Risk Management Plan

Something about Risk Management Plan.

The Risk Management Plan is used to summarise the proposed risk management approach for the project. Usually it is included as a section in the Project Business Plan, however for larger or more complex projects it can be maintained as a separate document. It is dependent on the establishment of a Risk Register. At a minimum, the Risk Management Plan should cover:

  1.  the process for transferring approved risk costings into the project budget
  2.  the process for transferring risk mitigation strategies into the project Work Breakdown Structure
  3.  how often the Risk Register will be reviewed, the process for review and who will be involved;
  4.  who will be responsible for which aspects of risk management
  5.   how Risk Status will be reported and to whom
  6.  include as an appendix the initial snapshot of the major risks, current gradings, planned mitigation strategies and costings and who will be responsible for implementing them (these are usually included as an Appendix in the Risk Register).
Why would you develop a Risk Management Plan?
 A Risk Management Plan is developed to ensure levels of risk and uncertainty are properly managed so that the project is successfully completed. It enables those involved with the project to manage possible risks by defining the manner in which they will be contained and the likely cost of mitigation strategies.  

  A Risk Management Plan is developed to:

  1. provide a useful tool for managing and reducing the risks identified before and during the project
  2.  document risk mitigation strategies being pursued in response to the identified risks and their grading in terms of likelihood and seriousness
  3.    provide the Project Sponsor, Steering Committee/senior management with a documented framework from which risk status can be reported upon
  4.     ensure the communication of risk management issues to key stakeholders
  5.      provide a mechanism for seeking and acting on feedback to encourage the involvement of the key stakeholders
  6.  identify the mitigation actions required for implementation of the plan and associated costings. 
When would you develop a Risk Management Plan?
Initial risks must be identified and graded according to likelihood and seriousness very early in the Project. This initial risk assessment will form part of the Project Proposal/Brief or Project Business Case for the project. Once the project is approved the Risk Management Plan and Risk Register should be fully developed.   In the case of smaller projects the Risk Register may serve both purposes.  
For large or complex projects it can be beneficial to use an outside facilitator to conduct a number of meetings or brainstorming sessions involving (as a minimum) the Project Manager, Project Team members, Steering Committee members and external key stakeholders. Preparation may include an environmental scan, seeking views of key stakeholders etc.

A Risk Management Plan is developed in an iterative manner as the project progresses and as clarity in relation to potential risks emerges. Although the Project Sponsor and Steering Committee
has ultimate responsibility for ensuring appropriate risk management processes are applied, the Project Manager may develop the first release with their co-operation, and will most likely maintain its currency. 

What you need before you start:

  1. Knowledge and understanding of the project and the environment in which it operates. 
  2.  Knowledge and understanding of the Key Stakeholders. 
  3. Knowledge and understanding of appropriate types of risk management activities, or where to obtain them. 
  4.  Any of the following documents – Project Proposal/Brief, Project Business Case, or Project Business Plan.  The Tasmanian Government Project Management Guidelines.


  1.   Departmental Project Management Guidelines. 
  2.   Corporate/Business Plan for the Department/Business Unit.

What you will have when you are finished:
A Risk Management Plan that is ready for acceptance by the Steering Committee or Project Sponsor. As the project progresses, this document will need to be updated, revised, re-endorsed and re-released.

Integration Process
As risk management is an ongoing process over the life of a project, any risk analysis must be considered a ‘snap shot’ of relevant risks at one point in time.  In this context, document (version) control is essential in order to ensure both the Risk Management Plan and the Risk Register are uniquely identifiable and changes through their development and subsequent revision(s) reflect progress in the management of the identified risks and changes are able to be tracked

Mannila, Margit. (2016). Preveiving and Managing Business Risks. (25.1.2016).

DOC]Risk management plan template and guide v1.1 (25.1.2016).

Lähetetty Windows Phonesta