WatchKeeper is now Dataminr!

What is Risk Management Planning?

Anna Kotlabova
. 7 min read
While one cannot fully control and mitigate all the risks that might affect them or their business, there are some steps that everyone can take to prepare for and therefore minimise the impact of risks.

What is Risk Management Planning?

Risk is an inherent part of life. Risk refers to a generally unforeseen or uncontrollable event that can cause damage to an organisation or its assets. The Cambridge Dictionary defines risk as “the possibility of something bad happening.” Risk is a danger that is always present. It can come in the form of unforeseen extreme weather events such as tornadoes or in the shape of human-based disasters like mass shootings or terrorist attacks. To some these may seem like extreme and rare events, but the data tells us that these are in fact very real risks that affect people and businesses around the world every day. 
While one cannot fully control and mitigate all the risks that might affect them or their business, there are some steps that everyone can take to prepare for and therefore minimise the impact of risks. This is known as risk management. 
The Association for Project Management has the following definition for risk management. “Risk analysis and risk management is a process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities and outcomes.” 
There are many types of risks that can pose a threat to a business, but with the correct strategy, organisations can mitigate their effects before they have a chance to cause serious harm or disruption. 
Mass shootings and natural disasters are examples of external risks outside of people’s control. But risk can take on many forms including several of the ones listed below. For each type of risk, there are different questions organisation’s must ask to help ensure safety and minimise disruption.

Types of Risk


  • What are the limitations of the technology being used?
  • What are the risks in the technology interfaces?
  • How well does the technology perform in different contexts?
  • What is the quality of the technology? 


  • What risks should be considered in the planning process?
  • What are the potential issues in scheduling or estimating?
  • What risks may emerge from inadequate communication?


  • What are the project, business or organisational dependencies?
  • What issues may arise around logistics, resourcing and budgeting? 


  • What risks do customers, users or contractors pose?
  • What risks does the evolving market pose? 
  • What risks do natural disasters or violent incidents pose? 

Six steps to an effective risk management plan

Step 1: Identify Risks

The first step for an effective risk management strategy is dependent on identifying potential risks. You need to know what might happen before you can make contingency plans for those risks. Some ways to figure out what the risks are in a given situation is to hold interviews or to look at historical data. Historical data can illuminate what occurred or went wrong in the past. If good risk management measures have not been implemented following a risk event, then it is possible that event may happen again, and be even more damaging the second time. Another method is to brainstorm, both individually and as a group, to think through everything that could pose a threat. All these ideas should be noted down and acted upon.

Step 2: Consider severity and likelihood of risks

Assign each risk listed in the step above a number on a scale that takes into account the severity the risk poses as well as its likelihood. This exercise will allow you to prioritise risk management to ensure you are best prepared to deal with the most severe and likely risks first. If an existing risk has the potential to cause lasting and irreversible damage then preparations for this should be made first. 

Step 3: Consider leadership and roles and responsibilities

There should be a designated person or team responsible for managing all of the risks listed above. In this way, when and if they do occur, the disruption they cause is minimised by everyone having clarity on who is responsible for what and how the response should work. Within teams, playbooks for a variety of scenarios can be established in advance so when the scenario occurs, everyone has transparency on their roles and responsibilities in managing the risk. It is vital to ensure that every risk has an associated point of contact that will be dealing with it.

Step 4: Plan the response for each type of risk

For each risk that has been identified, create a plan to mitigate it. Involve all the stakeholders who would be affected. These plans can be called strategies, preventative measures, or contingency plans. They need to involve a communication strategy, allocation of responsibilities and identification of the risk owner. 

Step 5: Proactively monitor and report risks

Identifying risks is the beginning, but another crucial element of risk management is monitoring risk. Have a list of all known risks handy, and create a system for monitoring them. For unknown risks, a platform like WatchKeeper can be useful. It monitors risks around the world and alerts users to them when a risk event is within a set proximity to people or assets of interest. 

Step 6: Regularly review (and practice) plans

Risks evolve over space and time. As such the strategies that a business or organisation puts in place to deal with risks need constant monitoring and review. A schedule should be set up on a regular basis, whether annually, biannually or more frequently, to ensure that risk mitigation plans are still relevant.

Common pitfalls with risk management plans

There are several common pitfalls associated with risk management that everyone needs to be made aware of prior to the creation of strategies and plans. Some of the common psychological issues that can make risk management less effective include:


Britannica defines groupthink as a “mode of thinking in which individual members of small cohesive groups tend to accept a viewpoint or conclusion that represents a perceived group consensus, whether or not the group members believe it to be valid, correct, or optimal. Groupthink reduces the efficiency of collective problem solving within such groups.”

Confirmation bias

According to Science Daily, confirmation bias is “a phenomenon wherein decision makers have been shown to actively seek out and assign more weight to evidence that confirms their hypothesis, and ignore or underweigh evidence that could disconfirm their hypothesis.”


According to the Corporate Finance Institute, anchoring bias occurs when “people rely too much on pre-existing information or the first information they find when making decisions.” For example, if you are presented with a pair of shoes that cost £500 and then another pair of shoes that costs £80, you are likely to consider the £80 pair of shoes cheap, not because they are objectively, but because the first price influenced your perception of what is cheap. 

Survivorship bias

According to a piece in the BBC, survivorship bias “comes about when we select only the ‘survivors’ – those that outperformed the rest, whether people, machines or companies – and come to conclusions based on their attributes, without looking more broadly at the whole dataset, including those with similar characteristics that failed to perform as well.”

How WatchKeeper can help with risk management

WatchKeeper is a complete end-to-end critical event management tool and a core part of many organisations’ risk management processes. WatchKeeper makes the monitoring and management of risk easy for security teams by allowing users to manage crises end-to-end from one platform. Below is a selection of some WatchKeeper features which are particularly useful for helping organisations manage their risk. 
  • Alert Manager is a feature within the WatchKeeper platform which alerts users to a variety of risk events ranging from natural disasters to mass casualty incidents around the world. Users can customise these alerts, so they are only alerted to major incidents or risk events near their assets. 
  • Case management allows WatchKeeper users to collaborate and streamline their risk response. You can assign tasks, bring in playbooks, tag users, comment and send out mass communications to ensure risk mitigation or response is as efficient as possible.
  • Views and Briefings is a tool which allows users to save risk events or points of interest and combine them into a dynamic presentation. It is an effective way to share and present past risk events to individuals or an entire organisation. It facilitates retrospectives and is helpful in ensuring that risk management plans are regularly reviewed and optimised following risk events.
To learn more about WatchKeeper and it’s range of features, or to request a demo, please visit or email us at
51° 30' 35.5140'' N
0° 7' 5.1312'' W