The risk management process established in the risk management plan should be reviewed regularly to ensure that:
• each risk is controlled, unless it is no longer a risk (e.g. a construction risk after construction is complete)
• the risk management process adopted for each risk is effective
• resources are made available to deal with risks at the appropriate times
• any new potential risks are identified and appropriate measures taken to mitigate them.
The frequency of and responsibility for monitoring should be specified in the risk management plan. The scope and frequency of the risk review meetings will vary depending on the size, stage and complexity of the project. The review process should not only be seen as a means of reviewing past performance, but also as an opportunity to incorporate consideration of changed circumstances that may affect the project in the future, and to develop strategies to improve risk management, in line with changing circumstances.
Where a new risk is identified, a risk management strategy should be drafted, including actions to mitigate the consequences of the risk. The risk and the management strategy should be incorporated into the master risk management plan and be reviewed regularly using the approach adopted for reviewing all project risks.