Risk Management Planning is about defining the process of how to engage and oversee risk management activities for a project. Risk Management planning is an important part of project management. Having a plan on how to manage risk, allows one to task to plan versus innovating and deciding after the fact and in the midst how to handle a risk. The earlier Risk Management planning is engaged within increases the possibility of success of all risk management activities and processes especially if the process definition was created with input and buy-in from the project manager and key project stakeholders. The inputs for Risk Management Planning are: (1) Project Scope Statement - The Project Scope Statement documents the project scope including a description, major deliverables, project objectives, project assumptions, project constraints, and a statement of work. In Risk Management Planning, the project scope statement is commonly used for identifying project boundaries and assumptions. (2) Project Management Plan - The Project Management plan contains the WBS which is used in Risk Management Planning to determine possible areas where risks can occur. For example, if the WBS has usability testing being the last item completed after integrated testing. This is a risk. The usability of the application may have affect on how the information is passed into and out of the application. This could be considered a Project Management Planning Risk. (3) Organizational process assets - The organizations process assets may contain defined standards and policies pertaining to risk management. Process assets included are risk categories, roles and responsibilities, and processes of how to have a decision made. (4) Enterprise environmental factors - Enterprise environmental factors reveal the risk tolerance of the organization and the individuals involved in the project. For example, patient billing departments or leaders commonly have absolutely no risk tolerance for any impact to cash flow. This is especially true in non-for-profit organizations like hospitals. However educators and researchers have a high level or risk tolerance. Therefore in an academic medical center, one could have two ranges of risk tolerance. Understanding how much risk your stakeholders and organization are comfortable with help with decisions regarding the type, level, and amount of risk management to apply in the project. Once the inputs have been obtained the only tool and technique used to engage in risk management planning is the planning meetings and analysis. (5) Planning Meetings and Analysis - The planning meetings are used to construct the risk management plan. Commonly attendees are the stakeholders, team members, and the project manager. The Risk costs and action plans are developed with assignments and risk responsibilities. When facilitating planning meetings a couple of tips are: (6) Ensure people can access the inputs to the planning process beforehand - Have a project collaborative a web site and store core project documents including the Project Scope Statement, Project Management Plan, your organization's policies on risk management, and any environmental factors that may affect your project. (7) Assure the object is to discuss and make decisions about the risk plan - During the Risk Management Planning meetings it is good to cover the five major elements of risk management. These are: (8) Methodology - Define how risks will be identified, how risk analysis (qualitative and quantitative) will be done, how risk response planning will happen, how risks will be monitored, and how ongoing risk-monitoring activities will occur. (10) Roles and Responsibilities - Determine who will have responsibility for resolving which risks. Create a matrix, list, or table and assign names. Your organization may already have pre-assigned roles and responsibilities. (11) Budget - Determine an order-of-magnitude estimate for how much risk-management activities will cost for the project, based on time estimates and personnel costs, and the size, impact, and importance of your project. (12) Schedule - Define when risk-management activities should be done, and schedule them. High-visibility, important projects will require more frequent risk identification and response than low-visibility or routine projects. (13) Templates and definitions of terms - Obtain copies of your organization's templates and any pre-existing risk categories and definitions. You and your team will need to discuss and agree on what these terms mean. Risk Management Planning meetings are all about planning for subsequent risk identification and analysis. It's important not to get involved in actually identifying risks during these meetings. The output of the Risk Management Planning process is the Risk Management Plan. The Risk Management Plan documents Project Risk Management will be structured and performed on the project. The components of the Risk Management Plan are as follows: (14) Methodology - Methodology describes how the Risk Management processes will be performed, the tools which will be utilized, and the data source for handling risk. (15) Roles and responsibilities - Roles and responsibilities matrix identifies the lead, support, and risk management team for each action item in the risk management plan, and assigns people to the roles clarifying their responsibility and accountability. (16) Budgeting - Budgeting assigns resource and estimates costs needed for risk management. Simply state it is just better to be honest and above board, budgeting for risk with a risk contingency. (17) Timing - Timing clarifies the frequency of the risk management process and schedules some risk management activities in the project schedule. Without timely monitoring and response, risks can easily escalate into negative events or become missed opportunities because you failed to exploit them