The Definition of Risk Management Plan
Theoretically, any probability of loss and threat identified at the beginning or during the course of a project needs to be managed according to the methodology and respective procedures outlined in the project plan. In practice, it is critical to have a formal risk management plan document in place in order to ensure the project objectives will be achieved on time, within budget and to client specification. This document also helps keep quality of the project deliverables not compromised.
A risk management plan is defined as a formal document used by a project manager and superior stakeholders in describing how the identification, analysis, assessment, reviewing and control of risks will be organized, monitored and performed throughout the project lifecycle.
This document is usually developed by a project manager in collaboration with an expert team (analysts, functional managers, etc.) to identify uncertainties, assess their impact, focus on the right response strategy, and also exploit opportunities. There are several kinds of risk response strategies including use Assumption, Avoidance, Retention, Transfer.
As a rule, the project manager begins to design the document at the planning stage of the lifecycle, when estimating probable “damage or losses“. This person should also take care of making appropriate updates to the document later on throughout the course of work until the project is finished and terminated.
The Process for Managing Risks
The plan is to be developed and approved during the process for managing risks. At this process, the project manager needs to define a combination of steps and procedures for identifying, analyzing and treating unacceptable negative occurrences as well as for leveraging opportunities that may occur. This person identifies the major components and content of the document. If the project is rather large, the project manager may delegate part of the authorities to a risk manager or a group of experts.
The Lifecycle and Key Activities
The following subset of activities determines the lifecycle of risk management process:
1. Identify Risk
The project team, under leadership of the project manager, strictly follows a chosen management methodology and respective procedures to raise a risk applicable to a particular aspect of the project. For example, the team investigates activity timescales, product quality, available resources, deliverables, cost etc. and finds out that some threats exist. Then the team immediately needs to complete a risk form and forward it to their manager. Such a role of the team is called Risk Originator.
2. Register Risk
When the project manager receives risk forms, he/she reviews the details and examines whether each detected risk is applicable to the project and what impact it makes on the objectives. In this way, the manager analyzes all the risks submitted by the team and then registers all related records in a risk log document. The risk log provides an ID and short description for each risk. This document is highly important to success of risk management and planning. The project manager also evaluates the severity of risks and re-calculates the likelihood and the impact (in order to check whether the team has given correct and relevant information).
3. Develop Recommendations
The project manager communicates with the Steering Committee (and contractors if the project is implemented by contractors) to discuss the risks and their characteristics in order to jointly develop recommendations for managing risks. Such recommendations can be used as a preventive/contingency action plan by the team later on to treat and respond to the risks. The manager develops appropriate schedules, assigns tasks, and keeps track of team performance. While the tasks are performed, change requests may arise to check whether the changes are required for mitigating the risks. Change requests should be considered while developing the risk management plan.
4. Control Risk
At this activity, the project manager monitors the implementation of each task of the preventive/contingency action plan, reviews performance and estimates success. The records in the risk log can be updated after the tasks have been successfully completed. The manager communicates the results of the plan implementation to the Steering Committee (and contractors).