Risk Management Process ©

For [Project Name]

Document Control

Document Information

Information
©

Document ID [Document Management System #]

Document Owner [Owner Name]
Issue Date [Date]
Last Saved Date [Date]
File Name [Name]

Document History

Version Issue Date Changes

[1.0] [Date] [Section, Page(s), and Text Revised]

Document Approvals

Role Name Signature © Date

Project Sponsor

Project Board

Project Manager ©

Quality Manager
(if applicable)

Procurement Manager
(if applicable)

Communications Manager
(if applicable)

Project Office Manager

(if applicable)
Table of Contents

TEMPLATE GUIDE..........................................................................................................1
1 RISK PROCESS..................................................................................................... 2
1.1 OVERVIEW.......................................................................................................................................2
1.1.1 About This Section.......................................................................................3
1.2 IDENTIFY RISK...............................................................................................................................5
1.2.1 About This Section.......................................................................................5
1.3 REGISTER RISK.............................................................................................................................. 5
1.3.1 About This Section.......................................................................................5
1.4 ASSIGN RISK ACTIONS.....................................................................................................................5
1.4.1 About This Section.......................................................................................5
1.5 IMPLEMENT RISK ACTIONS................................................................................................................6
1.5.1 About This Section.......................................................................................6
2 RISK ROLES.........................................................................................................7
2.1.1 About This Section.......................................................................................7
2.2 RISK ORIGINATOR...........................................................................................................................7
2.2.1 Example......................................................................................................7
2.3 PROJECT MANAGER......................................................................................................................... 7
2.3.1 Example......................................................................................................7
2.4 PROJECT BOARD, OR PROJECT REVIEW GROUP.......................................................................................7
2.4.1 Example......................................................................................................7
2.5 PROJECT TEAM...............................................................................................................................8
2.5.1 Example......................................................................................................8
3 RISK DOCUMENTS.................................................................................................9
3.1 RISK REGISTER.............................................................................................................................. 9
3.1.1 About This Section.......................................................................................9
3.2 RISK FORM...................................................................................................................................9
3.2.1 About This Section.......................................................................................9
Template Guide
What Is a Risk Management Process?
A Risk Management Process is a method for formally identifying, quantifying, and managing risks to
the project (e.g., to the scope, deliverables, timescales, or resources) during the execution of the
project. The process entails completing a number of actions to reduce the likelihood of each risk’s
occurrence and the severity of each risk’s impact.
A Risk Management Process is used to ensure that every risk is formally:
 Identified
 Quantified
 Monitored
 Avoided, transferred, or mitigated ©

When to Use a Risk Management Process

Although the Risk Management Process is undertaken during the Execution phase of the project (i.e.,
the phase within which the deliverables are produced), project risks can be identified at any stage of
the project life cycle. In theory, any risk identified during the life of the project will need formally
management as part of the Risk Management Process. Without a formal Risk Management Process
in place, it may not be possible to deliver a solution within time, cost, and quality objectives.
©

The Risk Management Process is terminated only at the completion of the Execution phase of the
project (i.e., just prior to Project Closure).

How to Use This Template

This document is a guide to the topics usually included in a Risk Management Process. Sections may
be added, removed, or redefined at your leisure to meet your particular business needs. Example
tables, diagrams, and charts have been added where suitable to provide further guidance on how to
complete each relevant section.
Guidance on each section, including instructions, explanations, and examples, can be found under
the light blue headings, typically titled “About This Section.” To hide this guidance, simply hover
your mouse over the beginning of the section title until a gray triangle appears, like so:
1 Risk Process
Document the process for monitoring and controlling risks within a project by completing this template.
To gain a detailed understanding of the Risk Management Process, see the MPMM™ activity entitled
“Perform Risk Management.” MPMM™ also features an example of this template with every section
and table completed.

1.1 Overview
Provide an overview of your Risk Management Process, as was done in the following diagram:
1.1.1 About This Section
For example:
"The purpose of the Risk Management Process is to ensure that each risk identified within the project
environment is documented, escalated, and mitigated as appropriate. A risk is any event that is likely
to decrease the project’s ability to achieve the defined objectives."
Five key processes will enable Risk Management on this project:
 The identification of project risks
 The logging and prioritizing of project risks
 The identification of risk-mitigating actions
 The assignment and monitoring of risk-mitigating actions
 The closure of project risks ©

The following diagram provides another overview of the risk processes and procedures that should be
undertaken to effectively manage project-related risks. Risk Roles have also been identified.
1.2 Identify Risk
List the steps needed to identify project risks and document their details on a Risk Form.

