A Risk Plan outlines the foreseeable project risks and
provides a set of actions to be taken to both prevent the risk from occurring
and reduce the impact of the risk should it eventuate. More specifically, the plan includes:
- A full list of all of the foreseeable risks during the project
- Rating of the Probability of each risk's occurring.
- The rating of the impact on the project should each risk actually occur
- Priority rating of the overall importance of each risk
- A set of preventative actions to reduce the Probability of the risk's occurring
- The set of contingent actions to reduce the impact should the risk eventuate
- A process for managing risks through the project.
When to you a risk plan?
A Risk Plan should be documented early in the project,
during the Initiation phase. The plan is undertaken prior to the ‘Execution
& Control’ phase to ensure that any risks identified are addressed during
the Execution & Control phase itself. Immediately after the plan has been
documented, the Risk Management Process will be engaged to monitor and control
the Probability and impact of risks on the project.
The Risk Management Process is terminated only when the
Execution phase of the project is completed (i.e. just prior to Project
Closure).
How to use this template?
This document provides a guide on the topics usually
included in a Risk Plan. Sections may be added, removed or redefined at your
leisure to meet your particular business circumstance. Example tables, diagrams and charts have been
added (where suitable) to provide further guidance on how to complete each
relevant section.
Risk Identification
The first step in creating a Risk Plan is to identify the
likely risks which may affect the project. A series of risk categories is
identified and for each category a suite of potential risks is listed. This may
take place during a ‘Risk Planning’ workshop, involving each of the key project
stakeholders who are involved in / affected by the project. This may include
the project sponsor, manager, team, suppliers, and in some cases, even the
customer. Each of the risks identified is described in detail and documented
within the Risk Plan.
Risk Details
Requirements
- The requirements have not been clearly specified
- Requirements specified do not match the customer's needs
- The requirements specified are not measurable
Benefits
- The business benefits have not been identified
- A business benefits are not quantifiable.
- The final solution delivered does not achieve the required benefits
Schedule
- The schedule doesn’t provide enough time to complete the project
- Schedule doesn’t list all of the activities and tasks required
- A schedule doesn’t provide accurate dependencies
Budget
- The project exceeds the budget allocated
- There is unaccounted expenditure on the project
- It is no single resource accountable for recording budgeted spending
Deliverables
- The deliverables required by the project are not clearly defined
- Clear quality criteria for each deliverable have not been defined
- The deliverable produced doesn’t meet the quality criteria defined
Scope
- The scope of the project is not clearly outlined
- Project is not undertaken within the agreed scope
- A Project changes negatively impact on the project
Issues
- Project issues are not resolved within an appropriate timescale
- Similar issues continually reappear throughout the project
- Unresolved issues become new risks to the project
Suppliers
- The expectations for supplier delivery are not defined
- Suppliers do not meet the expectations defined
- Supplier issues negatively impact on the project
Acceptance
- The criteria for accepting project deliverables aren’t clearly defined
- Customers do not accept the final deliverables of the project
- The acceptance process leaves the customer dissatisfied
Communication
- Lack of controlled communication causes project issues
- Key project stakeholders are ‘left in the dark’ about progress
Resource
- Staff allocated to the project are not suitably skilled
- Insufficient equipment is available to undertake the project
- There is a shortage of materials available when required
Risk Quantification
The next step is to quantify the Probability of each risk's
eventuating and its impact on the project and surrounding business. Each risk
is prioritized according to the Probability and impact rating and the low,
medium and high priority risks are clearly marked for attention.
