As a result of successful implementation of this process:

1. the scope of the risk management to be performed is determined;

2. appropriate risk management strategies are defined and implemented;

3. risks are identified as they develop during the conduct of the project; 4) risks are analyzed and the priority in which to apply resources to treatment of these risks is determined;

4. risk measures are defined, applied, and assessed to determine changes in the status of risk and the progress of the treatment activities; and

5. appropriate treatment is taken to correct or avoid the impact of risk based on its priority, probability, and consequence or other defined risk threshold.

NOTE 1: Risks may include technical, economic and timing risks.

NOTE 2: Risks are normally analyzed to determine their probability, consequence and severity.

NOTE 3: Major risks may need to be communicated to and monitored by higher levels of management.

MAN.5.BP1: Establish risk management scope. Determine the scope of risk management to be performed for the project, in accordance with organizational risk management policies. [Outcome 1]

MAN.5.BP2: Define risk management strategies. Define appropriate strategies to identify risks, mitigate risks and set acceptability levels for each risk or set of risks, both at the project and organizational level. [Outcome 2]

MAN.5.BP3: Identify risks. Identify risks to the project both initially within the project strategy and as they develop during the conduct of the project, continuously looking for risk factors at any occurrence of technical or managerial decisions. [Outcomes 2, 3]

NOTE 1: Examples of risk areas, which should be analyzed for potential risk reasons or risks factors, include: cost, schedule, effort, resource, and technical.

NOTE 2: Examples of risk factors include: unsolved and solved tradeoffs, decisions of not implementing a project feature, design changes, lack of expected resource.

MAN.5.BP4: Analyze risks. Analyze risks to determine the priority in which to apply resources to mitigate these risks. [Outcome 4]

NOTE 3: Issues to be considered in risk analysis include the probability and impact of each identified risk.

MAN.5. BP5: Define risk treatment actions. For each risk (or set of risks) define, perform and track the selected actions to keep/reduce the risks to acceptable level. [Outcomes 5, 6]

MAN5.BP6: Monitor risks. For each risk (or set of risks) define measures (e.g. metrics) to determine changes in the status of a risk and to evaluate the progress of the of mitigation activities. Apply and assess these risk measures. [Outcomes 5, 6]

MAN.5.BP7: Take corrective action. When expected progress in risk mitigation is not achieved, take appropriate corrective action to reduce or avoid the impact of risk. [Outcome 6]

07-07 Risk measure [Outcome 5]

08-14 Recovery plan [Outcome 4, 6]

08-19 Risk management plan [Outcome All]

08-20 Risk mitigation plan [Outcome 3, 4, 5, 6]

13-20 Risk action request [Outcome 1, 2, 6]

14-02 Corrective action register [Outcome 6]

14-08 Tracking system [Outcome 5, 6]

15-08 Risk analysis report [Outcome 4]