Risk Management Plan

for
<Project>
Version 1.0 draft 1
Prepared by <author>
<organiation>
<date created>
<Change the footer and header text to reflect the correct copyright information, company name,
and project name.>
Copyright 2007 by Karl E. Wiegers. Permission is granted to use, modify, and distribute this
document.
is! "anagement Plan for #Pro$ect% Page ii
Table of Contents
1. Purpose.................................................................................................................................................. 1
2. Roles and Responsibilities..................................................................................................................... 1
3. Risk Documentation.............................................................................................................................. 1
4. Activities............................................................................................................................................... 2
5. Schedule for Risk ana!ement Activities..............................................................................................3
". Risk ana!ement #ud!et...................................................................................................................... 4
$. Risk ana!ement %ools.........................................................................................................................4
Appendi&. Sample Risk Documentation 'orm..............................................................................................4
Copyright 200& by #company%. 'll ights eser(ed.
is! "anagement Plan for #Pro$ect% Page )
1. Purpose
%his document describes ho( (e (ill perform the )ob of mana!in! risks for
*pro)ect+. ,t defines roles and responsibilities for participants in the risk processes-
the risk mana!ement activities that (ill be carried out- the schedule and bud!et for
risk mana!ement activities- and an. tools and techni/ues that (ill be used.
2. Roles and Responsibilities
Project Manager %he Pro)ect ana!er (ill assi!n a Risk 0fficer to the pro)ect- and identif. this
individual on the pro)ect1s or!ani2ation chart. %he Pro)ect ana!er and other
members of the Pro)ect ana!ement team <list names or roles> shall meet <state
frequency; biweekly suggested> to revie( the status of all risk miti!ation efforts-
revie( the e&posure assessments for an. ne( risk items- and redefine the pro)ect3s
%op %en Risk 4ist.
Risk Officer %he Risk 0fficer has the follo(in! responsibilities and authorit.5
<describe what the risk officer will do; might include coordinating risk
identification and analysis actiities, maintaining the project!s risk list, notifying
project management of new risk items, reporting risk resolution status to
management; the "isk #fficer should normally not be the $roject %anager.>
Project Member
Assigned a Risk
%he Risk 0fficer (ill assi!n each ne(l. identified risk to a pro)ect member- (ho (ill
assess the e&posure and probabilit. for the risk factor and report the results of that
anal.sis back to the Risk 0fficer. Assi!ned pro)ect members are also responsible for
performin! the steps of the miti!ation plan and reportin! pro!ress to the Risk 0fficer
bi(eekl..
3. Risk ocumentation
Risk !ist %he risk factors identified and mana!ed for this pro)ect (ill be accumulated in a risk
list- (hich is located <state where risk list is located; could be an appendix to this
plan, or in a separate document, or in a database or tool somewhere>. %he ten risk
items that currentl. have the hi!hest estimated risk e&posure are referred to as the
pro)ect1s %op %en Risk 4ist.
Risk ata "tems %he follo(in! information (ill be stored for each pro)ect risk5 <list and define risk
data items. &ome suggestions' "isk (), classification, description, probability,
impact, risk exposure, first indicator that risk is becoming a problem, mitigation
approaches, owner, date due, contingency plan, contingency plan trigger>
Closing Risks A risk item can be considered closed (hen it meets the follo(in! criteria5 <example'
the planned mitigation actions hae been completed and the estimated risk
exposure of probability times impact is less than *>
Copyright 200& by #company%. 'll ights eser(ed.
is! "anagement Plan for #Pro$ect% Page 2
#. Acti$ities
Risk "dentification Task Participants
<&tate the techniques that will be used to identify risk
factors at the beginning of the project and on an on+
going basis. ,his may inole a formal risk assessment
workshop, a brainstorming session, interiews at the
beginning of each life cycle phase, or use of an
anonymous form aailable from the project!s web site for
submitting risk factors. )escribe any consolidated lists
of risk items that will be used to identify candidate risks
for this project.>
<state who is
inoled in
identifying project
risks>
Risk Anal%sis and
Prioriti&ation
Task Participants
%he Risk 0fficer (ill assi!n each risk factor to an
individual pro)ect member- (ho (ill estimate the
probabilit. the risk could become a problem 6scale of 7.18
1.79 and the impact if it does 6either relative scale of 1817-
or units of dollars or schedule da.s- as indicated b. the
Risk 0fficer9.
Assi!ned Pro)ect
ember
%he individual anal.2ed risk factors are collected-
revie(ed- and ad)usted if necessar.. %he list of risk factors
is sorted b. descendin! risk e&posure 6probabilit. times
impact9.
Risk 0fficer
<(f the project planning actiities will incorporate
schedule or budget contingencies based on risk analysis,
describe the process of estimating such contingencies
and communicating the information to the $roject
%anager or building those contingencies into the project
schedule here.>
Risk Management
Planning
Task Participants
%he top ten risks- or those risk factors havin! an estimated
e&posure !reater than <state exposure threshold> are
assi!ned to individual pro)ect members for development
and e&ecution of a risk miti!ation plan. <#r, a group
brainstorming session is used to define mitigation plans
for indiidual risk items and to assign responsibility to
indiiduals.>
Risk 0fficer
'or each assi!ned risk factor- recommend actions that (ill
reduce either the probabilit. of the risk materiali2in! into
a problem- or the severit. of the e&posure if it does.
