Project Risk Management
The purpose of Project Risk Management is to identify project risks and develop strategies to
prevent them from occurring or minimize their impact to the project if they do occur.
Project risks exist because of uncertainty. There is always the possibility that something known or unknown
could impact the achievement of your project's goals. Risk management is about being prepared to handle these risks.
As the project manager, there are four basics of risk management that you can use to manage your
- Identify Risks
- Risk Assessment
- Risk Response Development
- Monitor and Control Risks
The first step of risk management is to identify any risks that may impact your project. You are
essentially answering the question, "What could go wrong?"
It's important to encourage critical thinking when trying to identify risks. In general, it's great to have a
"Can Do" attitude, but during this activity you need to believe in Murphy's Law.
"Anything that can go wrong, will go wrong."
- Murphy's Law
There are several techniques that you can use to help identify risks...
- Risk Profiles
- Historical Data
- Assumptions Analysis
- Work Breakdown Structure Analysis
Keep in mind that this is not a one-time activity. As the project progresses, new risks may evolve or become
known while others may no longer be relevant.
Once you have a list of potential project risks, you need to determine which risks need to be managed.
Generally, those risks that would have the greatest impact to the project as well as those that are more likely to
occur are the ones that should be focused on.
A basic risk assessment will analyze each risk event for the likelihood that the risk will occur and for the
impact it will have if it occurs. This type of qualitative risk analysis information can be plotted on a
Risk Assessment Matrix which incorporates the risk rating rules as defined in your Project Risk
Risk Assessment Matrix
Quantitative risk management methods can also be used. These methods include the Monte Carlo technique,
sensitivity analysis, and expected monetary value analysis.
Risk Response Development
For each risk, there are four response strategies that you can choose from...
In some cases, risk avoidance is possible by making a change to the project management plan.
Some examples include extending or shortening the schedule, changing the project strategy, or reducing scope.
Risk transfer involves passing the risk to a third party. This doesn't change or eliminate the risk,
it simply gives another party the responsibility to manage the risk. Examples of risk transfer include insurance,
performance bonds, warranties, fixed price contracts, and guarantees.
Risk mitigation means to reduce the probability and/or impact of a risk event. Examples of risk
mitigation include safety training, simplifying processes, choosing a stable supplier, and redundant activities.
Risk acceptance is when the project team decides not to change the project management plan to deal
with the risk or is unable to identify any other risk response strategies for a risk event. This strategy can be
passive where the project team decides to just deal with the risk if it occurs. Or it can be active where the
project team has a contingency reserve allocated and plan in place in case the risk occurs.
Monitor and Control Risk
Monitoring and controlling your project risks involves implementing your risk response strategies, tracking
identified risks, monitoring triggering events, and identifying new risks. This should be done throughout your project.
You can find more articles about project risk management below.