Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Risk Management Plan: Contract No: XXX/XX/XX/XX/XX

Download as pdf or txt
Download as pdf or txt
You are on page 1of 17
At a glance
Powered by AI
The key takeaways are that the document discusses a risk management plan for a project including roles and responsibilities, the risk management approach and process, and a risk register identifying specific risks and proposed responses.

The purpose of the risk management plan is to outline the process for identifying, assessing, and responding to risks that could impact the successful completion of the project.

The risk management process outlined includes risk identification, assessment, planning risk responses, implementing responses, monitoring risks, risk feedback, and maintaining a risk register.

RISK MANAGEMENT PLAN

Doc. No. xx-xx-xx-xx


XYZ PROJECT Rev. 0

CLIENT NAME

Contract No: XXX/XX/XX/XX/XX

RISK MANAGEMENT PLAN


Doc. No.: xx-xx-xx-xxxx

CONTRACTOR NAME

Reviewed Approved
Rev. Date Description Originator
By By

1 12-Dec-15 Issued for Implementation (IFImp)


Mujahid
B 30-N0v-15 Issued for Approval (IFA) Name Name
Akhtar
A 01-Nov-15 Issued for Review (IFR)

1 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

TABLE OF CONTENT
1. Project Introduction ...................................................................................................................... 3

2. Purpose of the Risk Management Plan ........................................................................................... 3

3. Acronyms, Abbreviations and Key Terms ....................................................................................... 4

5. Roles & Responsibilities ................................................................................................................. 6

5.1 Roles and Responsibilities .......................................................................................................... 6

6. Risk Management Approach & Strategy ......................................................................................... 7

7. Risk Identification .......................................................................................................................... 9

8. Risk Assessment .......................................................................................................................... 10

9. Plan Risk Response ...................................................................................................................... 12

10. Implement Risk Responses ....................................................................................................... 13

11. Monitor and Control Risk ......................................................................................................... 13

12. Risk Feedback .......................................................................................................................... 14

13. Risk Register ............................................................................................................................ 14

14. ATTACHMENTS......................................................................................................................... 15

2 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

1. Project Introduction
Provide below the Project introduction and background, usually given in Contract.

Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
2. Purpose of the Risk Management Plan
This section explains why risks exist and highlights the purpose and importance of the risk management plan. It provides a
general description of why risk management is essential to effectively managing a project and describes what is needed
before risk management can begin. For example, I have mentioned below some description, but you can change to fit your
objective.
As organizations begin new projects, they begin operating in an area of uncertainty that comes along with developing new
and unique products or services. By doing so, these organizations take chances which results in risk playing a significant
part in any project. The purpose of the risk management plan is to establish the framework in which the project team will
identify risks and develop strategies to mitigate or avoid those risks. However, before risks can be identified and
managed, there are preliminary project elements which must be completed. These elements are outlined in the risk
management approach. Project risk management is an iterative activity covering project lifecycle from project initiation to
project close-out. This approach ensures risks are continuously identified as they arise.
Further define the purpose of risk management plan as per your organization & requirements.

Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

3 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

3. Acronyms, Abbreviations and Key Terms


• Acronyms & Abbreviations:
Include acronyms & abbreviations and key terms w.r.t. this Risk Management Plan below

Abbreviation Description
COMPANY Your Text Here
CONTRACTOR Your Text Here
CONSULTANT Your Text Here

