Risk Management Plan
Project Name:
TEMPLATE
DRAFT
Prepared By:
Title:
Version No:
Document Change Control
The following is the document control for revisions to this document.
Version
Number
Date of
Issue
Author(s)
Brief Description of Change
Definition
The following are definitions of terms, abbreviations and acronyms used in this document.
Term
Definition
3.3.5 Template – Risk Management Plan, v2.1
Page i
Table Of Contents
1. GENERAL ASSESSMENT AND APPROACH................................................. 1
2. RISK MANAGEMENT DEFINITIONS ............................................................... 1
3. ROLES AND RESPONSIBILITIES................................................................... 2
4. THE RISK MANAGEMENT PROCESS ............................................................ 2
5. TOOLS ............................................................................................................. 3
6. APPENDICES................................................................................................... 3
3.3.4 Template –Change Management Plan v2.0
Page ii
1. General assessment and approach
This general level of risk to this project is [make a brief statement indicating high, medium, or low
level of risk]
The project will approach risk management as follows:


[make a brief statement indicating whether an aggressive, moderate, or low level of risk
management is intended. (E.g., an aggressive approach might include weekly monitoring
for occurrence of risk factors and immediate response to any realized risks.)
indicate whether a qualitative, quantitative, or combined risk analysis approach will be
used
2. Risk management definitions
The project will use the following definitions, categories, and response strategies to manage risk:
Risk Likelihood Categories
Risk Impact Categories
Response Strategies
[provide specific qualitative or
quantitative measures]
[provide specific qualitative or
quantitative measures]
[adopt or modify the following]


3.3.4 Template –Change Management Plan v2.0
Avoidance. The avoidance
strategy eliminates the
possible deviation by
changing the project
deliverables against which
the deviation is defined. For a
negative risk, this could mean
deciding not to undertake the
deliverable. For a positive risk
or opportunity, this could
mean exploiting the
opportunity by incorporating it
into the project as a planned
deliverable.
Mitigation. The mitigation
strategy sets out to alter the
likelihood or the impact of the
risk. For negative risks, steps
may be taken to reduce the
probability that risk factors will
cause a deviation from the
project plan or to reduce the
amount of deviation. Taking
steps to increase the
likelihood or amount of a cost
savings may be a sensible
response to a cost savings
opportunity.
Page 1


[Other]
Transference. The
transference strategy
transfers the impact of the
deviation to a third party.
Purchasing insurance is a
classic risk transference
strategy. On the positive side,
a plan to share possible cost
savings with a vendor as an
incentive is an example of
transference.
Acceptance. The acceptance
strategy merely
acknowledges the risk, but
does not specify any action to
take in response to the risk.
[specify any other definitions needed]
3. Roles and responsibilities
[For decision makers, note any special expertise that may be required given the types of risks you
can anticipate. This sets the stage for ensuring access to that expertise.]
The risk manager is responsible to
 evaluate and adjust the risk register periodically
 monitor project and recognize the occurrence of factors that result in realized risks
 track and facilitate the timely response to realized risks
 communicate realized risks to the project team and others
 report risk management activity according to communications plan
The risk response decision makers are responsible to
 approve responses to realized risks
 request further evaluation if insufficient information is available to support the decision
4. The risk management process
For each risk identified in the risk register the following process will be followed.
4.1 Monitor for occurrence of risk factors: The risk manager will scan for the occurrence of risk
factors that may cause a realized risk specified in the risk register every ____ [days, weeks].
4.2 Evaluation: For any occurring factor, the risk manager will determine if the associated risk is
realized and make a preliminary determination of the impact.
4.3 Consultation: The risk manager will consult with risk decision makers as needed and confirm
response based on consultation.
3.3.4 Template –Change Management Plan v2.0
Page 2
4.4 Response: The risk manager will take any action needed to implement the response
indicated in the risk register for the realized risk.
4.5 Logging: For any occurring factor, the risk manager will log the factor, the associated risk,
and the response taken in the risk control log.
4.6 Communication: The key stakeholders and risk decision makers will be notified of realized
risks as they occur. A summary of recent realized risks will be reviewed in weekly team meetings.
A risk summary will be published to stakeholders and customers with the [note reporting period,
e.g. monthly] project status report.
5. Tools
Risk register form
See attached risk register template.
Risk control log
See attached risk control log template.
6. Appendices
[Add additional information as needed.]
3.3.4 Template –Change Management Plan v2.0
Page 3