How to create a basic project risk management plan

A single thing going wrong can sometimes kill a project. Even if the project survives, cost and schedule overruns may make the project unprofitable. As a project manager risk management and risk mitigation may help you to prevent such incidents.

"Something that might go wrong" is a project risk. Proactively managing and planning for project risks is called project risk management.

Project risk management is an important part of managing projects. Even the most basic risk management can potentially save a project from disaster. Risk management should be performed in every properly managed project.

Unfortunately project risk management is often overlooked in project management. Often the reasoning is due to tight schedule or budget constraints. Ironically, tight schedule and budget constraints increase the need for project risk management, rather than decreasing it.

Fortunately project risk management does not need to take a lot of time. Even a few hours spent over the life of the project may help you to avoid or mitigate some significant project risks.

Here is a simple four step plan that should take minimal time to implement and give you the basic benefits of project risk management.

1. Risk identification meeting

During the project planning phase, hold a risk identification meeting with key project stakeholders and team members. This should be a short meeting to identify risks associated with the project. Simply write down all of the risks identified during the meeting. This list of risks is your risk register.

A risk register can be kept in a document or spreadsheet, but it is better to use dedicated project management software like TaskTrakz. The TaskTrakz risk register allows you to record risks in as much detail as you need, and keeps everything centrally located so your whole team can access risks whenever they need to. This means that you don't have to worry about registers being out of sync when different people maintain separate copies. Also because TaskTrakz can be accessed from anywhere where you have access to an internet connection and a web browser, you can keep your risks up to date no matter where you are. You can even update it at the airport!

TaskTrakz lets you store all of your risks in a centrally located risk register for easy access by your team.

The goal of the risk identification meeting is not analysis or ranking of the risks, but more of a brainstorming effort. No risk is to small or too large to be included in this meeting. Encourage all attendees to participate, different viewpoints may lead to the identification of different risks.

To identify risks consider both the project overall, as well as each individual task in your projects work breakdown structure. Getting down to the details may expose risks that are not obvious in the overall picture.

Here are some examples of potential risks to get you started:

  • If you are relying on a supplier, what if the supplier is late or does not deliver what is required?
  • If you are relying on a customer, e.g. to review documents or give access to facilities, what if the customer does not provide what is required?
  • What if you lose key members of your project team. Do you have replacements with the required skills ready to step in?
  • What if a required piece of technology does not function as expected?

2. Risk analysis

Once you have your big list of risks it is time to analyse each of them. The goal of the analysis is to separate the big risks from the small ones so you can adequately apportion resources to planning responses and monitoring.

Generally you should rank each risk on a scale of 1 to 5 for both impact to the project if the risk does occur, and probability that the risk will occur.

Once you have ranked all of the risks on these factors, prioritize the risks into order. A simple way to do this is to add the two scores together for a result between 2 and 10. Order your risk register according to the scores. TaskTrakz automatically keeps your risk register prioritized and categorized.

3. Risk response meeting

Hold a meeting with key stakeholders and team members to plan responses to the identified risks. Inviting all of the stakeholders and team members ensures that appropriate responses are planned and buy in can be achieved from the relevant parties.

Risks are generally responded to in four ways: taking action to avoid the risk, taking action to mitigate the risk, transferring the risk to a third party (e.g. by purchasing insurance), or taking no action and accepting the risk.

4. Risk review meetings

Periodically hold short risk review meetings. These should be held every week or month, and are an opportunity for the stakeholders to discuss the risks.

The goal of the risk review meeting is to review each risk on the risk register. Is the risk still relevant? Has it occurred? Has it changed in impact or probability? Have any planned avoidance, mitigation or transfer actions been taken? Is any new action required because of this risk?

Also this is an opportunity to add any new risks to the register that have been identified during the course of the project. This will enable them to be shared with the team and monitored for the rest of the project. TaskTrakz makes it easy for any team member to add a project risk to the register at any time.

TaskTrakz lets you record detailed risk descriptions, consequences and responses. You can also assign risks to one or more owners and attach related files to keep everything together.

Following this simple risk management plan may allow you to reduce many of the risks on your project. Effectively managing your project risks is likely to lead to less problems, and a better chance of meeting your schedule and budget.

Risk management may even catch a risk that could have killed your project. An investment in risk management may pay big dividends to your project.

TaskTrakz project management software gives you the tools you need to control your project, including a full featured risk register. Get your 14 day free trial here.