Risk and Issue Management Plan

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

Risk and Issue Management Plan

Document Information
Sponsor Business
Owner
Project Manager Estimated
Budget
Target Start Date Target End
Date

Document History
Version Date Summary of changes
1.0

Document Approvals
Role Name Signature Date
Project Sponsor
Committee Member
Committee Member
Committee Member
Project Manager
[Project Name] Risk and Issue Management Plan

Table of Contents
[Update this Table of Contents after completing the remainder of this document.]

Purpose.............................................................................................................................1

Management Process......................................................................................................1
Initiation and Logging............................................................................................................... 2
Analysis.................................................................................................................................... 2
Risk Review............................................................................................................................. 3
Issue Recommendation Approval.............................................................................................3
Integration................................................................................................................................ 3
Closure..................................................................................................................................... 4
Monitoring................................................................................................................................ 4

Roles and Responsibilities.............................................................................................4

Project RAID Log.............................................................................................................6

[Date] Page i
[Project Name] Risk and Issue Management Plan

Template Guide
[Delete this section after completing the remainder of this document.]
What is a risk and issue management plan?
The Risk and Issue Management Plan documents the process for identifying, logging,
monitoring, and resolving risks and issues for a project. A risk is any known event which may
impact project outcomes, either positive or negative. If realized, a negative risk often becomes
an issue that requires resolution. An issue is any items or questions that will have an adverse
impact on the project if left unresolved. Issues can arise from realized risks. An issue will likely
require a decision to be made from several alternatives and may result in one or more action
items.

Why create a risk and issue management plan?


The risk and issue management plan along with the RAID (Risks, Actions, Issues, Decisions)
Log formally documents the process, roles and responsibilities, and mechanism for identifying,
logging, monitoring, and resolving risks and issues for a project. The purpose of managing risk
and issues is to identify potential problems before they occur or to leverage opportunities to
create success.

How to use this template


This template provides a guide for project managers to develop a risk and issue management
plan for new technology and/or business system projects. Additional sections may be added or
removed according to the specific business circumstance and need. Sample tables and charts
have been included to provide tips on how to complete each section.
Italicized instructions are included throughout this template to explain the purpose of and how to
complete each section of the plan. These should be deleted from the final document.

[Date] Page ii
[Project Name] Risk and Issue Management Plan

Purpose
[This section summarizes the document.]
This plan outlines the process for managing project risks and issues that could impact project
scope, schedule or budget.

A risk is any uncertain potential event that can have a future impact on the success of a project
—positive or negative. An issue is a point or matter in question or in dispute that is impacting
the project. An issue is often previously identified as a risk which has occurred and caused
negative impact to the project.

To ensure risks and issues are identified and response plans are developed, and to reduce any
negative impact to project outcomes, the process outlined in this risk and issue management
plan will be used.

Risk and Issue Management Process


[This section details the risk and issue management process. Consider referring to these
sections of the project management plan. Include a process flow diagram. The following graphic
is provided as a sample only.]
The following illustrates the risk and issue management process for this project.

[Date] Page 1
[Project Name] Risk and Issue Management Plan

Initiation and Logging


[This section describes the process for initiating and logging risks and issues.]
At any time during the project, a project team member or stakeholder can initiate a risk or issue
by providing the project manager with the following:

1. Title.
2. Category (e.g., budget, hardware, requirements, resources, schedule, scope, software,
implementation).
3. Description.

The project manager will log the risk into the Risk, Action, Issues, Decisions (RAID) Log. The
project manager and project team will review the item, set the Risk Probability and Severity or
Issue Priority and make sure it is valid and clear. If the item I snot valid the project manager will
close the item in the RAID Log and notify the Initiator with an explanation.

Analysis
[This section describes the process for analyzing risks and issues.]
If the item is valid, the project manager and project team will assign a risk or issue lead, identify
workgroup members and set a review date and frequency. The lead will convene the workgroup
as needed to explore alternatives and develop the recommended risk strategy, response plan,
and identify the risk triggers, or develop the issue resolution recommendation. The lead will
notify the Project Manager when the analysis and response plan are complete.

Review
[This section describes the process for reviewing risks and issues.]
Risks and issues will be reviewed during the weekly project team meeting. Risks and issues will
only be closed by consensus of the team. The individual who is assigned to take lead is
responsible for updating the project manager with status periodically.

Risks are rated by Risk Probability and Risk Severity on a scale of 1-3. Risk Rating is calculated
by multiplying the Risk Probability and Risk Severity with a range of 1-9. Risks with Risk Rating
of 6 or greater will be reviewed with the Steering Committee at the regularly scheduled meeting.
Risks with Risk Rating of 3 or greater will be reviewed with project sponsors within 15 days of
identification and the project team at the next regularly scheduled meeting.

If the recommended risk response plan is not approved by the project manager/project team or
the sponsor and steering committee, the risk will be returned to the risk lead to modify or
develop a new risk response plan.

Issue Recommendation Approval


[This section describes the process for reviewing issue recommendations and approving the
resolution.]
The project manager and project team will review the issue resolution recommendation. If there
is no impact to the project scope, schedule or budget, they can decide whether to accept the
resolution recommendation or they can defer the decision to the sponsor and steering
committee. If the issue resolution recommendation affects project scope, schedule or budget the

[Date] Page 2
[Project Name] Risk and Issue Management Plan

project manager will escalate the resolution recommendation to the sponsor and steering
committee. Schedule impact means the due date of a major milestone or the end date of the
project is impacted. The sponsor and steering committee will consult with others when
necessary to make decisions on issue resolution recommendations. The project manager will
record whether the issue resolution recommendation is approved in the RAID Log.
If the issue resolution recommendation is not approved by the project manager/project team or
the sponsor and steering committee, the issue will be returned to the lead to modify or develop
a new issue resolution recommendation.

