The Risk Management Strategy describes the goals of applying risk management, the procedure that will be adopted, the roles and responsibilities, the risk tolerances, the timing of risk management activities, the tools and techniques that will be used, and the reporting requirements.
PRINCE2 recommends the following actions:
✔ Review the Project Brief to understand whether any corporate or programme management strategies, standards or practices relating to risk management need to be applied by the project
✔ Seek lessons from similar previous projects, corporate or programme management, and external organizations related to risk management. Some of these may already have been captured in the Lessons Log
✔ Review the Daily Log for any issues and risks related to risk management
Define the Risk Management Strategy, including:
✔ The risk management procedure (e.g. Identify, Assess, Plan, Implement, Communicate)
✔ Tools and techniques that will be used
✔ Records that will be kept
✔ How the performance of the risk management procedure will be reported
✔ Timing of risk management activities
✔ The roles and responsibilities for risk management activities
✔ The scales to be used for estimating probability and impact
✔ Guidance on how proximity for risks will be assessed Definition of risk categories to be used
✔ Any early-warning indicators to be used
✔ Tolerances relating to risk
✔ Whether a risk budget will be established and, if so, how it will be controlled.
✔ Consult with Project Assurance to check that the proposed Risk Management Strategy meets the needs of the Project Boa rd andlor corporate or programme management
✔ Create the Risk Register in accordance with the Risk Management Strategy, and populate it with any risks from the Daily Log
✔ Seek Project Board approval for the Risk Management Strategy (although the Project Board may prefer to review it later as part of the Project Initiation Documentation).