Developing a Project Risk Management Plan – An Easy Guide
What is Risk Management
Project risk management is the process of identifying, analyzing and then responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal. Managing risk isn’t reactive only, it should be part of the project planning process to figure out risk that might happen in the project and how to control that risk if it in fact occurs. Risk Management is integral for a successful Project Management.
Purpose Of The Risk Management Plan
A risk is an event or condition that, if it occurs, could have a positive or negative effect on a project’s objectives. Risk Management is the process of identifying, assessing, responding to, monitoring, and reporting risks. This Risk Management Plan defines how risks associated with the project will be identified, analyzed, and managed. It outlines how risk management activities will be performed, recorded, and monitored throughout the lifecycle of the project and provides templates and practices for recording and prioritizing risks.
The Risk Management Plan is created by the project manager in the Planning Phase of the project and is monitored and updated throughout the project.
The intended audience of this document is the project team, project sponsor and management
The project manager working with the project team and project sponsors will ensure that risks are actively identified, analyzed, and managed throughout the life of the project. Risks will be identified as early as possible in the project so as to minimize their impact. The steps for accomplishing this are outlined in the following sections. The <project manager or other designee> will serve as the Risk Manager for this project.
Risk identification will involve the project team, appropriate stakeholders, and will include an evaluation of environmental factors, and the project management plan including the project scope. Careful attention will be given to the project deliverables, assumptions, constraints, WBS, cost/effort estimates, resource plan, and other key project documents.
A Risk Management Log will be generated and updated as needed and will be stored electronically in the project library.
All risks identified will be assessed to identify the range of possible project outcomes. Qualification will be used to determine which risks are the top risks to pursue and respond to and which risks can be ignored.
- Qualitative Risk Analysis
The probability and impact of occurrence for each identified risk will be assessed by the project manager, with input from the project team using the following approach:
- High – Greater than <70%> probability of occurrence
- Medium – Between <30%> and <70%> probability of occurrence
- Low – Below <30%> probability of occurrence
- High – Risk that has the potential to greatly impact project cost, project schedule or performance
- Medium – Risk that has the potential to slightly impact project cost, project schedule or performance
- Low – Risk that has relatively little impact on cost, schedule or performance
Risks that fall within the RED and YELLOW zones will have risk response planning which may include both a risk mitigation and a risk contingency plan.
2. Quantitative Risk Analysis
Analysis of risk events that have been prioritized using the qualitative risk analysis process and their affect on project activities will be estimated, a numerical rating applied to each risk based on this analysis, and then documented in this section of the risk management plan.
3. Risk Response Planning
Each major risk (those falling in the Red & Yellow zones) will be assigned to a project team member for monitoring purposes to ensure that the risk will not “fall through the cracks”.
For each major risk, one of the following approaches will be selected to address it:
- Avoid – eliminate the threat by eliminating the cause
- Mitigate – Identify ways to reduce the probability or the impact of the risk
- Accept – Nothing will be done
- Transfer – Make another party responsible for the risk (buy insurance, outsourcing, etc.)
For each risk that will be mitigated, the project team will identify ways to prevent the risk from occurring or reduce its impact or probability of occurring. This may include prototyping, adding tasks to the project schedule, adding resources, etc.
For each major risk that is to be mitigated or that is accepted, a course of action will be outlined for the event that the risk does materialize in order to minimize its impact.
4. Risk Monitoring, Controlling, And Reporting
The level of risk on a project will be tracked, monitored and reported throughout the project lifecycle.
A “Top 10 Risk List” will be maintained by the project team and will be reported as a component of the project status reporting process for this project.
All project change requests will be analyzed for their possible impact to the project risks.
Management will be notified of important changes to risk status as a component to the Executive Project Status Report.