Project Risk Management


Risk is inevitable in a business organization when undertaking projects. However, the project manager needs to ensure that risks are kept to a minimal. Risks can be mainly divided between two types, negative impact risk and positive impact risk.

Not all the time would project managers be facing negative impact risks as there are positive impact risks too. Once the risk has been identified, project managers need to come up with a mitigation plan or any other solution to counter attack the risk.

Project Risk Management

Managers can plan their strategy based on four steps of risk management which prevails in an organization. Following are the steps to manage risks effectively in an organization:

  • Risk Identification

  • Risk Quantification

  • Risk Response

  • Risk Monitoring and Control

Let's go through each of the step in project risk management:

Risk Identification

Managers face many difficulties when it comes to identifying and naming the risks that occur when undertaking projects. These risks could be resolved through structured or unstructured brainstorming or strategies. It's important to understand that risks pertaining to the project can only be handled by the project manager and other stakeholders of the project.

Risks, such as operational or business risks will be handled by the relevant teams. The risks that often impact a project are supplier risk, resource risk and budget risk. Supplier risk would refer to risks that can occur in case the supplier is not meeting the timeline to supply the resources required.

Resource risk occurs when the human resource used in the project is not enough or not skilled enough. Budget risk would refer to risks that can occur if the costs are more than what was budgeted.

Risk Quantification

Risks can be evaluated based on quantity. Project managers need to analyze the likely chances of a risk occurring with the help of a matrix.

Risk Quantification

Using the matrix, the project manager can categorize the risk into four categories as Low, Medium, High and Critical. The probability of occurrence and the impact on the project are the two parameters used for placing the risk in the matrix categories. As an example, if a risk occurrence is low (probability = 2) and it has the highest impact (impact = 4), the risk can be categorized as 'High'.

Risk Response

When it comes to risk management, it depends on the project manager to choose strategies that will reduce the risk to minimal. Project managers can choose between the four risk response strategies, which are outlined below.

  • Risks can be avoided

  • Pass on the risk

  • Take corrective measures to reduce the impact of risks

  • Acknowledge the risk

Risk Monitoring and Control

Risks can be monitored on a continuous basis to check if any change is made. New risks can be identified through the constant monitoring and assessing mechanisms.

Risk Management Process

Following are the considerations when it comes to risk management process:

  • Each person involved in the process of planning needs to identify and understand the risks pertaining to the project.

  • Once the team members have given their list of risks, the risks should be consolidated to a single list in order to remove the duplications.

  • Assessing the probability and impact of the risks involved with the help of a matrix.

  • Split the team into subgroups where each group will identify the triggers that lead to project risks.

  • The teams need to come up with a contingency plan whereby to strategically eliminate the risks involved or identified.

  • Plan the risk management process. Each person involved in the project is assigned a risk in which he/she looks out for any triggers and then finds a suitable solution for it.

Risk Register

Often project managers will compile a document, which outlines the risks involved and the strategies in place. This document is vital as it provides a huge deal of information.

Risk register will often consists of diagrams to aid the reader as to the types of risks that are dealt by the organization and the course of action taken. The risk register should be freely accessible for all the members of the project team.

Project Risk; an Opportunity or a Threat?

As mentioned above, risks contain two sides. It can be either viewed as a negative element or a positive element. Negative risks can be detrimental factors that can haphazard situations for a project.

Therefore, these should be curbed once identified. On the other hand, positive risks can bring about acknowledgements from both the customer and the management. All the risks need to be addressed by the project manager.


An organization will not be able to fully eliminate or eradicate risks. Every project engagement will have its own set of risks to be dealt with. A certain degree of risk will be involved when undertaking a project.

The risk management process should not be compromised at any point, if ignored can lead to detrimental effects. The entire management team of the organization should be aware of the project risk management methodologies and techniques.

Enhanced education and frequent risk assessments are the best way to minimize the damage from risks.