AGREEMENT Your Text Here

PROJECT Your Text Here

Your Text Here Your Text Here

Your Text Here Your Text Here

• Key Terms:
• Include key terms w.r.t. this Risk Management Plan, few examples included below
Assurance: The process by which you test or audit the controls and monitoring practices in place. This can be carried out
internally (by internal audit or others), or externally by a third party.
Consequence: The outcome of an event and influences objectives. A single event can generate a range of consequences
which can have positive and negative effects on objectives. Initial consequences can also escalate through cascading and
cumulative effects.
Control: A measure or action that modifies risk. Controls can include any policy, procedure, practice, process, technology,
technique, method or device that modifies or manages risk.
Emergent (or emerging) risk: Risks that are poorly understood but are expected to grow greatly in significance. Unlike
other risks, emergent risks do not have a track record that can be used to estimate likely probabilities and expected losses.
Event: One occurrence, several occurrences, or even a non-occurrence. An event can also be a change in circumstances.
Events are sometimes referred to as incidents or accidents. Events always have causes and usually have consequences.
Events without consequences are sometimes referred to a near-misses, near-hits or close-calls.
Inherent impact: The impact, often measured in monetary value, of the risk if it crystallized where no controls or other
mitigating factors were in place (or failed in their entirety).
Inherent probability: The chance that something might happen if no controls or other mitigating factors were in place (or
failed in their entirety).
Inherent risk: The risk that would crystallize if no controls or other mitigating factors were in place (or failed in their
entirety). Also known as gross risk.
Monitoring: To supervise and continually check and critically observe the controls in place around risks. It is designed to
assess the efficiency, appropriateness and proportionality of the controls.
Probability: The chance that something might happen. It can be defined, determined, or measured objectively or
subjectively and can be expressed either qualitatively or quantitatively.
Residual impact: The impact, often measured in monetary value, of the risk if it crystallized, considering the controls,
monitoring and assurance processes in place. Also known as the mitigated impact.
Residual probability: The probability of the risk crystallizing, considering the controls, monitoring and assurance processes
in place. Also referred to as the mitigated probability.

4 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

Residual risk: The risk you have left after you have removed the source of the risk or implemented controls, monitoring
and assurance practices around it. Also known as the mitigated risk.
Risk: The effect of uncertainty on objectives, this effect being a positive or negative deviation from what is expected.
Risk analysis: The process used to understand the nature, sources, and causes of the risks that you have identified and to
estimate the level of risk. It is also used to study impacts, consequences and to examine the controls that currently exist.
Risk assessment: The analysis of risk by: Risk identification, Risk analysis, Risk evaluation
Risk attitude: This defines an organization’s general approach to risk. An organization’s risk attitude influences how risks
are assessed and addressed. An organization’s attitude towards risk influences whether or not risks are taken, tolerated,
retained, shared, reduced or avoided, and whether or not mitigating actions are implemented or postponed.
Risk avoidance: The strategy where an organization chooses not to engage in an operation or chooses to terminate its
existing engagement because of the risk involved.
Risk evaluation: The process that is used to compare risk analysis results with risk criteria in order to determine whether
or not a specified level of risk is acceptable or tolerable.
Risk identification: The process that is used to find, recognize and describe the risks that could affect the achievement of
objectives. It is used to identify possible sources of risk in addition to the events and circumstances that could affect 
the
achievement of objectives. It also includes the identification of
possible causes and potential consequences. You can use
historical data, theoretical analysis, informed opinions, expert advice, and stakeholder input to identify your organization’s
risks.
Risk management: A coordinated set of activities and methods used to direct an organization and to control the many
risks that can affect its ability to achieve objectives. It can also refer to the architecture that is used to manage risk which
includes risk management principles, a risk management framework and a risk management process.
Risk management framework: A set of components that support and sustain risk management through an organization.
There are two types of components:
Foundations. These include your risk management policy, objectives, mandate and commitment.
Organizational arrangements. These include the plans, relationships, accountabilities, resources, processes and
activities you use to manage your organization’s risk.
Risk management plan: Sets out how an organization intends to manage risk. It describes the management components,
the approach, and the resources that will be used to manage risk. Typical management components include procedures,
practices, responsibilities, and activities (including their sequence and timing).
Risk management policy: A policy statement defines a general commitment, direction or intention. A risk management
policy statement expresses an organization’s commitment to risk management and clarifies its general direction or
intention.
Risk mitigation: The efforts taken to reduce either the probability or consequences of a threat.
Risk owner: A person or entity that has been given the authority to manage a particular risk and is accountable for doing
so.
Risk profile: A written description of a set of risks. A risk profile can include risks that the entire organization must manage
or only those that a particular function or part of the organization must address.
Risk strategy: The strategy choice an organization makes for dealing with a specific risk.
Risk tolerance: The ability of an organization to survive the losses associated with risks.
Stakeholder: A person or an organization that can affect or be affected by a decision or an activity (either internal or
external to the organization). Stakeholders also include those who have the perception that a decision or an activity can
affect them.

