Develop Risk Management Plan


Description
During the Plan Stage, the project team identifies all significant project risks known during the planning stage and determines the likelihood, impact, and response strategy associated with each risk. Additionally, the team identifies processes and roles to control risks during the Execute and Control Stage of the project. Results are documented in the Risk Management Plan and Risk Register.
Rationale/Purpose
Factors that cause a risk to be realized may occur throughout the project life cycle. A Risk Management Plan helps assure satisfactory project results by specifying a process to follow during the Execute and Control Stage for detecting the occurrence of these factors and for responding to the resulting realized risks.
Who is involved
Project Manager
Project Team
Project Sponsor
Customer
Project Stakeholders
Result
  • Risk Management Plan component of the Project Plan
  • Risk Register


  • Recommended actions and strategies

    What to do
    How to do it
    1
    Hold risk management planning kickoff meeting
    Engage key stakeholders and risk management decision makers as identified in the Initiate Stage for every step in the Risk Management Plan development.

    Prepare a straw model of Risk Management Plan components and key decisions based on the steps noted below.

    Prepare an agenda to review the risk management strategy and key components to be decided for the Risk Management Plan.

    Hold the risk management planning kickoff meeting, document outcomes, and determine additional steps and assignments to complete the Risk Management Plan.
    2
    Expand general areas of risk for the project into a detailed list of risks
    Begin with the areas of risk identified in the Initiate Stage. Expand the list to identify all specific risks known within each area. Make the list as comprehensive as possible at this stage.
    The list will be continually updated throughout the Execute and Control Stage of the project as more is known about additional risks or risks that are no longer pertinent.
    3
    Set guidelines for risk analysis approach
    With reference to the organization’s general disposition toward risk likelihood and impact categories, set guidelines that define what type and level of analysis is needed.
    Options for type of analysis include:
    • A qualitative analysis of a risk, which determines the factors that would cause the deviation, the likelihood of its occurrence, and the impact were it to occur.
    • A quantitative analysis of a risk, in which its likelihood is expressed as a probability and the impact of the deviation is expressed as a monetary value. Although the quantitative analysis of risk can be indispensable for highly complex projects, detailed discussion is beyond the scope of the PMA. See the references section below for sources of further information.
    The option chosen for level of analysis depends on how comprehensive an assessment is needed for the particular project. Examples include:
    • Careful research or reliance on industry expertise regarding risks for projects of this nature.
    • General sense of the key stakeholders regarding the risks for this project.
    4
    Define risk likelihood categories
    Risk likelihood categories can either be general “qualitative” measures, such as a scale from extremely unlikely to extremely likely, or specific “quantitative” ranges of probabilities.
    5
    Define risk impact categories
    Risk impact categories can either be expressed as general “qualitative” measures, such as an indication of what areas of the project deliverables or organization would be impacted, or as specific “quantitative” measures, such as monetary impacts.
    6
    Establish risk likelihood and impact values for each risk
    Assess and assign risk likelihood and impact values to each risk based on the categories defined. Document risk likelihood, impact, and type of analysis required (i.e., qualitative or quantitative) for each risk in a risk register.
    7
    Define the response for each risk
    For each risk, judge the likelihood and impact and determine an appropriate response strategy. List the response strategy and a specific response action in the risk register.
    Response strategies fall into four categories:
    • Avoidance. The avoidance strategy eliminates the possible deviation by changing the project deliverables against which the deviation is defined.
    • Mitigation. The mitigation strategy sets out to alter the likelihood or the impact of the risk.
    • Transference. The transference strategy transfers the impact of the deviation to a third party.
    • Acceptance. The acceptance strategy merely acknowledges the risk, but does not specify any immediate action to take in response to the risk, although a contingency plan should be defined.
    Examples of specific response actions for each strategy include:
    • Avoidance: For a negative risk, one could decide not to undertake the deliverable. For a positive risk or opportunity, one could exploit the opportunity by incorporating it into the project as a planned deliverable.
    • Mitigation: For negative risks, take steps to reduce the probability that risk factors will cause a deviation from the project plan or to reduce the amount of deviation. For a positive risk, such as a cost savings opportunity, take steps to increase the likelihood or amount of the cost savings.
    • Transference: Purchasing insurance is a classic risk transference strategy. On the positive side, a plan to share possible cost savings with a vendor as an incentive is an example of transference.
    • Acceptance: Merely note that the risk is accepted.
    8
    Define risk management roles, responsibilities, and competencies
    Typical roles include:
    • Risk manager
    • Risk response decision maker
    Note any special expertise or level of responsibility associated with each role.
    For large projects, responsibilities may be divided among several people based on their specializations.
    9
    Determine how aggressively to manage risk for this project
    Identify significant risks for this project as follows:
    • Based on areas of risk so noted in the risk management strategy, identify specific risks for which there is a low tolerance or threshold and note this in the risk register.
    • Based on the likelihood and impact for each of these risks, determine how significant they are to the success of the project.
    • Determine if any of these risks are unacceptable and if there are implications for continuing the project.
    • Evaluate these findings with the risk management decision makers and recommend any pertinent actions.
    Determine frequency to monitor for factors that could cause a risk to be realized and any associated response procedures.
    Determine frequency for reviewing and updating the risk register.
    10
    Define logging, monitoring, and reporting requirements
    Typical requirements include:
    • Components of a risk register record
    • Risk log mechanism (e.g., spreadsheet, automated system)
    • Risk factor monitoring and reporting frequency
    11
    Establish guidelines for communicating realized risks and responses to key stakeholders
    Control of risks should be communicated clearly throughout the project. The plan that describes to whom and how this communication will occur should appear in the risk management plan and again in the project’s communication plan (if only by reference).
    12
    Estimate total effort to manage risk and adjust project budget and schedule
    Estimate total project effort (e.g., staff, time, etc.) required to address the expected total impact of all risks. Incorporate estimates into the project’s staffing plan, schedule, and budget.

