What is risk management?

Risk management is the process of mitigating the potential negative impact unforeseen events can have a project's cost, time table, or other resources. As risk is an unavoidable part of project management, it needs to be accounted for from start to finish on all projects.

Risk management occurs in 5 steps:

  • Risk planning
  • Risk identification
  • Risk analysis
  • Risk response plan
  • Risk monitoring

Risk planning

From the start, you have to put a risk plan in place. Like all project planning, risk planning is done iteratively, and never at a single point in time. A project manager should document a risk management plan with a defined approach. This includes how risks will be identified and scored, along with how contingencies and their owners will be determined and assigned.

Risk identification

To forgo this exercise is to forgo risk management all together. If project managers do nothing else for the benefit of their project with regard to risk, they should at least conduct a risk identification assessment.

Risk analysis

In order to know which of the now identified risks require subsequent management, analysis of the threats and opportunities is needed. For our purposes, project risk analysis is done two ways, qualitative risk analysis, and quantitative risk analysis. The latter is where a score or weight is assigned to each risk based on probability and potential impact, so it is known if further management is necessary. This is put into a Risk Register (see example below). An integral part of project risk analysis is risk tolerance, as some risks may require no further action beyond their identification, while others, which may be more likely, will require a contingency plan of action.

Risk response plan

Risk response planning combines our efforts thus far into a viable risk response for each threat and opportunity we've identified as falling within the range of our risk tolerance threshold. Risk response planning increases the probability and/or impact of opportunities identified within the predetermined tolerance range of our risk register, and reduces the probability and/or impact of any threats.

There are four mitigation strategies to consider when developing a Risk Response Plan for both threats and opportunities.

Response to Threats:

  • Avoid: Change plans

  • Mitigate: reduce the probability and/or impact of the threat on the project

  • Transfer: assign the risk to someone else

  • Accept: do nothing

Response to Opportunities:

  • Exploit: make the opportunity more likely

  • Enhance: increase the value of the opportunity to the project

  • Share: partner with someone who can capture the opportunity

  • Accept: do nothing

Risk monitoring

The last step is risk monitoring. The project manager monitors the risk register, executing on response plans, as well as documenting subsequent threats and opportunities as they become known throughout the project life cycle.

Risk planning is like any other project planning process, and is never really done until the project itself is complete; therefore, a project manager's risk monitoring is finished only when the project is complete.

All projects face risks. Risks can in large part be mitigated to some degree by taking the time to develop a project risk management process to help ensure threats have a limited effect on the project outcome while maximizing opportunities. A skilled project manager understands the potential effects that risks can have on their projects, and manages them accordingly, ultimately resulting in improved odds for project success.

Other knowledge areas

  • Integration management: Integration management helps teams work together more seamlessly. It takes various processes, systems, and methodologies and brings them together to form a cohesive strategy.
  • Cost management: Cost management is the process of planning and controlling the budget of a project. It involves everything from planning the overall project budgets to funding individual actions throughout the life of a project.
  • Communications management: Communications management outlines the processes and procedures needed to ensure that information and data throughout the life of a project are properly collected, stored, and distributed across the project team.
  • Quality management: Quality management is the process of continually measuring quality throughout the life of a project and making necessary changes until the desired quality is achieved.
  • Time management: Time management involves analyzing and developing a schedule and timeline for project completion. Formalized time management processes provide a buffer for things like unexpected roadblocks and misestimated timelines.
  • Resource management: Resource management is the process of effectively planning, scheduling, and allocating all resources needed to execute on a project. This process touches on everything from financial resources to human capital.
  • Scope management: Scope management is the process of actively managing what is and is not included in any given project. The scope should be defined in the planning phase of a project and should be reviewed throughout the execution to minimize scope creep wherever possible. 


What are you waiting for? Get your free demo.

> Automate workflows across teams and departments
> Connect your tools and applications in one location
> Streamline your digital asset management