The Project Risk Management Plan
The risk management plan describes the approach to be used on the project for risk management. It shows 'how' to identify risks, perform qualitative and/or quantitative analysis, develop risk responses, and monitor and control project risk activities. It is the plan for conducting project risk management. Planning should be a team approach so that consensus exists about the direction for the project.
PROJECT RISK PLANNING
It is an old saying that states: 'Plan for the Planning'. Risk planning should be appropriate for the project and common-sense questions are asked.
Example of Questions and Answers for Project Risk Planning
The kinds of questions and answers that reflect the earlier example of the university's overseas student recruitment project could be as follows:
• How risky is the project? For each recruitment drive, the university has to determine the level of risk. When severe demonstrations were experienced in a particular part of the world, the risk of visiting there would have increased because of the possibility of repeat demonstrations during the trip.
• Is it a new venture or something the organisation is familiar with? Travelling overseas would be familiar to university staff since they have attended fairs previously. However, destinations vary.
• Are there past projects to reference? The answer would be a qualified 'yes', depending on the similarities between the current and past recruitment projects.
• What is the visibility of the project? Overseas student recruitment is a highly visible project because the university is dependent on attracting overseas students. The university would want the project to be a success.
• How big is the project? The project is of medium size since only a limited number of staff travel and the budget would be relatively small to cover costs of travel, accommodation and registration.
• How important is the project? As stated above, such projects are important for the sustained success of the university.
INPUTS TO THE PROJECT RISK PLAN
To bring a systematic approach to developing the project risk plan, PMBOK® (Project Management Institute 2008) suggested that planning should identify the inputs to developing the plan. Types of inputs to risk management planning are as follows:
• Enterprise environmental factors. A SWOT analysis is an example of how to evaluate environmental factors. As previously discussed, this covers strengths (core capabilities, performance advantage, differentiators), weaknesses (uncertainty in required performance improvements), opportunities (positive project risk) and threats (competition, change, crisis, financial difficulties).
• Organisational processes. These are varied and include existing policies on risk tolerance and attitudes, agreed terms and concepts, people responsible for risk management, and standard templates and methodologies.
• Project scope statement. The statement describes the deliverables of the project and the work required in enough detail to provide a common understanding for stakeholders. Using the earlier example of a university sending staff overseas to recruit students, the project scope statement could include the following: the aim is to 'successfully recruit overseas students'; the deliverables are 'signed student course acceptances'; and success is defined as 'a high number of acceptances'.
• Project management plan. The plan describes how the project is to be executed, monitored, controlled and closed. It includes the processes, tools and techniques and outputs that are applicable to project risk management.
THE PROJECT RISK PLAN
For the plan itself, many questions should be answered. The following are some obvious ones and they are not exhaustive. What should the plan indude? How will project risks be identified, quantified or qualified? What method(s) of risk modelling will be used? How is project risk linked to the work breakdown structure? How will risk responses be implemented? What are the monitoring processes for project risk management? Who is doing what and how often? Serious consideration needs to be given to determining when a risk is really a risk (see Chapter 7). From a management perspective the plan indudes documenting and reporting requirements, and performance monitoring and tracking strategies.