Risk Management Plan Template | FREE Download

What is the Risk Management Plan?

The Risk Management Plan is a PMBOK document which sets out how risks will be managed on a project. It is forms the basis for all other risk management activities, including risk strategy, identification, funding and monitoring. It will define the processes followed and the templates that will be used (including the Risk Register). stakeholdermap.com
The risk management plan is created from the process 'Plan Risk Management' in the Project Management Body of Knowledge Guide (Sixth Edition). It is written once and does not usually change over the course of the project.

This is not just a template! It includes a wealth of hints and tips along with examples of a:
  • risk management method
  • a model risk management process
  • risk report form
  • risk assessment method
Use this FREE template to document how risks will be managed on your project. PMP, PMBOK compatible.
Risk Management Plan Template
This is a FREE Risk Management Plan in Word, doc and docx. The template is fully editable with Microsoft Word and can be converted or changed to suit your project requirements. It is suitable for PMBOK/ PMP.

See what is in the Template! Check out the Contents complete with Hints and Tips on how to use.

Check out the contents below or Grab the template now!

What's in the Risk Management Plan?


[Project Name] Risk Management Plan

Project Reference


Document Control

Document information:
  • Document Id
  • Document Owner
  • Issue Date
  • Last Saved Date
  • File Name
Document history:
  • Version
  • Issue Date
  • Changes
Document approvals:
  • Project Sponsor
  • Project Review Group
  • Project Manager
  • ....................
  • ....................

Risk Management Methodology

Describe the approach, tools and data that you will use to manage risk on this project.

An example methodology is provided below:

The Risk Management Method

Risk Management Method
This project will use Acme’s risk management method defined in the Acme Project Management Methodology. It is a simple four step method which is repeated continuously through the project lifecycle. Once a risk is identified, it is assessed, responses to manage the risk are agreed, and progress is monitored:
  1. Identify – risks are identified on an ongoing basis, through formal risk identification workshops as well as during day to day activities.
  2. Assess – once identified a risk is assessed to establish the likelihood of it occurring and the impact it will have if it occurs.
  3. Respond – there several possible actions that can be taken to reduce the likelihood of a risk occurring or the impact of the risk, for example transferring, avoiding, and mitigating. In this step suitable responses are agreed, and budget approved if needed.
  4. Monitor - progress of the risk responses needs to be monitored and controlled, with corrective action taken if needed. Typically, progress is assessed via project team meetings.

Risk Identification

Describe how risks will be identified and captured. Risks can be revealed from many sources and at any time during the project, so risk identification needs to be an ongoing process.

An example Risk Identification process is shown below:

The entire project team are responsible for identifying risks and reporting them to the Risk Manager. Risks may be identified via risk workshops, but also through many other routes:
risk identification sources

How Risks will be expressed

Risks will be expressed using the following simple statement:
IF xxxx assumption proves incorrect THEN xxxxx will happen
This statement ensures that the cause of the risk (the assumption) is clear, as is the impact. For example, if you are assuming shipping will take 10 days, risk of delay could be expressed as:
IF shipping takes longer than 10 days THEN the project will face a cost of $500 per day in unused warehouse space.

Risk report form

Identified risks can be documented on a risk form and sent to the Risk Manager for assessment.

Example risk form:
Risk Report Form

Risk capture and logging

Describe how risks will be captured and documented. Include the information that will be captured along with details of who will be responsible for keeping the documentation up to date. You can include a link to the documents that will be used and/or include a copy in an appendix.

An example risk management process is provided below:

Risks will be captured on a risk form and submitted to the Risk Manager, who will document the risk on the Risk Register and present it to the risk review board. The risk review board will assess the risk and accept, reject or request more information. If the risk is accepted the board will confirm the suggested mitigating and contingency actions and agree a budget for managing the risk.
Risk Identification Process

Risk Assessment Method

Describe how you will know which risks are the most important. Frequently risks are reviewed and given a score or rating of likelihood and impact. In other words, is this risk likely to happen and if it did what would it mean for the project?

An example Risk Assessment method is shown below:

Risks will be assessed by impact and likelihood using a 1 to 4 numeric scale. The combined score is the risk priority and will drive the response to each risk.

Likelihood scale:
  1. the risk is very unlikely to happen for example it is statistically unlikely, or action has already be taken to reduce the likelihood.
  2. the risk is unlikely to happen, but is not unheard of, for example a supplier goes unexpectedly into liquidation or a regulatory change forces a change of materials or project approach.
  3. the risk is likely to happen, for example: rain in September in the UK or scope creep on IT projects (see 20 common project risks).
  4. the risk is highly likely to happen, perhaps it is a common occurrence on projects or a common issue with location, environment, materials, equipment or the technology used. For example, projects are often impacted by staff illness.
Impact scale:
  1. the risk will have little impact, perhaps there are plans or procedures in place that will reduce the impact, or there is a simple low-cost alternative. For example, holding a skype or zoom meeting if a key person can’t make it to the office.
  2. the risk will have some impact, but it can be managed or reduced easily. For example, getting cover for a non-critical staff member who is off sick or a short delay while a contingency plan is put in place.
  3. the risk will have a significant impact. It is likely to require involvement of senior management and trigger a re-assessment of the business case. For example, equipment failure causing a delay to the go live date.
  4. if the risk occurs the project will no longer be viable, perhaps the business case can no longer be achieved, the additional costs would make it ruinous or the delay would be so long as to make the project pointless.

Risk Assessment Matrix

Once you have rated a risk by impact and likelihood you can use a matrix to find the priority/importance of the risk.

An example Risk Assessment Matrix is shown below:

Risks with a priority between 1 – 3 will be accepted (no action will be taken).

Risks with priority between 4 – 8 will be managed using the most appropriate risk response.

Priority 9, 12 and 16 risks may result in the project being cancelled or put on hold until a risk response can be implemented that will reduce the priority to 8 or below.
Risk Assessment Matrix

Other examples of risk matrices:

3 x 3 Risk Matrix

4 x 4 Risk Matrix

5 x 5 Risk Matrix

Risk Responses

Risks are often managed by reducing the likelihood of the risk happening or the impact. Other responses are also valid such as transferring the risk, accepting the risk and avoiding the risk. Describe the risk responses that you will use to manage risk on this project.

Timing and Frequency of Risk Management Activities

Document when risk management activities will be carried out including the frequency. Include any risk identification workshops, risk review boards and how and when progress will be monitored.

An example is below:

Progress will be monitored on a weekly basis. The agenda for the weekly project team member will include space for a review of the risk register focusing on the progress of the risk responses. Risks that are scored between 8 and 16 will be reviewed at the monthly Risk Review Board meeting chaired by the Risk Manager.

Risk Funding

Breakdown the funding/budget needed to manage risk on the project. This includes: the cost of risk mitigation, cost for expert consultants, insurance cost, and a contingency budget. This section should also describe how the funding will be allocated, accessed, controlled and measured.

Risk Management Plan Template

Word .docx download - Risk Management Plan

Word .doc download - Risk Management Plan

PDF download - Risk Management Plan

Institute, P.M. (2017) A Guide to the Project Management Body of Knowledge . 6th edn. Newtown Square, PA: Project Management Institute.

More Project Templates to download!