Risk Management: Three Steps

Risk Management
Risk Management

One of the most forgotten and ignored aspects of project management is risk management. The project plan and issues log get a lot of attention. And rightfully so. Those are important aspects of a project.

If you don’t pay attention to the tasks that need to be completed, they won’t get done. And if you don’t attend to issues, they result in delays and cost overrides.

But risk management is as important as those other aspects. Risk management is like buying insurance for the project. It allows you to be more prepared for things that could go wrong on your project.

Three steps for effective risk management

Many people don’t focus on risk management because they don’t see the value. That’s because most people don’t do it completely. People spend lots of time, especially at the beginning of the project identifying risks to the project. They document the list and store it in a project repository. Little, if anything gets done beyond those efforts.

But there are three steps that need to be addressed for effective risk management. The team needs to identify risks. But there is more to it.

Step 1: Risk identification

At the beginning of the project, the project manager should work with the team to identify any risks that could occur. This can range from computer servers not being delivered on time to the risk of a hurricane, if you work in an area susceptible to that type of thing.

Once risks are listed, the analysis begins. I like to be fairly scientific about it. It try to assess the likelihood of the risk occurring. This can be stated in terms of a percentage or a High-Medium-Low designation.

I also like to assess the impact to the project if the risk occurs. Again, you can assign a High-Medium-Low label. You could also try to assess what the actual impact would be based on dollars, time elapsed, or lost team members. If you choose to do that, it is recommended to assign real measurable numbers that impact the project.

Step 2: Identify mitigation strategies

Once risks are identified and analyzed, you need to identify mitigation strategies. It’s one thing to identify everything that could go wrong. It does very little good unless you determine what you will do about it.

Mitigation steps generally can be broken down into three approaches:

Avoidance – What can we do to avoid this risk? If you have a risk that your servers might be delivered late, you might choose to avoid that risk by ordering from multiple vendors. If one vendor is late, you have better odds of getting your other servers delivered on time.

Reduction – If you can’t avoid the risk, you may be able to reduce it. With the late server example, you may be able to pay a premium for express delivery.

Acceptance – With some risks, it is either a very low likelihood, like a hurricane in Chicago, or low impact. For those risks, you may choose simply to accept and monitor the risk.

Step 3: Reassess

Situations continually change. It is important to reassess your risks frequently. An alert project manager always has one eye open for new risks on a project. The team should go through risk assessment exercises every couple of weeks. In weekly status meetings, the project manager should ask team members about any new risks.

The existing risks should also be reassessed. Has the probability or impact changed? Are you no longer willing to accept a risk? Perhaps new mitigation strategies are more appropriate as the project has matured.

Projects are fluid and the risks to the project continue to change. It is critical to project success to always be aware of new and changing risks to stay on top of them.


I’ve always considered issues as risks that came true. Although it is impossible to think of every possible issue that could occur, frequent and thorough risk analysis can help a team avoid many issues from happening. For issues that can’t be avoided, risk analysis and mitigation strategies can help the team be more ready to address them with resolutions more rapidly.

Detailed risk analysis is a great insurance policy against issues taking over your project.

How thorough is your risk analysis?

If you would like to learn more about a career in Project Management, get Lew’s book Project Management 101: 101 Tips for Success in Project Management on Amazon.

Please feel free to provide feedback in the comments section below.

Image courtesy of vlado at FreeDigitalPhotos.net