Project Risk Management

Managing project risk is a best practice for successful project management. This article relates solely to project risk, and not to other forms of risk such as financial or medical risk etc. For the purposes of risk assessment we define a risk as the likelihood of a specific event happening which will have a negative impact on our project.

Project Risk Analysis

Project risk analysis is one component of the risk management process. It should be performed as a team project with the aim of reducing project risk. Once we have identified a risk we must record it in the project risk register and understand its probability and severity.

  • Probability: the likelihood that the risk event will occur (scored between 1 – 5)
  • Impact: the scale of the issue we are faced with in the project if the risk event happens (scored between 1- 5)

The easiest way to then display the risks is by using a Risk Map:


We record our impact and probability scores in the risk register. I like to keep a risk burn down graph so I can track how the total risk is progressing over time:

Once we have assigned each risk with an impact and probability score, the next step is to examine each risk again in turn to see how best to handle that risk with the aim of reducing project risk. This examination of risks is best done as a team project. There are four principle methods to handle risk:

  • Transfer risk: refers to transferring the risk away, for example, by taking out a insurance policy to transfer risk to the insurer
  • Tolerate risk: this is the do nothing option. Normally this will only apply to low level risks.
  • Terminate risk: we change the shape of our project so the risk disappears, perhaps by dropping something from project scope.
  • Treat risk: here we take solid actions to reduce the probability of the risk ever happening, or the impact the risk will have on the project if it does.

Note that occasionally a risk can actually have a positive impact on our project, that is, if the risk materialises it will somehow positively benefit out project.

Here are some key tips in project risk management:

  • Always embed a project risk management process into all projects: no matter how big, small, or peculiar your project
  • Communicate risks continuously
  • Perform risk analysis regularly
  • Get the team involved in identifying risks (stops risks being missed)
  • Start identifying risks as early as possible
  • Make sure each risk has an owner
  • Spend time on risk analysis – don’t just pay risk analysis lip service
  • Track all risks using the project risk register


It is good practice to always use project risk management no matter how big, small, or peculiar your project. Good risk management means you will reduce your stress levels as a project manager as fewer issues will arise in your projects and when they do their impact will be less. So remember to spend time implementing a formal project risk management plan into your projects at the earliest opportunity.