theme into specific risks clarify your thinking?
Which control was hardest to design—and why?
What assumptions did you need to test or challenge in choosing the owner or timing?
How might these controls build trust inside the team—or outside with users or clinicians?
What would make one of these controls fail in real life?

6. Quality Control Review

Verify:

One theme selected and clearly justified
3–5 specific risks defined under that theme
One control designed per risk
Control descriptions include all key elements (owner, timing, trigger, success, etc.)
Checklist format is structured, usable, and clear
Rationale summary is thoughtful and grounded in real project constraints
Reflection is self-aware, honest, and specific
File is labeled and versioned for future reuse

7. Final Wrap-Up and Submission

Submit your completed Preventive Control Checklist and summary narrative per instructor instructions. Your work may be:

Reviewed by peers or instructors
Used in later milestones for modeling or cost estimation
Adapted into a real startup project simulation

This milestone shifts your role from analysis to design. From here forward, you are not just identifying what could go wrong—you are structuring how to stop it.

Search

Text Color

Text Size

Margin Size

Font Type