A Risk Management Plan (RMP) is prepared by a project manager to address risks, their potential impact on a program and consists of ways to reduce these risks. The RMP tells the government and contractor team how they plan on reducing risks to a certain level by a certain time. A RMP should be structured to identify, assess, and mitigate risks that have an impact on overall program life-cycle cost, schedule, and/or performance. It should also define the overall program approach to capture and manage root causes. It should be created before and after you create the Integrated Master Schedule (IMS), as it will be looking at the tasks in the Project Schedule and other factors for potential risk items. The plan is integral to overall program planning and should be addressed in the program Acquisition Strategy, and/or the Systems Engineering Plan (SEP). [1]

Template: Risk Management Plan

Template: Project Risk Management

The key to writing a good plan is to provide the necessary information so the program team knows the goals, objectives, and the program office’s risk management process. Although the plan may be specific in some areas, such as the assignment of responsibilities for government and contractor participants and definitions, it may be general in other areas to allow users to choose the most efficient way to proceed. [1]

Notional steps in developing an RMP:

1. Establish the basic approach and working structure
2. Develop and document an overall risk management strategy
3. Establish the purpose and objective
4. Assign responsibilities for specific areas
5. Describe the assessment/analysis process
6. Document sources of information
7. List potential risk and their impacts
8. Develop mitigation strategies
9. Establish reporting/tracking procedures
10. Write Plan

An example RMP format: [1]

• Introduction
• Program Summary
• Risk Management Strategy and Process
• Responsible/Executing Organization
• Risk Management Process and Procedures
• Risk Identification
• Risk Assessment Matrix
• Risk Analysis
• Risk Mitigation Planning
• Risk Mitigation Implementation
• Risk Tracking

The Program Management Office (PMO) should periodically review and update the RMP at major acquisition events. At the end of each Acquisition Phase, risk planning should be used in preparation for the next phase. [1] 

AcqLinks and References:

• DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisitions- Jan 2017
• (Old) DoD Risk Issue and Opportunity Management Guidance for Defense Acquisition Programs – June 2015
• [1] DoD Risk Management Guidebook – Section 8 – Aug 06 (Outdated)
• Risk Assessment Checklist
• Risk Assessment Worksheet and Management Plan
• Continuous Risk Management Guidebook by Carnegie Melon
• Template: Risk Management Plan
• Template: Project Rick Management Template

Updated: 6/19/2018