The Ultimate Checklist for Creating a Risk Mitigation Plan

Follow our 10-point, step-by-step guide for creating an efficient and effective risk mitigation plan as part of your business continuity strategy.

Business Continuity is all about risk mitigation, and a risk mitigation plan is essential. If you are not looking at how to reduce, eliminate, or accept risks, you are missing the mark.

While not everything you create or spend time doing will directly impact risk mitigation, you should always be able to identify how each activity relates to mitigating risk. If this is not the case, you may want to reconsider why you are performing that task. To that end, we have developed the following checklist to help you develop a general risk mitigation plan, as well as create plans or actions for specific risks in your organization. We suggest the use of checklists as they are efficient, straightforward, and ensure important items are not missed.

Risk Mitigation Plan Checklist

Action Date Completed
1 Communicate/Gain Management Support
2 Identify Team Members (lead, subject matter experts, technical writers)
3 Identify/Update Risks (perform, update, or review the risk assessment)
4 Assess/Prioritize the Risks
5 Determine Mitigation Options
6 Develop the Mitigation Plan (use checklists as appropriate; keep it simple with non-actionable items in appendices or at the end of the plan)
7 Implement the Plan (review the plan and provide any training with those responsible for executing the plan; include management and individual contributors as well)
8 Monitor the Plan (Are action items on track? Has the business environment changed? )
9 Test the Plan (where appropriate, test the mitigation solutions or steps to ensure they are functional)
10 Review/Update Plan (repeat steps 3-8)

While these items may seem obvious and uncomplicated, the key in risk mitigation is action – not just writing reports or making lists of action items. Sometimes management support, step 1, can be the most challenging, and the most critical. Often, organizations go directly to steps 3-5, working hard to identify/update risks, assess/prioritize risks, and determine mitigation options. Far fewer actively develop, implement, monitor, test, and review their plan (steps 6-10).

We recommend that you start at the beginning. Not only is management support crucial to the success of the risk mitigation plan, your leaders must have enough information and visibility related to risk for the organization to make appropriate decisions. Using all the steps outlined above to create your risk mitigation plan will guide you through the process, and help validate and document your decisions.

The MHA Consulting Team
The MHA Consulting team has over a century of business continuity and disaster recovery experience. Having protected trillions of dollars in global market assets for today’s leading companies, we adhere to the highest standards of our field and are committed to helping businesses protect their staff and assets.
Showing 2 comments
  • Bill Sheldon

    Having done this for a living, I concur. The list is straight forward, getting every exec and division to follow through is Herculean.

pingbacks / trackbacks
  • […] Plan is a critical step in the development of your BCM program. A few weeks ago, we posted our ultimate guide to developing a risk mitigation plan, but this week we’re going to take another step toward program maturity by looking at the […]

BCM RiskBusiness Continuity Program