Probability
Describe the scoring system for measuring the ‘Probability’ of
the risk eventuating. Example:
Title
|
Score
|
Description
|
Very Low
|
0,1
|
Highly
unlikely to occur; however, still needs to be monitored as certain
circumstances could result in this risk becoming more likely to occur during
the project
|
Low
|
0,3
|
Unlikely to
occur, based on current information, as the circumstances likely to trigger
the risk are also unlikely to occur©
|
Medium
|
0,5
|
Likely to
occur as it is clear that the risk will probably eventuate
|
High
|
0,7
|
Very likely
to occur, based on the circumstances of the project
|
Very High
|
0,9
|
Highly
likely to occur as the circumstances which will cause this risk to eventuate
are also very likely to be created
|
Impact
Describe the scoring system for measuring the ‘impact’ of
the risk. Example:
Title
|
Score
|
Description
|
Very Low
|
0,05
|
Insignificant
impact on the project. It is not possible to measure the impact on the
project as it is minimal e.g. < 5%
|
Low
|
0,1
|
Minor
impact on the project, e.g. < 5-10% deviation in scope, scheduled end-date
or project budget
|
Medium
|
0,2
|
Measurable
impact on the project, e.g. 10-15% deviation in scope, scheduled end-date or
project budget
|
High
|
0,4
|
Significant
impact on the project, e.g. 15-20% deviation in scope, scheduled end-date or
project budget
|
Very High
|
0,8
|
Major impact
on the project, e.g. >20%% deviation in scope, scheduled end-date or
project budget
|
Priority
Establish the priority of each risk by identifying the
Probability of the risk's eventuating and its impact on the project. Once the
Probability and impact scores have been allocated, the priority score should be
calculated as follows:
·
Priority equals the multiplication of
Probability and Impact score
·
This is calculated as Priority = Probability x
Impact
This score can be visualized in a PI matrix
Probability
|
0,9
|
0,05
|
0,09
|
0,18
|
0,36
|
0,72
|
||||
0,7
|
0,04
|
0,07
|
0,14
|
0,28
|
0,56
|
|||||
0,5
|
0,03
|
0,05
|
0,10
|
0,20
|
0,40
|
|||||
0,3
|
0,02
|
0,03
|
0,06
|
0,12
|
0,24
|
|||||
0,1
|
0,01
|
0,01
|
0,02
|
0,04
|
0,08
|
|||||
0,05
|
0,1
|
0,2
|
0,4
|
0,8
|
||||||
Impact
|
||||||||||
Following thresholds identify the calculated
priority:
< 0,08
|
Low
|
0,08 – 0,21
|
Medium
|
> 0,21
|
High
|
Complete the following table (includes
examples):
ID
|
Probability
|
Impact
|
PI
Score
|
Rating
|
1.1
|
0,1
|
0,7
|
0,08
|
Low
|
1.2
|
0,3
|
0,6
|
0,18
|
Medium
|
1.3
|
1
|
0,4
|
0,4
|
High
|
2.1
|
0,4
|
0,2
|
0,08
|
Medium
|
2.2
|
0,8
|
1
|
0,8
|
High
|
2.3
|
0,2
|
0,8
|
0,16
|
Medium
|
Risk Plan
A Risk Plan must now be created which includes a set of
actions to be taken to avoid, transfer or mitigate each risk, based on the
priority of the risk assigned.
Schedule
For each risk identified and in priority order, list:
- Preventative actions to be taken to reduce the Probability of the risk's occurring
- The contingent actions to be taken to reduce the impact should the risk eventuate
Rating
|
ID
|
Preventative
Actions
|
Action
Resource
|
Action
Date
|
Contingent
Actions
|
Action
Resource
|
Action
Date
|
High
|
2.2
|
Clearly
quantify the expected business benefits in the Business Case document
|
Project
Sponsor
|
xx/yy/zz
|
Measure the
actual business benefits achieved by the project
|
Project
Manager
|
xx/yy/zz
|
Medium
|
1.2
|
Clearly
specify the customer requirements in the Quality Plan
|
Project
Manager
|
xx/yy/zz
|
Reconsider
the requirements after the deliverable has been produced, measure any
deviation and enhance the deliverable to meet the requirements
|
Project
Manager
|
xx/yy/zz
|
Medium
|
1.3
|
Clearly
specify the quality criteria used to determine that the stated requirements
for each deliverable have been met within the Quality Plan
|
Quality
Manager
|
xx/yy/zz
|
Reconsider
the quality criteria after the deliverable has been produced, measure any
deviation and enhance the deliverable to meet the quality criteria set
|
Quality
Manager
|
xx/yy/zz
|
The above table should be completed for every risk
identified. Higher priority risks should be assigned more comprehensive actions
where possible.
No comments:
Post a Comment