The Essential Process for Managing Project Risks

To be consistent with our principles, we need a systematic approach that allows us to focus time and resources on the highest priority risk elements. The power in the process is not in its complexityit's relatively simple and straightforwardthe power is in the management approach it inspires.

Let's review the essential steps for managing project risks:

  • Identify This is the critical step of identifying the risks to the project. The best way to start this process is also the best way to leverage the lessons from the pastuse a risk profile. A risk profile, also referred to as a risk checklist or risk assessment form, will list the common sources of project risk that you need to consider. While most risk profiles will help you evaluate the majority of risk factors that are common to all projects, including the listing we have later in this chapter, the best risk profiles are ones that are specific to your industry, organization, and project type. In addition, the less experience that you have in project management or in the project domain, the more you will want to facilitate this process with the key stakeholders and subject matter experts on your project team.
  • Determine probability For each risk factor that has been identified, determine the likelihood that the risk event will occur. The goal is to quantify the uncertainty as much as possible, although in reality, this is still a judgment call. Common methods include numeric scales (15, 110), and subjective scales (High, Medium, Low).

    The best risk profiles are ones that are specific to your industry, organization, and project type.

  • Assess impact For each risk factor, determine the potential impact the risk event would have on the project critical success factors if it occurred. Like the probability element, the goal is to quantify the potential impact as much as possible. Generally the same type of scale is used here too. It is a good idea to document the specific impact (which critical success factor) and the magnitude of the impact.
  • Prioritize Now that we have a probability and an impact level, tabulate a final ranking for each risk factor by combining the two values. If you have used numeric scales, this is straightforward; just multiply the two values together to get a final score. If you have used qualitative scales (L, M, H), you should be able to easily translate these to numeric values (1, 2, 3) to figure your final score. This step will show you the highest priority, most important risks and the ones that we need to focus your initial efforts.
  • Develop responses Document a response plan for each risk using one of the five risk response options detailed later in this chapter. Since risk response strategies may entail the allocation of additional resources, tasks, time, and costs to the project plan, this is why the planning efforts are iterative in nature.
  • Get buy-in Review the risk response strategies with the key stakeholders to increase their awareness, get their feedback (if you have not already), and get their acceptance of the planned approaches.
  • Monitor Don't stop. Nothing stays the same. Continue to keep your eye on the risk factorswatch for triggers to activate other planned responses, be mindful of the appearance of new risk factors, and don't totally forget about the low level risks. Either via circumstances changing or initial miscalculations, you may find some of these have a higher probability of occurring (or higher impact) than originally perceived.


These steps are focused on qualitative analysis and are more than sufficient for most projects, especially if a team approach is taken for this process. However, if you are in a situation or industry that requires more precise risk analysis, you will need to leverage a second phase of analysis called numerical (or quantitative) analysis. Techniques such as decision tree analysis and Monte Carlo simulations are frequently used here. Please consult an advanced project risk management course or text for instruction in this area.


Risk Response Options

Most people tend to think "mitigation" when they think of risk management. However, there are also four risk response options. Table 14.1 reviews each response strategy and provides examples of each.

Table 14.1. Summary of Risk Response Options

Risk Response




Avoiding the risk.

Changing the project plan to eliminate the risk.

Changing the project plan to protect a project objective from the impact.

Reducing the scope to remove high-risk tasks.

Adding resources or time.

Adopting a proven approach rather than new one.

Removing a "problem" resource.


"Accepting" the consequences of the risk.

The project plan is not changed to deal with the risk.

A better response strategy cannot be identified.

Active acceptance.

Passive acceptance.

No action.

Contingency allowance (reserves).

Notifying management that there could be a major cost increase if this risk occurs.

Monitor and Prepare

Accepting the risk for now.

Closely monitor the risk and proactively develop alternative action plans if the event occurs.

Contingency plan.

Fallback plan.

Establish criteria that will trigger the implementation of the response plans.


Taking action to reduce the likelihood the risk will occur.

Taking action to reduce the impact of the risk.

Reducing the probability is always more effective than minimizing the consequences.

Adopting less complex approaches.

Planning on more testing.

Adding resources or time to the schedule.

Assigning a team member to visit the seller's facilities frequently to learn about potential delivery problems as early as possible.

Providing a less-experienced team member with additional training.

Deciding to prototype a high-risk solution element.


Transferring ownership of the risk factor.

Shifting the consequence of a risk and the ownership of the response to a third party.

Outsourcing difficult work to a more experienced company.

Fixed price contract

Contracts, insurance, warranties, guarantees, and so on.

Used most often for financial risk exposure.

Does not eliminate the risk.


Key Risk Management Tools

One aspect of the risk management process described in the PMBOK that many people find difficult to grasp initially is the reference to unfamiliar tools and techniques. Table 14.2 summarizes many of these tools and techniques to assist your learning and review process.

Table 14.2. Summary of Risk Management Tools

Risk Tool



Risk profile

A questionnaire or checklist to guide the identification of project risk factors.

Should be industry, organizational and project type specific.

Risk assessment

Generally synonymous with risk profile.

Frequently will contain criteria to establish Low, Medium, High risk levels.

Often used interchangeably for risk profile or risk checklist.

Risk Log

Used to document the identified risks, probability score, impact score, priority, and planned response strategies.


Risk management plan

Describes how the risk management process will be structured and performed.

Describes the process to be used.

Risk response plan

Describes the response strategies for identified risks.

Risk Log

Details action steps to be taken if risk event occurs.

Probability/ impact matrix

Used to establish general High, Medium, and Low classifications for a risk factor.

Cross-references the probability score with the impact score.

Generally developed at the organizational level to improve the consistency of risk rankings.

The risk assessment questionnaire contains questions that pertain to project size, structure, and technology. The risk assessment questionnaire is broken down by risk categories, subcategories, and criteria that rate risk level according to low, medium, or high.

Part i. Project Management Jumpstart

Project Management Overview

The Project Manager

Essential Elements for any Successful Project

Part ii. Project Planning

Defining a Project

Planning a Project

Developing the Work Breakdown Structure

Estimating the Work

Developing the Project Schedule

Determining the Project Budget

Part iii. Project Control

Controlling a Project

Managing Project Changes

Managing Project Deliverables

Managing Project Issues

Managing Project Risks

Managing Project Quality

Part iv. Project Execution

Leading a Project

Managing Project Communications

Managing Expectations

Keys to Better Project Team Performance

Managing Differences

Managing Vendors

Ending a Project

Absolute Beginner[ap]s Guide to Project Management
Absolute Beginner[ap]s Guide to Project Management
ISBN: 078973821X
Year: 2006
Pages: 169 © 2008-2020.
If you may any questions please contact us: