The Risk Mitigation Plan should be realistic, achievable, measurable, and documented and address the following topics: [1]

• A descriptive title for the identified risk;
• The date of the plan;
• The point of contact responsible for controlling the identified root cause;
• A short description of the risk (including a summary of the performance, schedule, and resource impacts, likelihood of occurrence, consequence, whether the risk is within the control of the program);
• Why the risk exists (root causes leading to the risk);
• The options for mitigation (possible alternatives to alleviate the risk);
• Definition of events and activities intended to reduce the risk, success criteria for each planned event, and subsequent “risk level if successful” values;
• Risk status (discuss briefly);
• The fallback approach (describe the approach and expected decision date for considering implementation);
• A management recommendation (whether budget or time is to be allocated, and whether or not the risk mitigation is incorporated in the estimate at completion or in other program plans);
• Appropriate approval levels (Risk Integrated Product Team (IPT) leader, higher-level Product Manager, Systems Engineer, Program Manager);
• Identified resource needs.

– See Risk Mitigation Plan Implementation

AcqLinks and References:

• DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisitions- Jan 2017
• [1] (Old) DoD Risk Management Guidebook – Section – Aug 06
• Risk Assessment Checklist
• Risk Assessment Worksheet and Management Plan
• Continuous Risk Management Guidebook by Carnegie Melon
• Template: Risk Management Plan
• Template: Project Rick Management Template

Updated: 7/19/2021

Rank: G5