Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Risk Management: How to Write a Risk Managment Plan

Risk management is generally accepted as a fundamental part of project management. Most project governance standards require you to define a risk management plan, which describes how you will manage risk on the project. In this article, we describe the elements that will be present in a typical risk management plan.

Risk Strategy

The risk strategy is an overview of your approach to managing risks on this project. It should specify what organizational policies you comply with and whether you are adopting a qualitative or quantitative risk management approach. Integral to the risk strategy is risk scope, which outlines the specific elements of the project that fall within the purview of the risk management process. You might exclude particular components from the risk scope because another department manages them. For instance, the procurement department might handle all risks associated with vendors - such as supply chain disruptions, vendor compliance issues, or contractual disputes. 


The methodology covers the specific processes, tools, and sources of information that the team will use to manage risk. For instance, your project might use the PMBOK risk management process and store all risks in Jira. Typical sources of risk information would be the project plan, requirements specification, schedule, issues log, and so on.

Roles and Responsibilities

This section describes who is responsible for various parts of the risk process. Typical responsibilities include:

  • Preparing the risk management plan

  • Approving the risk management plan

  • Organizing and chairing risk workshops

  • Attending risk workshops and other meetings

  • Development of risk response plans

  • Creation and maintenance of the risk register

  • Reporting risk status

  • Ensuring the risk process is being adhered to


Funding is a crucial part of the risk management plan as it lays out the resources available for managing risk. It should cover the cost of all risk-related resources, including staff and tooling. It should also indicate how the project funds both treatment strategies and contingency plans. For example, any contingency plan under $25,000 might be funded from the general project contingency, whereas plans over that amount require the approval of the project sponsor.


The timing aspect of the plan specifies when and how often risk management activities will be conducted. You would typically schedule a risk workshop at the start of a project and then have regular risk review meetings as the project progresses.

Risk Categories

Risk categories provide a structure for classifying risks, which helps both in identification and reporting. A typical risk breakdown structure is as follows:

  • Technical

  • Management

  • Organizational

  • Commercial

  • External

You can also categorize risks according to a work breakdown structure, a cost breakdown structure, an organization breakdown structure, etc. 

Definitions of Risk Probability and Impacts

Your organization likely has standard definitions for risk probability and impact, but you may need to customize them for your project. Attaching specific dollar amounts to each impact level, proportionate to your project budget, is common. For example, a low-impact risk might have a threshold of $10,000 in your project but a higher amount in a larger project.

Risk Matrix

A risk matrix is an essential risk management tool that calculates the risk level by cross-referencing the impact and probability. The matrix typically takes the form of a heat map, with each risk level given a color. 

Stakeholder Risk Appetite

Understanding the risk tolerance of key stakeholders enables you to define how much risk your project can bear. Document this by way of strategies for dealing with various levels. For instance, the plan could specify that all low-level risks can be ignored, but high-level risks must be treated until they are medium-level or lower. If you use quantitative risk management, you can specify a numerical threshold for the risk appetite.  

Reporting Formats

This section defines how you will communicate the outcomes of the risk management process. At a minimum, it must describe the risk register's contents; it should also specify the format, frequency, and audience of any risk summary reports. 


The tracking section describes how risk activities will be recorded and audited. A risk management system typically handles the recording aspect, while a Project Management Office might be responsible for auditing, depending on the size of your organization. 

Risk Register by ProjectBalm

An effective risk management system makes it easy to implement your risk management plan. This is one reason we created Risk Register by ProjectBalm.

Our goal was to automate best practice risk management techniques, and do so via an elegant, usable interface that works with you, and not against you. Risk Register will help you to identify, analyse, treat and monitor risks more easily and effectively than ever before.

If you are experienced at risk management, you will find in Risk Register a tool that works the way you want it to work. If you are new to risk management, our documentation and videos will take you through the whole risk management process, giving lots of useful examples.

Risk Register is fully compatible with risk management standards such as ISO 31000, and can also be used for governance, risk, and compliance (GRC) programs such as Sarbanes-Oxley and PCI. And, of course, Risk Register allows you to easily distinguish between opportunities and threats.

ops and risks.PNG

Over the last few years, we've grown to become the most popular risk management solution in the Jira marketplace and we are now an Atlassian Platinum Partner. Why not try out Risk Register by ProjectBalm for yourself?



Log in or Sign up to comment
Pritkumar Patel
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 20, 2024

Hey Everyone!

I hope you are having a nice day!

I Seek Guidance on Integrating Risk Registration and Procurement Plan in JIRA – What Are the Best Practices and Recommended Plugins?

Thank You

Pritkumar Patel

Craig Schwarze _ProjectBalm_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
February 20, 2024

Hi Pritkumar, and welcome to Jira! While I don't have any recommendations for procurement planning, you can find our risk management application here:

kind regards,

Like Pritkumar Patel likes this
AUG Leaders

Atlassian Community Events