A Practical Approach to Creating a Risk Management Plan

Research has shown that well-designed risk management plans can decrease problems encountered on a project by as much as 90 percent. Combined with a world-class project management methodology, a good risk management process can be essential in diminishing unexpected project risks. A simple risk management plan is better than having no plan at all. Good companies recognize that risk management is part of the value-added function of project management.

click to enlarge

Risk management planning should be completed early during the project planning stage since it is crucial to successfully performing the other project management phases. The result of risk management planning is the risk management plan. The risk management plan identifies and establishes the activities of risk management for the project in the project plan.

According to PMBOK, Project Management Institute defines a project as 'an endeavor to create a product or service.' A project is therefore, a large or major undertaking, especially one involving considerable money, personnel, and equipment. When money, people, and equipment are involved there is bound to be a considerable amount of risk involved. By definition, projects are a risky endeavor. They aim to create new products, services, and processes that do not currently exist. With that much at stake, a solid risk management plan is critical to the success of a project.

Writing a risk management plan can be accomplished in seven easy to follow steps. The difficult part is the actual implementation and use of the plan you develop. Below is a six step practical approach to a risk management plan.

Step One: Risk identification & Risk Register

The first step in writing the plan is to assemble all stakeholders and identify all possible project risks. This can be done from various reports, project documents, throught various departments and also from prior project reports. The project scope is the rule book that guides the project and hence, all possible risks that the scope indicates will also have to be documented. All documentation of risks will have to be done in the Risk Register.

Step Two: Risk Analysis Methods

Every project is faced with risks. There is no 100% certainity that risks will not occur. There are risks that creep up at various phases of the project that the team has to be vigilant and ready to handle. However, while some risks may be beneficial, in that the sponsor and all team members have to take them to reach the end product, there are many risks that harm and hinder the project. The risks that are identified have to be analysed for their probability and impact using the PI Matrix and also translated into numerical values so as to accurately know the outcome of these risks on the cost, time and resource factors. There are two methods of rish analysis; Qualitative and Quantitave Risk Analysis.

Step Three: Identify risk triggers

Divide the risk management planning team into subgroups and assign segments of the master risk list to each subgroup. The job of each subgroup is to identify triggers, or warning signs, for each risk on its segment of the master list. Again, it is important to document all triggers associated with each risk. Three triggers per risk are standard.

Step Four: Risk Resolution ideas

In Step Four, the sub-teams identify and document preventive actions for the "threats" and enhancement actions for the "opportunities." This can be approached through the various departments involved, such as Financial Risk reports, HR Risk Reports, IT Risk Reports, etc. Risks are unknown events that are inherently neutral. They can be characterized as either positive or negative. Unfortunately, a lot of time and energy is spent handling negative project risks, or "threats" rather than positive risks, or "opportunities", and therefore this is very important. No organization should overlook the chance to benefit from any opportunities that present themselves.

Step Five: Risk Resolution Action Plan In Step Five, based on the collective ideas of all the departmental teams, the project manager will have to decide on a plan of action to bring about risk resolution. Risks with a high P-I value will have to be treated with utmost urgency while those with the least probability or impact can just be monitored without having any real action plan. Identifying the most serious risks at the onset of a project saves time, cost and resources, and likewise identification of such risks also trigger the resolution plan at the earliest moment.

Step Six: Responsibility and Accountability

The last step in writing a risk management plan is assigning an owner for each risk on the master list. Use the Responsibility Assignment matrix. Using this chart, various teams and team members may be assigned responsibility for carrying out the risk resolution plans. At the end, the project manager is solely accountable to the project sponsor for all the plans and actions realted to the risks and project at large.

Proper documentation, such as the risk assessment reports, is important during every step of the planning process. A risk management plan should be incorporated into every project management plan. A generic list of risks and triggers can be generated from this initial plan. To apply the risk plan to future projects, simply add project-specific risks and triggers and assess the probability, impact, and detectability for each risk. This, in turn, will save time and help institutionalize the risk management plan into the project team's culture. This practical approach to writing a project management plan holds good for all project types and works well as basic risk management guidelines.

Image credit: Author, Amanda Dcosta