Académique Documents
Professionnel Documents
Culture Documents
1 INTRODUCTION
1.1 Purpose
In this section, present a clear, concise statement of the purpose of the Risk Management
(RM) plan. Include the name and code name of the project, the name(s) of the associated
system(s), and the identity of the organization that is responsible for writing and
maintaining the RM plan.
1.2 Background
This section briefly describes the history of the project and the environment in which the
project will operate. (This information may be included through reference to other project
documents.) Include the following information:
1.3 Scope
This section presents a definitive statement of the scope of the RM planning contained in
this document, including the limits and constraints of the RM plan.
1.4 Policy
Include in this section policy decisions that affect how RM is conducted. This section also
lists documents that are referenced to support the RM process. Include any project or
standards documents that are referenced in the body of the plan or that have been used in
the development of the document.
1.5 Approach
In this section, describe the project’s approach to risk management. Include the elements
of identification, analysis, planning, tracking, control, and communications. Discuss the
project’s risk mitigation strategies in general and detail specific strategies that have
significant impact across the project (e.g., parallel development, prototyping).
RISK MANAGEMENT PLAN
Once the risks have been identified, document them in this section as the risk
identification list. Steps for developing the risk identification list are the following:
Use the risk identification list throughout the life-cycle phases to ensure that all risks are
properly documented.
3 RISK ASSESSMENT
The project management plan and the risk identification list are inputs to the risk
assessment. Categorize the risks as internal or external risks. Internal risks are those that
you can control. External risks are events over which you have no direct control. Examples
of internal risks are project assumptions that may be invalid and organizational risks.
Examples of external risks are Government regulations and supplier performance.
RISK MANAGEMENT PLAN
Evaluate the identified risks in terms of probability and impact. For each risk item,
determine the probability that this will occur and the resulting impact if it does occur.
Use an evaluation tool to score each risk. For example, a simplistic model could be:
Assign numerical scores to risk probability (l=low, 2=moderate. 3=high) and severity of
impact (1=low, 2=moderate, 3=high). A risk score would be the product of the two scores.
Management attention would be then be focused on those risks with a score of 9, followed
by 6, etc.
In this section, identify and describe in detail the actions that will be taken to transfer or
mitigate risks that are prioritized as high in Section 3. These actions should ultimately result
in the reduction of project risk and should directly affect the project plan and the metrics
used for the project. Activities for reducing the effects of risk will require effort, resources,
and time just like other project activities. The actions need to be incorporated into the
budget, schedule, and other project plan components. Update the project plan components
to ensure the planning and execution of risk action activities. Also, refer to contingency
plan documents for any contingency plans that have been identified with the risk acceptance
approach. Risk action plans will he used to direct all risk mitigation activities. The RM plan
will need to be monitored and updated throughout the life-cycle phases.