Most of your project problems can be avoided or greatly reduced through risk management. The simple act of identifying and discussing risks goes a long way towards reducing problems in your project. Let's look at how to develop a project risk management plan. As a bonus, I will provide a risk management plan example and a risk management plan template.
Here are some questions that we should answer in our plan:
- How will you identify risks?
- Who will be involved?
- How often will you perform risk management activities?
- What tools and techniques will you use?
- Who will own the project risks
What is a Project Risk Management Plan?
The risk management plan is "a component of the project, program, or portfolio management plan that describes how risk management activities will be structured and performed" (PMBOK® Guide – Sixth Edition, Page 721).
How to Get Started
As you start, it's a good idea to see whether organizational risk management assets are available. There is no need to reinvent the wheel. If you have a PMO, see if they have a risk management plan template. If not, check with other project managers.
Warning - do not use the same plan for every project. The template simply provides a starting point. Work with your team to tailor your risk management plan.
The risk management plan should be commensurate with the size and complexity of your project. That is, for simple projects, your risk management plan may be a page or two. For large, complex projects, the plan may be much longer.
Talk with your team. How will you identify and manage risks? Much of the value of the plan is not in the physical document - it's in the discussion and interaction with your team.
“If you go to work on your goals, your goals will go to work on you. If you go to work on your plan, your plan will go to work on you. Whatever good things we build end up building us." —Jim Rohn
What to Include in Your Project Risk Management Plan
1. Project risk background
Describe how your project supports your company's strategic plan and why the project is important. Is this project like other projects the company has completed in the past or is this project out of the ordinary (and therefore riskier)? How complex is the project? What parts of the project are most risky? How much experience does the team have in managing risks?
Describe the methods of how you will identify risks, assess risks, perform risk response planning, and monitor risks.
3. Roles and responsibilities
Who will perform which risk management activities? Consider designing a responsibility chart/matrix. List roles such as project manager, risk owner, project team, and stakeholders along with their responsibilities.
Define how often you will perform risk management activities. Standard practice is to review risks weekly during your project meetings. If you have an agile project, consider discussing risks for a couple of minutes in your daily stand-up meetings.
5. Risk categories
Define the categories of your risks. Standard categories include schedule, scope, quality, and budget. You may find a risk breakdown structure (RBS) in the organizational process assets that provide a longer list of categories and sub-categories. (Companies with strong risk governance may require that you use a standard set of risk categories.)
Define risk management terms such as probability, impact, risk, issues, risk appetite, and risk tolerance. Defining probability and impact and your probability and impact scale (e.g., 1-10, 10 being highest) is critical to minimize bias in risk assessments/ratings.
7. Risk attitude, appetite, and tolerance
What is management's attitude toward risks in your project? Where do they want to take risks? Where are they risk adverse? How tolerant is the management of schedule slippage? Is a schedule slippage of two weeks okay? How about four weeks? How about cost variance tolerance?
8. Reporting formats
What formats will you use to report risks? What will you include?
Risk Management Plan Example
People learn much from examples. Therefore, take a look at this example of a risk management plan. As you can see, these plans don't have to be complicated or lengthy.
Other Project Risk Management Plan Components
For larger, more complex projects, you may wish to also include some of the following:
- How will risks be recorded/captured? In a spreadsheet, in SharePoint, in a project management tool?
- Will there be risk audits? If so, who will perform them? What is the purpose of the audits?
- Who will be responsible for risk reassessments/reviews?
- How will you calculate risk scores (e.g., probability x impact)?
- Will there be go/no go decisions during the project? If so, when?
- What tools and techniques will you use to identify risks, qualify risks, quantify risks, and monitor risks?
- Will you quantify risks? If so, which ones? The highest risks?
- How will lessons learned be documented? When? By whom? How will the lessons learned be shared with other project managers?
- How will you determine whether the project is performing well? What metrics will be monitored?
- Must organizational standards and policies such as an Enterprise Risk Management policy be followed? Who enforces this? How is the policy enforced?
Yes, it takes time to define a risk management plan. However, this may be the best investment in your project. Done properly, risk management saves time, reduces stress, and positions your team for success. Start with a solid foundation. Start with a well-defined, management-approved risk management plan.
Download the Risk Management Plan Template
Never created a project risk management plan? No problem. I've got you covered. Download my template. Feel free to modify the template to suit your needs.