The Risk Management Plan is one document of many that combine to make the Project Management Plan, in my view. The Project Management Plan is a set of documents that tell you how the project will be managed in terms of scope, cost, quality, change, resource, risks and much more.
The Risk Management Plan defines how risks will be controlled within the project. It begins with the identification and then defines the action plan to deal with each type of risk. The Risk Management Plan does not identify individual risks, but is a structure for dealing with risks.
The methodology contained in the Risk Management Plan will explain the actions required to identify, capture, allocate, categorise, prioritse and track all the project risks. Most companies that I have worked at have never seen a Risk Management Plan and therefore I have written this document many times.
There is a good template from the Center for Disease Control and Prevention Website. I have uploaded a copy to my file share, so you can download the Template.
Risks can both cost and save money. It is important to define how risks will be handled in terms of maintaining budgetary control. Sometimes it is easy to spend money to mitigate a risk, however, this may either use up your contingency fund, or force your project to overspend, either way, you will be spending or saving money that was not planned. In the Risk Management Plan you must describe how these risks will be handled and escalated to your project Steering Committee.
Risks can cause changes to your schedule in either a good or bad way. It is important that the impact of the risk is identified and planned. You need to ensure that you detail the tolerances and escalation paths within the Risk Management Plan.
Once you have identified the risks, you should categorize and prioritize them. With a predefined set of rules, you can deal with the higher priority risks and either monitor them to see if they turn into an Issue, or try to prevent them. There are many ways to mitigate, transfer, share, avoid or even accept risks, but you must provide the rules within the Risk Management Plan so that it is easy to plan for the risk.
The last part of the Risk Management Plan to mention is the method to track and report risks. Each risk should be entered into a Risk Register and the description, category, priority, impact and probability should all be recorded. Anyone should be able to raise a risk, but the project manager must ensure the information of each risk is complete and assign the risks to specific people.
I monitor the risk register daily and ensure it is taken to every meeting. In my weekly reports and Project Steering Committee meetings, I highlight the prioritized risks.