Free Risk Management Plan Templates

By Andy Marker | August 2, 2017

  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Link copied

Risks are not inherently bad - sometimes taking a risk can lead to big rewards. However, risks do represent uncertainty, and if you’re managing an organization or project, having a clear understanding of potential risks can help you move forward and make decisions with confidence. Risk management is the process of identifying risks, analyzing them to assess their likelihood and potential impact on a program, and developing and implementing methods for responding to each risk. To support your risk management planning, this page offers multiple templates that are free to download. Choose from simple matrix templates or more comprehensive risk management plan templates for Excel, Word, and PDF, all of which are fully customizable to meet the needs of your specific enterprise or project.

Risk Management Planning Templates for Excel

Project risk management plan template.

Project risk management plan template

This template allows you to create a project risk management plan for Excel, which may be helpful for adding any numerical data or calculations. You include typical sections in the template, such as risk identification, analysis and monitoring, roles and responsibilities, and a risk register. Add or remove sections to create a customized template for your project.

Download Project Risk Management Plan Template

Excel | Smartsheet

Risk Register Template

enterprise risk management program template

On this risk register template, you include project details at the top and list risks below with assigned tracking numbers. The register provides a detailed log of who owns a risk, the level of impact and probability, planned actions, and the response status. This is a spreadsheet template that can be easily edited to include additional columns if needed. 

Download Risk Register Template

Risk Assessment Matrix

Risk Assessment Matrix Template

This simple matrix template is designed to aid the assessment process, providing a quick view of the relationship between the likelihood of occurrence and the severity of impact, as well as the number of risks that fall into each category. The color scheme makes it easy to distinguish among the different ratings, so you can get an overview of the levels of risk that need to be addressed.

Download Risk Assessment Matrix

Excel | Word | PDF | Smartsheet

Risk Management Matrix

Risk Management Matrix Template

For some smaller projects, you may only need to use a risk management matrix (rather than create a lengthy management plan). You can also use this matrix template, in addition to a detailed plan, to organize vital information in a single spreadsheet. The template includes a risk assessment matrix for getting an overview of risk ratings, plus a management matrix for identifying and assessing risks, describing mitigation strategies, and monitoring control efforts.

Download Risk Management Matrix

Risk Breakdown Structure Diagram

Risk breakdown structure diagram template

You can use this template to create an RBS diagram based on the risks involved at the different stages of a project’s work breakdown structure. You can also use the RBS template to organize risks by category by breaking down internal risks into subcategories, such as technical or organizational, and distinguishing them from external risks. This is a helpful tool for organizing risks visually and listing them in the risk register.

Download Risk Breakdown Structure Diagram

Other Risk Management Templates

Risk management plan template - word.

Risk management plan template

This risk management plan sample offers a basic layout that you can develop into a comprehensive plan for project or enterprise risk management. It includes a matrix for viewing probability and impact as well as sections for describing a risk management approach, budgeting, scheduling and reporting protocols, and more. 

Download Risk Management Plan Template

Word | Smartsheet

Risk Action Plan Template

Risk action plan template

An action plan template allows you to go into detail about proposed actions for a specific risk. This PDF template offers a simple layout with sections for describing the risk and recommended response, defining an action plan, listing required resources, assigning responsibility, and setting a timeline for completion. 

Download Risk Action Plan Template

Excel  |  Word  | PDF

Project Risk Management

The Project Management Body of Knowledge (PMBOK® Guide, 5th Edition) defines project risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives, such as scope, schedule, cost, or quality.” Notice that these risks can be considered positive or negative depending on their effects. Project risk management seeks to maximize positive risks while avoiding or mitigating negative risks. A risk management plan is typically included as part of a larger project plan, and is initiated early in the project lifecycle; the risk plan then evolves as the project progresses. It is generally the project manager’s role to maintain the plan and update it periodically to ensure ongoing clarity and effectiveness. 

