Pin Me

Developing a Risk Management Plan

written by: Fahad Usmani • edited by: Carly Stockwell • updated: 8/1/2012

A Risk Management Plan should never be an isolated after-thought to the rest of your plan. It is an integral part of the project as a whole and needs to be developed to go along with every other piece. Here is the process you should follow for identifying and managing risks.

  • slide 1 of 3

    Editor's Note: Article author, Fahad Usmani, PMP PMI-RMP, is a blogger on Project Management topics. He writes on his blog to help professionals pass the PMP Certification Exam.

  • slide 2 of 3

    The Importance of Managing Risk

    Before you undertake any project, it is crucial to identify project risks, analyze and plan responses to manage those risks. The objective of this plan is to minimize the impact of threats, and increase the probabilities of opportunities. This is all where the Risk Management Plan comes in.

    There are three processes are involved in developing the plan:

    1. Identification of Risks
    2. Analysis of Identified Risks
    3. Planning Risk Responses
  • slide 3 of 3

    Identification of Risks: In this process you will identify the project risks. Call your entire team together to discover all possible risks. Once you finish with your team meeting, call other important stakeholders to find more risks. There are various tools and techniques available to identify possible risks; e.g. facilitated workshop, brainstorming sessions, assumption analysis and SWOT analysis etc. You will also want to review documents from similar projects completed by your organization. After identifying all project risks, note them into the risk register.

    Analysis of Identified Risks: Part of the process of analyzing risk is determining the probability of it happening and the impact the risk has on your project. Rank the risk by its probability and impact. Risk analysis is a people oriented process. Ask the experts about the risks and their chances of happening. Sometimes, experts can give you a biased opinion. Therefore, it is your job to act rationally and remove those biases from the assumptions. After completing this process, update the risk register.

    Planning Risk Response: This is where you create the strategy to manage the risks. Risks can be divided into two categories: positive and negative. Draft strategies for both types of risks. There are many risk response strategies that you may use to create the response plan; e.g. accept, avoid, mitigate and enhance etc.

    • Accept: In this risk response strategy, you simply accept the risk. You decide to manage this risk at the moment it happens. This type of strategy can be applied with both types of risks; e.g. threats and opportunities.
    • Avoid: Here, you try to avoid the risk. You change the project plan or the scope of the work so that this risk is avoided. This type of strategy is used with threats.
    • Mitigate: Here, you create a strategy to deal with the risk so that the effect of the risk is minimized. This strategy is used to deal with threats.
    • Enhance: In this type of strategy, you try to increase the probability of the event so that you can realize it. This strategy is used with positive risks.

    Please note that risk management is an iterative process. You will have to continuously look for the risks throughout the entire project life cycle. If you find any new risks then you have to repeat all processes again.