5 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

4. Reference Documents
Include reference documents here as applicable w.r.t. this Risk Management Plan

Document Title Document No.

Agreement (Risk Management Scope) xx-xx-xx-xxxx

Construction Execution Plan xx-xx-xx-xxxx

Procurement Execution Plan xx-xx-xx-xxxx

Project Control Procedure xx-xx-xx-xxxx

Project Quality Plan xx-xx-xx-xxxx

Project HSE Plan xx-xx-xx-xxxx

Change Control Procedure xx-xx-xx-xxxx

Interface Management Plan xx-xx-xx-xxxx

Project Coordination Procedure xx-xx-xx-xxxx

Your Text Here xx-xx-xx-xxxx

Your Text Here xx-xx-xx-xxxx

Your Text Here xx-xx-xx-xxxx

5. Roles & Responsibilities

5.1 Roles and Responsibilities

Explain roles and responsibilities incl. Risk Owners w.r.t. this procedure and as per your Organization requirements.
• PROJECT MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• RISK MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• PROCUREMENT MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

6 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

• CONSTRUCTION MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• COMMISSIONING MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• PROJECT CONTROL MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• INTERFACE MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• QA/QC MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• HSE MANAGER
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• OTHERS RISK OWNERS
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

6. Risk Management Approach & Strategy


This section provides a general description for the approach and strategy taken to identify and manage the risks associated
with the project. It should define the approach to risk management for example, as mentioned below.
The approach we have taken to manage risks for this project included a methodical process by which the project team
identified, scored, and ranked the various risks. The most likely and highest impact risks were added to the project schedule to
ensure that the assigned risk managers take the necessary steps to implement the mitigation response at the appropriate time
during the schedule. Risk managers will provide status updates on their assigned risks in the monthly project team meetings,
but only when the meetings include their risk’s planned timeframe. Upon the completion of the project, during the closing
process, the project manager will analyze each risk as well as the risk management process. Based on this analysis, the project
manager will identify any improvements that can be made to the risk management process for future projects. These
improvements will be captured as part of the lessons learned knowledge base.
You can include a paragraph about the cost for the risk management process as to realize the cost of doing risk management,
but also realize risk management saves time and money overall by avoiding and reducing threats.
You can include timing of risk management e.g. when to do risk management for the project (each phase, on monthly basis);
Risk management should start as soon as you have the appropriate inputs and should be repeated throughout the life of the
project, since new risks can be identified as the project progresses and the degree of risk may change

7 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

You can include risk categories as few examples below as per your project scope and organizational needs e.g.
• External – regulatory, environmental, government, market shifts
• Internal – time, cost, scope changes; inexperience; poor planning
• Technical – changes in technology
• Unforeseeable – only a small portion of risks (some say about 10%) are actually unforeseeable
• Work package – group risks based on which work package they are in
• Root cause – group risks based on the same root cause
You need to definition of probability and impact e.g. would everyone who rates the probability a 5 in qualitative risk analysis
mean the same thing? A person who is risk averse might think of 5 as very high, while someone who is risk prone might think 5
as a low figure. The definitions and the probability and impact matrix help standardize these interpretations and also help
compare risks between projects. We will talk about it further below. (refer below for risk matrix)
In addition, you can mention about the stakeholder tolerances e.g. what if the stakeholders have a low risk tolerance for cost
overruns? That information would be considered to rank cost impacts higher than they would if the low tolerance was in
another area. Tolerance should not be implied but uncovered in project initiating and clarified or refined continually.
You can provide details on the reporting formats e.g. here you can describe any reports related to risk management that will
be used and what they will include. (refer below for risk reporting)
You can also provide assurance & tracking details e.g. how the risk process will be audited, and the documents of what
happens with risk management activities.
You can develop types of risk on your project, you may identify hundreds of risks. When you have a large project with large
number of risks, you need to categorize them to make it easier to manage them. Below are some categorizations and types of
risks.
• Business risk – risk of gain or loss
• Pure (insurable) risk – only a risk of loss
Further elaborate as per your project, organization and contract requirements
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
For each risk management, following steps will be used during lifecycle of the project;
• Identify Risks
• Qualitative Risk Assessment
• Quantitative Risk Assessment
• Plan Risk Response
• Implement Risk Response
• Monitor and Control Risk
• Risk Feedback

Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

8 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

7. Risk Identification
This section explains the process by which the risks associated with this project were identified. It should describe the
method(s) for how the project team identified risks, the format in which risks are recorded, and the forum in which this
process was conducted. Typical methods of identifying risks are expert interview, review historical information from similar
projects and conducting a risk assessment meeting with the project team and key stakeholders.
An example has been provided below.
For this project, risk identification will be conducted in the initial project risk assessment meeting (brainstorming session). The
project manager will chair the risk assessment meeting and distributed notepads to each member of the team and allowed xx
minutes for all team members to record as many risks as possible.
All project stakeholders are responsible for identifying the risks that may be encountered during lifecycle of projects. Other
risks shall be identified on a monthly basis and the risk register shall be updated accordingly. These shall include the residual
risks resulting from the mitigation of the primary risks.
Threats and opportunities can be identified from different sources e.g.
• Expert Interview
Two Expert Interviews will be held for this project. The interviews can reveal several risks which can then mitigated by making
changes to the project plan. The remaining risks are included in the Risk Register.
• Risk Assessment Meeting (Brainstorming)
A risk assessment meeting will be held with key team members and stakeholders. The risks identified during this meeting will
added to the project plan and Risk Register.
• Historical Review of Similar Projects (Checklist Analysis)
The project team reviewed the history of similar projects in order to determine the most common risks and the strategies used
to mitigate those risks.
• Independent Project Reviews
Your Test Here Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
• Business Analysis Processes Relating to Specific Risk Areas
Your Test Here Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Each risk will be qualified through:
• Risk Breakdown Structure (RBS),
• Risk Identifying Threat and Opportunities.
• The Causes of Risk Event
• The Description of the Risk Event
• The Possible Consequences/Impact
• The Risk Owner, Responsible for Monitoring the Assigned Risk
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

9 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

8. Risk Assessment
Risk assessment will be done in two way e.g. QUALITATIVE AND QUANTITATIVE for the project. Perform Qualitative Risk
Analysis is the process of prioritizing risks for further analysis. This process assesses the risks’ probability of occurrence and
impact (subjective analysis). The key benefit of this process is that it identifies the high priority risks and allows the project
team to focus on those. While Perform Quantitative Risk Analysis process analyzes the numerical impact of identified risk on
project deliverables.
Once risks are identified it is important to determine the probability and impact of each risk in order to allow the project
manager to prioritize the risk avoidance and mitigation strategy. Risks which are more likely to occur and have a significant
impact on the project will be the highest priority risks while those which are more unlikely or have a low impact will be a much
lower priority. This is usually done with a probability – impact matrix. This section explains risks were qualified and prioritized
for this project.
The Risk Assessment Matrix (RAM) shall be applied and all risks shall be ranked against consequence and probability
(likelihood) criteria.
Definitions of Probability: (change according to your project industry)

Probability Rating Description

Very High 5 High likelihood to occur or has occurred already this year

High 4 Multiple occurrences in the last 2 years

Medium 3 Has occurred in the industry in the last 2 - 5 years

Low 2 No prior occurrence in the last 5 years but could occur

Very Low 1 Highly unlikely to occur in the foreseeable future

Definitions of Consequence/Impact by Objective: (change according to your project industry)

Impact Rating Scope Quality Time Cost

Click here to enter Click here to enter Click here to enter Click here to enter
Very High 5
text. text. text. text.

