How to Develop a Risk Management Plan

Steven Covey said, “All things are created twice: first mentally; then physically. The key to creativity is to begin with the end in mind, with a vision and a blueprint of the desired result.”

How to Develop aRisk Management Plan

Photo courtesy of (edited in Canva)

Project managers create first by defining the desired result such as a new building, an improved business process, a marketing plan, a customer service center, or an iPhone app, to name a few. Not only do project managers think first about the deliverables, great project managers think about how they will handle the risk management process.

How will you and your team identify and evaluate risks? Who will be involved? How will you develop response plans? Which risks will you respond to? How often will you review your risks and seek to identify new risks?

Having a plan frees your mind and allows you and the project team to move at a faster pace. Once you’ve defined the risk management process, no one has to stop and figure it out on the fly. A clear path has been paved.

Every project is different; therefore, each risk management plan should fit the unique needs of the project. A project manager and the project team should work together to develop the risk management approach, looking for ways to add value.

What to Include in Your Risk Management Plan

  • Project risk background. Describe how your project supports your company’s strategic plan and why the project is important. Is this project like other projects the company has completed in the past or is this project out of the ordinary and, therefore, riskier? How complex is the project? What parts of the project are most tricky? How much experience does the team have in managing risks?
  • Methodology. Describe the methods of how you will identify, evaluate, respond to, and control risk.
  • Roles and responsibilities. Who will perform which risk management activities? Consider designing a responsibility chart/matrix. List roles such as project manager, risk owner, project team, and stakeholders along with their responsibilities.
  • Timing. Define how often you will perform risk management activities. Standard practice is to review risks weekly during your project meetings. If you have an agile project, consider discussing risks for a couple of minutes in your daily stand-up meetings.
  • Risk categories. Define the risk categories. Standard categories include schedule, scope, quality, and budget. You may find a risk breakdown structure (RBS) in the organizational process assets that provide a longer list of categories and sub-categories.
  • Risk measures. Determine which measures you will use such as probability and impact. Some project managers include velocity or time-to-impact.
  • Risk evaluation scales. Define the scales that you plan to use for probability and impact such as a scale of 1 to 5 or 1 to 10 and what each number represents, which minimizes bias in the risk ratings.
  • Risk scores. Define how you will calculate the risk score. A common way is to multiply probability times impact (e.g., 4 x 5 = 20).
  • Definitions. Define risk management terms such as probability, impact, risk, issues, risk appetite, and risk tolerance.
  • Risk attitude, appetite, and tolerance. What is management’s attitude toward risks in your project? Where do they want to take risks? Where are they risk adverse? How tolerant is the sponsor of schedule slippage? Is a schedule slippage of two weeks okay? How about four weeks? How about cost variance tolerance?
  • Reporting formats. What formats will you use to report risks? What will you include in each report? Who will receive the reports? How often will the reports be distributed?

Occasionally, I encounter a project manager who says risk management is intuitive; documenting a plan is a waste of time. If you have a three-man team, you may be able to interact daily and handle risks just fine. However, a team of 10 or 20 or 100 will benefit greatly from writing it down.

The risk management plan may not be perfect in the beginning. George S. Patton said, “A good plan violently executed is better than a perfect plan executed next week.” As you execute projects, you will gain risk management insights; improve your plans accordingly.

Give it try on an upcoming project. Like anything else, the more you do it, the easier it gets. I would love to hear about your experience.

Bonus: Click here to download a Project Risk Management Template (Word format).

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

6 thoughts on “How to Develop a Risk Management Plan