Introduction to Project Risk Management Plan
Project Risk Management Plan – They say, “Precaution is better than cure” and this holds to be true in every walk of life. Be it the time when you own a project or you’re off studying for an exam, taking remedial measures at the very start of your work can help you gain a head-start as well as avoid the mishaps and catastrophic events later on, when you’re knee-deep into the commitment. This is the same in the case of projects nowadays, where you need to take some measures ahead of going on with the project in order to save on running into risks, which can completely throw your plans away.
Image source: pixabay.com
Project risk management plans are these thought-of mappings that can identify, anticipate, and employ solutions in case the project runs into issues/problems. A good project risk management plan can face unexpected problems that arise, as the planner has taken into consideration all the possible scenarios that can go wrong while executing the project. Firefighting isn’t always the best way and can cause detrimental damage to further phases within the project.
An excellent project risk management plan can decrease the level of problems affecting the project by around 80% – 90%, which is a good range to be in. The 20% – 10% can always be the marginal risk percentage that is unaccounted for. In this article, you will look through project risk management plans and how to develop a well-thought plan for your project.
What is Risk?
Wikipedia defines risk to be…
“…the potential of gaining or losing something of value.”
With this definition, it quickly strikes me that a risk can pay off in two different ways: you can either gain magnanimously from it or go plunging down in loss. But, we normally perceive risk in the most negative connotation at all times and always plan to mitigate this negative risk that we anticipate. What happens when the risk you take pays off? A complete understanding of the risk your project is subjected to will even make you plan for sudden success that would need a lot of controlling and management.
Simply put, Wikipedia also defines risk to be “an unintentional interaction with uncertainty”. In the case of projects and project management, risk is that factor which is a potential threat to the successful completion of the project, on schedule. A risk can occur during any stage in the project life cycle and can adversely affect the entire functioning of the project, leading it to deviate from the proposed plan.
These adverse effects can be a constant or momentary threat to the time, budget, resources, or even quality conferred upon the project. A project is always in a state of risk and project risk management contributes in identifying and taking actions against these risks at the right time, in the right manner. Controlling and managing the levels of risks and uncertainty are what a project risk management plan will look out for, and we will cover these aspects in the following sections.
What is a Project Risk Management Plan?
After having a quick go into risk and its management, it comes up as essential for any project on the line to include a plan to manage the risks anticipated for that project. All projects have a percentage of risk hovering them and it always falls in need to have a project risk management plan at hand.
It is basically a step-by-step instructional document, identifying and anticipating scenarios that can put the project at risk and find ways and means of solutionizing the risk. The project risk management plan summarizes the project risk management approach that has been adopted by the project manager and the team, and this project risk management plan is usually part of the project business plan, which is created at the start of the project.
The project risk management plan at all times would contain the following attributes and elements:
- Process – This is the entire process that will be adopted in order to identify, analyze, evaluate, and mitigate risks throughout the project life cycle.
- Budget – There is always risk on costings of the project, as when the project starts there are bound to be changes as the project’s proceeds. The method of dealing with such a change needs to be elaborated in the project risk management plan.
- Work Breakdown Structure – The strategies involved in the project risk management are to be transferred to the WBS. How and when needs to be included in the project risk management plan.
- Risk Register – The frequency of reviewing the risk register is to feature in the project risk management plan.
- Roles and Responsibilities – When the project runs into an issue with risk attached to it, the plan will let the project member know who is in-charge of which scenario.
- Reporting Structure – This is the same as with the roles and responsibilities but briefly elaborates on the reporting structure in the situation of encountering a risk and in whose hands do the decisions need to lie.
- Risk Categories – Risk needs to be carefully categorized and slated for proper organization of information.
Developing a Project Risk Management Plan
The Project Risk Management Plan effectively defines the “how” when it comes to risk processes and structuring throughout the project life cycle. It will also consists of the following:
- Analysis or anticipation report of likely risks
- Solutions or mitigation strategies that vary from high impact risks to low impact risks
All these with one goal in mind—avoiding the project from facing derailment.
There are 6 basic steps that need to be followed in order to develop an all encompassing and successful project risk management plan. They are as follows:
Identifying the Risk and Creating a Risk Register
Before you think about managing and mitigating risks, it’s important that you know them and identify them correctly. If you miss on a risk while identifying possible threats, you are putting the project and its completion at risk itself.
To be able to completely identify all risks, you can adopt the method of first defining categories that these risks can fall into, for example, project risks, corporate risks, business risks, budget risks, system risks, people risks, business objective risks, and much more. These can be further sub categorized into more precise categories for easy identification. Another method of categorization can be on terms of the risk being external or internal. The PEST method is also widely used in the industry: division based on political, economical, social, and technological factors.
