Risk Management Strategy – how to create and apply it
The biggest mistake project managers can make is to start planning before thinking through the best strategy to deliver the end product. There are four key PRINCE2 strategies that need to be considered and developed, starting with the Risk Management Strategy.
The Risk Management Strategy includes the procedure to manage risks, the roles and responsibilities, the tolerances and timing of risk management activities, the tools and techniques that will be used to manage risks within a PRINCE2 project, and the reporting requirements.
PRINCE2 Risk Management Strategy – the contents
The risk management strategy document contains these sections:
- introduction
- risk management procedure
- tools and techniques
- records
- reporting
- timing of risk management activities
- roles and responsibilities
- scales
- proximity
- risk categories
- risk response categories
- early warning indicators
- risk tolerance
- risk budget
Before creating the document, PRINCE2 recommends that the following information be used to help define and create the Risk Management Strategy.
The Project Brief should be checked to determine if there are any corporate or programme management strategies, standards or practices related to risk management that should be applied or adhered to in this particular project.
Either using the Lessons Log, and/or seeking lessons from brainstorm sessions for similar previous projects, determine if there are any approaches that could be valuable in the treating of risks within this project.
The Daily Log will have been used up to this point to capture any risks, and these should also be used by transferring those risks to the Risk register, and applied to this project.
The Risk Register should be set up, and any Daily Log risks already identified, should be transferred to this register.
The Risk Management Strategy needs to be created, and considerations in compiling this document should include:
- The risk management procedure currently being used within your organisation should be applied or modified – tailored, to suit this particular project
- Any special tools, techniques, or records that will be kept should be captured in this document.
- When the risk management activities should occur
- How the performance of the risk management procedure should be reported
- The roles and responsibilities for the risk management activities.
- A set of scales that will be used for estimating probability and impact of negative threats and positive opportunities should be determined and included.
- Guidance should be set out on how proximity for risks will be accessed, and this should include the definition of risk categories to be used.
The project manager will want to discuss with the project board their risk tolerance or ‘risk appetite’ to risks and it should be stated within the Risk Management Strategy.
The analysis of risks and their responses will take time and resources, and the project manager will want to discuss and agree with the project board whether or not a risk budget to fund these activities will be established, and if so, how such a budget will be controlled.
The Risk Management Strategy should be reviewed by Project Assurance to ensure that it meets the needs of the project board all corporate or programme management if this project is part of a programme.
The project board may wish to approve the Risk Management Strategy at this point, or they may prefer to review it to and approve it later as part of the Project Initiation Documentation.
PRINCE2 Masterclass
Fully compliant with the current PRINCE2 2023 Syllabus
Your Route To PRINCE2 Practitioner
Prepare for your PRINCE2 Foundation and Practitioner Exams with our famous on-line course with streaming HD Video Lessons, study guides and mock exams. In the last fifteen years we have had 6,000+ Academy students successfully transform their careers as PRINCE2 Practitioners.