Risk Management Strategy Template

From PRINCE2 wiki
Jump to: navigation, search

Download Risk Management Strategy Template

Click here to download


Purpose

A Risk Management Strategy describes the specific risk management techniques and standards to be applied and the responsibilities for achieving an effective risk management procedure.


Advice The Risk Management Strategy is derived from the: Project Brief; Business Case; The corporate or programme management’s risk management guide, strategy or policy. A Risk Management Strategy can take a number of formats, including: Stand-alone document or a section in the Project Initiation Document; Entry in a project management tool.

The following quality criteria should be observed:

  • Responsibilities are clear and understood by both customer and supplier
  • The risk management procedure is clearly documented and can be understood by all parties
  • Scales, expected value and proximity definitions are clear and unambiguous
  • The chosen scales are appropriate for the level of control required
  • Risk reporting requirements are fully defined.



Introduction

(States the purpose, objectives and scope, and identifies who is responsible for the strategy)



Risk Management Procedure

(A description of (or reference to) the risk management procedure to be used. Any variance from corporate or programme management standards should be highlighted, together with a justification for the variance.)

The procedure should cover activities such as:


Identify

(Add text here)


Assess

(Add text here)


Plan

(Add text here)


Implement

(Add text here)


Communicate

(Add text here)



Tools and Techniques

(Refers to any risk management systems or tools to be used, and any preference for techniques which may be used for each step in the risk management procedure)



Records

(Definition of the composition and format of the Risk Register and any other risk records to be used by the project)



Reporting

(Describes any risk management reports that are to be produced, including their purpose, timing and recipients)



Timing of Risk Management Activities

(States when formal risk management activities are to be undertaken - for example, at end stage assessments)



Roles and Responsibilities

(Defines the roles and responsibilities for risk management activities)



Scales

(Defines the scales for estimating probability and impact for the project to ensure that the scales for cost and time (for instance) are relevant to the cost and timeframe of the project. These may be shown in the form of probability impact grids giving the criteria for each level within the scale, e.g. for ‘very high’, ‘high’, ‘medium’, ‘low’ and ‘very low’)



Proximity

(Guidance on how proximity for risk events is to be assessed. Proximity reflects the fact that risks will occur at particular times and the severity of their impact will vary according to when they occur. Typical proximity categories will be: imminent, within the stage, within the project, beyond the project)



Risk Categories

(Definition of the risk categories to be used (if at all). These may be derived from a risk breakdown structure or prompt list. If no risks have been recorded against a category, this may suggest that the risk identification has not been as thorough as it should have been)



Risk Response Categories

(Definition of the risk response categories to be used, which themselves depend on whether a risk is a perceived threat or an opportunity)



Early-warning Indicators

(Definition of any indicators to be used to track critical aspects of the project so that if certain predefined levels are reached, corrective action will be triggered. They will be selected for their relevance to the project objectives)



Risk Tolerance

(Defining the threshold levels of risk exposure, which, when exceeded, require the risk to be escalated to the next level of management. (For example, a project-level risk tolerance could be set as any risk that, should it occur, would result in loss of trading. Such risks would need to be escalated to corporate or programme management.) The risk tolerance should define the risk expectations of corporate or programme management and the Project Board)



Risk Budget

(Describing whether a risk budget is to be established and, if so, how it will be used)