Planning- Project Management Plan
- Change Management Plan
- Project Roadmap
- Scope Management Plan
- Requirements Management Plan
- Requirements Documentation
- Requirements raceability Matrix
- Project Scope Statement
- Work Breakdown Structure
- WBS Dictionary
- Schedule Management Plan
- Activity list
- Activity attributes
- Milestone list
- Network diagram
- Duration estimates
- Duration estimates worksheet
- Project schedule
- Cost management plan
- Cost estimates
- Cost estimating worksheet
- Cost baseline
- Quality management plan
- Quality metrics
- Responsibility assignment matrix (RAM)
- Resource management plan
- Team charter
- Resource requirements
- Resource breakdown structure
- Communications management plan
- Risk management plan
- Risk register
- Risk report
- Probability and impact assessment
- Probability and impact matrix
- Risk data sheet
- Procurement management plan
- Procurement strategy
- Source selection criteria
- Stakeholder engagement plan
Risk management plan
The risk management plan is a component of the project management plan. It describes how risk man- agement activities will be structured and performed for both threats and opportunities. Typical information includes:
- Risk strategy
- Methodology
- Roles and responsibilities for risk management
- Funding to identify, analyze, and respond to risk
- Frequency and timing for risk management activities
- Risk categories
- Stakeholder risk appetite
- Definitions of probability
- Definitions of impact by objective
- Probability and impact matrix template
- Methods to track and audit risk management activities
- Risk report formats
The risk management plan can receive information from:
- Project charter
- Project management plan (any component)
- Stakeholder register
It provides information to:
- Cost management plan
- Quality management plan
- Risk register
- Stakeholder engagement plan
The risk management plan is an input to all the other risk management processes. It describes the approach to all other risk management processes and provides key information needed to conduct those processes successfully.
The risk management plan is an output from process 11.1 Plan Risk Management in the PMBOK® Guide – Sixth Edition. It is developed once and does not usually change.
Tailoring tips
Consider the following tips to help tailor the risk management plan to meet your needs:
- For a small, simple, or short-term project you can use a simplified risk register with a 3 × 3 probability and impact matrix. You would also include risk information in the project status report rather than a separate risk report.
- For larger, longer, and more complex projects you will want to develop a robust risk management process, including a more granular probability and impact matrix, quantitative assessments for the schedule and budget baselines, risk audits, and risk reports.
- Projects that are using an agile approach will address risk at the start of each iteration and during the retrospective.
Alignment
The risk management plan should be aligned and consistent with the following documents:
- Scope management plan
- Schedule management plan
- Cost management plan
- Quality management plan
- Resource management plan
- Procurement management plan
- Stakeholder engagement plan
| Document element | Description |
| Strategy | The general approach to managing risk on the project |
| Methodology | Describe the methodology or approach to the risk management. This includes any tools, approaches, or data sources that will be used. |
| Roles and responsibilities | Document the roles and responsibilities for various risk management activities. |
| Risk categories | Identify categorization groups used to sort and organize risks. These can be used to sort risks on the risk register or for a risk breakdown structure, if one is used. |
| Risk management funding | Document the funding needed to perform the various risk management activities, such as utilizing expert advice or transferring risks to a third party. Also establishes protocols for establishing, measuring, and allocating contingency and management reserves. |
| Frequency and timing | Determine the frequency of conducting formal risk management activities and the timing of any specific activities. |
| Stakeholder risk appetite | Identify the risk thresholds of the organization(s) and key stakeholders on the project with regard to each objective. |
| Risk tracking and audit | Document how risk activities will be recorded and how risk management processes will be audited. |
| Definitions of probability |
Document how probability will be measured and defined. Include the scale used and the definition for each level in the probability scale. The probability definitions should reflect the stakeholder risk appetite. For example: Very high = there is an 80 percent probability or higher that the event will occur High = there is a 60–80 percent probability that the event will occur Medium = there is a 40–60 percent probability that the event will occur Low = there is a 20–40 percent probability that the event will occur Very low = there is a 1–20 percent probability that the event will occur
|
| Definitions of impact by objective | Document how impact will be measured and defined for either the project as a
whole or for each objective. The probability definitions should reflect the stake- holder risk appetite. Include the scale used and the definition for each level in the impact scale. For example: Cost Impacts: Very high = overrun of control account budget of >20 percent High = overrun of control account budget between 15–20 percent Medium = overrun of control account budget between 10–15 percent Low = overrun of control account budget between 5–10 percent Very low = overrun of control account budget of <5 percent |
| Probability and impact matrix | Describe the combinations of probability and impact that indicate a high risk, a medium risk, and a low risk and the scoring that will be used to prioritize risks. This can also include an assessment of urgency to indicate how soon the risk event is likely to occur. |
