Risk Management Plan in Project Management

A well-developed risk management plan outlines how to identify,

qualify, monitor, and control risks throughout the project life cycle.

The Components of a Project Risk Management Plan

The following are the components of a detailed risk management plan:

 Plan Risk Management

 Identify Risks
 Analyze Risks
 Plan the Responses
 Monitor and Control the Risks

Plan Risk Management

Here, you define how you will identify the risks and how they will be categorized,
analyzed, and managed.

Additionally, you will outline the formula to determine risk ranking: high,
medium, or low.

Identify Risks
In this process, you collect risks using the methods described in the risk
management plan. A few risk identification techniques are:

 Document Review
 Information Gathering Techniques
 Interview

In document review, you look over records of past projects, which will apprise
you of any possible risks. The documents may include lessons learned, risk
register, issue log, project files, and more.

In information-gathering techniques, you interact with various stakeholders to

ascertain the risks. You ask experts to list as many risks as they can. This
technique includes brainstorming and the Delphi technique, an anonymous
questionnaire that helps you get responses from experts who are uncomfortable
expressing their opinions openly.

You repeat this procedure until you get your conclusive results. Afterward, you
compile them and review the responses. 

You approach busy and important stakeholders in an interview with a team

member. You ask pre-selected questions during your conversation, and the team
member records these conversations.

Analyze the Risks

After risk identification is complete, you will analyze risks using qualitative and/or
quantitative methods. 

You should always perform a qualitative risk analysis process. However,

quantitative risk analysis is optional and is most likely to be performed on large
and complex projects.

Here, you determine the probability and impact of each risk, and then you
prioritize them. After completing the qualitative risk analysis review, you move on
to the quantitative risk analysis review.

In quantitative risk analysis, you numerically analyze the risks and their effect on
the project objectives.

The Expected Monetary Value (EMV) Method is a quantitative risk analysis

technique. Here, you calculate the EMV of each choice and select the best option.
EMV helps you to determine the contingency reserve, which is used to manage
identified risks.

To manage unidentified risks, you use the management reserve. Management

defines this reserve, and they can set this as a percentage of the project cost, for
example, 5% or 10% of the project cost. A project manager needs the approval to
use the management reserve.

Just like calculating cost reserve, you calculate the schedule reserve. Here, the
contingency reserve is known as the time reserve or buffer, and they are part of
the schedule baseline. The management time reserve is not included in the
schedule baseline but is a part of the project duration.

A Monte Carlo Simulation provides chances to complete the project under

different conditions. You can run this technique with cost, schedule, or any
other project objectives, and it graphically shows you a project’s objective vs. its
chance of completion under various conditions.

For example, if you run the Monte Carlo simulation for schedule analysis, you will
know that you have an 80% chance of completing the project within 24 months
and a 90% chance of completing it in 26 months.

Plan Risk Responses

After collecting and qualifying risks, you will develop the risk response plan. This
plan describes actions that you should take when an identified risk occurs.

Risks can be positive or negative, and strategies for negative and positive risks
are different.

Positive risks are known as opportunities, and negative risks are threats. The risk
response plan aims to reduce the probability or impact of negative risks and
increase the chance or benefits of positive risks.

You will assign a risk owner to each risk. They will be responsible for monitoring
the risk, and if it occurs, they will implement the risk response plan.

Negative Risk Response Strategies:

You can use the following strategies to manage negative risks:

 Mitigate: You try to reduce the chance of the risk occurring or its impact.
 Avoid: You take measures to eliminate the threat or its effect, like
changing the project management plan.
 Transfer: You transfer the risk to a third party: e.g., insurance.
 Escalate: You shift the responsibility of managing the risk to higher
management.
 Accept: You acknowledge the risk and document it but do not take any
action to mitigate it or its effect.
  Escalate: Managing risk is beyond your capability, so you ask your
management to manage the risk.

Positive Risk Response Strategies

You can use the following strategies to manage positive risks:

 Enhance: You try to increase the chance of an opportunity or its impact.

 Exploit: You do everything to make sure that the opportunity is realized.
 Share: If you cannot realize the opportunity on your own, so you ask
someone to share in the opportunity.
 Escalate: You transfer the responsibility of managing the risk to higher
management.
 Accept: You acknowledge the opportunity and document it but do not
take any action to realize it.
 Escalate: Managing risk is beyond your capability, so you ask your
management to manage the risk.

You can use the accept and escalate risk response strategies with both types of
risks. 

After completing the risk response strategy, update the risk register.

Monitor and Control Risks

You closely observe these risks once the project starts, control them when they
occur, and record the outcome into the risk register.

The risk management plan has a tracking and reporting system for risk events.
This helps the project manager analyze the efficiency of the risk management
plan and record lessons learned for future risk events.

Summary
The project risk management plan is a subsidiary plan of the project
management plan. Your project’s success depends on the risk management plan
because a sound plan can help you complete the project within the approved
schedule and budget. You must be proactive with risk management, so use
experts’ help in developing a risk response plan.
How do you develop risk management plans for your projects? Please share it in
the comments section.