Risk Management Plan


Risk Management Plan



Risk Plan©

For [Project Name]




Document Control

Document Information

© Information
Document Id

[Document Management System #]

Document Owner

[Owner Name]

Issue Date


Last Saved Date


File Name [Name]

Document History

Version Issue Date Changes



[Section, Page(s) and Text Revised]

Document Approvals

Role Name© Signature Date

Project Sponsor



Project Review Group



Project Manager©




Quality Manager

(if applicable)


Procurement Manager

(if applicable)



Communications Manager

(if applicable)



Project Office Manager

(if applicable)


Table of Contents

Template Guide. 1

1      Risk Identification. 2

1.1        Definition. 2

1.2        Categories. 2

1.3        Risks. 2

2      Risk Quantification. 4

2.1        Likelihood. 4

2.2        Impact 4

2.3        Priority. 5

3      Risk Plan. 6

3.1        Schedule. 6

4      Risk Process. 7

4.1        Purpose. 7

4.2        Procedures. 7

4.3        Responsibilities. 7

4.4        Register. 7

4.5        Templates. 7

5      Appendix. 7


Template Guide

What is a Risk Plan?


A Risk Plan outlines the foreseeable project risks and provides a set of actions to be taken to both prevent the risk from occurring and reduce the impact of the risk should it eventuate.  More specifically, the plan includes:


  • A full list of all of the foreseeable risks during the project
  • A rating of the likelihood of each risk’s occurring
  • A rating of the impact on the project should each risk actually occur
  • A priority rating of the overall importance of each risk
  • A set of preventative actions to reduce the likelihood of the risk’s occurring
  • A set of contingent actions to reduce the impact should the risk eventuate
  • A process for managing risks through the project. ©



When to use a Risk Plan


A Risk Plan should be documented early in the project, during the Planning phase. The plan is undertaken prior to the Execution phase to ensure that any risks identified are addressed during the Execution phase itself. Immediately after the plan has been documented, the Risk Management Process will be engaged to monitor and control the likelihood and impact of risks on the project.


The Risk Management Process is terminated only when the Execution phase of the project is completed (i.e. just prior to Project Closure). ©


How to use this template

This document provides a guide on the topics usually included in a Risk Plan. Sections may be added, removed or redefined at your leisure to meet your particular business circumstance.  Example tables, diagrams and charts have been added (where suitable) to provide further guidance on how to complete each relevant section.


1      Risk Identification


The first step in creating a Risk Plan is to identify the likely risks which may affect the project. A series of risk categories is identified and for each category a suite of potential risks is listed. This may take place during a ‘Risk Planning’ workshop, involving each of the key project stakeholders who are involved in / affected by the project. This may include the project sponsor, manager, team, suppliers, and in some cases, even the customer. Each of the risks identified is described in detail and documented within the Risk Plan.


1.1      Definition

Provide a formal definition for the term ‘risk’ for this project. For example:


“A risk is defined as any event which is likely to adversely affect the ability of the project to achieve the defined objectives”. ©


1.2      Categories

Identify the likely categories of risks for this project. Each risk category is a particular aspect of the project which is likely to experience a risk during the lifecycle of the project. Examples of typical risk categories include:


  • Requirements
  • Benefits
  • Schedule
  • Budget
  • Deliverable
  • Scope
  • Issues
  • Supplier
  • Acceptance
  • Communication
  • Resource. ©


1.3      Risks

Identify the likely risks for each category provided above by completing the following table. Each risk identified should be allocated a unique identifier (id) number.




Category© Description Id
  • The requirements have not been clearly specified
    • The requirements specified do not match the customer’s needs
    • The requirements specified are not measurable©




  • The business benefits have not been identified
    • The business benefits are not quantifiable
    • The final solution delivered does not achieve the required benefits




  • The schedule doesn’t provide enough time to complete the project
    • The schedule doesn’t list all of the activities and tasks required
    • The schedule doesn’t provide accurate dependencies




  • The project exceeds the budget allocated
    • There is unaccounted expenditure on the project
    • There is no single resource accountable for recording budgeted spending




  • The deliverables required by the project are not clearly defined
    • Clear quality criteria for each deliverable have not been defined
    • The deliverable produced doesn’t meet the quality criteria defined




  • The scope of the project is not clearly outlined
    • The project is not undertaken within the agreed scope
    • Project changes negatively impact on the project




  • Project issues are not resolved within an appropriate timescale
    • Similar issues continually reappear throughout the project
    • Unresolved issues become new risks to the project©




  • The expectations for supplier delivery are not defined
  • Suppliers do not meet the expectations defined
    • Supplier issues negatively impact on the project




  • The criteria for accepting project deliverables aren’t clearly defined
    • Customers do not accept the final deliverables of the project
    • The acceptance process leaves the customer dissatisfied





  • Lack of controlled communication causes project issues
    • Key project stakeholders are ‘left in the dark’ about progress




  • Staff allocated to the project are not suitably skilled
    • Insufficient equipment is available to undertake the project
    • There is a shortage of materials available when required









2      Risk Quantification


The next step is to quantify the likelihood of each risk’s eventuating and its impact on the project and surrounding business. Each risk is prioritized according to the likelihood and impact rating and the low, medium and high priority risks are clearly marked for attention.


