The topics addressed in risk management plan includes:
Methodology: How will risk management be performed on this project? …show more content…
External risk: For example: external agencies such as FDA, HIPPA, CMS can make new regulations which can have impact on project.
A risk breakdown structure is created based on this. It is a hierarchy of potential risk categories of the project. It helps in brainstorming and helps to identify risks.
Identify risks: To understand what potential events might hurt or enhance a particular project.
Risk identification should happen during initiation phase at a high level, at the end of planning and on a regular basis during execution.
The risk identification techniques are as follows:
1. Project document walkthroughs: Reviewing documents, assumption analysis and checklists.
2. Discussions:
a. Interviews: collect information in face-to-face, phone, email etc. This is an important tool for identifying risks. However, it is important to be well prepared before conducting an interview.
b. Delphi method: systematic, interactive forecasting procedure based on independent and anonymous input regarding future events.
c. Brainstorming: Group attempts to generate idea regarding a specific problem. Thus a list of risk can be created.
d. SWOT analysis: This can help us in finding risks and opportunities.
3. …show more content…
Cause and Effect diagram: Also known as ishikawa or fishbone diagrams. It identifies risks and determine causes. Effects are written on right side and the causes to the left.
The output of risk identification process is a risk register. It is a document that contains the results of various risk management processes. It is displayed in a table or spreadsheet format. It is a tool which documents potential risk events (specific, uncertain events that may occur to the detriment or enhancement of the project) and related information.
A risk register usually contains: Category – The category under which the risk falls. For example: defective server may fall under hardware technology.
Probability, Impact, Risk Factor – determined in Qualitative Risk Analysis. There might be high, medium and low probability and impact. The risk of a server being defective is low. But once found defective, the impact can be high.
Potential Responses – determined in Plan Risk Reponses. It states for example a clause in the contract to replace the server within a certain time at a negotiated