When it comes to risk management, having a plan is key to a safe, functional workplace. More often than not, most work-related incidents can be avoided by implementing a sound risk management plan.

With risk comes uncertainty. And with uncertainty comes the potential for errors. It’s little wonder why then that the process of identifying and managing risks is an essential part of project management.

Errors can be costly. They can not only affect the overall performance of a business’ operations, but also the health and safety of those involved.

The trick is to devise a method to reduce the number of workplace errors. A set of instructions; a plan for those involved in the project. A plan that takes out the ambiguity and complexity of a given task or problem.

If we apply this same logic to risk management, then we can ensure:

• that risks are being properly managed throughout the life-cycle of a project,
• that the impact of risks to the business and its individuals will be minimal,
• and, that strategies and processes are in place in the likelihood of a risk materialising.

What is a Risk Management Plan?

Risk management plans are documents created by project managers that outline project risks, their potential impact on a project and define the responses used to control identified risks.

Often the risk management plan is included in a Project Management Plan or Business Plan, but it may be maintained as a standalone document for large, complex projects.

A risk management plan should at a minimum, cover the following points:

• Risk management strategy
  • The method used for identifying and analysing risks
  • The frequency that the risk register will be reviewed and updated
  • The responses used to manage risk; commonly these are Avoid, Mitigate, Transfer or Accept
• Risk Responsibilities
  • Outlines the ownership of risks and who is responsible for managing identified risks
• Risk Register
  • A table of project risks with information on risk rating, negative or positive outcomes and controls

Why You Need a Risk Management Plan

So, why is a risk management plan so important?

Well, to answer that question, let’s have a look at the following case study:

The Deepwater Horizon disaster – which resulted in 11 fatalities and 5 million barrels of oil being spilled into the Gulf of Mexico – was brought on due to a series of risk management failures.

According to a federal report,

“The blowout at the Macondo well on April 20, 2010, was the result of a series of decisions that increased risk and a number of actions that failed to fully consider or mitigate those risks.”

It found,

“…no evidence that BP performed a formal risk assessment of critical operational decisions made in the days leading up to the blowout. BP’s failure to fully assess the risks associated with a number of operational decisions leading up to the blowout was a contributing cause of the Macondo blowout.”

Perhaps the biggest thing come from the fallout of such an event was the failure to notice and react to the “warning signs”. The simple things that could have been done to prevent this disaster shows just how important implementing and following risk management protocol is.

No matter how carefully you plan your project, you will likely run into unexpected issues at some point. The purpose of the risk management plan is to identify these potential issues when they are still risks and develop strategies to deal with them.

The purpose of a risk management plan is to provide the following benefits to a project:

• Reduce scope creep
• Reduce project delays
• Reduce costs & variations
• Take advantage of opportunities (aka. positive risks)

When do you need to develop a Risk Management Plan?

Short Answer: Straight away! Start your risk management planning process as soon as a project is initiated.
Longer Answer: Your approach to managing risk will change depending on the phase of the project.

01 Initiation Phase

Project initiation represents the project stage with the most risks; the majority being unknown risks. The primary purpose for analysing risks in the initiation stage is to weigh the benefits of project success and ROI against risks, to help decide whether a project should continue into the planning stage.

02 Planning Phase

In this phase, you should begin to identify risks based on planned project activities – You can use the project’s Work Breakdown Structure (WBS) as a guide.

Your Risk Management Plan should have all key information and an initial risk register completed by the end of this phase.

03 Implementation Phase

As a project progresses and tasks are completed successfully with no loss, the number of project risks will reduce.

The Risk Management Plan should be reviewed on regular intervals during this phase (as documented during the planning phase) to assess risks that are no longer relevant and to identify new risks which may have arisen.

Make sure you utilise a suitable method of document control to manage your risk management plan documentation!

04 Project Close Phase

At the project close, risk transfer/sharing agreements should be concluded to avoid disputes between external parties and all existing risks should have been mitigated or avoided. A final estimate of the cost of issues due to risks occurring can be made and added to your project documentation.

What you should include in your Risk Management Plan

What you need before you start:

• The project proposal or initial plan
• Knowledge of the project, or access to experts to help identify risks
• Knowledge of stakeholders
• Related Standards and Government Regulations
• (Optional) – Business unit or Department project management procedures & guidelines
• (Optional) – Corporate Business Plan with relevant governing information about the Business Unit/Department

Sections to Include

• Document Control
• Executive Summary
  • A summary of how risks are identified, analysed, frequency of review and reporting
• Introduction
  • Discuss the purpose of the document
• Risk Identification & Analysis
  • Refer to the risk register
• Risk Response
  • Outline how you will respond to risks.
  • Comment on how key risks will be dealt with, who is responsible and associated costs
• Risk Monitoring
  • Outline how often the risk register will be reviewed and who is involved
  • You can also make mention of how often the status of risks will be reported to stakeholders
• Roles and Responsibilities
  • Outline the roles that key stakeholders have in the risk management process: Steering Committee, Project Manager, Project Team
• Appendix – Risk Register
  • If you are managing your risk register using a spreadsheet or risk management software, provide a snapshot in each revision of the risk management plan as an appendix

Conclusions?

As Benjamin Franklin once said, “Failing to plan is planning to fail”.

The main thing to take away from events like the Deepwater Horizon disaster is that planning is the key to mitigation. And a failure to plan can be catastrophic!

What we have found is that during the life-cycle of a project, you can practically implement risk plans at any stage. The risks during each stage may change and require different approaches.

Outlined above is a rough template as to how you should structure your plan. However, as to how to go about implementing these steps is completely up to you.

By breaking down risk management into smaller, manageable steps, you can decrease the likelihood of a risk materialising, and effectively eliminate (as best you can) the likelihood of catastrophic events.