Project Risk Management Planning

By Christina Keyes

                Risk Management is the process of identifying, assessing, responding to, monitoring and controlling, and reporting risks. Creating a Risk Management Plan is necessary for maintaining a safe working environment for your employees and it also helps ensure success long-term.  Identifying risks applies to all areas, not just safety.  The Risk Management plan outlines activities and how they will be performed, recorded, and monitored. 

Procedures for creating a Project Risk Management Plan:

ROLES AND RESPONSIBILITIES
The Risk Management Team typically consists of:  Facility Representative, Risk Manager or Project Manager, an Integrated Project Team, Risk Owner(s), and Other Key Stakeholders.  Each position is equally important with key roles in the development and completion of the project.

RISK IDENTIFICATION
Risk identification will involve the project team and stakeholders; and will include an evaluation of environmental factors, organizational culture and the project management plan.  Key elements reviewed are project deliverables, assumptions, constraints, cost/effort estimates, resource plan, and other key project documents.  Methods used to assist in the identification of risks are brainstorming, interviewing, SWOT (strengths, weaknesses, opportunities, and threats, diagramming, etc  A Risk Management Log will be generated and updated as needed. 

RISK ANALYSIS
All risks identified will be assessed to identify the range of possible project outcomes.  Risks will be prioritized by their level of importance.  Qualitative Risk Analysis shows the probability and impact of occurrence for each identified risk.  Risks that fall within the RED and YELLOW zones, Quantitative Risks, will have risk response plan which may include both a risk response strategy and a risk contingency plan.

RISK RESPONSE PLANNING
Each major risk (those falling in the Red & Yellow zones) will be assigned to a risk owner for monitoring and controlling purposes to ensure that the risk will not “fall through the cracks”. 
For each major risk, one of the following approaches will be selected to remediate the risk:
•             Avoid – Eliminate the threat or condition
•             Mitigate –reduce the probability or the impact
•             Accept – Nothing will be done
•             Contingency –Define actions to be taken in response
•             Transfer – Shift the consequence of a risk to a third party (buy insurance, outsourcing, etc.)
For each risk that will be mitigated, the project team will identify ways to prevent the risk from occurring or reduce its impact.  This may include prototyping, adding tasks to the project schedule, adding resources, etc.  Any secondary risks that result from mitigation will be documented.

RISK MONITORING, CONTROLLING, AND REPORTING
The level of risk on a project will be tracked, monitored and controlled and reported
RISK CONTINGENCY BUDGETING
A risk contingency budget can be established to prepare in advance for the possibility that some risks will not be managed, this allows for funding availability to keep your project from going over budget.

​CLOSING A RISK
A risk will be considered closed when it meets the criteria identified in the Risk Management Plan.  All avenues have been accounted, risks that have been accepted have been mitigated and planned for accordingly.  Authority to close the risk must be decided at the time of creating the Risk Management Plan.