Message to Som Gollakota

Please Enter All Requested Information Below
Your Name
Email Address
Leave this Blank:
Woodinville, WA
Risk Management - Planning
August 27, 2009
Plan Risk Management is the process of defining how to conduct risk management activities for a project. Careful and explicit planning enhances the probability of success for the five other risk management processes.
... The Plan Risk Management process should begin as a project is conceived and should be completed early during project planning.
- Plan Risk Management, PMBOK 4
pontaneity, as exciting as it may sound, is not something we want to do when it comes to possible events that might affect our future. We are executing a project that would change the status quo. Along the way, as the changes occur, numerous factors might affect our ability to achieve our vision of the future state. As important as it is to plan for realizing the vision, it is just as important (if not more) to plan for such possible events (risks) that might affect the realization of the vision.
Risk Management Planning (Risk Management Plan) is a crucial part of project planning. It is a process where the Project Manager, key stakeholders, core team members and any such important personnel as required, get together and determine how (and how often) the project team would
  1. Identify, categorize, document and analyze risks, and determine response strategies
  2. Define probability and impact, and develop Probability/Impact Matrix
  3. Use the tools available (or develop new tools/processes) to manage risks
  4. Utilize available (or ask for new) budget to respond to the risks
  5. Own parts of the Risk Management and who would own what (Roles and Responsibilities)
  6. Formulate a plan to identify risks (periodic Risk Identification/Review sessions)
  7. Prepare a risk tracking plan, prepare reporting formats and who would report/communicate
Many organizations (and all Project Offices) have a well-defined Risk Management Process in place. If you are working in one such organizations, the Risk Planning process then would entail tailoring the established RM Process to suite the current project's specific needs.
So, what else do you need for Risk Management Process Planning, other than the key personnel involved in the meetings? An absolute requirement is the Scope Statement. Another is the Project Management Plan that includes various planning documents to manage Scope, Time, Cost, Quality, Resources and Communications. Also required are any organizational process documents (or at least an expert who knows them well), a list of enterprise environmental factors that could influence the process and any historical data regarding projects of similar nature. Bottom line, since we are planning our risk management activity at this time, we need all the planning documents for this unique project effort.
In Practice:
There have been numerous occasions in my career when I set up a meeting for Risk Management Planning (or any other planning meeting for that matter), and the invitees responded with a "I don't have much inputs. Do you have a plan we can review?" question.
In my experience, this is a very real and common scenario. Therefore, I typically start with a generic Risk Management Plan based on my experience managing risks. I tailor this to the current project, based on what I already know, create a draft Risk Management Plan, and send it to the invitees before the meeting. This gives me and the invitees a starting point and helps us make the best use of time we allocated for the purpose. We review the plan, discuss each section, reference the input material, figure out if any further customization is required, and make necessary updates. By the end of the meeting, we have a fairly decent plan that accounts for most of the project specific information. Once approved, the plan goes into the general project artifacts folder. From time to time, as we uncover new risks and situations that we have not thought of in the planning stage, we revisit and make necessary amendments to the original plan. This is a continuous process through the life of the project.
The Output - Risk Management Plan
By the end of this exercise, you will have a well-defined Risk Management Plan that articulates how the project-related risks will be managed. This plan will include, among other things that may be necessary,
  1. Methodology defining approach, tools and data sources for effective risk management
  2. Risk Management Roles and Responsibilities defining who's who and who will do what
  3. Budgeting outlining risk resources, budgets, contingency resources (and their triggers)
  4. Timing outlining periodic risk review and management
  5. Risk Breakdown Structure outlining various categories and sub-categories of risks for the project
  6. Risk Probability/Impact Definitions articulating the probability and impact categories (critical, high, medium, low, etc.) and what each means (Critical = >80% project impact, company-wide outage etc. and so forth)
  7. Revised list of stakeholder that might have a positive or negative impact/influence on the project
  8. Risk Reporting - how, when, by who etc., and
  9. Tracking - for current and future purposes
Click here to see a sample Risk Management Plan.