The Risk Management Plan describes how risk identification, qualitative and quantitative analysis, response planning, monitoring and control will be structured and performed during the project life cycle. It is being developed mainly by the Project Manager and the Team Managers who have the responsibility to manage the risk planning and execution activities.
In theory, any risk identified during the life of the project will need to be formally managed according to the Risk Management Plan. Without a formal Risk Management Plan in place, the objective of delivering a solution “within time, cost and quality” may be compromised.
The Risk Management Plan may include the following:
Table 7-3: Typical contents of the Risk Management Plan
|•||Risk Management process: It refers to the process that may be used to perform risk management on the project.|
Indicative risk management process which can be used in almost all projects is the following:
Step 1: Raise Risk
|||Any member of the Project Team or the Project Management Team (Risk Originator) identifies a risk applicable to a particular aspect of the project (e.g. timescales, quality, resources, deliverables, cost etc). He/She immediately completes a Risk Form and forwards it to the Project Manager.|
Step 2: Register Risk
|||The Project Manager reviews all Risk Forms and examines whether each risk identified is applicable to the project and impacts on the project objectives and targets specified in the Project Fiche and the Time, Resource, Cost and Quality Plan. |
|||If the risk is considered “related to the project” the Project Manager registers it at the Risk Log and assigns to it an ID. The Project Manager evaluates also the severity of the risk (likelihood that the risk will occur and effect on project objectives if the risk occurs) and decides whether the level of “impact” and “likelihood” assigned by the Risk Originator is “correct”.|
Step 3: Assign Risk Preventive/ Contingency Actions
|||The Project Manager informs the Project Steering Committee that severe risks have been registered in the Risk Log and asks for a meeting with them. |
|||The Project Steering reviews the risks registered and after a discussion during which the Project Manager recommends preventive/ contingency actions, decides to:|
|o||Adopt Project Manager’s recommendations for preventive/ contingency actions and assign them to certain Project Team Members or to the Project Manager|
Note: It must be noted that in case of projects being implemented by contractors, an approved preventive action could be to ask from the contractor to take actions like: to replace specific resources from its team due to inefficient performance, to implement two activities in parallel so to close the project in time etc.
|o||define other risk contingency actions than the ones proposed by the Project Manager and assign them to certain Project Team Members or to the Project Manager|
|o||Raise a change request if they estimate that a change to the project is required to mitigate the risk |
|o||Close the risk if they estimate that the risk is no longer likely to impact on the project|
Step 4: Scheduling and Implement Preventive/ Contingency Actions
|||The Project Manager schedules the implementation of the preventive/contingency actions assigned by the Project Steering Committee. He/ She also informs people who have been charged to implement the risk actions on what exactly they have to do and when.|
|||People assigned to perform each scheduled action, do so. |
Step 5: Monitoring and controlling Preventive/ Contingency Actions
|o||monitors the implementation of each preventive/ contingency action and reviews its success |
|o||updates the Risk Log by writing down the implementation date of the preventive/ contingency action |
|o||communicates the results of the action taken to the Project Steering Committee|
|•||Risk Management Documents: It refers to the documentation used to identify, track and control risks to the project. |
Indicative risk management documents which can be used in almost all projects are the following: Risk Form (the document which must be completed by a member of the project team in order to inform the Project Manager for a new risk) and Risk Log (Risk Register). The template for Risk Log is being provided in Annex 1-6, while the Risk Form is provided inAnnex 7-6 .
Risk Forms are used during the Project Execution & Control Phase. They are completed by any project team member who identifies a risk and they are forwarded to the Project Manager for review. The Project Manager determines whether the information provided in the form is adequate and if not he/she asks for more information to be provided.
Normally the Risk Form includes:
|||Description of the risk identified |
|||Rating of risk likelihood and impact|
|||Proposal for preventive and contingency actions |
|•||Roles and Responsibilities. It refers to the roles and responsibilities of all human resources involved in the identification, review and mitigation of risks within the project.|
Indicative roles and responsibilities are:
The risk originator identifies a risk and reports it to the Project Manager, so he is responsible for:
|||submitting the Risk Form to the Project Manager for review. |
The Project Manager is responsible for:
|||reviewing all Risk Forms submitted by the risk originators|
|||registering all risks at the Risk Log |
|||presenting the identified risks and the recommended actions to the Project Steering Committee |
|||communicating the decisions made by the Project Steering Committee to the people who are assigned to perform preventive/ contingency actions |
|||monitoring the progress of the preventive/ contingency actions assigned |
|||evaluating the results of the performed preventive/ contingency actions|
Project Steering Committee
The Project Steering Committee is responsible for:
|||reviewing all risks presented by the Project Manager |
|||allocating risk preventive/ contingency actions |
The project team members are responsible for undertaking all the actions delegated to them by the Project Steering Committee.