Risk Management Plan

Posted on July 15, 2009 by


The Risk Management Plan is a document used by project managers to provide guidance on handling risk throughout a project, and because this includes early risks, it should be created early in the project’s planning phase. It is the only output of the Plan Risk Management process, which is one of the 42 project management processes described in the fourth edition PMBOK®. There is only one tool utilized in developing the Risk Management Plan—Planning Meetings and Analysis—which indicates that the quality of this plan is dependent on the productive meetings of thoughtful individuals. Resources that may be used by these individuals include the Project Scope Statement, Cost Management Plan, Schedule Management Plan, Communications Management Plan, Enterprise Environmental Factors, and Organizational Process Assets. The Project Scope Statement is referenced to better understand the project and its deliverables as every project has a unique set of risks. A project that involves unchartered territory will have more unknowns involved than a more routine project based on a history of similar projects. Understanding the contingencies in place for risks affecting the budget and schedule can be accomplished through examining the Cost Management Plan and the Schedule Management Plan. Knowing with whom to discuss project risks and responses may be found in the Communications Management Plan. Enterprise Environmental Factors includes risk attitudes of the stakeholders, and organizational process assets includes risk templates, definitions, and categories used by the organization. There is much included in the Risk Management Plan, such as: Methodology, Roles and Responsibilities, Budgeting, Timing, Risk Categories, Definitions of Risk Probability and Impact, Probability and Impact Matrix, Revised Stakeholders’ Tolerances, Reporting Formats, and Tracking. Risk Categories may be in the form of a Risk Breakdown Structure (RBS). The Risk Management Plan is an input to the following processes: Identify Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, and Plan Risk Responses. Monitor and Control Risks lists the Project Management Plan as an input rather than specifically listing the Risk Management Plan, but mentions that the Risk Management Plan is contained there. So all the other risk processes use the Risk Management Plan, but it is not listed as an input to any processes other than the risk processes. Also see the earlier posting of Plan Risk Management Process (posted March 26, 2009).