Use a brainstorming session with the project team members, subject matter experts, and stakeholders to gain an insight into categories and proper identification of risks. The SMEs can be executives from an outside perspective looking in the project.
All the identified risks are detailed down into the Risk Register and a level is attached to each risk put down. These levels are based on the likely occurrence of the risk in the due course of the project life cycle and its seriousness. The risk register contains the following information about each risk associated with the project and goes through the all the phases of project risk management:
- Unique identification
- Brief description
- Level of impact to the project
- Possible frequency of occurrence
- Individuals responsible for managing the risk
- Mitigation plan
- Budget allocated
Analyzing and Evaluating Risks
Once you’ve identified the risks associated to the project, your next step is to analyze and evaluate each risk to determine their effect on the successful completion of the project. Risks should be analyzed and evaluated considering the following 2 criteria:
- Level of Impact
Project managers are urged to rate each risk listed into the risk register on the scale of low, moderate, and high likely occurrence rate and low, moderate, and high seriousness of impact rate. They can create a matrix to chart out these evaluations so as to gain a wholesome idea about the risks and their influence on the project.
This grading and rating on matrices can be later used to prioritize the different types of risks and enable the project manager to put measures in place within the project risk management plan. The grades assigned to the project risks can be either in grades or numerical ratings as deemed comfortable by the project team and organization.
Identifying Risk Triggers
Broadly divide your team into subgroups that will take care of each risk, should they occur as you have predicted them to be. These subgroups will have to study their risks in a deeper sense and recognize the triggers for these risks and signs of warning, which can tell the project team that their project is running into danger.
Tip: As a standard practice, document 3 triggers for each risk allotted in the risk register.
At this stage, the project manager can determine the roles and responsibilities that each team and the team members take up when faced with a risk scenario. Authoritative power is given to individuals to manage and settle the budgets for each risk and they are responsible for coming up with ideas and a plan for those ideas, with the project manager in tow.
Roles and responsibilities can be distributed based on the department, working title, or expertise of the individual or team. Try and include all project stakeholders as well to gain their insight and expertise on the project risk management plan. These individuals can even highly contribute to identification of these risk triggers that can be enlisted later on in the project risk management plan.
Brainstorming for Solution Ideas
Each team now takes up their risks and brainstorms into ideas that subdue the threats. These should be preventive measures or contingency plans taken by the team at the start of the project, to decrease or eliminate the effects these risks have on the completion of the project. The team should think about tapping the opportunities that come their way, as mentioned in the project plan in the planning phase of the project life cycle.
Opportunities are most often the positive risks in the project and, more so often, these opportunities can in fact neutralize the negative risks that we focus on. Project managers should urge the project risk management team, through ways of the project risk management plan, to pay close attention to even the opportunities to mitigate risks.
Based on the collective ideas that comes from the various departments and minds that have worked on it, the project manager then needs to make a decision as to frame a plan of action (POA) for the solutions. This is what we will discuss in the next step, which is the Creating a Plan!
Creating a Plan
The risks are identified, the possible solutions or measures are taken into account, what is left to create is an action plan for these. This action plan is the fundamental unit of the project risk management plan, and for a project manager owning this plan, they will need to document all the possible solutions to all the different risks identified across the project. These plans are basically risk mitigation strategies in ploy to keep the risks at bay.
These risk mitigation strategies will either reduce the chances of the risk being accomplished or will reduce the impact of the risk at hand. These risk mitigation strategies are born out of the ideas belted out the brainstorming session held. There are two types of mitigation strategies. They are as follows:
- Preventative – This type of strategy answers the question: “what should you do now?” This strategy is designed in a manner so as to reduce the likelihood of the risk or seriousness of the risk way before the risk is even realized.
- Contingency – These are planned actions in the event of the risk being realized. In short, it answers the question: “what should be done if…?”
The risks that are at the highest priority will need to be attended to first by the project manager and their mitigation plans need to be realized before the project starts, or as per the action plan. The risks with a lower priority can be taken care of later, but cannot be ignored or neglected.
The risk register should record and document all the risks, the assignee’s to the risks, the action plan to be implemented, and cost associated to these risks.
Monitoring and Reviewing Risks
While the project proceeds as per the project plan, alongside runs the project risk management plan, taking care of all the risks that the project might encounter on its way to completion. Since all the proceeds of the project risk management plan is documented in the risk register, it’s important to review this document at regular intervals of time. Consider the review period to be fortnightly.
But why monitor and review? As the project progresses, there is a fair chance that the project might encounter or realize many more risks or the risks slated in the register may need a change.
It is an iterative process and should be seamlessly woven into the management of your entire project. It should be closely integrated to the issue management framework because unresolved issues slowly succeed to become potential risks.
This is a guide to Project Risk Management Plan. Here we have discussed the basic concept, 6 ways to develop Project Risk Management Plan in detail. You may look at the following articles to learn more –