How to Do a Risk Management Plan

Step 1.  Look at what is At Risk

The project plan is the “how are we going to build this thing?”. This should contain all the information required about a project, or at least allude to it. For this reason, it is an excellent format for defining risk.

Lessons Learned files and historical data will let you know what risks you should be considering.


Step 2.  Use risk statements to develop the risk identity

Identify the risks. What are the risk events? Go through the project documents and historical information and identify the risks against the project plan. Create risk statements for each risk:

If “the risk event” occurs by… “the date within the project life cycle” it will result in… “the impact/consequence to the project” to (build/cost/quality).


Step 3.  Complete the identification and analysis

Identify, analyze, and discuss the risk and estimate, and describe.

Include all of this information in a risk register.

  • Estimate monetary costs and schedule delays
  • Estimate the probability of the risk event occurring
  • Describe the impact and discuss
  • Identify an owner
  • Also include the Reference Number, Categorization (scope, schedule, design, cost), and Type (threat or opportunity)
  • Stage (identified, in progress, occurred, did not occur)
  • Record the date that the risk was identified, each time it is updated, and the date that it is closed
  • Include documents or images that are relevant
  • Include a quantitative number for impact in general
  • If this is a catastrophic event, identify that in particular


Step 4.  In-Depth Analysis

For the complex and significant risks, employ tools such as:

Bounding the Risk – Identify the best outcome, worst outcome, and most likely.

Decision Trees – Identify possible subsequent events.


Step 5. Develop a Response Plan for each risk

Describe strategies for addressing the risk, which may include transferring, mitigating, accepting, and monitoring & avoiding the risk.

Compare the advantages, disadvantages, and costs of each strategy. Decide on strategies to pursue and record and assign an owner to be responsible for the risk and a due date.


Step 6. Prioritize.

Prioritize in terms of impact, cost, and time.


Step 7. Lessons Learned

Document the Lessons Learned to become the basis of historical information for the next project.

Record when the risk occurs or the possibility of the risk has passed, and include a discussion on actual causes and impacts. This is where the process and business improvements come from.

By documenting the Lessons Learned in a database, you end up with a searchable comprehensive tool that will give you a starting point to develop your next project plan and risk management plan.

An example of a software tool to create your Lessons Learned database is RiskMP.



Risk Management Training

We offer accredited webinars and on-site training in Risk Management and Construction Management. For more information:


More blogs from Construction Talks:

Videos on these topics: Construction & Risk Management Series





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s