Summary

Project risk management aims to increase the probability and impact of positive events and decrease the probability and impact of events adverse to project objectives. Or, more concisely, it aims to avoid unpleasant surprises or at least to ensure they don't derail the project.

The steps in project risk management, in the proper sequence, are as follows:

1. Plan how to manage risks.

2. Identify the risks.

3. Understand them thoroughly (through first qualitative and then quantitative analysis).

4. Plan responses to those risks that warrant response planning in advance.

So far these are all planning processes. The 'doing' part of risk management is monitoring and controlling, and all planning is wasted without some 'doing'. Don't be one of those people who timidly deludes themselves and everyone else that once a risk is safely documented in the risk register it is managed. The risk register is a vital tool for risk management, but that's only the beginning. The main part of the work is to do something, which happens in the monitoring and controlling part of risk management. Keep the identification and analysis work up to date with regular risk reviews.