3.4 Risk Management Plan
No matter how solid your plan is or how talented your team may be, every project involves risk.
This is why a dedicated risk management plan is essential at the end of the planning phase.
Risk refers to events that "might" happen in the future and could negatively impact your project's success.
Risk management isn't about reacting to problems after they occur — it's about anticipating and preparing in advance.
What Is a Risk Management Plan?
A Risk Management Plan is a document that identifies potential risks that could impact a project and defines how to address them.
It helps your team clarify:
- What risks exist (Identification)
- How serious each one is (Assessment)
- What to do about them (Response)
- How to keep monitoring them (Monitoring)
Visualising risks during the planning phase leads to smoother decision-making in execution.
1. Identifying Risks
Start by listing as many potential risks as possible. Use multiple angles to avoid blind spots:
- Technical Risks: New technology, complex specs, uncertain outcomes
- Human Risks: Key person leaving, lack of skills, low motivation
- Schedule Risks: External dependencies, approval delays, overlapping projects
- Cost Risks: Budget inaccuracies, outsourcing cost changes, procurement issues
- Organisational Risks: Slow decision-making, stakeholder conflicts, unclear roles
Use brainstorming sessions, past project reviews, and stakeholder interviews to build a thorough list.
2. Risk Assessment (Risk Matrix)
Classify each risk by its "impact" and "likelihood," then set priorities. A risk matrix is a helpful tool.
| Likelihood \ Impact | Low | Medium | High |
|---|---|---|---|
| Low | No action or minimal attention | Monitor and log | Needs monitoring |
| Medium | Monitor and log | Consider countermeasures | Must act in advance |
| High | Monitor and consider action | Must act in advance | Should be prioritised for avoidance or mitigation |
This matrix helps you focus on the most critical risks first.
3. Risk Response Strategies
Four standard ways to respond to risk:
- Avoid: Remove the cause of the risk
- Mitigate: Reduce likelihood or impact
- Transfer: Shift risk to a third party (vendor, insurance)
- Accept: Allow it if impact is minor or mitigation cost is too high
Document your chosen strategy and prepare actions — extra buffers, fallback plans — for each major risk.
4. Monitoring and Triggers
In the execution phase, monitor risks regularly. Use predefined "triggers" to determine when to take action.
Examples:
- "If reviews are delayed more than 2 business days, revise the schedule."
- "If 3+ change requests come in, revisit the budget."
This enables predictive and structured decisions rather than reactive, last-minute ones.
The Risk Register
All risk details should be documented in a shared Risk Register that everyone can access and update.
- Risk description
- Cause and affected area
- Impact and likelihood
- Priority level
- Response plan, owner, deadline
- Monitoring method and trigger
Conclusion: Assume Risks Will Happen
Risk management isn't about hoping nothing goes wrong — it's about being ready when things do.
A well-crafted Risk Management Plan lets your team respond calmly and confidently to unexpected events. It also builds trust and psychological safety for everyone involved.
How this looks in AB
The Risk Register lives naturally in AB Project Management in two complementary places: a "Risks" page in the project Wiki for the human-readable register (cause, impact, likelihood, response strategy, owner), and a tagged set of tasks (type "Risk") for the ones that need active monitoring — each with an assignee, a due date as a check-in cadence, and comments for the running mitigation log. Triggers can be encoded directly: a task like "If reviews slip 2 days, revise schedule" is itself the action you'd take, sitting on the schedule waiting. The change-history tab on each Risk task acts as the evidence trail when a risk eventually materialises — you can see exactly when it was first flagged and what was tried.