The overall goal of a risk management plan is to manage risk in a way that ensures a successful project outcome. The planning process enables managers to clearly identify risks, and then develop and document risk mitigation strategies and contingency plans. The process also includes identifying both the costs and actions necessary for implementing the plan. Once completed, the plan serves as a guide for everyone involved in a project and is particularly important as a tool to communicate with key stakeholders.

Ways to Handle Risk

Once you’ve identified and evaluated a risk, there are several potential responses. The response you choose will depend on the probability of the risk occurring and the potential severity of its impact on a project. 

  • Avoid: Avoiding risks is ideal, and especially important if the risk is high impact and likely to occur. Avoidance tactics may require greater investment (in order to develop alternative strategies), but this additional cost and effort is appropriate for high-impact, high-probability negative risks.
  • Transfer: This method refers to transferring risk to another party (for example, the act of purchasing insurance moves the risk to the insurance provider). This response is common for risks that have a high negative impact but a low probability of occurring.
  • Mitigate: Mitigation aims to reduce either the likelihood or the level of impact of a risk, and is used for risks that are likely to occur, but also likely to be low-impact.
  • Accept: Acceptance is an option when there is no other solution, but would only be used for low-impact risks that have a low probability of occurring. 

Risks can be internal or external, and projects may face a combination of both. Internal risks may include issues with technology, staffing, financial security, and other factors that can be controlled within your organization. External risks can be harder to predict and control, and may include factors such as issues with suppliers, changes in the political climate or economy, or even the weather. The process of analyzing risks and measuring them on a scale of probability and severity can provide the initial framework for determining which of the above methods will be the most effective response to a given risk.

Risk Management and HIPAA Compliance in Healthcare Organizations

Healthcare organizations are under strict regulations when it comes to risk and compliance. That’s why the ability to determine where those risks exist and establish a plan to manage them is extremely important for the business, both legally and functionally.

Risk management for healthcare organizations helps to ensure the all businesses are compliant with HIPAA requirements, and outlines potential risks that could occur in a healthcare organization, such as clinical testing errors, hospital facilities issues, security breaches of protected health information PHI, and more. To ensure that all healthcare data is effectively analyzed for security and protection purposes, you need a tool that is able to quickly identify, mitigate, and prevent risks from coming to fruition, while also offering real-time visibility into all potential risks.

Smartsheet is a work execution platform that enables healthcare companies to view and update risks across the company with real-time dashboards, so you can make the best decisions at the right time. Highlight all identified risks and manage how they are addressed, all while ensuring utmost security and protection of PHI. Set sharing settings to ensure that only authorized users have access to confidential information, so your organization remains compliant with HIPAA regulations.

Interested in learning more about how Smartsheet can help you accurately and securely document healthcare processes and maximize your efforts? Discover Smartsheet for Healthcare .

Example of Risk Management Plan Outline

The length and level of detail included in a risk management plan will vary depending on the scope of a project and the needs of an organization. Here is a risk management plan example outline that describes the information you typically include:

  • Introduction: The first section in a risk management plan may focus on an executive summary or project description, including the purpose of the project. It may go into detail about the scope of the project, objectives, and important background information, and provide an overview of risk management approach and strategies. 
  • Risk Management Approach: This may be a brief summary or detailed section providing information on the risk management process, the methodology used, and specific tools and techniques to be utilized.
  • Roles and Responsibilities: Here you list the project staff members involved in the risk process, along with each of their roles and responsibilities. 
  • Risk Identification: This section describes how you will identify risks and/or lists risks that you have already found. Methods for risk identification may include brainstorming, examining the project’s work breakdown structure (WBS) in order to identify risks and create a corresponding risk breakdown structure (RBS), conducting expert interviews, consulting with key stakeholders, or reviewing common risks from similar projects. 
  • Risk Analysis and Evaluation: You must analyze risks that you identify to determine what effects they might have on a project, such as a delayed timeline or reduced quality. You must also evaluate these risks for probability and impact. This section may describe how probability of occurrence and impact are calculated and combined to create a numeric score for each risk. Here, you can also define the categories and terms you use to describe the different levels of probability and impact. In addition, if you’ve determined top risks, you can list them here.
  • Risk Response Planning: You can explain the process for conducting response planning here, including how a project team will develop actions to address both negative and positive risks. 
  • Risk Mitigation: You can list potential risk mitigation strategies here, connecting possible actions to risks based on the level of seriousness. This section may also consider important risks that you have identified, providing detail on what type of mitigation you’ve proposed, ownership for implementing the action, and cost implications.
  • Risk Monitoring and Reporting: This section may describe how you will monitor risks, the frequency of reviews, how you will identify new risks, and the method and schedule you will use for reporting. 
  • Risk Register: Also called a risk log, the register typically appears at the end of a risk management plan, or as a separate document. The register tracks important details about each risk including probability, impact, overall score, and status. It essentially combines the results from risk analysis and response planning into a spreadsheet or chart for easy reference.

