Professional Documents
Culture Documents
Advertisements
Definition: A risk management plan is a detailed document that explains an organization’s
risk management process.
Understanding Risk Management
Risk management is a continuous process that is accomplished throughout the life cycle of
a system and should begin at the earliest stages of program planning. It is an organized
methodology for continuously identifying and measuring the unknowns; developing
mitigation options; selecting, planning, and implementing appropriate risk mitigations;
and tracking the implementation to ensure successful risk reduction. Effective risk
management depends on risk management planning; early identification and analyses of
risks; early implementation of corrective actions; continuous monitoring and reassessment;
and communication, documentation, and coordination. It’s most effective if it is fully
integrated with the program’s Systems Engineering, Program Management, and Test &
Evaluation processes.
Advertisements
Figure: Risk Management Process
Risk Management Plan (RMP) Topics
The risk management plan should address the following continuous key activities as shown
above:
Risk Identification
Risk Analysis
Risk Mitigation Planning
Risk Mitigation Plan Implementation
Risk Tracking
Risk Management Plan (RMP) Objectives
The risk management process consists of eight (8) steps and should be detailed in the Risk
Management Plan.
Advertisements
Risk Avoidance: This is when it’s decided to perform other activities that don’t
carry the identified risk by eliminating the root cause and/or consequence. It seeks
to reconfigure the project such that the risk in question disappears or is reduced to
an acceptable value.
Risk Controlling: This is when you control the risk by managing the cause and/or
consequence. Risk control can take the form of installing data-gathering or early
warning systems that provide information to assess more accurately the impact,
likelihood, or timing of a risk. If a warning of risk can be obtained early enough to
take action against it, then information gathering may be preferable to more
tangible and possibly more expensive actions.
Risk Transfer/Sharing: This is when you share the risk with a third party like an
insurance company or subcontractor.
Risk Assumption: Is accepting the loss, or benefit of gain, from a risk when it
occurs. Risk assumption is a viable strategy for small risks where the cost of
insuring against the risk would be greater over time than the total losses sustained.
Risk Management Plan (RMP) Development Steps
An RMP should be structured to identify, assess, and mitigate risks that have an impact on
overall program life-cycle cost, schedule, and/or performance. It should also define the
overall program approach to capture and manage root causes. It should be created before
and after you create the Integrated Master Schedule (IMS), as it will be looking at the tasks
in the Project Schedule and other factors for potential risk items.
The Risk management plan should follow a standardized format from the organization. An
example RMP format: [1]
Advertisements
Introduction
Program Summary
Risk Management Strategy and Process
Responsible/Executing Organization
Risk Management Process and Procedures
Risk Identification
Risk Assessment Matrix
Risk Analysis
Risk Mitigation Planning
Risk Mitigation Implementation
Risk Tracking
Template: Risk Management Plan
The risk management plan should detail how to use the Risk Reporting Matrix is used to
determine the level of risks identified within a program. The level of risk for each root
cause is reported as low (green), moderate (yellow), or high (red).
The key to writing a good plan is to provide the necessary information so the program team
knows the goals, objectives, and the program office’s risk management process. Although
the plan may be specific in some areas, such as the assignment of responsibilities for
government and contractor participants and definitions, it may be general in other areas to
allow users to choose the most efficient way to proceed. [1]
Advertisements
Risk Management Plan (RMP) Updates
The Program Management Office (PMO) should periodically review and update the RMP
at major acquisition events. At the end of each Acquisition Phase, risk planning should be
used in preparation for the next phase. [1]
Risk Management Plan (RMP) in other Acquisition Documents
The plan is integral to overall program planning and should be addressed in the
program Acquisition Strategy, and/or the Systems Engineering Plan (SEP). [1]
AcqNotes Tutorial
DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisitions-
Jan 2017
(Old) DoD Risk Issue and Opportunity Management Guidance for Defense
Acquisition Programs – June 2015
[1] DoD Risk Management Guidebook – Section 8 – Aug 06 (Outdated)
Risk Assessment Checklist
Risk Assessment Worksheet and Management Plan
Continuous Risk Management Guidebook by Carnegie Melon
Template: Risk Management Plan
Template: Project Rick Management Template