    Additional resources - Bibliography
    Note: These resources can also be found in the Project Management section of the DoIT Resource Center.
    A Guide to the Project Management Body of Knowledge, 3rd edition. Project Management Institute. 2004.
    Mulcahy, Rita, Risk Management: Tricks of the Trade for Project Managers, RMC Publications. 2003.
    Wideman, R. Max, editor. Project & Program Risk Management: A Guide to Managing Project Risks and Opportunities. Project Management Institute. 1992.




    Risk Management Plan

     

    Project Name:  Project Management Improvement

      

    EXAMPLE
      
    Disclaimer:  This example is based on the Project Management Improvement project, but is not necessarily an actual case for that project.




    Document Change Control
     

    The following is the document control for revisions to this document.
    Version Number
    Date of Issue
    Author(s)
    Brief Description of Change
    1
    1/5/2007
    Person -A
    Initial Plan











    Definition
     

    The following are definitions of terms, abbreviations and acronyms used in this document.

    Term
    Definition














    Table Of Contents
    1. General assessment and approach.. 1
    2. Risk management definitions.. 1
    3. Roles and responsibilities.. 2
    4. The risk management process.. 2
    5. Tools.. 3

    1. General assessment and approach

     

    The general level of risk to this project is low.  While some risks are present, the expected impacts are minimal and key stakeholders have a high tolerance for the known risk areas.

    The project will use a minimal, qualitative approach to risk management including:
    ·         Periodic monitoring for the realization of risks identified in the risk register
    ·         Notification of key stakeholders if any realized risks will cause delays
    ·         Steady management of stakeholder expectations to keep the project on track


    2. Risk management definitions

     

    The project will use the following definitions, categories, and response strategies to manage risk:

    Risk Likelihood Categories
    Qualitative measures used include: high, medium, low.
    Risk Impact Categories
    Qualitative measures used include: high, medium, low.
    Response Strategies
    Response strategies used include:
    • Avoidance. The avoidance strategy eliminates the possible deviation by changing the project deliverables against which the deviation is defined. For a negative risk, this could mean deciding not to undertake the deliverable. For a positive risk or opportunity, this could mean exploiting the opportunity by incorporating it into the project as a planned deliverable.
    • Mitigation. The mitigation strategy sets out to alter the likelihood or the impact of the risk. For negative risks, steps may be taken to reduce the probability that risk factors will cause a deviation from the project plan or to reduce the amount of deviation. Taking steps to increase the likelihood or amount of a cost savings may be a sensible response to a cost savings opportunity.
    • Acceptance. The acceptance strategy merely acknowledges the risk, but does not specify any action to take in response to the risk.

    The project will not use a transference strategy.

    3. Roles and responsibilities

     


    The risk manager role is assigned to the project manager, who is responsible to
    • evaluate and adjust the risk register periodically
    • monitor project and recognize the occurrence of factors that result in realized risks
    • track and facilitate the timely response to realized risks
    • communicate realized risks to the project team and others
    • report risk management activity according to communications plan


    The risk response decision makers role is assigned to the project sponsors, who are responsible to
    • approve responses to realized risks
    • request further evaluation if insufficient information is available to support the decision

    4. The risk management process

     

    For each risk identified in the risk register the following process will be followed.

    4.1 Monitor for occurrence of risk factors:  The risk manager will periodically scan for the occurrence of risk factors that may cause a realized risk specified in the risk register.  This process will be informal, but the risk manager will be attentive to the occurrence of these factors for the duration of the project.

    4.2 Evaluation:  For any occurring factor, the risk manager will determine if the associated risk is realized and make a preliminary determination of the impact.

    4.3 Consultation:  The risk manager will consult with risk decision makers during regularly scheduled project status meetings or via e-mail communications and confirm response based on consultation.

    4.4 Response:  The risk manager will take any action needed to implement the response indicated in the risk register for the realized risk.

    4.5 Logging:  For any occurring factor, the risk manager will log the factor, the associated risk, and the response taken in the project’s regular status reports.  Due to the informal risk management approach and the low impact of risks, the risk manager will not maintain a risk control log for this project.

    4.6 Communication:  The key stakeholders and risk decision makers will be notified of realized risks through regularly scheduled status reports.  If a particular risk is determined to need more immediate attention, the risk manager will notify stakeholders and decision makers via e-mail.  A summary of any significant realized risks will be announced in weekly team meetings.

    5. Tools

     


    Risk register form

    See attached risk register example.


    Risk control log

    Risk control log will not be used for this project

Hiç yorum yok:

Yorum Gönder

Kaydol: Yorumlar (Atom)