Tuesday, February 12, 2008

The Components of a Risk Management Plan

Imagine trying to build a house without a house plan. Do you think the process would go smoothly? Would you be happy with the results? Do you think it would take less time than if you had planned it out first?

The answer to all of these questions is likely no. The same is true when it comes to managing risk which is why it is important to put a risk management plan in place to guide your project decisions.

A risk management plan indicates how risk identification, analysis, planning, monitoring, and control will be handled throughout the project's life cycle. The components of a risk management plan are:
  • methodology
  • scoring and interpretation
  • thresholds
  • budgeting
  • timing
  • tracking
  • roles and responsibilities
  • reporting formats
In order to begin the risk management plan there must be an analysis stage that looks at methodology, scoring and interpretation, and thresholds.
Methodology refers to the approaches, tools, and data sources that may be used to carry out risk management. The methodology chosen will depend on the project stage and the amount of information available.

Scoring and interpretation refers to the numerical ranking of risks. The method of scoring and interpretation must be determined in advance, used in a consistent manner, and measured using tools such as a risk rating matrix or probability analysis.

Thresholds describe the who, what, and how criteria for risks that will be acted on. Project team members may have different risk thresholds. An acceptable target threshold must be determined to gauge the effectiveness of the risk response.

Deacon Oil Explorations, Limited (DOEL) is one of the leading oil exploration companies in the country. The project that DOEL is about to embark on is of great importance and is predicted to move DOEL to the top of its field. DOEL has just finished the analysis stage for this project's risk management plan.
  • methodology - In a brainstorming meeting, DOEL used open-ended questions to ask its staff what risks they thought would be concerns for the upcoming project.
  • scoring and interpretation - DOEL's risk management team has decided to use a risk rating matrix to score risks. It will use a scale from 0.0 to 1.0, rating 0.0 to 0.3 as low risk, 0.4 to 0.7 as medium risk, and 0.8 to 1.0 as high risk. Having this planned in advance will ensure risks are scored and interpreted consistently.
  • thresholds - DOEL's risk management team has decided that it cannot act on all identified risks. The team decided that risks scored at 0.7 or above will be acted on, while risks scored at 0.6 or below will not. Therefore, the acceptable threshold is 0.7.
After the analysis stage of the risk management plan, team members can start thinking about planning for the next three components: budgeting, timing, and tracking.
Budgeting involves setting the amount of money that will be invested in the risk management plan for the project.

Timing refers to how often the risk management process is performed. The process should be performed often enough so that the results will impact on decisions, and decisions should be reviewed periodically to allow for improvement.

The tracking process considers the current project, future needs, and lessons learned when documenting how risk activities will be tracked. It also takes into account when and how risk management processes will be audited.

Now that you know the basic structure of the risk management plan, it's time to focus on who is in charge and how reporting will take place within the process. The last two components are roles and responsibilities and reporting formats.

Roles and responsibilities should be established for every action in the risk management plan. It is necessary to define who leads, who supports, and who belongs to the team. Independent risk management teams are made up of people who are not biased.

Reporting formats refer to the reporting relationships and structures that exist within the risk management process. The reporting formats define the risk management response plan and indicate how results will be documented, analyzed, and communicated to stakeholders.

Bennett Publishing is getting its risk management plan ready for its new distance learning courses. They are assigning roles and responsibilities and determining reporting formats for the process.

Peter Croft has been chosen to lead the risk management team. He will conduct a brainstorming meeting with team members Jill, Richard, and Seela on Thursday.

It has been decided that the results of the risk management process will be reported to all concerned parties via an intranet site. The site will be updated regularly.

A risk management plan helps to guide your project decisions. It indicates how risk identification, analysis, planning, monitoring, and control will be handled throughout the project's life cycle. Risk management plan components such as methodology, scoring and interpretation, thresholds, budgeting, timing, tracking, roles and responsibilities, and reporting formats give substance and structure to the plan so it can be carried out effectively. Once you have a risk management plan in place, your project should sail smoothly.

1 comment:

Nora Moore said...

I like being prepared for eventualities. It's important to know where risks can pop up and make plans for those situations. It sounds a bit complicated, though. So many things could happen, I'm sure it's hard to make a plan for all of them without help. I guess that's why they have people that specialize in calculating these things. http://www.businessbasics.com.au/planning/risk-management-plans/