Risk Management Plan

A well-defined Risk Management Plan is the cornerstone of any risk management process and is key to overall quality of your project management. Risk management plans and risk analysis are two components of project risk management process. The Risk Management Plan is the core document that describes how risk management will be performed on a project.  Risk analysis or the assessment of the risks is a defined methodology that is used to analyze risks that impact a project.

According to the PMI’s PMBOK® the risk management plan “describes how risk management will be structured and performed on a project” and is a supplement and deliverable that  is included with the project management plan.  Risk management plans contain the methodologies, resources, schedule, budget, categories, risk probability and impact definitions and matrixes, risk tolerances, reports, and records. Methodologies should include data sources, software or other tools, and approaches such as Delphi, expert interviewing, Monte Carlo etc. Resources should detail who will be involved in the process and at what stages their involvement is required. Budgets should include costs for risk management activities including associated resource costs that can be included as part of the project cost. Schedules define when risk management activities will take place during the life of the project. Categories define the types of risk impacts that will be analyzed and managed. Typically these include cost, schedule, quality, performance and others.  Risk probability and impact definitions provide guidance on how risk impacts can be qualitatively assessed.  Risk matrixes provide a framework for how permutations of probability and impact types will be ranked and prioritized for planning. Risk tolerances are a measure of stakeholder’s willingness or ability to consume risk. Reports details the specific formats in which the results of the risk management will be presented. Typically, the central format is the Risk Register, but other formats could include risk matrixes, mitigation waterfall charts, histograms, and tornado plots. Records should outline how information will be stored to be used for the current and future projects and how the records will be checked for quality and completeness.Risk Management Plan

Risk analysis is process that can be broken down into 2 sub-processes: qualitative and quantitative. Risk analysis takes place after risk identification and is used to assess and prioritize risks based on their expected or probable impact on project objectives. Of the two, qualitative risk is the most widely used because of relative ease of use and  low cost.  Qualitative risk assessment  supports a quick assessment  of risks and allows for the prioritization of risk response plans based on the result of the analysis. The focal point of qualitative risk analysis is typically the risk register wherein probabilities and impacts are defined by levels or ranges (1 in 10 or Very Low, Low, High, etc). These values are then transcribed onto a risk matrix which allows project teams to categorize in terms such as critical, moderate, or negligible. These assessments are then updated in the Risk Register and are used to prioritize project risks.

Quantitative risk analysis requires more time and effort to perform than qualitative risk analysis and therefore is often only performed on those subset of risks that have been identified as having potential to substantially impact key project objectives such as cost and schedule. The outputs of quantitative risk analysis include probabilistic results for cost, finish times, durations, etc. for the project, activities, or phases, quantified impacts risks, confidence levels for meeting particular outcomes, and realistic “risk adjusted” goals for  cost and schedule and other objectives. Quantitative risk analysis is normally performed using Monte Carlo simulations and the results are shown using histograms, cumulative probability plots, and tornado diagrams. The results can also be visualized using cost, cash flow, result Gantts, success rates, and cruciality reports.

If risk management plan clearly defines methodology of risk analysis, risk definitions, which can be used in risk analysis, as well as other information, such as schedules and budget, such plan will improve chance that project risks will be addressed.