Click here to enter Click here to enter Click here to enter Click here to enter
High 4
text. text. text. text.

Click here to enter Click here to enter Click here to enter Click here to enter
Medium 3
text. text. text. text.

Click here to enter Click here to enter Click here to enter Click here to enter
Low 2
text. text. text. text.

Click here to enter Click here to enter Click here to enter Click here to enter
Very Low 1
text. text. text. text.

10 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

Probability and Impact Matrix: (change according to above probability/impact)

Very High 5 10 15 20 25

High 4 8 12 16 20

Medium 3 6 9 12 15

Low 2 4 6 8 10

Very Low 1 2 3 4 5

Probability
Very Low Low Medium High Very High
Impact

Once the risks were assigned a probability and impact and placed in the appropriate position on the chart, the recorder
captured the finished product and the project manager moved the process on to the next step.
(I will share a separate procedure for quantitative risk analysis in details, however highlights are mentioned below)
The Perform Quantitative Risk Analysis process analyzes the numerical impact of identified risk on project deliverables. It is
only used for high priority risks.
The purpose of quantitative risk analysis is to:
• Determine which risk events warrant a response
• Determine overall project risk (exposure)
• Determine the quantified probability of meeting project objectives
• Determine cost and schedule reserves
• Identify risks requiring the most attention
• Create realistic and achievable costs, schedule or scope targets
Quantitative probability and impact can be determined in various ways, including the following:
• Monte Carlo Analysis
• Interviewing
• Cost and Time Estimation
• Delphi Technique
• Use of Historical Records from Previous Projects
• Expert Judgement
• Expected Monetary Value Analysis
• Decision Tree

11 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

Quantitative risk analysis and modeling techniques are as follows.


• Decision trees: diagram shows key interaction among decisions and associated chance events. Decisions are shown
as boxes and chances are shown as circles. Can take future events into account for decision making
• EMV: Sum of probability times the expected outcome, and calculates the average outcome
• Simulation: analyze the behavior of the system. Most common is the schedule simulation which uses the project
network as the model based on the Monte Carlo analysis
• Monte Carlo Analysis: performs the project many times to provide a statistical distribution of the calculated results
to quantify the risk of various schedule alternatives. Monte Carlo analysis is used for:
- Evaluating overall risk in the project
- Determining the probability of completing the project on any specific date or for any specific cost
- Determining the probability of any activity actually being on the critical path
- Translating uncertainties into impacts to the total project
- Calculating in a probability distribution
• Impact Analysis: what is the likelihood the event will occur vs. the severity of the impact on project if it does occur
• Sensitivity analysis: Places value on the impact of changing a single variable. Helps determine which risks have the
most potential impact on the project (Tornado diagram)
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your

9. Plan Risk Response


Plan Risk Response process develops options and actions to enhance opportunities and reduces threats to project objectives.
The choices of response strategies for THREATS include:
• Avoid
- Eliminate the threat by eliminating the root cause
- Reduce scope or remove the work package
• Mitigate
- Reduce probability or the impact of a threat
- Options for reducing the probability are looked for separately from options for reducing the impact
- Any reduction will make a difference, but the option with the most probability and/or impact reduction is
often the option selected
• Transfer (deflect – allocate)
- Make another party responsible for the risk by purchasing insurance, performance bonds, warranties,
guarantees, or outsourcing work
- One must complete risk assessment before a contract can be signed
- Transfer of risk is included in terms and conditions of the contract
The choices for response strategies for OPPORTUNITIES include:
• Exploit
- Add work or change the project to make sure the opportunity occurs
• Enhance
- Increase the likelihood (probability) and/or positive impacts of the risk event
• Share
- Allocate ownership of the opportunity to a third party (forming a partnership, team, or joint venture) that is
best able to achieve the opportunity
A response strategy for both THREATS AND OPPORTUNITIES is:
• Accept
- Active acceptance may involve the creation of contingency plans to be implemented if the risk occurs and
the allocation of time and cost reserves to the project
- Passive acceptance leaves actions to be determined as needed, if (after) the risk occurs
- A decision to accept a risk must be communicated to stakeholders

