When developing a risk management plan, remember how a risk management plan differs from a risk management program.
A risk management program is a system of policies, procedures, goals, relationships, accountability, activities, planning and reporting an entity uses to continually assess and control the effects of risk on its ability to achieve its purpose.
A risk management plan is a written summary that documents the important components of an entity’s risk management program.