Steps in Developing a Risk Management Plan

Steps in Developing a Risk Management Plan

Developing a risk management plan is just a matter of following the following five steps. By beginning with the previously defined 12 risk categories, the analyst ranks and sorts the risks into a manageable set. The plan then is a direct result of the risk identification, categorization, and prioritization processes.

Step 1

Using these categories, construct a risk categorization table. A project team might use this table to review categories of risk for their project. It also provides the team with a set of factors to examine, and provides slots for them to decide which factors are relevant and what evidence they have. As the organization learns more about its performance it may decide on ways to compare ratings on a given project with its prior history. It may determine a total-rating count, or number of risks, or some combination of number and level of impact that predict project failure or success. This table is the starting point for identification of specific risks on each project.

Step 2

Rank the risk to the project for each category:

●  Risk factors and areas - Under each category, this column lists category risk factors.

●  Low risk evidence (L) - This column has characteristics of this factor when it can be considered low risk to the project.

●  Medium risk evidence (M) - This column has characteristics of this factor when it provides a medium risk.

●  High risk evidence (H) - This column has characteristics of this factor when it should be considered high risk.

●  Rating - Select the level of risk (example: H, M, L or 3, 2, 1) applicable to this project.

●  Comments - Provide information about project specifics that support the rating choice.

Note that in some cases, evidence in one category for high risk may be evidence for low risk in another. For instance, support for organization goals or use of new technologies may be taken either way, depending on the situation.

Table 1 shows the risk factors and categories with their respective evidence of low, medium, and high risk. This table is a template used as a starting point for any software development project. Categories, factors, and evidence can easily be modified within this framework for any project.

Step 3

Sort the risk table in order of risk with high-risk items first. For the top ten risks and all risks rated "high" if more than ten, calculate the risk exposure. These are your key risks. Identify means to control each key risk, establish ownership of the action, and the date of completion. Integrate the key risks into the project plan and determine the impacts on schedule and cost.

Step 4

Establish a regular risk report format for weekly project status meetings. At a minimum, show the status of the top ten ("Analyzing and Quantifying Risks" Table 2), the ranking of each from the previous week, and the number of weeks on the list. Show the risk response report ("Analyzing and Quantifying Risks" Table 1) and the risk change report. Table 2 shows this report with the change in rankings and the resolution progress.

Risk Categorization Table

Weekly Risk Change Report

Step 5

The final step is to ensure that risk management is an ongoing process within your project management. Monitoring and control of the risk list must be done on a regular basis. The project manager and team must be aware of the identified risks and the processes for resolving them. New risks must be identified as soon as possible, prioritized, and added-on to the risk management plan. High-priority risks must be worked on with respect to the overall project plan.


project management, risk management, risk table, project plan
The contents available on this website are copyrighted by TechPlus unless otherwise indicated. All rights are reserved by TechPlus, and content may not be reproduced, published, or transferred in any form or by any means, except with the prior written permission of TechPlus.
© Copyright 2018 SPMInfoBlog.
Designed by TechPlus