You will need to adjust the content and formatting of this example plan to meet the needs of your business or project. To see how others have handled this process for similar projects, you can search for sample risk management plans online and compare different approaches. Comparing project risk management plan examples may save you time in the long run, especially if you are new to the process. To use the free templates provided below, simply download your chosen file, and make any required edits.

Create a Powerful Risk Management Plan With Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk. 

These templates are provided as samples only. These templates are in no way meant as legal or compliance advice. Users of these templates must determine what information is necessary and needed to accomplish their objectives.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

enterprise risk management program template

The New Equation

enterprise risk management program template

Executive leadership hub - What’s important to the C-suite?

enterprise risk management program template

Tech Effect

enterprise risk management program template

Shared success benefits

Loading Results

No Match Found

Director’s guide to ERM fundamentals

ERM programs are intended to formalize how risks are identified, assessed, managed, monitored and reported on in light of strategic priorities. But what we’re seeing is that some ERM programs aren’t getting the desired traction, either losing momentum or lacking adequate investment. In short, they’re not doing what they’re supposed to do.

Having an effective ERM program can help the board and management make more informed decisions in the face of uncertainty — whether that’s specific to a particular company or sector or facing the entire economic landscape.

Read the report to learn more

How to use this guide

The first part of this guide introduces what it means to build a sustainable and enabling ERM program, including how the board can assess whether their ERM program’s maturity is where it should be. The second part of this guide outlines six key elements that we think make up an effective Enterprise Risk Management program. These key elements offer directors a foundation for overseeing enterprise risk management.

  • Alignment with corporate strategy: helping boards oversee risk as part of strategic planning and execution, not separate risk from strategy
  • Risk strategy and governance: driving clarity for managing and overseeing risk
  • A common risk language: promoting a consistent view of risk
  • Enterprise risk assessment: helping senior leadership and the board prioritize risk
  • Risk response plans: managing prioritized risks
  • Ongoing monitoring: recognizing changes in risk

PwC’s ERM Maturity Model at a high level

How can we assess whether our erm program’s maturity is where it should be.

Boards should question the maturity of the company’s ERM program and help management set expectations for where the organization wants to be in the future.

Foundational elements of enterprise risk management — breaking E-R-M down

Alignment with corporate strategy, risk strategy and governance, a common risk language, enterprise risk assessment, risk response plans, ongoing monitoring, helping boards oversee risk as part of strategic planning and execution, not separate risk from strategy.

Unexpected risk events have shown boards and management the value of instituting ERM practices. The degree of complexity and change facing organizations today highlights the need for strategies that account for risk.

Read more in the report

Driving clarity for managing and overseeing risk

Having a written charter or plan takes a concrete step towards a commitment to action; it is critical to ERM program development and survival. A charter or plan is a good first step...BUT if you want to really advance your program, you need a risk strategy and governance framework.

Promoting a consistent view of risk

For successful implementation of an ERM program, leaders should also institute a common risk language across all levels of the organization. This creates a single version of the truth and a consistent view of risk. Boards should look for standardization in the company’s risk management terms and processes.

