Explorer

Content

Plan

What is the Plan Stage of the Risk Management Process ?

Schematic Representation of the four stage Iterative Risk Management Process. A textual description of the diagram is shown on the Introduction to the Project Risk Management Process page within this site.

This stage of the iterative process completes the Risk Register by detailing the plan for managing each individual risk.

Both Threats and Opportunities should be addressed during the Plan stage. Opportunity Management provides further guidance.

What are the Key Activities ?

Identify the desirable post-handling status for each risk, considering the risk appetite.
Consider every handling option for each risk also, to an appropriate level, perform cost and benefit analysis.
Agree and implement single or multiple risk handling plans aimed at effective mitigation of threats (or taking opportunities) within budget and resource constraints.
Include detailed actions in project schedules and monitor for effectiveness. Where appropriate handling plans are reviewed and amended to cater for changing situations and emerging risks.
Identify Fallback Plans (contingency plans) and Fallback Decision Points (fallback implementation dates).
Identify Secondary Risks resulting from handling and fallback plans.

What are the Key Outputs ?

Handling plans and associated actions for all significant risks.
Actions and Fallback Decision Points added to project schedules.
Secondary risks identified and added to the risk register.
The overall project forecast (post mitigation) updated and analysed as mitigation action continues.

How is the Plan Stage carried out ?

The activities to be undertaken during this stage include:

Study the results of the analysis stage.
Develop handling options and agree action plans for risks.
Develop Fallback Plans and decision points for implementation if specific risks occur.
Develop amendments to the Through Life Management Plan.
Determine the level of risk acceptable to the project (Risk Appetite) and the profile for reducing Risk Exposure.
Define the management steps to be taken to contain risk within this profile.

Handling Options

There are four options for handling risk defined in MOD JSP 525 External link to Ministry of Defence Intranet content .

Option	Description
TERMINATE (AVOID)	Some risks will only be treatable, or containable to acceptable levels, by terminating or avoiding the activity or activities that give rise to the risk.
TOLERATE (ACCEPT)	The ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained. In these cases the response may be toleration.
TRANSFER	For some risks the best response may be to transfer them. Namely, shift the responsibility or burden of loss to another party through legislation, contract, insurance or other means. This may also occur through Public Private Partnership (PPP) or Customer Supplier Agreement (CSA) re-negotiation activity. Partial transfers are known as risk sharing or risk assignment.
TREAT (REDUCE)	By far the greater number of risks will belong to this category. The purpose of treatment is not necessarily to obviate the risk, but more likely to contain the risk to an acceptable level. The actions taken to handle risk are instigated by the Risk Owner although their effects may be felt outside of the Risk Owner's organisation.

In the context of most MOD Projects, it is unlikely that Risks can be completely transferred or terminated through contracts with external customers and suppliers. Therefore, some type of handling will be required by Projects to tolerate and treat risk. It is particularly important that Risk Handling Options contain mechanisms to ensure regular dialogue with stakeholders (customers and suppliers) to maximise the chance of their successful outcome.

For Opportunities (risks with positive consequences) the planning activity must address the need to increase the chances of realising the benefit they can offer a project. It will be necessary to determine Handling Options that will enhance the probability of an Opportunity occurring and or increase the impact that it could have. The baseline plan developed before the opportunities were identified should be maintained until the opportunities become certain.

‘Take the opportunity’ ,the fifth ‘T’, is the term used when opportunity handling actions are set out.

Justifying Decisions

It is important to record the decisions taken during the planning process and the reasons for them. There is typically a trade-off between the resources committed to risk reduction and the probability of achieving the project objectives. Risk Handling actions should be taken only when the IPTL is convinced that the response is efficient in terms of the expected gain in achievement of the project objectives.

Determining whether a response is justified should take into account its potential effectiveness, its implications for the project objectives (including timescale, product performance, cost and opportunity cost in terms of what else might have been done for the project with the resources concerned) and the relative importance the IPTL places upon the project's various objectives - as well as the significance of the risk concerned.

A typical risk handling plan is to include meaningful trials, tests and demonstrations, the latter particularly in the Assessment and Demonstration stages. To further develop risks and risk mitigation actions at this stage it is important to address the need for, and use of, the Integrated Test Evaluation and Acceptance (ITEA) process .

Similar cost and benefit analyses should also be used when assessing whether to implement handling plans to take opportunities.

Change History