Development of Risk Management Plan

Home Page  <<  >>

The Risk Management Plan describes how risk identification, qualitative and quantitative analysis, response planning, monitoring and control will be structured and performed during the project life cycle. It is being developed mainly by the Project Manager and the Team Managers who have the responsibility to manage the risk planning and execution activities.

In theory, any risk identified during the life of the project will need to be formally managed according to the Risk Management Plan. Without a formal Risk Management Plan in place, the objective of delivering a solution “within time, cost and quality” may be compromised.

The Risk Management Plan may include the following:


Table 7-3: Typical contents of the Risk Management Plan

Risk Management process: It refers to the process that may be used to perform risk management on the project.

Indicative risk management process which can be used in almost all projects is the following:

Step 1: Raise Risk

Any member of the Project Team or the Project Management Team (Risk Originator) identifies a risk applicable to a particular aspect of the project (e.g. timescales, quality, resources, deliverables, cost etc). He/She immediately completes a Risk Form and forwards it to the Project Manager.

Step 2: Register Risk

The Project Manager reviews all Risk Forms and examines whether each risk identified is applicable to the project and impacts on the project objectives and targets specified in the Project Fiche and the Time, Resource, Cost and Quality Plan.
If the risk is considered “related to the project” the Project Manager registers it at the Risk Log and assigns to it an ID. The Project Manager evaluates also the severity of the risk (likelihood that the risk will occur and effect on project objectives if the risk occurs) and decides whether the level of “impact” and “likelihood” assigned by the Risk Originator is “correct”.

Step 3: Assign Risk Preventive/ Contingency Actions

The Project Manager informs the Project Steering Committee that severe risks have been registered in the Risk Log and asks for a meeting with them.
The Project Steering reviews the risks registered and after a discussion during which the Project Manager recommends preventive/ contingency actions, decides to:
oAdopt Project Managers recommendations for preventive/ contingency actions and assign them to certain Project Team Members or to the Project Manager

Note: It must be noted that in case of projects being implemented by contractors, an approved preventive action could be to ask from the contractor to take actions like: to replace specific resources from its team due to inefficient performance, to implement two activities in parallel so to close the project in time etc.

odefine other risk contingency actions than the ones proposed by the Project Manager and assign them to certain Project Team Members or to the Project Manager
oRaise a change request if they estimate that a change to the project is required to mitigate the risk
oClose the risk if they estimate that the risk is no longer likely to impact on the project

Step 4: Scheduling and Implement Preventive/ Contingency Actions

The Project Manager schedules the implementation of the preventive/contingency actions assigned by the Project Steering Committee. He/ She also informs people who have been charged to implement the risk actions on what exactly they have to do and when.
People assigned to perform each scheduled action, do so.

Step 5: Monitoring and controlling Preventive/ Contingency Actions

The Project Manager:
omonitors the implementation of each preventive/ contingency action and reviews its success
oupdates the Risk Log by writing down the implementation date of the preventive/ contingency action 
ocommunicates the results of the action taken to the Project Steering Committee
Risk Management Documents: It refers to the documentation used to identify, track and control risks to the project.

Indicative risk management documents which can be used in almost all projects are the following: Risk Form (the document which must be completed by a member of the project team in order to inform the Project Manager for a new risk) and Risk Log (Risk Register). The template for Risk Log is being provided in Annex 1-6, while the Risk Form is provided inAnnex 7-6 .

Risk Forms are used during the Project Execution & Control Phase. They are completed by any project team member who identifies a risk and they are forwarded to the Project Manager for review. The Project Manager determines whether the information provided in the form is adequate and if not he/she asks for more information to be provided.

Normally the Risk Form includes:

Name of the Project
Description of the risk identified
Rating of risk likelihood and impact
Proposal for preventive and contingency actions 
Section for approval.
Roles and Responsibilities. It refers to the roles and responsibilities of all human resources involved in the identification, review and mitigation of risks within the project.

Indicative roles and responsibilities are:

Risk Originator

The risk originator identifies a risk and reports it to the Project Manager, so he is responsible for:

identifying risks,
documenting them (refer to Risk Form – Annex 7-6) and
submitting the Risk Form to the Project Manager for review.

Project Manager

The Project Manager is responsible for:

reviewing all Risk Forms submitted by the risk originators
registering all risks at the Risk Log
presenting the identified risks and the recommended actions to the Project Steering Committee
communicating the decisions made by the Project Steering Committee to the people who are assigned to perform preventive/ contingency actions
monitoring the progress of the preventive/ contingency actions assigned
evaluating the results of the performed preventive/ contingency actions

Project Steering Committee

The Project Steering Committee is responsible for:

reviewing all risks presented by the Project Manager
allocating risk preventive/ contingency actions

Project Team

The project team members are responsible for undertaking all the actions delegated to them by the Project Steering Committee. 




© 2007 Republic of Cyprus, Treasury of the Republic, Public Procurement Directorate
Home Page | Government Web Portal | Disclaimer | Webmaster