The risk management plan is an output of the plan risk management process. The plan identifies how to manage risks for the project -- to identify risks, analyze them, plan risk responses and control them. It is part of or a subsidiary plan to the project management plan. The risk management plan is used as an input to the identify risks and perform quantitative risk analysis processes.
The plan describes how the quantitative and qualitative analyses will be done.
Described in the PMBOK section 18.104.22.168. The components are identified as
- roles and responsibilities
- risk categories
- definitions of risk probability and impact
- probability and impact matrix
- revised stakeholders' tolerance
- reporting formats