Risk Management Planning is about defining the process of how to engage and oversee risk management activities for a project. Risk Management planning is an important part of project management. Having a plan on how to manage risk, allows one to task to plan versus innovating and deciding after the fact and in the midst how to handle a risk. The earlier Risk Management planning is engaged within increases the possibility of success of all risk management activities and processes especially if the process definition was created with input and buy-in from the project manager and key project stakeholders.
The inputs for Risk Management Planning are:
- Project Scope Statement – The Project Scope Statement documents the project scope including a description, major deliverables, project objectives, project assumptions, project constraints, and a statement of work. In Risk Management Planning, the project scope statement is commonly used for identifying project boundaries and assumptions.
- Project Management Plan – The Project Management plan contains the WBS which is used in Risk Management Planning to determine possible areas where risks can occur. For example, if the WBS has usability testing being the last item completed after integrated testing. This is a risk. The usability of the application may have affect on how the information is passed into and out of the application. This could be considered a Project Management Planning Risk.
- Organizational process assets – The organizations’ process assets may contain defined standards and policies pertaining to risk management. Process assets included are risk categories, roles and responsibilities, and processes of how to have a decision made.
- Enterprise environmental factors – Enterprise environmental factors reveal the risk tolerance of the organization and the individuals involved in the project. For example, patient billing departments or leaders commonly have absolutely no risk tolerance for any impact to cash flow. This is especially true in non-for-profit organizations like hospitals. However educators and researchers have a high level or risk tolerance. Therefore in an academic medical center, one could have two ranges of risk tolerance. Understanding how much risk your stakeholders and organization are comfortable with help with decisions regarding the type, level, and amount of risk management to apply in the project.
Once the inputs have been obtained the only tool and technique used to engage in risk management planning is the planning meetings and analysis.
- Planning Meetings and Analysis – The planning meetings are used to construct the risk management plan. Commonly attendees are the stakeholders, team members, and the project manager. The Risk costs and action plans are developed with assignments and risk responsibilities. When facilitating planning meetings a couple of tips are:
- Ensure people can access the inputs to the planning process beforehand – Have a project collaborative a web site and store core project documents including the Project Scope Statement, Project Management Plan, your organization's policies on risk management, and any environmental factors that may affect your project.
- Assure the object is to discuss and make decisions about the risk plan – During the Risk Management Planning meetings it is good to cover the five major elements of risk management. These are:
- Methodology — Define how risks will be identified, how risk analysis (qualitative and quantitative) will be done, how risk response planning will happen, how risks will be monitored, and how ongoing risk-monitoring activities will occur.
- Roles and Responsibilities — Determine who will have responsibility for resolving which risks. Create a matrix, list, or table and assign names. Your organization may already have pre-assigned roles and responsibilities.
- Budget — Determine an order-of-magnitude estimate for how much risk-management activities will cost for the project, based on time estimates and personnel costs, and the size, impact, and importance of your project.
- Schedule — Define when risk-management activities should be done, and schedule them. High-visibility, important projects will require more frequent risk identification and response than low-visibility or routine projects.
- Templates and definitions of terms — Obtain copies of your organization's templates and any pre-existing risk categories and definitions. You and your team will need to discuss and agree on what these terms mean.
Risk Management Planning meetings are all about planning for subsequent risk identification and analysis. It's important not to get involved in actually identifying risks during these meetings.
The output of the Risk Management Planning process is the Risk Management Plan. The Risk Management Plan documents Project Risk Management will be structured and performed on the project.
The components of the Risk Management Plan are as follows:
- Methodology – Methodology describes how the Risk Management processes will be performed, the tools which will be utilized, and the data source for handling risk.
- Roles and responsibilities – Roles and responsibilities matrix identifies the lead, support, and risk management team for each action item in the risk management plan, and assigns people to the roles clarifying their responsibility and accountability.
- Budgeting – Budgeting assigns resource and estimates costs needed for risk management. Simply state it is just better to be honest and above board, budgeting for risk with a risk contingency.
- Timing – Timing clarifies the frequency of the risk management process and schedules some risk management activities in the project schedule. Without timely monitoring and response, risks can easily escalate into negative events or become missed opportunities because you failed to exploit them.
- Risk categories - Risk categories are potential causes of risk included in the Risk Management Plan for use during the Risk Identification and Risk Analysis processes. Risk categories are sometimes shown as a Risk Breakdown Structure (RBS). The RBS is a hierarchically organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks.
- Definitions of risk probability and impact - Agreeing on standard definitions helps to ensure that everyone is communicating on the same wavelength. Definitions are included in the Risk Management Plan for later use during Risk Analysis.
- Probability and impact matrix - The probability and impact matrix assists in determining whether a risk is considered low, moderate, or high by combining the two dimensions of a risk: its probability of occurrence, and its impact on objectives if it occurs.
- Revised stakeholder tolerances — As discussions become more specific during planning meetings about actual risks and actual costs, schedules, scope, objectives, and quality criteria, you will begin to get a better idea of your stakeholders' tolerance for risk than you had at the start of the process.
- Reporting formats – Reporting formats depict the content and format of the risk register. The Risk Register is a document on which you will record identified risks and their characteristics.
- Tracking – Tracking describes how and when risk information will be documented and reviewed for the benefit of current project, future needs, and lessons learned. Tracking also specifies whether risk management processes will be audited.
Subscribe and Share!Did you enjoy this article? Your feedback is very important! I'd like to invite you to keep up to date with the latest posts from Anticlue. We offer several venues. If you have some questions, help can be found here.
- Become a Facebook Fan
- Subscribe to Anticlue
- Follow me on Twitter
- Add to Technorati Favorites
- Digg this post