Risk Management

Today we will discuss risk management.

All projects have risks that, if not managed, will affect your project or its objective.

Risk management is vital for project success, but many organizations do not implement a plan, considering it a burden.

As a project manager, it is your responsibility to emphasize the importance of risk management to your organization.

What is Risk Management?

Risks occur in projects, regardless of how well you may have planned. Every project is unique, and the project environment is so complex that planning every event is impossible.

A risk is an unplanned event that, if it occurs, can affect your project. The effect of risk can be negative or positive.

If negative, you should strive to reduce the impact or probability of the risk event happening. 

For example, there is a chance that a critical employee may go on leave during the peak of your project. 

On the other hand, if it is a positive risk, you should try to increase the impact or the chance of occurrence. 

For example, you may get a discount for buying materials in bulk or win another project for completing the project early.

How do you manage these risks? 

You do so through risk management.

Risk management is the process of identifying, analyzing, planning risk responses and controlling risks. These risks can arise from many sources, including uncertain project conditions, external environment, natural disasters, political conditions, theft, equipment failure, etc. 

Risk management is a systematic and proactive approach to managing risks. It is a process where you identify the risks and develop a strategy to manage them.

Why is Risk Management Often Ignored? 

Risk management is a crucial part of project management but is often ignored by management because:

  1. Management considers it to be an added cost
  2. Project managers find it a time-consuming task

Both assumptions are wrong. Risk management helps reduce the project’s final cost, outweighing the cost of negligence.

The typical attitude of upper management demonstrates a lack of knowledge and dismissal of risk management. However, failing to apply risk management to a project will yield disastrous results.

For example, assume there is a risk that one of your pieces of equipment may break during the project’s execution. Although you know this may happen, you do not have a backup plan.

Now, suppose during the project’s execution, the equipment does break down, and you’re forced to repair it or rent new equipment. Repairing or renting it at the last minute will cost you a lot, so your project’s budget may increase, and the schedule may be delayed.

By not following risk management, you lose money and increase the chance of project delays.

Let’s look at another example of risk management.

You know that one of your important team members may go on emergency leave, but you do not make a plan to handle this situation. During the peak of the project, your team member takes that leave, and you panic and start searching for a replacement.

This may delay your project.

Risk management might take time; however, following a risk management plan will ensure that you complete your project on time and on budget.

The objectives of risk management are to decrease the possibility of negative risks and increase that of positive risks. 

You can manage risks as an aggregate for the large population of events (macro) or on an event-by-event (micro) basis.

Keep the following points in mind while applying risk management principles:

  • The cost of managing risk should not outweigh the cost of the risk itself. For example, suppose a risk may cost you 100 USD if it occurs, and in this case, the cost of the risk response should not be more than 100 USD.
  • Risk management is a people-oriented process, and expert judgment is a key tool.
  • Risk management should be fluid and iterative.

Risk Management Processes

Risk management has the following processes:

  1. Identify risks
  2. Analyze risks
  3. Develop risk response
  4. Monitor and control risks

Identify Risks

This is the first risk management process.

Here you identify project risk. Try to identify as many risks as possible by reviewing all project documents, speaking with experts and key stakeholders, holding interview meetings, gathering data, etc.

After you complete this process, record all details in a risk register.

Don’t overlook positive risks. Often, risk managers ignore positive risk, which affects the efficiency of your risk management.

Analyze Risks

After identifying risks, you must analyze them for their severity. You will find the probability of each risk occurring and the impact, and you will multiply these to get a probability-impact score. Based on this number, you will rank the risk.

The higher the score, the higher the risk ranking.

If your project is large, you will use advanced quantitative risk analysis techniques like Monte Carlo simulation or sensitivity analysis.

After completing this process, you will update the risk register.

Develop Risk Responses

Here, you will develop response strategies for high-priority risks, and you will monitor low-priority risks on a watchlist.

The strategy for negative risks is to avoid them or minimize the impact or probability. Conversely, the strategy for positive risk is to realize and take advantage of them.

Monitor and Control Risks

This process helps you monitor the performance of your risk management. If you find your risk management is not effective, you can tweak the plan. You carry out risk auditing and ensure that risk response plans are implemented as they are planned.

You must keep monitoring for new risks. Also, as time passes and risks do not occur, update the risk register accordingly.

Benefits of Risk Management

Risk management is a proactive process. You find the risks before they happen and take measures to prevent or contain them. Managing a risk before it happens is less costly than what you will spend after ignoring them.

Let’s review with the help of an example.

Suppose you’re a project manager of a construction project. You identify a risk that it might rain, which may damage the construction materials lying on the open ground.

You plan to mitigate this risk and assign it to a risk owner. This person ensures that the mitigation plan is carried out if the identified risk occurs. 

Your plan says that if storm cloud movement is observed and rain is imminent, the risk owner will put a water-resistant cover over the materials lying on the ground.

Now, guess what will happen if rain falls?

The risk owner will know to act. He will not call the project manager; he will implement the risk mitigation plan.

You can relax because someone is there to take care of it.

How would you have managed the situation without this plan, and what would have happened? There would be chaos, and team members would call you. You would have rushed to the location to try and keep the materials from being damaged, but they would have already gotten wet.

Hence, you can see that if you don’t have a risk response plan, recovering from risk is expensive and time-consuming.

Risk management helps you complete your project with minimal hassle.

It brings many benefits to organizations. Some of them are as follows:

  • It helps achieve your project’s success with fewer obstacles.
  • Saves resources, money, and time.
  • Improves your organization’s reputation.
  • Provides safe working conditions for team members
  • Saves from legal trouble.
  • Increase business stability.

A risk management system ensures that the organization is prepared to deal with any problems, which increases its trustworthiness.

Problems with Risk Management

If your organization does not routinely implement risk management plans, it could be challenging for you to convince them. Management will see it as an additional financial burden with no monetary benefit.

Explain the benefits of risk management by outlining the project’s cost with and without risk management.

Project failure, cost overruns, and schedule delays are a few examples of not following risk management.

Show management the probability of completing the project with and without risk management. You can use a Monte Carlo analysis for this purpose.

It is difficult to contradict valid arguments that are supported by data analysis.

Limitations of Risk Management

Although risk management is beneficial in project management, it has some limitations.

For small projects, qualitative analysis is enough; however, a quantitative analysis is required for larger projects. Quantitative analysis requires the use of complex techniques and dealing with a large amount of mathematical data. This can be intimidating if team members are not experienced with using such techniques. 

Risk management is a people-oriented process and mostly relies on expert judgment in qualifying and ranking the risks. If the experts are inexperienced, biased, or prejudiced, your risk management plan will be affected.

Risk management depends on the quality of the data. If the organization is new or you are handling a new kind of project, getting enough data will be difficult, and it will affect your risk management plan.


Every business faces risk; successful businesses manage them, and unsuccessful businesses ignore them. Risk management prepares organizations for the unplanned and saves them from unwanted incidents, additional costs, and aggravating delays. Therefore, organizations must use risk management to complete projects with fewer headaches and grow their business.

This topic is important from a PMP and PMI-RMP exam point of view.

Does your organization use risk management? Please share your experience with risk management through the comments section.