12 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

10. Implement Risk Responses


Once risks have been qualified, the team must determine how to address those risks which have the greatest potential
probability and impact on the project. This section explains the considerations which must be made and the options available
to the project manager in managing these risks.
The project manager has led the project team in developing responses to each identified risk. As more risks are identified,
they will be qualified, and the team will develop avoidance and mitigation strategies. These risks will also be added to the Risk
Register and the project plan to ensure they are monitored at the appropriate times and are responded to accordingly.
The risks for this project will be managed and controlled within the constraints of time, scope, and cost. All identified risks will
be evaluated in order to determine how they affect this triple constraint. The project manager, with the assistance of the
project team, will determine the best way to respond to each risk to ensure compliance with these constraints.
In extreme cases it may be necessary to allow flexibility to one of the project’s constraints. Only one of the constraints for this
project allows for flexibility as a last resort. If necessary, funding may be added to the project to allow for more resources in
order to meet the time (schedule) and scope constraints. Time and scope are firm constraints and allow for no flexibility.
Again, the cost constraint is flexible only in extreme cases where no other risk avoidance or mitigation strategy will work.
Key concepts for this process:
• Contingency plans/fall back plans are plans to follow when the risk becomes an issue.
• Residual risk – the risk that remains after the contingency plan has been implemented.
• Low priority tasks are put onto a watch list and revisited periodically.
• Risk is the most important item during project team meetings.
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

11. Monitor and Control Risk


This section should discuss how the risks in the project will be actively monitored. One effective way to monitor project risks is
to add those risks with the highest scores to the project schedule with an assigned risk manager. This allows the project
manager to see when these risks need to be monitored more closely and when to expect the risk manager to provide status
updates at the bi-weekly or monthly project team meetings. The key to risk monitoring is to ensure that it is continuous
throughout the life of the project and includes the identification of trigger conditions for each risk and thorough
documentation of the process.
The most likely and greatest impact risks have been added to the project plan to ensure that they are monitored during the
time the project is exposed to each risk. At the appropriate time in the project schedule a Risk Manager is assigned to each
risk. During the bi-weekly or monthly project team meeting the Risk Manager for each risk will discuss the status of that risk;
however, only risks which fall in the current time period will be discussed. Risk monitoring will be a continuous process
throughout the life of this project. As risks approach on the project schedule the project manager will ensure that the
appropriate risk manager provides the necessary status updates which include the risk status, identification of trigger
conditions, and the documentation of the results of the risk response.
After the implementation of risk control strategies some risks remain and require to be actively monitored in order to ensure
that the project can achieve its objectives over its life cycle. The crucial requirement is that the risk should be reduced to
ALARP level, recognizing that the cost of further risk reduction may be excessive compared to the benefit associated. This
means systematic, continuous tracking and evaluation of the effectiveness and appropriateness of the risk control strategies,
techniques, and actions established within the risk register.
Risk monitoring process should.
- provide to decision makers required information regarding the status of each risk and its follow-up actions,
- allow to monitor the progress and the efficiency of risk control actions.

13 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

Risk reporting and distribution of results.


