Risk Management Plan

Background: All projects have risks. Risks can be political, business, environmental or technological in nature, but in every case they put the success of the project in jeopardy. The following is an example of a risk register that was developed for an IT project. This risk register was available for the entire team to view and edit. This proved invaluable as we attempted to mitigate each risk we identified.

Overview: By this point, the project team is in place, the scope is clearly understood, kick-off meeting have been held and the project is ready to begin. Early in the project, risks have the greatest chance of being mitigated if they are defined and addressed. The PM, along with the project team should look at the project pessimistically and list everything that could go wrong. To do this, the following factors should be considered:

•    What has gone wrong with this type of project before (lessons learned, see below)
•    What unique risks exist internally?
•    What unique risks exist externally?
•    What could go wrong from a technology point of view?
•    What could go wrong from a business point of view?
•    What environmental risks exist?
•    What political risks exist?

You may have several risks for each of the areas listed previously or may identify risks outside of those prompts. You should have around 20 or more risks identified right off the bat. For each risk identified, list the likelihood of it becoming an issue (something that has happened or will definitely happen) by assigning a number from one to four, with four being the most likely. Now list the impact of that risk becoming an issue using the same scale. When you multiply the likelihood score by the impact score, you will have a priority score ranging from one to sixteen. This is the order in which you should address these risks with a plan.

You can choose to override the priority if you like and you may decide to “do nothing” if the cost of mitigation exceeds the cost of mitigation. The goal here is not to be prescriptive, but to provide a framework for assessing the risks to the project.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: