The Science of Risk Management
A risk treatment plan should be part of your risk management plan. The treatment plan is how you plan to respond to potential risks. It outlines how risks will be managed whether they are low, high, or acceptable risks. The controls set in your risk management plan will assign team members or stakeholders the task of how they will respond to risk.
Risk treatment plans are often referred to as risk assessment plans that identify how to avoid risk, transfer risk, mitigate risk, and accept risk. These are the responses or actions to help you deal with identified risks. Another good tool to use along with the risk assessment plan is a risk register.
You can download this risk management plan, risk treatment plan, and risk register, a Word doc available for your use right here on Bright Hub PM.
Risk Response Planning
Risk response planning involves strategies and documentation of risks. Or, how you and your team will deal with risks. The four ways you can respond to risk that should be included in your risk management plan are:
Avoiding Risk - To avoid risks, you can first identify them by past project experience and documentation of that experience. Analyze what risks may occur upfront at your project initiation meeting. Clarify if potential risks are low, high, or acceptable risks. If you can conquer any potential risk first, your response planning can help you avoid the risk altogether.
Transferring Risk - Often, an identified risk can be transferred to a third party. Remember, when setting up your risk transference controls, it does not mean a risk will go away. It only means you have set a team or outside source to handle the risk. A good risk response plan will identify who certain risks will be transferred to and what you expect from them.
Mitigating Risk - This is a control process that allows you to stop a risk before it starts or bring it to an acceptable level. It identifies potential threats first so you and your team can take appropriate steps to keep the risk from triggering. A good way to mitigate risk is to set a contingency plan that will deal with the risk when it occurs.
Accepting Risk - Accepting risks on your projects is a must for risk response planning. It is also a strategy of sorts and is only used when risks are considered low, or for small risks. Planning for these risks includes recognizing what they may be and adjusting small areas within a project, such as identifying a cost or schedule that might have been missed. Acceptable risk can also be considered passive where no action is taken at all.
Creating the Plan
There are three basic elements in the risk treatment plan:
Overview - This part of the risk treatment plan should identify the controls you set in your risk management plan.
Response Planning - These are the four basics that deal with risk: avoiding, mitigating, transferring, and accepting.
Documentation - Here you should create a risk register (downloadable here) that is clear and concise on who will handle risks. Use your four response planning basics to determine if risks will be internal or external. Outline if project sponsors or stakeholders will be assigned any risk treatments. Be clear on who approves risk management; for every project it should be the project manager. Team members should analyze and suggest and sometimes deal with risk. Sponsors of the project might help in mitigating risk and stakeholders may offer ideas on how to keep risk from escalating.
Risk Management, risk assessment, resource planning, and creating a risk register will ensure the risk in all of your projects will be less or considered acceptable risk. A risk management plan will only be effective if you create a risk “response” treatment plan that will deal with identified risk.