The Risk Management Plan (RMP)

This chapter covers the following topics:

• The Three R’s: RAM, RACI, and RBS

• Risk Responsibility and Accountability

• Risk Communication Documentation

• Risk Education and Training

As any project begins, the risk management plan (RMP) should begin at the same time. The RMP is one of the first documents that a project or risk manager generates, and it covers a wealth of information about how the project should be managed from a risk perspective. A common misunderstanding about the RMP is that the document lists all the project risks. It does not. It should not list any of them, except for reference purposes. Its role in the process is to affirm how risk will be managed and what the risk norms of the enterprise are.

As discussed in Chapter 4, “Strategic Risk,” the RMP echoes organizational risk strategy and is approved by the project sponsor. It documents enterprise and stakeholder tolerances, as well as their associated thresholds (and in some cases, triggers). The RMP serves primarily from the macro view of the project, although some micro issues might also be addressed. For example, the structure of risk statements and how risks will be tracked and reported will be incorporated in the RMP (whereas the actual, individual risk statements will not).

In many organizations, there is a standard template for their RMPs, often owned by the project management office (PMO). Although each RMP will be unique to the project, the layout of that document should be consistent with other RMPs for other projects. Informational elements that need to be included reflect organizational culture and strategy. If the organization is sufficiently risk-mature, there could be an enterprise risk management office, which would ultimately own the risk management plan template.

This chapter examines the structure and elements of a risk management plan. It also addresses the project manager’s (or risk manager’s) roles in developing the document.

During the life of the project, some of these considerations may evolve. It is incumbent on the effective risk manager to document and communicate any such evolution to the relevant stakeholders.

This chapter addresses the following objectives from the PMI-RMP^® Exam Content Outline:

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 5-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 5-1 “Do I Know This Already?” Section-to-Question Mapping

1. Stakeholders play a significant role in all steps of the risk process, whether they are employees of the organization or not. How will your risk management plan ensure that engagement happens?

1. Assign specific roles to specific individuals to make sure they understand their participation and their deliverables.

2. Assign specific risks to specific individuals to make sure they understand their participation and their deliverables.

3. Spell out the risk processes that involve both inside and outside parties and encourage them to select processes germane to their roles.

4. Spell out the risks that involve both inside and outside parties and encourage them to select processes germane to their roles.

5. Create a RACI chart for the internal personnel and a RAM for all stakeholders, and distribute them widely.

2. What’s wrong with the RACI chart displayed in the table that follows?

1. Chris cannot be responsible for more than one process.

2. Accountability can be assigned to only one person per process.

3. Carl cannot be both responsible and accountable for the same process.

4. Laura cannot be accountable for more than one process.

5. Miko cannot have both consulting and informing roles.

3. The risk management plan integrates with the rest of the project plans. How?

1. The risk management plan leverages information from the other management plans to create a master list of process areas and their risks.

2. As multiple stakeholders are involved in developing the RMP, natural integration occurs through their experiences with different aspects of the project.

3. The risk management plan is one of a number of management plans that combine to form the project management plan.

4. All the other plans draw on the risk management plan to inform their processes.

5. The risk management plan is overarching and thus integrates naturally with the other management plans.

4. You always conduct a SWOT analysis to better understand your project environment from a risk perspective. This process will manifest itself in the risk management plan. How?

1. The details of the strengths, weaknesses of the project and the opportunities and threats of the organization will be spelled out in the RMP.

2. The strengths, weaknesses, opportunities, and threats of the project will be spelled out in the RMP.

3. The strengths, weaknesses, opportunities, and threats of the organization will be spelled out in the RMP.

4. The format for the SWOT and the appropriate application thereof will be spelled out in the RMP.

5. The strengths and weaknesses of the organization and the opportunities and threats of the project will be spelled out in the RMP.

5. Several paragraphs in your risk management plan explain the risk sources that will be used for your risk breakdown structure. These are sources that are used consistently across the enterprise to build out RBSs. As you evaluate them, you come to the realization that _____.

1. This is an important inclusion because the RMP is about the structure of risk processes and how they’re done.

2. This is an important inclusion because the RMP needs to incorporate detail on risk sources.

3. This is an important inclusion because the RMP needs to incorporate them to fill out the RBS.

4. This is wrong because the RMP needs to be project specific, rather than reflecting the rest of the enterprise.

5. This is wrong because the RMP needs to address specific risks.

6. For your project, who’s responsible for ensuring that proper risk management training is conducted for the proper stakeholders?

1. The project/risk manager is responsible and accountable on all projects.

2. The project management office (PMO) is responsible and accountable across projects.

3. The project management office (PMO) with guidance from the project/risk manager is responsible for ensuring that proper risk management training is conducted for the proper stakeholders.

4. The project/risk manager, with guidance from the project management office (PMO), is responsible for ensuring that proper risk management training is conducted for the proper stakeholders.

5. Human Resources.

7. When it comes to the risk management plan (RMP), you wonder whether some of the descriptions of tolerances and triggers might upset some team members. You fear that the lexicon incorporated in the document might become a point of contention, thanks to the ambiguity of some of the terms. Your best solution to this problem would be to do which of the following?

1. Rewrite the lexicon in plain language.

2. Have the team rewrite the lexicon in plain language.

3. Leave the lexicon consistent with the rest of the organization and know that the stakeholders will figure it out over time.

4. Rewrite the lexicon in plain language, knowing that the stakeholders will then be able to figure it out.

5. Leave the lexicon consistent with the rest of the organization and host training sessions that incorporate the terms generously.

Foundation Topics