Return the miti!ation plan to the Risk 0fficer.
Pro)ect embers
%he miti!ation plans for assi!ned risk items are collated
into a sin!le list. %he completed %op %en Risk 4ist is
created and made publicl. available on the pro)ect1s
intranet (eb site.
Risk 0fficer
Copyright 200& by #company%. 'll ights eser(ed.
is! "anagement Plan for #Pro$ect% Page *
Risk Resolution Task Participants
:ach individual (ho is responsible for e&ecutin! a risk
miti!ation plan carries out the miti!ation activities.
Assi!ned ,ndividual
Risk Monitoring Task Participants
<)escribe the methods and metrics for tracking the
project!s risk status oer time, and the way risk status will
be reported to management.>
Risk 0fficer
%he status and effectiveness of each miti!ation action is
reported to the Risk 0fficer ever. t(o (eeks.
Assi!ned ,ndividual
%he probabilit. and impact for each risk item is
reevaluated and modified if appropriate.
Risk 0fficer
,f an. ne( risk items have been identified- the. are
anal.2ed as (ere the items on the ori!inal risk list and
added to the risk list.
Risk 0fficer
%he %op %en Risk 4ist is re!enerated based on the updated
probabilit. and impact for each remainin! risk.
Risk 0fficer
An. risk factors for (hich miti!ation actions are not bein!
effectivel. carried out- or (hose risk e&posure is risin!-
ma. be escalated to an appropriate level of mana!ement
for visibilit. and action.
Risk 0fficer
!essons !earned Task Participants
<(f the project will be storing lessons learned about
mitigation of specific risks in a database, describe that
database and process here and indicate the timing of
entering risk+related lessons into the database.>
Risk 0fficer
'. (c)edule for Risk Management Acti$ities
Risk "dentification A risk (orkshop (ill be held on appro&imatel. *date+.
Risk !ist %he prioriti2ed risk list (ill be completed and made available to the pro)ect team b.
appro&imatel. *date+.
Risk Management
Plan
%he risk mana!ement plan- (ith miti!ation- avoidance- or prevention strate!ies for
the top ten risk items- (ill be completed b. appro&imatel. *date+.
Risk Re$ie* %he Risk ana!ement Plan and initial %op %en Risk 4ist (ill be revie(ed and
approved b. the Pro)ect ana!er on appro&imatel. *date+.
Risk Tracking %he status of risk mana!ement activities and miti!ation success (ill be revisited as
part of the !ate e&it criteria for each life c.cle phase. %he risk mana!ement plan
(ill be updated at that time. <(f the project is tracking cumulatie risk exposure,
that will be updated and reiewed during at this time, also.>
Copyright 200& by #company%. 'll ights eser(ed.
is! "anagement Plan for #Pro$ect% Page +
+. Risk Management ,udget
<)escribe the budget aailable for managing the project!s risks>.
-. Risk Management Tools
<)escribe any tools that will be used to store risk information, ealuate risks,
track status of risk items, or generate reports or charts depicting risk management
actiity and status. (f specific questionnaires or databases will be used during risk
identification, describe them here. (f lessons learned about controlling the risk
items will be stored in a database for reference by future projects, describe that
database here.>
Appendi.. (ample Risk ocumentation /orm
Risk "0 <sequence number> Classification0 <risk category,
e.g., from &-( taxonomy>
Report ate0 <date this risk
report was last updated>
escription0 <)escribe each risk in the form .condition / consequence0.>
Probabilit%0 <1hat!s the
likelihood of this risk becoming
a problem2>
"mpact0 <1hat!s the damage if
the risk does become a
problem2>
Risk 1.posure0 <%ultiply
$robability times 3oss to estimate
the risk exposure.>
/irst "ndicator0 <)escribe the earliest indicator or trigger condition that might indicate that the risk is
turning into a problem.>
Mitigation Approac)es0 <&tate one or more approaches to control, aoid, minimi4e, or otherwise
mitigate the risk. %itigation approaches may reduce the probability or the impact.>
ate (tarted0 <&tate the date
the mitigation plan
implementation was begun.>
ate to Complete0 <&tate a
date by which the mitigation
plan is to be implemented.>
O*ner0 <5ssign each risk
mitigation action to an indiidual
for resolution.>
Current (tatus0 <)escribe the status and effectieness of the risk mitigation actions as of the date of
this report.>
Contingenc% Plan0 <)escribe the actions that will be taken to deal with the situation if this risk factor
actually becomes a problem.>
Trigger for Contingenc% Plan0 <&tate the conditions under which the contingency plan will begin to be
implemented.>
Copyright 200& by #company%. 'll ights eser(ed.
is! "anagement Plan for #Pro$ect% Page ,
Re$ision 2istor%
3ame ate Reason /or C)anges 4ersion
*author+ initial draft 1.7 draft1
Copyright 200& by #company%. 'll ights eser(ed.