Professional Documents
Culture Documents
Risk management planning is the process of deciding how to approach, plan and execute the risk
management activities for a project. The risk management approach may include decisions about
the organization, staffing of the risk management activity, selection of the appropriate
methodology, the sources of data to identify risk, and the time frame for the analysis. It is
important to plan for the remaining processes of risk management so the level, type, and
visibility of risk management are commensurate with both the risk and importance of the project
to the organization.
A risk management plan involves risk identification, risk analysis, response planning, and
monitoring and control. Risk management planning is documented in a risk management plan
Methodology – defines the approaches, tools and data sources that may be used to perform risk
Roles and responsibilities – defines the lead, support, and risk management team membership for
each type of action in the risk management plan, assigns people to those roles, and clarifies their
responsibilities.
Budgeting – assigns resources and estimates costs needed for risk management for inclusion in
Timing – defines when and how often the risk management process will be performed
throughout the project life cycle, and establishes risk management activities to be included in the
project schedule. Scoring and interpretation methods appropriate for the type and timing of the
risk assessment and quantification being formed. Methods and scoring must be defined in
identifying risk to a consistent level of detail and contributes to the effectiveness and quality of
risk identification.
A definition of probability and impact – the quality and credibility of the qualitative risk analysis
process requires that different levels of the risks’ probabilities and impacts be defined.
Probability and impact matrix – Risks are prioritized according to their potential implications for
Revised stakeholders’ tolerances – stakeholders’ tolerances may be revised as they apply to the
specific project
Reporting formats – describes the content and format of the risk register as well as any other risk
reports required. Defines how the outcomes of the risk management processes will be
Tracking – documents how all facets of risk activities will be recorded for the benefit of the
current project, future needs, and lessons learned. Documents whether and how risk management
Risk identification determines which risks might affect the project and documents their
characteristics. The purpose is to locate risks before they become problems and to incorporate
this information into the project management process. It is not a one-time event and should be
performed throughout the project. It needs to consider internal (things the project team can
control or influence, such as staff assignments) and external (things beyond the control or
influence of the team such as a regulation) risks. Risk identification involves both opportunities
(positive outcomes) and threats (negative outcomes). It needs to be rigorously carried out for the
maximum benefit to be achieved. In many cases when projects have failed, investigations of
these projects have shown that risks were either present and known about from day one, risks
were built-in through the project team being unaware of the factors that gave risk to them and a
lack of a methodology to adequately identify and communicate risks, and risk identification was
not progressed on a tiered basis down to the lowest level on the project. Participants in the risk
project manager, project team, subject matter experts, customers, end users, outside experts, and
other stakeholders. Potential responses to risks may be identified during the risk identification
process.
Thus Risk identification involves capturing a statement of risk and capturing the context of risk.
Its objective is to locate risks before they become problems and to incorporate this information
into the project management process. It involves transforming uncertainties and issues about the
project into distinct or tangible risks that can be described and measured.
Risk Response Planning
The purpose of the risk response planning is to determine the method to respond to a risk. Risk
responses are planned by those who have the knowledge, expertise, background, and resources to
deal effectively with the risks. The planning process for individual risks or sets of risks is
Risk response planning is the process of developing options and determining actions to enhance
opportunities and reduce threats to the project’s objectives. It includes identification and
assignment of persons (the “risk response owner”) to take responsibility for each agreed-to and
funded risk response. Risk response planning addresses the risks by their priority, inserting
resources and activities into the budget, schedule, and project management plan, as needed.
Planned risk responses must be appropriate to the significance of the risk, cost-effective in
meeting the challenge, timely, realistic within the project context, agreed upon by all parties
involved, and owned by a responsible person. Selecting the best risk response from several