Integration
[This section describes the process for integrating risk and issue resolutions into the project
monitoring and controlling mechanisms.]
The project manager will update the necessary project control documents when a risk response
plan or issue recommendation is approved, if appropriate. One or more of the following may be
needed:

 Include new tasks required to implement the response plan in the project schedule.
 Update the scope statement in the project charter if needed.
 Add the new costs associated with implementing the response plan in the project
budget.
 Assess the need for a change request.

Closure
[This section describes the process for closing risks and issues.]
Once a risk trigger is realized, it becomes an issue and is closed and follows the issue
management process. Once an approved issue resolution is integrated into the necessary
project control documents, the project manager will update the issues log and close the issue.

Monitoring
[This section describes the process for monitoring risks and issues.]
The project manager will monitor the risk and issue logs and review it regularly with the project
team to solicit new risk and issues and to track and document progress to ensure risks and
issues are responded to.

At a minimum, the project manager will include information about risks with risk rating of 3 or
higher in project status reports and at different project meetings.

At a minimum, the project manager will include information about issues with a priority of High in
project status reports and at different project meetings.

Roles and Responsibilities


[This section describes the roles and responsibilities for managing risks and issues.]

[Date] Page 3
[Project Name] Risk and Issue Management Plan

The roles and responsibilities for the risk and issue management process are defined in the
table below.

Role Responsibilities
Initiator  Identifies new risks and issue items.
 Submits new items to the project manager.
Project Manager  Receives items and logs in the RAID Log.
 Reviews items with project team to make sure they are clear.
 Decides with project team whether an item is valid.
 Works with project team to assign valid items to an issue lead for analysis,
identify workgroup members and set due dates.
 Reviews issue resolution recommendations and risk response plans with
project team.
 Decides with project team whether to accept issue resolution
recommendations or risk response plan not impacting scope, schedule or
budget.
 Escalates risks with a risk rating higher than 3 to the sponsor and risk
ratings higher than 6 to the steering committee.
 Escalates issue resolution recommendations and risk response plans
impacting scope, schedule and/or budget to sponsor and steering
committee.
 Integrates approved issue resolution recommendations and risk response
plans into affected project control documents.
 Closes risks issues when they are integrated into project control
documents.
 Monitors and manages the RAID log with the project team.
 Includes the status of open issues and risks in project status reports and
provides routine status updates in meetings.
Project Team  Reviews risks and issues with project team to make sure they are clear.
 Decides with project team whether an item is valid.
 Works with project team to assign valid issues to an issue lead for
analysis, identify workgroup members and set due dates.
 Reviews issue resolution recommendations and risk response plans with
project team.
 Decides with project team whether to accept issue resolution
recommendations not impacting scope, schedule or budget and accept risk
response plans for risks with ratings lower than 3.
Lead  Works with workgroup to identify and analyze issue options and identify an
issue resolution recommendation or risk response plans.
 Documents issue options analysis and resolution recommendation in the
issues log or risk response plans in the risk log.
 Informs project team when analysis is complete.
Workgroup  Works with issue lead to conduct analysis.
Members
Sponsor and  Approves or rejects issue resolution recommendations and risk response
Steering plans.
Committee  Seeks input from others as needed.

[Date] Page 4
[Project Name] Risk and Issue Management Plan

Role Responsibilities
Others  Advises sponsor and steering committee as requested.
QA Provider  Identifies new risks and issues.
 Submits new risks and issues to the project team.
 Participates on project team for item review.
 Participates on steering committee.

Project RAID Log


[This section describes the contents of the Risks and Issues portions of the RAID log.]
All project risks and issues will be tracked in the RAID Log.

The following information will be captured as needed in the issues log:

 Date submitted.
 Date assigned.
 Status (open, in progress, closed).
 Issue category (e.g., budget, requirements, resources, schedule, scope).
 Issue title.
 Description.
 Priority (high, normal, low).
 Comments.
 Resolution.
 Assigned to (Issue Lead).
 The date the issue resolution is due.
 The date the issue was resolved.
 Other issues that are related to the issue.
Additional documentation may be attached as needed.

The following information will be captured as needed in the risk log:

Field Definition
Number Sequential
Title Brief description
Category Budget
(examples only) Hardware
Requirements
Resources
Schedule
Scope
Software
Implementation
Testing

[Date] Page 5
[Project Name] Risk and Issue Management Plan

Field Definition
Training
Description Longer description of the risk
Risk Impact E.g., budget, implementation, quality, resources, schedule, scope
Consequence Description of consequence to project if risk is realized
Probability 1 = Low: Not expected to occur
(likelihood of 2 = Medium: Equal chance will, or won’t occur
occurrence)
3 = High: Has or will occur
Severity (impact to 1 = Low: No measurable impact to project deliverables
the project) 2 = Medium: Will result in reduced scope
3 = High: Project will still deliver, but not all expected deliverables will be included
and/or user satisfaction will be negatively impacted; may result in project failure
Risk Rating Probability X Severity
Risk Strategy Avoid, Transfer, Mitigate, Accept
Planned Description of how to respond to the risk.
Response
Risk Trigger Description of how to identify if the risk is occurring or becomes an issue
Status Open = In review or being monitored
In Progress = Being worked; not resolved
Closed = No longer a risk to the project
Review Date Date risk must be resolved to avoid negative impact or the date when if unable to
mitigate, other steps will be taken to address the risk
Assigned To Project team member responsible for resolving the risk
Review Frequency Weekly, bi-monthly, monthly, quarterly

[Date] Page 6

You might also like