Guideline: Defining Practices for Risk Management
This guideline provides considerations for defining practices that projects will use for risk management.
Main Description

The following are typical activities and key considerations for Risk Management to reference as you define practices for your organization.

  • Define the approach to be used to identify risks, and how risks will be analyzed and prioritized.
  • To ensure that all aspects of the project which are prone to risk are covered, define potential sources of risk (such as: requirements, design, development process, work environment, resources, contract, project interdependencies, and so on), as well as risk categories (such as: technical, project management, organizational, and external)
  • Define the risk management strategies that will be used by projects in your organization, including mitigation, avoidance, and/or prevention strategies for the most significant risks.
  • Define how the status of each significant risk and its mitigation activities will be monitored. Define acceptability thresholds against which risks will be periodically compared in order to determine the need for implementing a risk mitigation plan. Define how risk review and reporting schedules will happen, and what frequency of reviews are required by projects.
  • List typical roles involved in the risk management activities across projects and the organization, and provide a description of the typical tasks and responsibilities of each role.
  • Determine the typical percentage of budget that projects should allocate to risk management.
  • List templates, tools and techniques that will be used by projects to store risk information, evaluate risks, track the status of risks or generate risk management reports.