The components of a risk plan

- Murphy's Law states if anything can go wrong, it will. Well, I believe Murphy has relatives, and they all live in project circles. Doesn't take much for risk to haunt your project. So, to control this potential chaos, you build a risk plan. A risk plan is a document that describes how project risk management will be structured and performed on a project. I've included a sample plan in the exercise files, and shortly, I will talk you through an example based on that plan structure.

First, your risk plan needs to describe your risk identification approach. The most common way to do this is to run a risk identification workshop. Get a group together, including sponsors and project team members, and brainstorm risks. You could use risk registers from prior projects as a start. The second element of a risk plan is to capture how you'll describe the risks. For example, you'll want to capture the characteristics of the risks. Characteristics include categories like personnel or technical issues.

You might also capture the nature of impact to the project should the risk occur. Schedule, cost, and scope are common impact descriptions. The third element of your risk plan is to document how you will perform qualitative and quantitative risk analysis. Qualitative analysis is when you prioritize risks based on their probability and impact of occurring. Quantitative analysis is when you estimate their effects on project objectives. Here's an example of a qualitative analysis.

The risk is, will a power outage impact the installation of your deliverables. If so, what impact would this have on your project? What's the likelihood of it occurring? To do this efficiently, I suggest you use high, medium, and low to answer each of those questions. You don't need to get overly detailed at this point. After this qualitative analysis, you take a further look at your significant risks via a quantitative analysis. You try to quantify the impact.

By doing the quantitative analysis you can assess how much you could spend to try and reduce the risk. Using our power outage example, you don't want to use $10,000 to buy a power generator to prevent the power outage risk that will cost $5,000 if it occurs. The fourth element of a risk plan is the approach you'll take to address each significant risk. For example, will you purchase the power generator to avoid a total power outage, or will you schedule alternate installation times in the event of a power disruption.

The last element of your risk management plan is how you will monitor and update risks as your project progresses. This section describes things like regular risk assessment meetings to keep on top of changing risks. It also describes how you'll update and communicate new risk status items on your project. Using these elements to create and manage your risk plan will put you on solid ground to handle risks, and uninvite all the Murphys from your project party.