1.

Introduction
1.1. Objective
The goal of well-written RMP Objectives is to provide a repeatable process that reduces risk on a
project or program. The following are a few objectives of a risk management plan that we can
aim for.

 Reduce Schedule Impacts

 Reduce development cost
 Increase system performance
 Ensure proper communication
 Determine risk priorities

Abbreviations
RMP = Risk management plan

2. Risk Identification
2.1 Identify and record the risks

Risk identification can be done through risk workshops, checklists, brainstorming, interviewing,
Delphi technique, cause and effect diagrams, lessons learnt from previous projects, root cause
analysis, contacting domain experts and subject matter experts.

Risk Register is a spreadsheet which has a list of identified risks, potential responses, and root
causes. It is used to monitor and track the risks (both threats and opportunities) throughout the
life of the project. Risk response strategies can be used to manage positive and negative risks.

Risk breakdown structure plays an important role in risk planning. The Risk Breakdown
structure would help in identifying the risk prone areas and helps in effective evaluation and risk
monitoring over the course of the project. It helps in providing sufficient time and resources for
risk management activities. It also helps in categorizing many sources from which the project
risks may arise.
The project risk register includes all information about each identified risk, such as the nature of
that risk, level of impact risk, who owns it and what are is the risk response mitigation measures
in place to respond to it
 3. Risk Analysis and Prioritization
Once the list of potential risks has been identified, the next step is to analyze them and to filter
the risk based on the significance. One of the qualitative risk analysis technique is using Risk
Matrix (covered in the next section). This technique is used to determine the probability and
impact of the risk.

ID Risk Category Owner Probability Impact Mitigation

1 Poor Project 2 3 Escalate to the Project
sponsorship Management Board
2 Contract Suppliers 3 3 Work with the
takes too long Procurement team to
to be drafted timely gather their
requirements
3 Changes to External 1 4 Arrange regular calls
the SOX with our contact in the
legislation Financial Authority
4 Lack of buy- Project 3 4 Invite representative of
in by end- Management each end-user group to
users attend requirement
gathering workshops
5 Poor Project 2 3 Work with
attendance of Management the  department to
training emphasize the
sessions importance of training
6 Insufficient Resources 2 4 Prepare a business
funds for the case with the
next stage of Sponsor to be
the project presented at the next
Finance Committee
meeting so that
funds can be secured
for the project
 4. Risk Control
4.1. Resolution/Response
Based on the analysis, we can decide if the risks require a response. For example, some risks will
require a response in the project plan while some require a response in the project monitoring,
and some will not require any response at all.

4.2. Monitoring

Risk control and monitor process are used to track the identified risks, monitor residual risks,
identify new risks, update the risk register, analyze the reasons for the change, execute risk
response plan and monitor risk triggers, etc. Evaluate their effectiveness in reducing risks.

This can be achieved by risk reassessments, risk audits, variance and trend analysis, technical
performance measurement, status update meetings and retrospective meetings.

The table below gives information about the

Inputs to Risk Tools and Techniques for Risk Outputs from Risk Monitoring
Monitoring and Control Monitoring and Control and Control
Risk Management plan Project risk response audits Workaround plans
Risk Response Plan Periodic project risk reviews Corrective action
Project Communication
Earned value analysis Project change requests
plan
Additional Risk Technical performance Updates to the risk Response plan
identification and analysis measurement and risk Identification checklist
Additional risks response
Scope changes Risk database
planning