Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

6 The key components of an RMP

Context and Scope: In many cases, the scope of the activities needing risk management will be broadly defined by something else – a project plan, a set of objectives for a team, or the work of an entire business. In any of these cases, it is still worth referencing the scope of the activities in the RMP, just so it is clear. In doing so, you may also need to consider:

  • Is there a budget for these activities? If so, what does the budget cover?
  • What activities are you responsible for?
  • What decisions do you have the authority to make (and which are outside your authority)?
  • What is not included?

At this point it may help to visualise a governance structure, or a work breakdown structure.

Described image
Figure 2 A governance structure used to scope a risk management activity

Table 1 Key components of an RMP

Key componentsExplanation
Roles and responsibilitiesWho is accountable for risk management and are there any delegations of this accountability?
Risk reviewsHow will they be carried out? When will risk reviews happen? Who is part of them? How will the output of them be communicated and to whom? Beyond that, levels depend on the size and complexity of the business or function.
Risk scoring schemeThe units of measurement and ‘graduations’ (these are, in effect, gradations of severity of a risk) by which risks will be measured and categorised. This is often referred to as a risk matrix or a Probability and Impact Diagram (PID). These concepts will be explored in greater detail in Session 4.
Communication and reportingUnderstanding the organisational structure within the relevant business area is key to locating superseding RMPs and risk registers which you will need for escalations. But it is not just a matter of locating the superseding RMPs: it is also crucial to examine them and, in particular, to identify what level of risk(s) trigger an escalation of a risk management issue to these superseding RMPs.
Other logistical considerationsThe RMP states where your risk register will be located.

While this may seem like a lot of information, in reality for many areas much of the work is defined once in the organisation RMP and reused within the organisation. This is because the risk requirements flow down from the centre of the organisation to business units and functions, and from business units to sub-business units and projects, with lower levels expected to comply with the requirements set out in the higher-level documents. This means that typically only those things that are different need to be described, meaning the RMPs are often quick and easy to prepare. For example, consider the RMP example below.

Remember to open this link in a new tab so you can look at it in relation to the course, and get back to the course easily.

RMP example [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371