A Practical Approach to Creating a Risk Management Plan

A good risk management plan is critical to cutting down on unexpected project risks. A strong
plan can decrease problems on a project by as much as 80 to 90 percent. Follow this practical
approach to creating an effective risk management plan.

Research has shown that well-designed risk management plans can decrease problems encountered
on a project by as much as 90 percent. Combined with a world-class project management
methodology, a good risk management process can be essential in diminishing unexpected project
risks.
Risk management planning should be completed early during the project planning stage since it
is crucial to successfully performing the other project management phases. The risk management
plan identifies and establishes the activities of risk management for the project in the project plan.

Definition of Risk
According to PMBOK, Project Management Institute defines a project as 'an endeavor to create a
product or service.' A project is therefore, a large or major undertaking, especially one involving
considerable money, personnel, and equipment. By definition, projects are a risky endeavor. They
aim to create new products, services, and processes that do not currently exist. With that much at
stake, a solid risk management plan is critical to the success of a project.

Below is a six step practical approach to creating a risk management plan.

The 6 Step Process
Step One: Risk Identification & Risk Register
- The first step in writing the plan is to assemble all stakeholders and identify all possible project
risks. This can be done from various reports, project documents, through various departments
and also from prior project reports. The project scope is the rule book that guides the project,
therefore all possible risks that the scope indicates will also have to be documented. All
documentation of risks will have to be done in the Risk Register.

Step Two: Risk Analysis Methods

- Every project is faced with risks. There is no 100% certainty that risks will not occur. There are
risks that creep up at various phases of the project that the team has to be vigilant and ready to
handle. However, while some risks may be beneficial, in that the sponsor and all team members
have to take them to reach the end product, there are many risks that harm and hinder the
project.

- The risks that are identified have to be analysed for their probability and impact using the PI
Matrix and also translated into numerical values so as to accurately know the outcome of these
risks on the cost, time and resource factors. There are two methods of risk analysis; Qualitative
and Quantitive Risk Analysis.
Step Three: Identify Risk Triggers
- Divide the risk management planning team into subgroups and assign segments of the master
risk list to each subgroup. The job of each subgroup is to identify triggers, or warning signs, for
each risk on its segment of the master list. Again, it is important to document all triggers
associated with each risk. Three triggers per risk are standard.

Step Four: Risk Resolution ideas

- In Step Four, the sub-teams identify and document preventive actions for the "threats" and
enhancement actions for the "opportunities." This can be approached through the various
departments involved, such as Financial Risk reports, HR Risk Reports, IT Risk Reports, etc.

- Risks are unknown events that are inherently neutral. They can be characterized as either
positive or negative. Unfortunately, a lot of time and energy is spent handling negative project
risks, or "threats" rather than positive risks, or "opportunities". No organization should overlook
the chance to benefit from any opportunities that present themselves.

Step Five: Risk Resolution Action Plan

- In Step Five, based on the collective ideas of all the departmental teams, the project manager
will have to decide on a plan of action to bring about risk resolution. Risks with a high P-I
value will have to be treated with utmost urgency while those with the least probability or
impact can just be monitored without having any real action plan. Identifying the most serious
risks at the onset of a project saves time, cost and resources, and likewise identification of such
risks also trigger the resolution plan at the earliest moment.

Step Six: Responsibility and Accountability

- The last step in writing a risk management plan is assigning an owner for each risk on the
master list. Use the Responsibility Assignment matrix. Using this chart, various teams and team
members may be assigned responsibility for carrying out the risk resolution plans. At the end,
the project manager is solely accountable to the project sponsor for all the plans and actions
related to the risks and project at large.

- Proper documentation, such as risk assessment reports, is important during every step of the
planning process. A risk management plan should be incorporated into every project
management plan. A generic list of risks and triggers can be generated from this initial plan. To
apply the risk plan to future projects, simply add project-specific risks and triggers and assess
the probability, impact, and detectability for each risk. This, in turn, will save time and help
institutionalize the risk management plan into the project team's culture. This practical approach
to writing a project management plan holds good for all project types and works well as basic
risk management guidelines.

- They give an 'in a nutshell' picture of the entire process of risk management for any given risk
that is identified. In addition, it also gives important details such as supporting documents.

- The basic idea behind the use of risk register templates is to get a glimpse into the actual
working of risk management for a particular risk or a set of risks. A business project is
continually threatened with risks, and irrespective of the severity or frequency of it, risks have
 to be documented. Hence, from a record point of view, risk register templates fulfill the role of
risk documentation.

Additional Risk Register Templates

- Irrespective of the type of project or risk, or even the techniques of project management
applications (Business, Engineering, Technical, etc.), risk registers show a basic template
pattern. It gives a fairly clear picture of how a project risk is managed at a glance and is also
ideal for making presentations at meetings. It is a compilation of data from various sources and
registers.

- There are some registers which highlight the type of risk assessment done in a project. For
example, if more emphasis is put on Qualitative Analysis with a P-I Index, the report too reflects
this qualitative rating. At Project Management Docs2, a free download is available with a
Qualitative Analysis approach.

At Risk Management Plan Template, a detailed approach to the documentation and registering
of risks is adopted.

Outline of a Risk Register Template

- Most Risk Registers follow a basic pattern of documenting risks. The below highlighted features
are a general description of important data that may be found in the most common risk register
templates.
Risk name: This section highlights the name of the risk that is identified - in clear and concise
terms. For example if it is a shortage of manpower, this entry for 'risk name' may be entered as
'manpower shortage'. Keep it as easily understood as possible.

Probability: This entry is based on the P-I Matrix information obtained via the methods of risk
assessment. It may be as per various grading from Low to Medium to High (indicated by 1, 2 or 3)
on the Matrix.

Impact: This again is data obtained from the P-I Matrix similar to the probability grading.

Significance: This entry indicates how the risk will impact or affect the project if left unattended
to.

Risk Score: Quantitative risk assessment gives an assessment in numerical terms. This value may
be entered if it is such a value. One apt example is the Decision Making Tree. If data obtained is
from the P-I Matrix, then the P-I Matrix rating for that particular risk may be entered. However
state the method used and its respective value.

Strategy: This entry should ideally indicate the measure that has to be adopted in order to
overcome or deal with that risk. For example, in the case of 'manpower shortage', the ideal strategy
that has to be adopted would be to hire additional manpower.

Risk resolution plan: This is an indication of the decision made for risk resolution. It may be
similar to the strategy entry; but in multiple options, it may show variances.
Personnel /team in charge: While risks are to be resolved, it is important to know who or which
team will be responsible for the resolution of the risk. It denotes risk ownership and responsibility.
In the stated example, the Human Resource Department headed by the HR Manager may be
responsible.

Time frame: Risk resolution has to be done within a definite time frame and not as and when it
pleases each stakeholder. Hence and entry of the time frame too is helpful in obtaining such
information at a glance.

Record reference: Risk information is obtained from many registers and documents such as risk
assessment reports that are part of the project's documentation process. Indicate the record /
register or document that corresponds with the mentioned risk.

Status: Is the risk resolution in process? Is it completed and resolved? Is it yet to initiate? Such
details too should be entered in the Risk Register template.

Project Manager Signature: Every entry that is made in the Risk Register has to be super signed
by the project manager. This indicates that the project manager is aware of each risk's
management irrespective of the team / department responsible.

Conclusion
Every project manager should create a risk register for a project. Free risk register templates are
easily available for those who do not have the time or patience to break down the entire process in
an organized manner. See our references section below for some top choices.