What is Risk Management Plan?
Risk Management Plan is a document that identifies methods of managing risks, assigns responsibilities for people who handle risks, outlines risk budget, defines risk categories, and identifies probability and impact matrix.
As a planning activity this process is carried out after most of the other planning exercises are completed – such as scope, cost, schedule and communication. Why? Simply because all of these need to be studied in order to assess risks inherent in them.
What do we need?
Project plan, of course – risks need to be analyzed in all activities of the project, which means that you need to study baselines and subsidiary management plans such as for cost, schedule, scope and quality.
Project charter – all high-level information you need such as requirements, milestones, assumptions and constraints can be referred to in this document.
Stakeholder register – this document contains information such as role, interests and level of influence of stakeholders.
Here are few things that give you a head start – you can look at risk management plans from previous projects and available templates. Some of the readily available artifacts may be predefined risk categories and risk terms. You get all these from organizational process assets.
How easily can this be done?
Involving experts – this is one technique employed at planning stage can help a lot of time, energy and resources at later point in the project. Stakeholders, team members who have worked in similar project earlier, subject matter experts, consultants, industry experts and even senior management people in the organization can contribute in risk management planning.
What is a risk management plan?
Risk management plan describes how risk management is going to be structured and performed on the project.
Risk management plan is a subset of project management plan. It is a subsidiary plan just like other plans considered as inputs to this process. Which also means that any change to risk management plan is to be driven via change control process.
This plan gives you the methods to identify, assess and manage risks, and contains following components –
- Roles and responsibilities of team members for conducting each activity defined in the plan
- Risk management budget, when and how should it be used on the project on realization of risks
- Probability and impact matrix gives you a feel of the impact on project objectives when a risk materializes. Based on the probability and the impact on project objectives scale of a risk is decided. Scale is defined relatively (low, medium, high) or numerically (a value from 0 to 1).
- Stakeholder’s tolerance decides how much of a risk can be absorbed without impacting project objectives. For instance, how long can you afford to wait before it impacts schedule when one of the critical developers falls sick – defines risk tolerance on schedule.
- Risk categorization framework such as risk breakdown structure (RBS), like the one below that Kathy used on her landscaping project
Figure 1: Risk Breakdown Structure
- How should outcome of risk management process are documented and communicated is driven by which reporting format is to be used.
- Risk tolerances of stakeholders
- Format for risk management outcome reports to be used for communicating to stakeholders
- Definition of risk probability and impact, and the actual matrix for qualitative risk analysis. A sample risk probability and impact matrix is given below –
Figure 2: Sample probability and impact matrix
Risk Management plan is an important subsidiary plan of Project plan, and can be prepared much easily be banking on existing templates or sample plans in the organizational process assets. This exercise itself gives insights into some of inherent risks in the project, and sort of feeds on into next process – Identifying Project Risks!