Design of the Risk Management Plan
May 6, 2011
With reference to the previous article, the risk planning process takes three key steps to identify potential losses, evaluate risks and examine applicable options of effective risk management. These steps end up with the need to develop a plan that describes approaches, roles, funding sources, timeframes, risk categories and priorities and other information necessary for performing the risk management process… This time we’re going to talk about such a plan.
This article describes the definition of risk management plan, reasons behind designing it and key steps of the designing process. The article is a part of the Project Implementation Guide.
Definition and Reasons
A Risk Management Plan is a formally created and approved document that describes how the risk management process will be organized, what phases it will consist of, how it will be carried out, and who will be involved in the implementation. It is a roadmap for managing identified risks and exploiting opportunities throughout the project lifecycle.
Usually a template of the plan is designed during several (or more) planning meetings on which the attendees (the project manager, selected team members, key stakeholders and other people involved in risk identification and planning) discuss possible methods and solutions for handling the challenge of risk management. When the template is designed and approved, it’s presented to all the participants of the project.
There are several reasons behind designing the risk management plan. These are:
- Protect project participants from hard and injury.
- Protect project assets and avoid losses.
- State and follow standards of effective project implementation.
- Engage the stakeholders in do their duties and commitments on the project.
- Discover and exploit opportunities.
- Increase the probability of successful project completion on time and under budget.
Steps in Designing the Plan
Designing of the risk management plan includes a series of steps to choose the best options of managing identified threats and exploiting opportunities. It is a process that can be performed consecutively. Here are the steps to designing the plan:
- Choose an Approach.
- Define Roles and Responsibilities.
- Plan for Funds.
- Schedule the Activities.
- Categorize Risks.
- Estimate Impact and Probability.
Choose an Approach. First of all, the project manager – who takes the primary responsibility for controlling the plan designing process – needs to define an approach that will be used to efficiently respond to identified risks and exploit opportunities. Such an approach includes tools, solutions, rules and data sources to be used in the risk management process. For instance, the cost-benefit analysis can be used as a good method for making well-weighted decisions on managing threats and determining the pros and cons of one or other solution.
Define Roles and Responsibilities. The second step is to decide who will be involved in the risk management process and what roles will be used to take and share appropriate responsibilities. Its purpose is to assign team leaders, team members, and support team. Each activity of the risk managing process should be clearly stated and assigned to one or several people involved. For example, using the content of the Project Charter (and other documents and tools as well) it’s possible to audit all the people involved the project and choose candidates for the risk management team members.
Plan for Funds. The next step is to budget the process of managing risks and exploiting opportunities. The project manager needs to assign financial resources to the targeted activities and estimate costs of responding to the threats and implementing contingency plans. For example, the project budget uses cost estimates that cover all the activities necessary for implementing efficient risk management. The budget will be the primary source of funds necessary for designing and performing the risk managing plan.
Schedule the Activities. The forth step in designing the risk management plan is to set up start time, deadlines and durations for the process. A detailed schedule of risk treatment activities should be developed in order to define timeframes per activity throughout the project implementation lifecycle. For example, by using Gantt Chat with milestones it’s possible to schedule the activities and define their durations and timeframes.
Categorize Risks. This step is to divide all the identified risks into categories to create a structure that ensures every risk is responded and every opportunity is exploited within an appropriate level of efficiency and quality. It’s about developing a risk breakdown structure (RBS) that hierarchically depicts the identified risks organized by categories and groups, depending on areas of influence. For instance, the RBS for a marketing campaign project may include such risk categories as Technical (ex.: inefficient technology used in the product), External (ex.: impact of the competitors), and Organizational (ex.: failures in the manufacturing process).
Estimate Impact and Probability. When all the risks have been categorized and the RBS has been created, the next step in designing the risk management plan is to estimate the probability of the risks’ occurrence and their impact on the project. Usually an analysis matrix is developed to prioritize the risks and assign the probability and impact per risk. For example, the matrix of the risks related to a marketing campaign project may include such estimation rates as Low, Moderate and High. These rates indicate impact level. Then priorities are set per risk in accordance with the impact rate. A combination of the impact rates and priorities will define the probability whether the risk will happen.
Define Tracking and Reporting Rules. The final step of the plan designing process is to define how the risk management activities will be tracked and what report formats will be used to audit their status. The project manager needs to establish tracking rules and assign people who will take care of the plan implementation and report the situation to senior management. For example, using status report meetings during the project implementation process allows the project manager to communicate with the team, get their feedback on the risk treatment status, and audit pending issues.