Risk management in Project & Planning

                                      RISK  MANAGEMENT  IN PROJECT  & PLANNING


In businesses, risk management entails organized activity to manage, uncertainity and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies. The Risk Management Plan is dependant upon the identification of the projects risks, their criticality, status, strategy and status.The good news is that managers can make project and planning as one of their strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.


              Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks In some cases the acceptable risk may be near zero. Risks can come from accidents, natural causes and disasters as well as deliberate attacks from an adversary. The main ISO standards on risk management .In businesses, risk management entails organized activity to manage,uncertainity  and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies. The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular.

 Project Risk Management

A risk is something that may happen and if it does, will have a positive or negative impact on the project. A few points here. “That may happen” implies a probability of less then 100%. If it has a probability of 100% – in other words it will happen – it is an issue. An issue is managed differently to a risk and we will handle issue management in a later white paper. A risk must also have a probability something above 0%. It must be a chance to happen or it is not a risk. The second thing to consider from the definition is “will have a positive or negative impact”. Most people dive into the negative risks but what if something goes right?

 Management Plan

There are four stages to risk management planning. They are: ·

  • Risk Identification
  • Risk Response
  • Risk Monitoring and Control

Risk Identification

          There are different sorts of risks and we need to decide on a project by project basis what to do about each type. Business risks are ongoing risks that are best handled by the business. An example is that if the project cannot meet end of financial year deadline, the business area may need to retain their existing accounting system for another year. The response is likely to be a contingency plan developed by the business, to use the existing system for another year. Generic risks are risks to all projects. For example the risk that business users might not be available and requirements may be incomplete. Each organisation will develop standard responses to generic risks.

Risk Response

There are four things you can do about a risk. The strategies are:

  • Avoid the risk. Do something to remove it. Use another supplier for example.
  • Transfer the risk. Make someone else responsible. Perhaps a Vendor can be made responsible for a particularly risky part of the project.
  • Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring. If the risk relates to availability of resources, draw up an agreement and get sign-off for the resource to be available.
  • Accept the risk. The risk might be so small the effort to do anything is not worth while.

A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed.

Risk Control

The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify actions outstanding, risk probability and impact, remove risks that have passed, and identify new risks.

Risk management is not a complex task. If you follow the four steps, you can put together a risk management plan for a project in a short space of time.

Risk Management Plan

 1. Purpose

The purpose of the risk management plan is to document the process and methods that the project team will employ to monitor identified risk, identify and evaluate potential trigger events (indicated an imminent risk event), implement and monitor risk containment strategies and assess on an ongoing basis project progress and activities to identify potential risk events not identified during project plan development.

2. Team Roles & Responsibilities

The project team will review/manage risks in the weekly project status meeting. See the risk log for a listing of identified risk and risk owners.

3. Risk Change Review & Approval Process

As new risks are identified or existing risks expire, the Risk Management Plan will be updated. Risks will be reviewed on a weekly basis in the project status meeting. The plan will be maintained in the project’s SharePoint site.

 What is a Risk Management Plan?

A Risk Management Plan summarizes the proposed risk management approach for the project and is usually included as a section in the business plan. The Risk Management Plan is dependant upon the identification of the projects risks, their criticality, status, strategy and status.  The risk Management Plan describes:

  • the process which will be used to identify, analyze and manage risks both initially and throughout the life of the project;
  • how often risks will be reviewed, the process for review and who will be involved;
  • who will be responsible for which aspects of risk management;
  • how Risk Status will be reported and to whom; and
  • the initial snapshot of the major risks, current grading, planned strategies for reducing occurrence and Severity of each risk (mitigation strategies) and who will be responsible for implementing them .

Why would you develop a Risk Management Plan and Risk Management Table?

A Risk Management Plan and Risk Management Table are developed to:

  • provide a useful tool for managing and reducing the risks identified before and during the project;
  • document risk mitigation strategies being pursued in response to the identified risks and their grading in terms of occurrence and Severity;
  • provide the Executive Sponsor, Steering Committee/senior management with a documented framework from which risk status can be reported upon;
  • ensure the communication of risk management issues to key stakeholders;
  • provide a mechanism for seeking and acting on feedback to encourage the involvement of the key stakeholders; and
  • identify the mitigation actions required for implementation.

 How do you develop a Risk Management Plan?

The following is one way to develop your plan. It consists of a series of steps that become iterative throughout the life of your project. Firstly:

Step 1: Identify the risks

Before risks can be properly managed, they need to be identified. One useful way of doing this is defining categories under which risks might be identified. For example, categories might include Corporate Risks, Business Risks, Project Risks and System Risks. These can be broken down even further into categories such as environmental, economic, human, etc. Another way is to categorize in terms of risks external to the project and those that ar
e internal. For a medium to large project, start by conducting a number of meetings or brainstorming sessions involving (as a minimum) the Project Manager, Project Team members, Steering Committee members, external key stakeholders. It is often advisable to use an outside facilitator for this. Preparation may include an environmental scan, seeking views of key stakeholders etc. One of the most difficult things is ensuring that all major risks are identified. For a small project, the Project Manager may develop the Risk Management Table perhaps with input from the Executive Sponsor/Senior Manager and colleagues, or a small group of key stakeholders. 

 Step 2: Analyze and evaluate the Risks

Once you have identified your risks you should analyze them by determining how they might affect the success of your project.Risks can result in four types of consequences:

1.benefits are delayed or reduced;

2.timeframes are extended;

3.outlays are advanced or increased; and/or

4.output quality (fitness for purpose) is reduced.

Risks should be analyzed and evaluated in terms of occurrence of occurring and Severity of impact if they do occur. Firstly, assess the occurrence of the risk occurring and give this a rating of Low (L), Medium (M) or High (H) occurrence. Once you have rated the occurrence, assess the Severity of the impact of the risk if it did occur and rate at Low (L), Medium (M) or High (H) Severity.


Risk assessment validates that your project will succeed. Software development experts evaluate and test the software-based technical and business risks as they relate to your business, market, and service plans. The significant risks are identified and detailed in comprehensive Risk Event Descriptions. You are also provided with a quantification of each risk’s impact on cost, revenue, and schedule.


People and risk are as integral to farming as are weather, prices and technology. Project and planning must have careful attention if managers are to have a full understanding of their sources of risks and their alternatives for handling risk. Managers’ paradigms, understanding of project and planning resource skills determine the success they will have with people. . The good news is that managers can make project and planning as one of their strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.


Source by U.Archana

Comments are closed.