- As a minimum, the top 10 risks to be presented along with the mitigation plans. The top 10 risks shall be
revisited and updated every month.
- Leading indicators
Here are the key concepts and terms you need to understand for this process:
• Risk Audits
- An audit that ensures your project team is following the organization’s risk processes, including identifying
risks and creating mitigation plans for high priority risks.
- Examine and document the effectiveness of risk responses.
- Develop organizational best practices.
• Workarounds
- Whereas contingency responses are developed in advance, workarounds are unplanned responses
developed to deal with the occurrence of unanticipated risk events.
- When project deviate from baseline, the team may need to take a corrective action.
• Risk Assessments
- The project team needs to periodically review the risk management plan and risk register and adjust them as
required
- Risk management is an iterative process
• Contingency Reserve
- The budget set aside to handle specific risks if they do occur
• Reserve Analysis
- Analyzing how much money you have left in the reserves and how much you may need in the future
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

12. Risk Feedback


The objective of this risk process is to provide feedback for future projects and to represent a continuous learning process over
the time. The objective can be reached through the distribution of experience and through the definition of lessons learned
associated to identified risks. Lessons learnt shall be created at the closure of a specific risk and lessons learnt log shall be
updated accordingly.
These lessons learnt shall be used
• To verify if and how specific risk impacted?
• To access the efficiency of implemented risk strategies
• To know the event that causes the risk
• To know the recommendations
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text
Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your
Text Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

13. Risk Register


Every project must maintain a risk register in order to track risks and associated mitigation strategies. This section describes
the risk register criteria as well as where the risk register is maintained and how these risks are tracked in the project schedule.
The Risk Register for this project is a log of all identified risks, their probability and impact to the project, the category they
belong to, mitigation strategy, and when the risk will occur. The register was created through the initial project risk
management meeting led by the project manager. During this meeting, the project team identified and categorized each risk.
Additionally, the team assigned each risk a score based on the probability of it occurring and the impact it could potentially
have. The Risk Register also contains the mitigation strategy for each risk as well as when the risk is likely to occur.

14 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK MANAGEMENT PLAN
Doc. No. xx-xx-xx-xx
XYZ PROJECT Rev. 0

Based on the identified risks and timeframes in the risk register, each risk has been added to the project plan. At the
appropriate time in the plan—prior to when the risk is most likely to occur—the project manager will assign a risk manager to
ensure adherence to the agreed upon mitigation strategy. Each risk manager will provide the status of their assigned risk at
the bi-weekly project team meeting for their risk’s planned timeframe.
The Risk Register will be maintained as an appendix to this Risk Management Plan. (Refer Attachment)
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here
Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Your
Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here Your Text Here

14. ATTACHMENTS
• RISK BREAKDOWN STRUCTURE (RBS)
• RISK REGISTER FORMAT

15 XYZ PROJECT Prepared by: Mujahid Akhtar


RISK BREAKDOWN STRUCTURE (RBS)
Change according to your project, organization requirements

Project Name Date

Project Number Document Number

Project Manager Project Owner/Client

Risk Code /ID Component Name Brief Description

Rk1. Project

Rk1.1. Project Management

Rk1.1.1. Estimating

Rk 1.1.1.1 Estimating Activity Durations

Rk 1.1.1.2. Estimating Costs

Rk 1.1.2. Communicating

Rk 1.1.2.1. Remote project team

Rk 1.1.2.2. Public Stakeholders

Rk 1.2. Technical

Rk 1.2.1. Requirements

Rk 1.2.2. Software Performance


RISK REGISTER FORMAT
XYX PROJECT
Date: 15-Jan-16

Impact Impact
RBS Revised Revised Responsible
ID Risk Statement Risk Owner Probability Score Risk Response Actions Status Comments
ID Probability Score Party
Scope Quality Schedule Cost Scope Score Schedule Cost

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

1. Appoint Expeditor
Manager 1. Expedite manufacturing 1 -Very 1 -Very
R-01 1.1 Late delivery of pumps 4- High 2 -Low 2 -Low 4- High 3-Medium 12 3-Medium 3-Medium 2 -Low 6 Contractor 2. Make arrangement for airlift In-progress Your Text Here
Procurement 2. Airlift the pump Low Low
the pump

You might also like