A Risk Management Plan is a document that a project manager prepares to foresee risks, estimate impacts, and define responses to issues.

Developing an effective Risk Management Plan can help keep small issues from developing into emergencies, and is an important part of your business continuity planning.

Risk can be defined as “an uncertain event or condition that if it occurs has a positive or negative effect on a project’s objectives.” All businesses experience risk to a greater or lesser degree, and it is well worth while taking some time to consider and identify what would constitute a risk to your individual business.

Before you begin, you need to assess your business. Think about your critical business activities, including your key services, resources and staff, and things that could affect them, such as power failures, natural disaster and illness.

Once you have a clear picture of your business, you can begin to identify the risks. Review your business plan and think about what you couldn't do without, and what type of incidents could impact on these areas. Ask yourself, when, where, why and how are risks likely to happen? Are the risks internal or external? Who might be involved or affected if an incident happens?

Brainstorming with your insurance adviser, accountant, financial adviser, staff, suppliers and other interested parties, will help you get many different perspectives on risks to your business. Understanding the scope of possible risks will help you develop realistic, cost-effective strategies for dealing with them.It's important to think broadly when considering types of risks for your business, rather than just looking at obvious concerns.

The risks your business may face are often outside your control. What would be the effect on your business of a server failure, do you or your service provider have adequate back-up systems? How secure is your data, what would be the effect on your business of a major data breach? A fire at the distribution centre? How likely is it, and could you get replacement goods to your customers in time for them to fulfil their orders, or alternatively, in such an instance if you are the company relying on raw materials, how would you cope?

One of the key issues concerning contingency planning is how likely the risk you have identified is to occur, and if it does, what sort of plan should you have in place to mitigate any adverse effects.

The key words and phrases to consider are Risk, Event Probability, Impact Mitigation, Contingency, Reduction, Threat, Liability, Exposure, and Severity

Risk Management planning normally has four main aspects or options.

1. Avoid risk — Change plans to circumvent the problem. You may decide not to proceed with an activity that is likely to generate risk. Alternatively, you may think of another way to reach the same outcome that doesn't involve the same risks. This could involve changing your processes, equipment or materials.

• 2. Control or mitigate the risk — reduce the impact or likelihood (or both) through recognising the risk and taking steps to mitigate its effect. Car or fleet insurance for instance, the risk is acknowledged and provided for.
• The likelihood of an adverse event can be reduced through quality control processes, auditing, compliance with legislation, staff training, regular maintenance or a change in procedures.
• The impact if the risk does occur can be mitigated through emergency procedures, off site data backup, minimising exposure to sources of risk, or using public relations. You can cross-train staff so that more than one person knows how to do a certain task and you don't risk losing essential skills or knowledge if something happens to one of your staff members.
• It is worth keeping old equipment (after it is replaced) and practising doing things manually in case your computer networks or other equipment can't be used. The prudent business owner will also have identified alternative suppliers who can be called on at need.

3. Accept risk — Take the chance of negative impact. Acknowledge the likelihood of a negative event and allow a contingency fund for the costs associated with the potential risk.

• 4. Transfer risk — Outsource risk, or a portion of the risk to a third party or parties that can manage the outcome. This is usually via appropriate insurance contracts or hedging transactions, or operationally through outsourcing an activity.

Risk management plans should be periodically reviewed to avoid having the analysis become stale and not reflective of actual potential project risks.

Having a plan in place will give you the tools and confidence to deal with adverse situations and, hopefully, head them off before they arise.