Plan Risk Management is the process of defining how to conduct risk management activities for a project. Within the context of the test project this usually means that Enterprise Environmental Factors and Organisational Process Assets play a large part in our risk management plan as we fit in within the confines of the overall project risk management plan.
It’s not uncommon to see an appendix somewhere towards the back of the Master Test Strategy with a section labelled “Risks, Issues, and Assumptions” or similar, and this would be a great example of how not to plan your risk management. Risks have certain characteristics – their probability/likelihood changes over time, their impact may change, they have (usually) actions against them to mitigate, they are assigned to people for those actions, they can be costed and prioritised – which means that putting them into a static list at the back of a test strategy is not actively managing them.
The overall project risk management plan will generally form the core of the risk management plan for the test project. The RAID Log (Risks, Assumptions, Issues, Dependencies) for the project will dictate certain requirements in how to log a risk and in what format, and how to communicate that risk to the rest of the project. In order to focus on the important risks you may want to consider whether only project-wide risks are entered into the project log and test-team specific risks are maintained separately. Clarify early on in the project with the Project Manager and other stakeholders how the risks should be defined and managed based on the enterprise environmental factors, and then use your analytical techniques and judgement to formalise the establishment of your overall risk management plan.