An Example of a Risk Management Plan for Use on Any Project

Click HERE for our free Risk Assessment Forms and Templates

An Example of a Risk Management Plan for Use on Any Project


The risk management plan identifies the risks that can be defined at this stage of the project life cycle, evaluates them, and outlines mitigation actions. Your risk management plan should be periodically updated and expanded throughout the life cycle of your project, as the project increases in complexity and risks become more defined.


The introduction of your risk management plan should include the following sections:

  • Purpose
  • Background
  • Scope Statement
  • Policy
  • Approach


In this section, present a clear, concise statement of the purpose of the Risk Management (RM) plan. Include the name, and if applicable, code name of the project, the name(s) of the associated system(s), and the identity of the organization that is responsible for writing and maintaining the RM plan.


This section briefly describes the history of the project and the environment in which the project will operate. (This information may be included through reference to other project documents.) Include the following information:

  • Identification of other systems with which the subject system interfaces
  • Contractor support for development and maintenance
  • System architecture, operating system and application languages
  • Development methodology and tools used for the project

Scope Statement

The scope statement is a very important part of the RM plan. It is an agreement among the project team, the project sponsor and key stakeholders. It represents a common understanding of the project for the purpose of facilitating communication among the stakeholders and for setting authorities and limits for the project manager and team. Purposes of the scope statement includes relating the project to business objectives, and defining the boundaries of the project in several dimensions including approach, deliverables, milestones, and budget.


You should include in this section policy decisions that affect how RM is conducted. This section also references documents to support the RM process. Include any project or standards documents that are referenced in the body of the plan or that have been used in the development of the document.


In this section, describe the project’s approach to risk management. Include the sections on identification, analysis, planning, tracking, control, and communications. Discuss the project’s risk mitigation strategies in general, also detail specific strategies that will have a significant impact across the project.

Risk Identification List

The second section of your risk management plan should include a Risk Identification List; because the tracking of risks in a risk identification list, is a critical to risk management. The risk identification list is used from the beginning of the project and is a source of input for the risk assessment activity. Once the risks have been identified, document them in this section as the risk identification list. Steps for developing the risk identification list are the following:

  • Number each risk using sequential numbers or another type of identifier.
  • Identify the document in which the risk is applicable. For instance, if you are working on Plan A and discover a risk, identify Plan A as the related document.
  • Describe the risk in enough detail that a third party who is unfamiliar with the project can understand the content and nature of the risk.

Use the risk identification list throughout the life-cycle phases to ensure that all risks are properly documented.

In a Risk Management Plan: A Working Example (part 2) ; both the Risk Assessment and Action Plan sections of a risk management plan are discussed.

Barry Spud

Barry Spud

Safety Crusader, Zero Harm Zealot, Compliance Controller and Global Pandemic Expert at Everything Safety
Barry Spud

Latest posts by Barry Spud (see all)

Barry Spud
What is a Safety Spud? Lets look at a few more spud head activities in risk and safety: 1. Coming on to site saying there is a safety issue when in fact there’s no such thing, it’s a political issue. 2. ‘Falling apart’ when people make choices that we think are stupid because they won’t do as we ‘tell’ them. Then we put on the angry face and think that overpowering others creates ownership. 3. Putting on the zero harm face, presenting statistics, knowing it has nothing to do with culture, risk or safety. 4. Putting on the superman (hazardman) suit and pretending to be the saviour of everything, this is good spud head cynic stuff. 5. Thinking that everyone else is a spud head except me. 6. Thinking there’s such a thing as ‘common’ sense and using such mythology to blame and label others. 7. Accepting safety policies and processes that dehumanize others. 8. Blaming, ego-seeking, grandstanding and territory protecting behind the mask of safety. 9. Thinking that risk and safety is simple when in fact it is a wicked problem. Denying complexity and putting your spud head in the sand. 10. Continually repeating the nonsense language and discourse of risk aversion that misdirect people about risk, safety, learning and imagination.

Do you have any thoughts? Please share them below