How to Develop a Risk Management Plan
How to Develop a Risk Management Plan
Developing an effective Risk Management Plan is an important part of any project. Unfortunately, this step is often avoided with the "deal with it later" attitude. If everything goes smoothly and without incident, that approach does no harm. But normally, issues do arise and without a well developed plan, even small issues can become emergencies.
There are different types of Risk Management and different uses that include calculating credit-worthiness, planning for adverse events (i.e. disasters), determining how long the warranty on a product should last, calculating insurance rates, and many more. In this document we will look at Risk Management from the standpoint of planning for adverse events.
[edit] Steps
1. Understand how Risk Management works. Risk is the effect (positive or negative) of an event. It is computed from the probability of the event materializing (becoming an issue) and the impact it would have (Risk = Probability X Impact). Various factors should be identified in order to analyze risk, including:
o Event: What could happen?
o Probability: How likely is it to happen?
o Impact: How bad will it be if it happens?
o Mitigation: How can you reduce the Probability (and by how much)?
o Contingency: How can you reduce the Impact (and by how much)?
o Reduction = Mitigation X Contingency
o Exposure = Risk – Reduction
▪ After you identify the above, the result will be what’s called Exposure – that’s the amount of risk you simply can’t avoid. Exposure may also be referred to as Threat, Liability, Severity or other names but they pretty much mean the same thing. It will be used to help determine if the planned activity should take place.
▪ Often this is a simple cost vs. benefits formula. You might use these elements to determine if the risk of implementing the change is higher, or lower, than the risk of not implementing the change.
o Assumed Risk If
Developing an effective Risk Management Plan is an important part of any project. Unfortunately, this step is often avoided with the "deal with it later" attitude. If everything goes smoothly and without incident, that approach does no harm. But normally, issues do arise and without a well developed plan, even small issues can become emergencies.
There are different types of Risk Management and different uses that include calculating credit-worthiness, planning for adverse events (i.e. disasters), determining how long the warranty on a product should last, calculating insurance rates, and many more. In this document we will look at Risk Management from the standpoint of planning for adverse events.
[edit] Steps
1. Understand how Risk Management works. Risk is the effect (positive or negative) of an event. It is computed from the probability of the event materializing (becoming an issue) and the impact it would have (Risk = Probability X Impact). Various factors should be identified in order to analyze risk, including:
o Event: What could happen?
o Probability: How likely is it to happen?
o Impact: How bad will it be if it happens?
o Mitigation: How can you reduce the Probability (and by how much)?
o Contingency: How can you reduce the Impact (and by how much)?
o Reduction = Mitigation X Contingency
o Exposure = Risk – Reduction
▪ After you identify the above, the result will be what’s called Exposure – that’s the amount of risk you simply can’t avoid. Exposure may also be referred to as Threat, Liability, Severity or other names but they pretty much mean the same thing. It will be used to help determine if the planned activity should take place.
▪ Often this is a simple cost vs. benefits formula. You might use these elements to determine if the risk of implementing the change is higher, or lower, than the risk of not implementing the change.
o Assumed Risk If