A Short Guide to Project Risk Management Plan

Projects always have issues. It is a project manager’s job to find events that cause issues and manage them proactively.

These events are negative risks, and risk management helps you find and manage them.

Risks do not always harm the project; they can have a positive impact. Risks with positive effects are known as positive risks. Risk management helps you with positive risks as well.

Without risk management, your project has less chance of succeeding. You must have a risk management plan; it is a component of the project management plan.

What is a Risk Management Plan?

Risk management is a process of identifying risks, analyzing the risks, developing a risk response plan and monitoring them throughout the project life cycle. The risk management plan helps you carry out risk management activities. 

A risk management plan has identify risks, analyze the risks, develop responses, and implement those responses. It describes how risk management activities will be carried out.

The Components of a Risk Management Plan

The following are the components of a risk management plan:

  • Plan Risk Management
  • Identify Risks
  • Analyze Risks
  • Plan the Responses
  • Monitor and Control the Risks

Plan Risk Management

Here, you define how you will conduct various risk management activities.

You define how you’re going to identify the risks, and how they will be categorized, analyzed, etc.

You will lay down the formula to determine risk ranking; which risks are high, medium or low.

Identify Risks

In this process, you collect risks using the methods described in the risk management plan. A few risk identification techniques are:

  • Document Review
  • Information Gathering Techniques
  • Interview

In document review, you look over records of past projects. These documents provide you with many possible risks. The documents may include lessons learned, risk register, issue log, project files, and more.

In information-gathering techniques, you interact with various stakeholders to collect the risks. You ask experts to list as many risks as they can. This technique includes brainstorming, the Delphi technique, etc. 

The Delphi technique helps you get responses from experts who are not comfortable expressing their opinions by circulating a questionnaire to experts anonymously.

You repeat this procedure until you get your conclusive results. Afterward, you compile them and review the responses. 

In an interview, you approach busy and important stakeholders with a team member. You ask pre-selected questions during your conversation. The team member records these conversations.

Analyze the Risks

You will analyze risks using qualitative and/or quantitative methods after risk identification is complete. 

You always perform a qualitative risk analysis process. However, quantitative risk analysis is optional. The quantitative risk analysis process is most likely to be performed on large and complex projects.

Here, you determine the probability and impact of each risk, and then you prioritize them. After completing the qualitative risk analysis review, you move on to the quantitative risk analysis review.

In quantitative risk analysis, you numerically analyze the risks and their effect on the project objectives. 

Expected Monetary Value (EMV) Method is a quantitative risk analysis technique. Here, you calculate the EMV of each choice and then select the best choice. It helps you to determine the contingency reserve, which is used to manage identified risks.

To manage unidentified risks, you use the management reserve. Management defines this reserve; they can set this as a percentage of the project cost, for example, 5% or 10% of the project cost. A project manager needs the approval to use the management reserve.

Read: Contingency Reserve Vs Management Reserve

A Monte Carlo simulation provides the chances of completing the project in different conditions. You can run this technique with cost, schedule, or any other project objectives. It graphically shows you a project’s objective vs. its chance of being completed under various conditions.

For example, if you run the Monte Carlo simulation for schedule analysis, you will know that you have an 80% chance of completing the project within 24 months and a 90% chance of completing it in 26 months.

Plan Risk Responses

After collecting and qualifying risks, you will develop the risk response plan. This plan describes actions that you should take when an identified risk occurs.

Risks can be positive or negative. Positive risks are known as opportunities, and negative risks are threats. The risk response plan aims to reduce the probability or impact of negative risks and increase the chance or benefits of positive risks.

You will assign a risk owner to each risk. They will be responsible for monitoring the risk and if it occurs, they will implement the risk response plan.

Strategies for negative and positive risks are different.

Negative Risk Response Strategies:

You can use the following strategies to manage negative risks:

  • Mitigate: You try to reduce the chance of the risk occurring, or its impact.
  • Avoid: You take measures to eliminate the threat or its effect, like, changing the project management plan.
  • Transfer: You transfer the risk to a third party: e.g., insurance.
  • Escalate: You shift the responsibility of managing the risk to higher management.
  • Accept: You acknowledge the risk and document it, but do not take any action to mitigate it or its effect.

Positive Risk Response Strategies

You can use the following strategies to manage positive risks:

  • Enhance: You try to increase the chance of an opportunity or its impact.
  • Exploit: You do everything to make sure that the opportunity is realized.
  • Share: If you are not capable of realizing the opportunity on your own, so you ask someone to share in the opportunity.
  • Escalate: You transfer the responsibility of managing the risk to higher management.
  • Accept: You acknowledge the opportunity and document it, but do not take any action to realize it.

You can use accept and escalate risk response strategies with both types of risks. 

After completing the risk response strategy, you will update the risk register.

Monitor and Control Risks

You watch for these risks once the project starts. You will control them when they occur and record the outcome into the risk register.

The risk management plan has a tracking and reporting system for risk events. This helps the project manager analyze the efficiency of the risk management plan and record lessons learned for future risk events.


The risk management plan is a subsidiary plan of the project management plan. Your project success depends on the risk management plan. A sound plan can help you complete the project within the approved schedule and budget. You have to be proactive with risk management. Use experts’ help in developing a risk response plan.

How do you develop risk management plans for your projects? Please share your experiences in the comments section.

Kindly note that when you calculate the reserve for the cost, you also have to calculate the reserve for the schedule. Here, the contingency reserve may be known as the time reserve or buffers. They are part of the schedule baseline. However, the management time reserve is not a part of the schedule baseline but a part of the overall project duration.

PMP Question Bank

This is the most popular Question Bank for the PMP Exam. To date, this PMP Question Bank has helped over 10,000 PMP aspirants pass the PMP exam. 

