The risk management plan is a component of the project management plan that describes how risk management activities will be structured and performed. The risk management plan may include some or all of the following elements:
1. Risk strategy . Describes the general approach to managing risk on this project. Andrea
The general approach to manage risk on this project will be to identify as many risks as possible early on the project. To do this, we’ll first determine which are the areas that could present a risk from the activities carried out for each. From there, risks will be identified, categorized and prioritized. We will determine the probability of occurrence and impact of each, and then plan an appropriate response accordingly.
2. Methodology . Defines the specific approaches, tools, and data sources that will be used to perform risk management on the project. Andrea
· Risk identification brainstorming session among the members of the group to think about ‘What could go wrong?’. For this we will construct an RBS to determine which areas could propose a risk.
· Risk assessment we will prioritize our risk management plan by determining the probability and impact of each risk. This will be done through a qualitative and quantitative analysis of each of the risks identified.
· Risk response Finally, we’ll have our risk register, which will compile all the information above, as well has help us on determining a response for each situation.
3. Roles and responsibilities . Defines the lead, support, and risk management team members for each type of activity described in the risk management plan, and clarifies their responsibilities. Vismay
4. Funding . Identifies the funds needed to perform activities related to Project Risk Management. Establishes protocols for the application of contingency and management reserves. Vismay
5. Timing. Defines when and how often the Project Risk Management processes will be performed throughout the project life cycle, and establishes risk management activities for inclusion into the project schedule. Zhiqi
6. Risk categories. Provide a means for grouping individual project risks. A common way to structure risk categories is with a risk breakdown structure (RBS), which is a hierarchical representation of potential sources of risk (see example in Figure 11-4). An RBS helps the project team consider the full range of sources from which individual project risks may arise. This can be useful when identifying risks or when categorizing identified risks. The organization may have a generic RBS to be used for all projects, or there may be several RBS frameworks for different types of projects, or the project may develop a tailored RBS. Where an RBS is not used, an organization may use a custom risk categorization framework, which may take the form of a simple list of categories or a structure based on project objectives. Andrea – RBS
Risk Breakdown Structure (RBS)
7. Stakeholder risk appetite. The risk appetites of key stakeholders on the project are recorded in the risk management plan, as they inform the details of the Plan Risk Management process. In particular, stakeholder risk appetite should be expressed as measurable risk thresholds around each project objective. These thresholds will determine the acceptable level of overall project risk exposure, and they are also used to inform the definitions of probability and impacts to be used when assessing and prioritizing individual project risks. Andrea
There are two main areas to be identified with regards to the senior management risk appetite: budget and schedule. The senior management has specified that:
· Budget the total budget for the event is $20,000, from which $500 should be used for risk management. However, there’s a high tolerance for risks when it comes to the budget.
· Schedule the event should be planned and executed in 6 months, and there is no tolerance for the tam to go out of schedule. The event date can’t be change.
8. Definitions of risk probability and impacts. Definitions of risk probability and impact levels are specific to the project context and reflect the risk appetite and thresholds of the organization and key stakeholders. The project may generate specific definitions of probability and impact levels or it may start with general definitions provided by the organization. The number of levels reflects the degree of detail required for the Project Risk Management process, with more levels used for a more detailed risk approach (typically five levels), and fewer for a simple process (usually three). Table 11-1 provides an example of definitions of probability and impacts against three project objectives. These scales can be used to evaluate both threats and opportunities by interpreting the impact definitions as negative for threats (delay, additional cost, and performance shortfall) and positive for opportunities (reduced time or cost, and performance enhancement). Vismay – Probability and impact scale definitions for time, cost, and quality
9. Probability and impact matrix. Described in Section 220.127.116.11. Prioritization rules may be specified by the organization in advance of the project and be included in organizational process assets, or they may be tailored to the specific project. Opportunities and threats are represented in a common probability and impact matrix using positive definitions of impact for opportunities and negative impact definitions for threats. Descriptive terms (such as very high, high, medium, low, and very low) or numeric values can be used for probability and impact. Where numeric values are used, these can be multiplied to give a probability-impact score for each risk, which allows the relative priority of individual risks to be evaluated within each priority level. An example probability and impact matrix is presented in Figure 11-5, which also shows a possible numeric risk scoring scheme. Zhiqi – with scoring scheme