Pre-Construction

Online Guide

Plan the Work

Process

Activity:

Develop Risk Management Plan

Revision

July 1, 2005

Description:

Risk Management Planning is the systematic process of deciding how to approach, plan, and execute risk management activities throughout the life of a project. It is intended to maximize the beneficial outcome of the opportunities and minimize or eliminate the consequences of adverse risk events.

The Risk Management Plan is a component of the Project Management Plan. Its development involves the entire project team, begins early in the project planning process, and is an iterative process that takes place along with WBS development, Task Planning and Scheduling, and validation of the Project Budget.

The Risk Management Plan is comprised of the following primary functions:

·         Risk Identification

·         Qualitative Risk Analysis

·         Quantitative Risk Analysis

·         Risk Response Strategy

·         Risk Monitoring and Control

Inputs:

·        Completed Initiate and Align Worksheet

·        Previously identified elements of the Project Management Plan

Tools:

·        Risk Management Plan Template  (This template is for projects that do not meet the threshold for a Cost Risk Assessment or CEVP® workshop. Projects that meet the criteria should contact the Cost Risk Estimating & Management (CREM) office. Refer to Step 1 of this Activity Guide to determine the appropriate level of detail required.)

·        Sample Risk Management Plan

·        WSDOT Cost Risk Estimating & Management

Steps:

1.      Determine the Required Level of Risk Analysis and Management:

  • Review the project: location; size; participants; type of work involved; general “risks” involved and their consequences; previous experience, etc.
  • Review A Policy for Cost Risk Assessment to determine the appropriate level of detailed risk analysis to be performed. Work with Region/Organization Management to determine the risk factors to be considered; the risk tolerance levels/thresholds to be used; and risk reporting and visibility requirements.

Communicate the level of Risk Analysis and Management requirements to the project team.

2.      Identify Risk Events

  • Risk identification involves determining which risks might affect the project and documenting their characteristics. It may be a simple risk assessment organized by the project team, or an outcome of the CEVP®/CRA process.

3.      Qualitative Risk Analysis

Qualitative risk analysis assesses the impact and likelihood of the identified risks and develops prioritized lists of these risks for further analysis or direct mitigation.

The team assesses each identified risk for its probability of occurrence and its impact on project objectives. Project teams may elicit assistance from subject matter experts or functional units to assess the risks in their respective fields.

4.      Quantitative Risk Analysis

Quantitative risk analysis is a way of numerically estimating the probability that a project will meet its cost and time objectives. Quantitative analysis is based on a simultaneous evaluation of the impacts of all identified and quantified risks.

Quantitative Risk Analysis is only performed on projects meeting the criteria identified in A Policy for Cost Risk Assessment. Contact the Cost Risk Estimating & Management (CREM) Office for assistance and guidance at: http://www.wsdot.wa.gov/Projects/ProjectMgmt/RiskAssessment/

5.      Risk Response Strategy

Risk response strategy is the process of developing options and determining actions to enhance opportunities and reduce threats to the project’s objectives. It identifies and assigns parties to take responsibility for each risk response. This process ensures that each risk requiring a response has an “owner.”

The Project Manager and the project team identify which strategy is best for each risk, and then design specific actions to implement that strategy.

Risk strategy includes:

·       Avoidance. The team adjusts the project plan to eliminate the risk or to protect the project objectives from its impact. The team might achieve this by changing scope, adding time, or adding resources, while maintaining the balance of scope-schedule-budget.

·       Transference. The team transfers the consequence of a risk to a third party together with ownership of the response. Transferring the risk gives another party responsibility for the management of the risk; it does not eliminate it.

·       Mitigation. The team seeks to reduce the probability and/or consequences of a risk event to an acceptable threshold. Taking early action to reduce the probability of a risk’s occurring or its impact on the project is more effective than trying to repair the consequences after it has occurred. Mitigation costs should be appropriate, given the probability of the risk and its consequences. 

·       Acceptance. The Project Manager and the project team decide not to change the project plan to deal with a risk, or cannot identify a suitable response action. A contingency plan may be developed or no action may be taken, leaving the project team to deal with the risk as it occurs.

6.      Risk Monitoring and Control

Risk Monitoring and Control tracks identified risks, monitors residual risks, and identifies new risks—ensuring the execution of risk plans, and evaluating their effectiveness in reducing risk. Risk Monitoring and Control is an ongoing process for the life of the project.

Products:

·         Completed Risk Management Plan

Guidelines:

Risk Management is the process of maximizing the probability and consequences of positive risk events (opportunities) and minimizing the probability and consequences of negative risk events (threats) to the project objectives.

The level of detail should be commensurate with:

·        A Policy for Cost Risk Assessment

·        The project, its significance, and the consequences of the failure to meet objectives.

·        The severity of impact of the risks involved.

·        The “stage” of the project and the validity of the information available.