__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"62516":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"62516":{"val":"rgb(59, 60, 61)"}},"gradients":[]}}]}__CONFIG_colors_palette__
More Details

PMP Formula Guide

This is the most popular Formula Guide for the PMP Exam. If you face difficulty with attempting mathematical questions for the PMP exam.

__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"62516":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"62516":{"val":"rgb(59, 60, 61)"}},"gradients":[]}}]}__CONFIG_colors_palette__
More Details

Recommended Reading

Speak Your Mind

    • If you start seeing a risk in two different ways, consider splitting it into two different risks.
      For example, this risk:
      “#1 – Our new development tools may decrease our productivity.” (rating: ???)
      Could be split into these:
      “#1.a – Our new development tools may not support development of a required feature.” (rating: HIGH)
      “#1.b – Our new development tools may be unfamiliar to the developers.” (rating: LOW)

  • Dear Fahad,
    Assalam o Aleikum,

    I was searching good PMP site since long and now I found your web site which I feel very good to understand the concepts and I really enjoying reading your articles.

    Now, my questions are, could you please further explain;
    1) Qualitative & quantitative analysis process with examples?
    2) Expects Monitory Value (Decision tree method) & Monte Carlo Simulation processes with some other examples?

    3) Can I copy or print notes on your website (PMP Study Circle) ?

    4) Can I buy your books using debit card ?

    Please reply soon. Thanks in advance.

  • Sir, i have difficulties when solving Earned Value Mgmt questions especially questions that involve Labor Hours. Pls assist me with formulas and work examples on it. Thanks.

  • Dear Mr. Fahad,
    Ramadan kareem, Brother, i need some info regarding the pmp exam.

    Today i have taken my pmp exam and have unfortunately failed though the exam wasn’t hard.
    … i am planning to reschedule it again … but it may be late as the pmp exam is schedule to change after 31 st of this month. So my question is .. will my application be valid after 31st as it is as per PMbok 4.
    Can i be able to take exam after 31st on PMBOK 4 ? probably end of this year
    and other question,
    Will PMI give me details for my exam … like the questions and the answers which were incorrect ?
    i have also emailed this query to PMI and PMstudycircle and expect for quick reply from you.

    thanks and god bless
    Syed imad

    • It is really bad news that you failed the exam. I hope you still have two chance left with you. This is the time for you to focus on your gaps.

      Regarding your doubts, answers are as follows:

      You are applicable for the exam until you cross your one year from the date you got your application approved.

      No, after this date you can not give exam based on the fourth version of the PMBOK guide.

      PMI will only give your result with proficiency level in each process group. No other details will be provided to you.

      • You content is great i loved it , this is my first time i visited your blog

        I am exactly like syed imad’s situation and he is absolutely right, exam wasn’t hard enough but i could n’t manage my time to review the marked ones

        I am trying again now but much concerned about the exam practice questions and material though i have pmbok 5 but that’s not enough. pmbok 4 stayed for 4 long years, so much is available to study and for practice but that’s not the case with pmbok 5

        Need you suggestion !


        • There is not much difference between the fourth and fifth edition of the PMBOK Guide. Just review the latest edition and you are good to go.

          As of now many programs have been upgraded to latest edition of the guide, and many are in process of it.

          • Sounds Good but i heard that there is 30 40% difference in question

            Can i keep attempting questions of those knowledge areas which has no difference from pmbok 4 ? like risk and some of the others ?


            • I don’t think that 30 to 40% questions are going to be changed.

              Of-course you can keep practicing it.

              I also suggest you buying any good updated questions bank for further practice.

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

    Recommended Resources

    Use these resources for your PMP certification exam preparation and pass the exam with minimal effort.

    __CONFIG_group_edit__{"jv80vv8f":{"name":"All Image(s)","singular":"-- Image %s"},"jv812jsg":{"name":"All Title(s)","singular":"-- Text %s"},"jv812qp8":{"name":"All Name(s)","singular":"-- Text %s"},"jv812zdt":{"name":"All Divider(s)","singular":"-- Divider %s"},"jv813402":{"name":"All Paragraph(s)","singular":"-- Text %s"},"jv813af5":{"name":"All Button(s)","singular":"-- Button %s"},"jv813f5t":{"name":"All Content Box(s)","singular":"-- Content Box %s"},"jv813k1c":{"name":"All Column(s)","singular":"-- Column %s"}}__CONFIG_group_edit__
    __CONFIG_local_colors__{"colors":{"c85e2":"Button ","f242c":"Border"},"gradients":{}}__CONFIG_local_colors__

    The PMP Training Program

    The PMI approved 35 contact hours training program that is 100% online, affordable, and help you prepare the PMP exam.

    __CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"3e1f8":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"3e1f8":{"val":"rgb(255, 255, 255)","hsl":{"h":210,"s":0.01,"l":0.99}}},"gradients":[]},"original":{"colors":{"3e1f8":{"val":"rgb(19, 114, 211)","hsl":{"h":210,"s":0.83,"l":0.45}}},"gradients":[]}}]}__CONFIG_colors_palette__
    Read More

    The PMP Exam Preparation Tool

    A PMP exam preparation course, that is 100% online and provide you everything you need to pass the PMP exam.

    __CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"3e1f8":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"3e1f8":{"val":"rgb(255, 255, 255)","hsl":{"h":210,"s":0.01,"l":0.99}}},"gradients":[]},"original":{"colors":{"3e1f8":{"val":"rgb(19, 114, 211)","hsl":{"h":210,"s":0.83,"l":0.45}}},"gradients":[]}}]}__CONFIG_colors_palette__
    Read More