1.2.1 About This Section

Any member of the Project Team can raise a project-related risk by undertaking the following
procedures:
 Identifying a risk applicable to a particular aspect of the project (e.g. scope, deliverables,
timescales, or resources).
 Completing a Risk Form and sending the form to the Project Manager. ©

1.3 Register Risk

Describe the process by which project each risk is to be investigated and determine its overall priority.
Then list the steps involved in addressing risks: taking immediate actions on low and medium priority
risks and raising high priority risks to the Project Board.

1.3.1 About This Section

The Project Manager reviews every risk that has been raised and determines whether each identified
risk is applicable to the project. S/he should base this decision primarily on whether the risk impacts
the:
 Deliverable specified in the Deliverables Register
 Quality targets specified in the Quality Plan
 Delivery targets specified in the Project Plan
 Resource targets specified in the Resource Plan
 Financial targets specified in the Financial Plan ©

If the Project Manager considers the risk to be related to the project, then s/he will raise a formal risk
in the Risk Register, assign a Risk ID, and, based on the risk's severity, determine the risk’s likelihood
and level of impact.

1.4 Assign Risk Actions

Identify the procedures the Project Board should follow to review project risks and assign the
necessary actions to avoid, transfer, or mitigate those risks. Then describe the steps for implementing
the risk actions and reviewing the risk regularly to ensure that those actions have achieved the
desired result.

1.4.1 About This Section

The Project Board completes a formal review of each risk listed in the Risk Register and decide,
based upon the risk impact and likelihood, whether to:
 Close the risk in the Risk Register if there are no outstanding risk actions and the risk is no longer
likely to impact the project
 Raise a change request if mitigating the risk requires a change to the project
 Assign risk actions to mitigate the risk
1.5 Implement Risk Actions
Specify the process for implementing the risk-mitigating actions assigned by the Project Board. This
process will be highly dependent on the structure of your project team.

1.5.1 About This Section

The next step is the implementation of the risk-mitigating actions that the Project Board has assigned.
These may include:
 Scheduling each action for implementation
 Implementing each scheduled action
 Reviewing the success of each implemented action
 Communicating the success of each implemented action
2 Risk Roles
In this section, describe the key roles and responsibilities involved in the Risk Management Process.

2.1.1 About This Section

Define the roles and responsibilities for all human resources, both internal and external, who are
involved with the identification, review, and mitigation of project risks. The following sections provide
detailed examples.

2.2 Risk Originator

List the responsibilities of the Risk Originator in the Risk Management Process.

2.2.1 Example
The Risk Originator identifies the risk and formally communicates the risk to the Project Manager. The
Risk Originator is responsible for:
 Identifying the risk within the project
 Documenting the risk by completing a Risk Form
 Submitting the Risk Form to the Project Manager for review ©

2.3 Project Manager

List the responsibilities of the Project Manager in the Risk Management Process.

2.3.1 Example
The Project Manager receives each Risk Form. S/he records and monitors the progress of all risks
within the project and is responsible for:
 Receiving all Risk Forms and identifying whether the risk is appropriate to the project
 Recording all risks in the Risk Register
 Presenting all risks to the Project Board
 Communicating all decisions made by the Project Board
 Monitoring the progress of all assigned risk-mitigating actions

2.4 Project Board, or Project Review Group

List the responsibilities of the Project Board in the Risk Management Process.

2.4.1 Example
The Project Board confirms the Risk likelihood and impact and assigns risk-mitigating actions where
appropriate. The Project Board is responsible for:
 The regular review of all the risks recorded in the Risk Register
 Identifying the change requests required to mitigate risks raised
 Allocating risk-mitigating actions
 Closing risks that are no longer likely to impact the project
©

2.5 Project Team

List the responsibilities of the Project Team in the Risk Management Process.
2.5.1 Example
The Project Team undertakes all risk-mitigating actions as delegated by the Project Board.
3 Risk Documents
List any other documentation used to identify, track, and control risks to the project.

3.1 Risk Register

Describe the purpose of the Risk Register and provide a template for its completion.

3.1.1 About This Section

The Risk Register is the log/database in which all risks are registered and tracked through to closure.
Insert a template for the Risk Register here to show how risks will be recorded and monitored on this
project.
(Note: Refer to the Method123 Risk Register for a complete example.)

3.2 Risk Form

Describe the purpose of the Risk Form and provide a template for its completion.

3.2.1 About This Section

The Risk Form is used to identify and describe a risk to the project. Insert a template for the Risk
Form here to show how risks will be defined on this project .
(Note: Refer to the Method123 Risk Form for a complete example.)