The risk management plan
The first step in a
project risk assessment
is to establish how risk will be assessed, mitigated and managed, and to create
a risk management plan that documents the approach the project will take.
The risk management plan describes the overall context and approach of the risk
assessment. It includes:
- an overview of the project and its overall approach it will take to manage risk;
- the part of the project’s life that the risk assessment will cover;
- any general assumptions about the project that the risk assessment will make, and
risks it will exclude;
- how risks will be identified and assessed, and how the assessments will be elicited
from the project team;
- how risks will be scored, including any scoring scales that will be used;
- the roles of the project team members and stakeholders in the risk assessment, and
how their usual role in the project will react to it (including who in the team
will take the role of risk coordinator);
- how the risk assessment will be communicated to stakeholders; and
- how the wider organisation is expected to use the risk assessment, and the recommendations
it indicates.
The risk management plan also establishes the base estimate and schedule for the
project, and how it is built up. This is the basis for the risk model (the framework
in which the risks will be assessed). Sometimes the project’s own project execution
plan (PEP) and estimate is used for the base model; other times a high-level schedule
and estimate are created especially for the purpose of the model – building this
high-level logical representation of the project as a team, specifically for the
purpose of discussing risk, can in itself be a valuable exercise. As the project
progresses, and as risk is regularly reviewed, the base model is kept updated throughout
the project.
1-2 days with the appropriate project controls team members (plus a further 1-2
days if special high-level schedule is built) could be expected to produce a concise
and relevant risk management plan for a typical medium-sized project.
Note: These estimates of effort depend on many factors including project complexity,
scope of assessment, team availability, and extent of changes to assumptions during
the assessment process.