The risk management plan contains an analysis of likely risks with both high and low impact, as well as mitigation strategies to help the project avoid being derailed should common problems arise.
Broadly, there are four potential responses to risk with numerous variations on the specific terms used to name these response options:[2][3] (Mnemonic: SARA, for Share Avoid Reduce Accept, or A-CAT, for "Avoid, Control, Accept, or Transfer") Risk management plans often include matrices.
The United States Department of Defense, as part of acquisition, uses risk management planning that may have a Risk Management Plan document for the specific project.
The general intent of the RMP in this context is to define the scope of risks to be tracked and means of documenting reports.
The RMP specific process and templates shift over time (e.g. the disappearance of 2002 documents Defense Finance and Accounting Service / System Risk Management Plan, and the SPAWAR Risk Management Process).