2.1      Likelihood

Describe the scoring system for measuring the ‘likelihood’ of the risk eventuating. Example:


Title Score© Description
Very Low


Highly unlikely to occur; however, still needs to be monitored as certain circumstances could result in this risk becoming more likely to occur during the project




Unlikely to occur, based on current information, as the circumstances likely to trigger the risk are also unlikely to occur©




Likely to occur as it is clear that the risk will probably eventuate




Very likely to occur, based on the circumstances of the project


Very High


Highly likely to occur as the circumstances which will cause this risk to eventuate are also very likely to be created



2.2      Impact

Describe the scoring system for measuring the ‘impact’ of the risk. Example:


Title Score Description©
Very Low


Insignificant impact on the project. It is not possible to measure the impact on the project as it is minimal




Minor impact on the project, e.g. < 5% deviation in scope, scheduled end-date or project budget




Measurable impact on the project, e.g. 5-10% deviation in scope, scheduled end-date or project budget




Significant impact on the project, e.g. 10-25% deviation in scope, scheduled end-date or project budget


Very High


Major impact on the project, e.g. >25%% deviation in scope, scheduled end-date or project budget


2.3      Priority

Establish the priority of each risk by identifying the likelihood of the risk’s eventuating and its impact on the project. Once the likelihood and impact scores have been allocated, the priority score should be calculated as follows:


  • Priority equals the average Likelihood and Impact score
  • This is calculated as Priority = (Likelihood + Impact) / 2©


Complete the following table (includes examples):


ID Likelihood Impact© Priority Score Rating

























Very High







The Rating is based on the calculated Priority score. Use the following system to determine the Rating:


Priority Score              Priority Rating

0 – 20                          Very low

21 – 40                        Low

41 – 60                        Medium

61 – 80                        High

81 – 100                      Very High©


Finally, it is worth colour-coding the above final ratings to highlight the risks which require the most attention. The following system is used to colour-code the risks identified:


Priority Rating             Colour

Very low                      Blue

Low                             Green

Medium                       Yellow

High                             Orange

Very High                    Red

3      Risk Plan


A Risk Plan must now be created which includes a set of actions to be taken to avoid, transfer or mitigate each risk, based on the priority of the risk assigned.


3.1      Schedule


For each risk identified and in priority order, list:

  • the preventative actions to be taken to reduce the likelihood of the risk’s occurring
  • the contingent actions to be taken to reduce the impact should the risk eventuate©


For each risk action identified, assign a resource responsible for undertaking the action and a date within which the action must be completed. For example:


Rating ID Preventative Actions Action Resource Action Date© Contingent Actions Action Resource Action Date
Very High 2.2 Clearly quantify the expected business benefits in the Business Case document


Project Sponsor xx/yy/zz Measure the actual  business benefits achieved by the project


Project Manager xx/yy/zz
High 1.2 Clearly specify the customer requirements in the Quality Plan



Project Manager xx/yy/zz Reconsider the requirements after the deliverable has been produced, measure any deviation and enhance the deliverable to meet the requirements


Project Manager xx/yy/zz
High 1.3 Clearly specify the quality criteria used to determine that the stated requirements for each deliverable have been met within the Quality Plan


Quality Manager xx/yy/zz Reconsider the quality criteria after the deliverable has been produced, measure any deviation and enhance the deliverable to meet the quality criteria set


Quality Manager xx/yy/zz


The above table should be completed for every risk identified. Higher priority risks should be assigned more comprehensive actions where possible.



4      Risk Process

(NB Refer to the Method123 ‘Risk Management Process’ for a complete example)

4.1      Purpose

Describe the purpose of risk management and the general process for the identification and mitigation of risks within the project.


4.2      Procedures

Provide a diagrammatic representation of the processes undertaken to identify and mitigate risks within the project.

4.3      Responsibilities

Define the roles and responsibilities of all resources involved with the identification and mitigation of risks within the project.

4.4      Register

The ‘Risk Register’ is a database which records and tracks the progress of all risks through to completion. Insert a copy of the Risk Register here.


4.5      Templates

Insert a copy of each of the templates required to formally raise risks within the project (e.g. Risk Form).




5      Appendix


Attach any documentation you believe is relevant to the Risk Plan. For example:

  • Other project documentation (Business Case, Feasibility Study, Terms of Reference, Project Plan, Resource Plan, Financial Plan, Quality Plan)
  • Organizational Risk Management Policies, Standards, Guidelines or Procedures
  • Risk documentation from other related projects
  • Other relevant information or correspondence. ©



No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.