What Is It?
For a risk management action plan to be effective, it should contain specifics. These specifics include identifying risks upfront, analyzing how risks will affect a project, potential risk planning, and monitoring risk. Monitoring risk is performed by controls set within the risk management plan that deal with potential risk.
A risk management plan should also include specific roles and responsibilities of the project manager, team members, and stakeholders. If projects include the need for IT personnel, IT members should be identified as well.
Risk management plans should be reviewed from time to time to ensure the controls you set are working. When updating any risk management plan, use prior project life-cycles for examples. What worked on the project and what failed? Identify true risks that had an impact on prior projects. Set levels for each risk from low to high to acceptable risks. An example of a high risk might be the quality of your IT department. If it fails to perform consistently, this can be a devastating risk. An example of a low risk doesn't mean it will affect the outcome of a project. Remember that once a risk is triggered, whether it is low or high or acceptable, it becomes a risk issue. Acceptable risks should not be ignored but instead, analyzed for future projects by identifying how the risk was triggered and how it was resolved.
Good risk management plans go hand in hand with project planning and should be systematic in nature. Risk will only be improved by discovering it and dealing with it. Once you discover and assess risk, how you control potential risks is key in your overall plan.
An example of both a risk management plan and risk assessment plan can be downloaded here. Scroll to the end of the article for three more downloads.