Developing a Risk Management Plan for your project

May 5, 2021

Sign up and try it out for free!

Sign Up For Free
risk and project management

When entering into a project, especially complex or long-term projects, it is important to evaluate the involved risks. Risks may include: the methodology to the project’s construction, build techniques, funding, timing, and team member responsibilities. Creating a risk management document can be an incredibly valuable tool when organizing a comprehensive list of these risk factors, and planning out strategies to avoid them throughout the project.

A risk management plan is composed of the following steps:

  • Risk Identification
  • Qualitative Risk Analysis
  • Planning Risk Responses
  • Implementing Risk Responses
  • Monitoring Risks

Step 1: Project risk identification

Agile managed teams are constantly scanning for risks, and they are identified as they appear. Some techniques for bringing such risks to light include:

  • Interviews with potential users;
  • Team meetings and brainstorming;
  • Project document review;
  • Refer to an expert panel (Delphi Technique);
  • Expert referral interviews.

As mentioned, risk management is an on-going practice within a project where it can be referred to during:

  • Sprint planning meetings;
  • Review of the project’s sprint backlog;
  • Review of the project release / launch plan;
  • Review of the project during retrospectives for future use;
  • Anytime during the inspection of the product build.

Identified risks should also have an associated status where they are measured for their harmful impact and the tolerance the team is willing to withstand with the risk existing.

Step 2: Producing qualitative risk analysis


This step is a consolidation of all involved risks and identifying them by:

  • Their impact as a risk to the project;
  • Their probability of becoming a reality.

Assessing impact can be mainly looked at as a range of cost against the budget in billable time. So, in additional required hours because of an existing risk, how many hours will it require to remedy the potential fallout?

Assessing the probability can be as straightforward as using a range of percentage from 0% – 100%.

Step 3: Planning your project’s risk responses

risk response to project management

With every identified risk within the plan there should be a reciprocating risk response that should be given a cost value for execution, as well as being logged in your project management software such as JIRA, Pivotal Time Tracker, Asana, or Basecamp.

Risks that are considered systematic may require more attention and planning work built into the scope if they materialize. Team members should also own specific risks, especially if they are in the best position to monitor and alert a particular risk scenario. As Risk Owners team members have complete responsibility over the risk and must escalate issues that need to be addressed through the Project Manager.

Step 4: Executing project risk responses

mitigate risks in projects

As mentioned, risk assessment needs to be an ongoing process. Risk owners are expected to constantly:

  • Monitor the assigned risks;
  • Report any risk response implementation;
  • Report the current status of project risks;
  • Identify secondary or residual risks.

The project manager is responsible for the overall execution and resources used for addressing realized risks. These risks, their status, and remedies should be discussed regularly during daily project scrum meetings.

Step 5: Monitor project risks

In hand with executing risk responses, it’s important to practice the Risk Identification step throughout the entire life of the project or sprint.

  • Review the risk register within your project management tool;
  • Hold regular team brainstorming sessions;
  • Control risk’s impact and probability;
  • Assess the efficiency of risk response;
  • Maintain a current risk register;
  • PM continuously coach the team around best practices of risk management;
  • Empower subject matter experts to conduct risk audits on the project at any time.