Creating a Risk Management Plan
A risk plan details how the project management team will perform risk management for this project. It does not involve actually identifying project risk. The aim of the risk plan is to ensure that the risk management protocol that is used on the project is commensurate with both the risks and the importance of the project to the organization.
Establishing this protocol early on in the project ensures that all members of the project management team are using the same methods to evaluate risks and that the associated tasks are budgeted for in the project plan. You can check out the complete range of Project Management PDF eBooks free from this website.
The level of detail in the risk plan will depend upon the level of risk within the project and the level of risk that the performing organization is prepared to take. This plan will need to be consistent with other certain other project documents.
For example, the project charter document provides the selected project manager with the authority to organize and control the defined resources of the organization for the duration of the project. It can also be referred to as the project definition, or project statement and is a statement of the scope, objectives, and participants in a project. It establishes the authority assigned to the project manager, especially in a matrix management environment, and is completed by the sponsor or individual initiating the project. The project name is usually shortened or abbreviated into a working title for ease of communication. There are several key sections that you need to include in your project charter. They are:
1) Contact points for key individuals of the project.
2) Project Purpose - the issue/problem to be solved by the project.
3) Business Objectives for the project as they relate to the organizations strategic plan.
4) Assumptions that have been made as part of the project.
5) Description of the project.
6) Definition of the project scope and the limits identified.
7) Overview of major milestones and deliverables for the project.
8) Project Authority - including an organization chart and definition of roles and responsibilities.
9) Resources required for the project including costings, equipment. staffing, support, operational & IT facilities.
The scope statement defines the scope of the project, which will have a direct bearing on the type and amount of risk that is likely to be encountered. It provides a clear definition of such risk areas.
The cost plan defines how risk in terms of budgets, contingencies, and management reserves will be reported and accessed.
The schedule plan includes information about activities and their timing including aspects such as internal and external constraints that will help identify risk areas.
The communications plan includes information on all key stakeholders and in particular their concerns for specific risks, and hence, how such communications should be handled.
You will also need to take account of any legal obligations and regulatory frameworks that the organization may be subjected to as well as processes and procedures to be followed, the industry and its norms towards risk and the organizations appetite towards risk.
 |
Collective decision-making is very important area of project management that can make or break this part of the project. Almost all risk management activities will involve meetings between the project manager, the team and other stakeholders in order to make decisions about the activity definitions and associated estimates.
How well these meetings are conducted will have a major impact on how smoothly the project runs. To learn more about making your meetings effective download the free Meeting Skills eBooks, checklists and templates cover all aspects of meetings including how to set an agenda that will ensure that the meeting achieves it's aims and how to chair a meeting so that it is as productive as possible.
The resulting risk management plan forms part of the project plan and describes how managing risk will be structured and performed on the project. It contains the following elements:
Methodology
Defines the approaches, tools, and data sources that may be used.
Roles and Responsibilities
This part of the plan needs to make clear who is responsible for each type of activity in the risk plan, and clarifies their responsibilities.
Budgeting
This part of the plan assigns resources, estimates funds needed for managing risk. These are included in the cost performance baseline, and establish how any extra funding required (if risks are realized) will be raised.
Timing
This part of the plan defines when and how often the risk management activities will be performed throughout the project life cycle.
Risk categories
 |
This provides a structure that ensures a comprehensive process of systematically identifying risks to a consistent level of detail. An organization can use a previously prepared categorization framework, which might take the form of a simple list of categories or might be structured into a risk breakdown structure (RBS) as shown in the diagram above.
This is a hierarchically organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks.
Definitions of Risk Probability and Impact
This ensures that all stakeholders have a common understanding of these definitions. For example,
If the probability of a risk can be described as low, medium or high, what do these categories actually mean?
Similarly, what effect would a high impact event have on the project in practical terms? How much would it add to the costs? Could anything be done to mitigate it?
 |
The table above is an example of definitions that could be used in evaluating risk impacts related to scope, quality, time and cost. By using pre-defined definitions in this way, the project management team ensures that everyone involved is talking the same language when it comes to risk.
Probability and Impact Matrix
Risks are prioritized according to their potential implications for having an effect on the project's objectives by using a matrix like the one shown.
 |
The specific combinations of probability and impact that lead to a risk being rated as 'extreme', 'high,' 'moderate,' 'low' or 'minimal' importance, with the corresponding importance for planning responses to the risk, are usually set by the organization.
Revised Stakeholder Risk Tolerances
If there is a need to revise stakeholder risk tolerances then these should be documented.
Reporting Formats
This part of the plan describes how the outcomes of the risk management processes will be documented, analyzed, and communicated. It describes the content and format of the risk register as well as any other risk reports required.
Tracking
This part of the plan describes how risk activities will be recorded for the benefit of the current project, as well as for future needs and lessons learned, as well as whether and how risk management processes will be audited.
You may also be interested in:
Project Risk Management | Creating a Risk Management Plan | Identifying Project Risks | Performing a Risk Analysis | Planning and Controlling Risk Responses.
|
|
