Not recorded

Project Risk Management

By Duncan Haughey | minute read

Three red dice reading: Manage your risk

There are many techniques you can employ to identify risks to your project. Some project managers rely on regular team meetings, brainstorming sessions, reviews with stakeholders or experience from similar projects.

Risks may result from a lack of stakeholder commitment, ill-defined scope, poor cost management, too many changes, poor communication, lack of skilled people and many other factors.

Once you have identified your risks, write them down in a risk log. The log is used to monitor and track your risks. Make your risk log visible to the project stakeholders, so they can see you are addressing the risks that concern them. They may flag new risks you haven't identified.

The risk log should evolve over time with potential risks removed and new ones added as the project progresses.

Risk Evaluation

Once you have filled out your risk log, you next evaluate your risks. One of the most effective ways is to grade the risks on two levels - likelihood and severity. Assign a value to both the likelihood and severity of either a high, medium or low rating. You should concentrate your efforts on the high likelihood - high severity and high likelihood - medium severity risks. You should look at the financial implication of each risk as an additional factor.

Corrective Actions

Once you understand where your greatest risks are coming from and which you should address first, you should take corrective actions. Try to think of two actions for each risk. Document the actions you intend to take to mitigate the impact of each risk on your risk log.

Risk Control

Finally, you should monitor and manage your risks. Risk control involves keeping a risk management plan, a record of risks handled, a description of your proposed corrective actions, costs involved and a risk escalation plan for when problems arise. Include information about the risks in your progress reports. Risk control keeps risks visible and prevents any nasty surprises during the project.


Always identify your risks, grade them and decide what corrective actions you will take should the worst happen. Give most attention to the risks with a high likelihood and high or medium severity rating. Create an action plan to mitigate the impact of these risks. Then, monitor and control your risks.

At the end of the project look back at the risks and record any lessons learned in your Project Closure Report.

Nobody likes to think about what may go wrong in a project, but to ignore risk management means that you are increasing the likelihood of an unnecessary project failure.

What's Next?

Related Articles