What is a Risk Management Plan?

The Risk Management Plan (RMP sometimes called ROP) “is a component of the project management plan and is established at project initiation that describes how assumed or identified risks are evaluated, with identified feared events and how to plan for mitigation and control.

The RMP describes the activities and resources necessary for the project management team to mitigate and action identified risks at least to ALARP[1] status. The ultimate goal is to eliminate the risk.

“Risk Analysis and Management is a key project management practice to ensure that the least number of surprises occur while your project is underway. While we can never predict the future with certainty, we can apply a simple and streamlined risk management process to predict the uncertainties in the projects and minimize the occurrence or impact of these uncertainties. This improves the chance of successful project completion and reduces the consequences of those risks.”[2]

The RMP needs to clearly identify any individual risk and the overall risk for the project and the expected impact.

It is good practice to have a good view of the different risk types, which can help in the identification phase, such as event, variability, ambiguity and emergent risks.

As we live in a VUCA world characterized by vulnerability, uncertainty, complexity and ambiguity, there will be areas identified with anticipated management behaviour patterns which are for any project leader important to know. The RMP needs to cater for this.

View our Risk Register Example.


[1] As low as reasonably possible

[2] Lavanya, N. & Malarvizhi, T. (2008). Risk analysis and management: a vital key to effective project management. Paper presented at PMI® Global Congress 2008—Asia Pacific, Sydney, New South Wales, Australia. Newtown Square, PA: Project Management Institute.