An Example of a Risk Management Plan for Use on Any Project
The risk management plan identifies the risks that can be defined at this stage of the project life cycle, evaluates them, and outlines mitigation actions. Your risk management plan should be periodically updated and expanded throughout the life cycle of your project, as the project increases in complexity and risks become more defined.
The introduction of your risk management plan should include the following sections:
- Scope Statement
In this section, present a clear, concise statement of the purpose of the Risk Management (RM) plan. Include the name, and if applicable, code name of the project, the name(s) of the associated system(s), and the identity of the organization that is responsible for writing and maintaining the RM plan.
This section briefly describes the history of the project and the environment in which the project will operate. (This information may be included through reference to other project documents.) Include the following information:
- Identification of other systems with which the subject system interfaces
- Contractor support for development and maintenance
- System architecture, operating system and application languages
- Development methodology and tools used for the project
The scope statement is a very important part of the RM plan. It is an agreement among the project team, the project sponsor and key stakeholders. It represents a common understanding of the project for the purpose of facilitating communication among the stakeholders and for setting authorities and limits for the project manager and team. Purposes of the scope statement includes relating the project to business objectives, and defining the boundaries of the project in several dimensions including approach, deliverables, milestones, and budget.
You should include in this section policy decisions that affect how RM is conducted. This section also references documents to support the RM process. Include any project or standards documents that are referenced in the body of the plan or that have been used in the development of the document.
In this section, describe the project’s approach to risk management. Include the sections on identification, analysis, planning, tracking, control, and communications. Discuss the project’s risk mitigation strategies in general, also detail specific strategies that will have a significant impact across the project.
Risk Identification List
The second section of your risk management plan should include a Risk Identification List; because the tracking of risks in a risk identification list, is a critical to risk management. The risk identification list is used from the beginning of the project and is a source of input for the risk assessment activity. Once the risks have been identified, document them in this section as the risk identification list. Steps for developing the risk identification list are the following:
- Number each risk using sequential numbers or another type of identifier.
- Identify the document in which the risk is applicable. For instance, if you are working on Plan A and discover a risk, identify Plan A as the related document.
- Describe the risk in enough detail that a third party who is unfamiliar with the project can understand the content and nature of the risk.
Use the risk identification list throughout the life-cycle phases to ensure that all risks are properly documented.
In a Risk Management Plan: A Working Example (part 2) ; both the Risk Assessment and Action Plan sections of a risk management plan are discussed.