RSKM

1. Risk source lists (external and internal)

2. Risk categories list

1. Determine risk sources.

2. Determine risk categories.

1. Risk evaluation, categorization, and prioritization criteria

2. Risk management requirements (e.g., control and approval levels, reassessment intervals)

Define consistent criteria for evaluating and quantifying risk likelihood and severity levels.

Define thresholds for each risk category.

Define bounds on the extent to which thresholds are applied against or within a category. 

1. Risk management strategy

None

1. List of identified risks, including the context, conditions, and consequences of risk occurrence

1. Identify the risks associated with cost, schedule, and performance.

2. Review environmental elements that can affect the work.

3. Review all elements of the work breakdown structure as part of identifying risks to help ensure that all aspects of the work effort have been considered.

4. Review all elements of the work plan as part of identifying risks to help ensure that all aspects of the work have been considered.

5. Document the context, conditions, and potential consequences of each risk.

6. Identify the relevant stakeholders associated with each risk. 

1. List of risks and their assigned priority

Evaluate identified risks using defined risk parameters.

Categorize and group risks according to defined risk categories.

Prioritize risks for mitigation.

1. Documented handling options for each identified risk

2. Risk mitigation plans

3. Contingency plans

4. List of those who are responsible for tracking and addressing each risk

1. Determine the levels and thresholds that define when a risk becomes unacceptable and triggers the execution of a risk mitigation plan or contingency plan.

2. Identify the person or group responsible for addressing each risk.

3. Determine the costs and benefits of implementing the risk mitigation plan for each risk.

4. Develop an overall risk mitigation plan for the work to orchestrate the implementation of individual risk mitigation and contingency plans.

5. Develop contingency plans for selected critical risks in the event their impacts are realized. 

1. Updated lists of risk status

2. Updated assessments of risk likelihood, consequence, and thresholds

3. Updated list of risk handling options

4. Updated list of actions taken to handle risks

5. Risk mitigation plans of risk handling options

Monitor risk status.

Provide a method for tracking open risk handling action items to closure.

Invoke selected risk handling options when monitored risks exceed defined thresholds.

Establish a schedule or period of performance for each risk handling activity that includes a start date and anticipated completion date.

Provide a continued commitment of resources for each plan to allow the successful execution of risk handling activities.

Collect performance measures on risk handling activities.