Read more in the  report

Helping senior leadership and the board prioritize risk

Many companies see a simple enterprise risk assessment as the end product of the risk management process; however, it’s only one aspect of ERM. One of the most important elements in the risk assessment process is the prioritization of risks and the analysis of capabilities in order to drive the development of risk-based strategies and response plans.

Managing prioritized risks

The output of a risk assessment process is often a risk response plan — a plan that details the company’s actions in mitigating risk issues. Plans should clearly articulate the risks, underlying causes, potential consequences and interrelated risks, along with how they relate to strategic objectives and current initiatives.

Recognizing changes in risk

Establish a risk appetite and key risk indicators. One of the most common and effective forms of ongoing monitoring is done through the development of a risk appetite framework and a set of key risk indicators. Risk appetite defines the level of risk an organization is willing to accept in pursuit of its strategic objectives; it sets the boundaries within which risks should be managed.

Conclusion: supporting management in the company’s ERM journey

The design and implementation of foundational ERM components can take time and depends on both the complexity the company faces in its operations and external environment and the resources committed to risk management. Leaders can’t take a one-size-fits-all approach to ERM - the process must align with the company’s culture, size, and complexity. To adequately oversee risk management, boards need to understand the foundational ERM elements and where they can make a difference in supporting management in the company’s journey. As the ERM program matures, the board can promote continuous improvement by challenging management on what is working and what is not.

{{filterContent.facetedTitle}}

{{item.publishDate}}

{{item.title}}

{{item.text}}

Maria Castañón Moats

Leader, Governance Insights Center, PwC US

Brian Schwartz

Partner, Cyber, Risk and Regulatory, Washington, PwC US

Lillian Borsa

Principal, Governance Insights Center, Florham Park, PwC US

Carin Robinson

Director, Governance Insights Center, Washington DC, PwC US

Director, Governance Insights Center, Florham Park, PwC US

Katee Puterbaugh

Director, Cyber, Risk and Regulatory, PwC US

Linkedin Follow

Thank you for your interest in PwC

We have received your information. Should you need to refer back to this submission in the future, please use reference number "refID" .

Required fields are marked with an asterisk( * )

Please correct the errors and send your information again.

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

  • Data Privacy Framework
  • Cookie info
  • Terms and conditions
  • Site provider
  • Your Privacy Choices

IMAGES

  1. Enterprise Risk Management Framework Template

    enterprise risk management program template

  2. Enterprise Risk Management Report Template

    enterprise risk management program template

  3. Sample Enterprise Risk Management Work Plan Free Download

    enterprise risk management program template

  4. The Ultimate Guide to Enterprise Risk Management

    enterprise risk management program template

  5. Enterprise Risk Management Report Template

    enterprise risk management program template

  6. Enterprise Risk Management Organizational Chart

    enterprise risk management program template

VIDEO

  1. Risk Management: A Strategy for Compliance with Multiple Security Frameworks (Part 3 of 4)

  2. Project Risk Management _1

  3. Enterprise Risk Management

  4. Risk management project

  5. Best Risk Management Plan

COMMENTS

  1. Enterprise Risk Management Frameworks

    Get free Smartsheet templates By Andy Marker | March 24, 2021 (updated February 9, 2024) We've compiled resources on enterprise risk management (ERM) frameworks and models. You’ll learn how to develop a custom ERM framework, gain insight into key criteria and components, and find expert advice on mapping your framework to your customer's needs.

  2. Free Risk Management Plan Templates

    To support your risk management planning, this page offers multiple templates that are free to download. Choose from simple matrix templates or more comprehensive risk management plan templates for Excel, Word, and PDF, all of which are fully customizable to meet the needs of your specific enterprise or project.

  3. Enterprise risk management: PwC

    Director’s guide to ERM fundamentals ERM programs are intended to formalize how risks are identified, assessed, managed, monitored and reported on in light of strategic priorities. But what we’re seeing is that some ERM programs aren’t getting the desired traction, either losing momentum or lacking adequate investment.