Project Management Basics

It's Time to Become a Project Manager

Full Guide to Risk Management Process in Project Management

I was sitting in the office at my laptop. I’ve created a perfect plan to fix the problem that may appear in a few days.

It was my first project. And it made me a little proud of the solution I developed.

In a few days, it happened!

With all enthusiasm, I escalated it to the management.

At once I provided my plan to overcome the problem.

In a few hours of intensive meetings, senior management accepted the plan.

The problem was solved fast and easy.

But once everyone left my mentor came to me:

A project mentor shows how to implement a project risk management process on a monitor.

It was a hard hit.

But, if you think about it:

  1. It was much cheaper and less stressful to inform about the possible issue.
  2. Discuss it with an expert in a quiet meeting.
  3. Do not disturb several senior-level managers and engineers. And,
  4. We could come to the same result without escalation.

That’s how I came up to using this risk management process.

Short Glossary of Project Risk Management

A Risk in terms of PMBOK Guide is:

An uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.

But you should also keep in mind this critical aspect of risk management. As David Hillson points out in his article:

“Unfortunately, the concept of overall project risk is usually overlooked in the Project Risk Management approach adopted by most organizations. This means that our risk processes focus exclusively on individual risks and we fail to identify or proactively manage the overall risk exposure associated with our projects.”

So, as we talk, keep in mind the overall project risk level as well.

Risk Management Process in Project Management consists of several logical steps. First you plan risk management. Then, you identify, log, and prioritize risks. After that, you develop Risk Response Plans. In this guide, you will find in-depth explanation with examples on each step of the Risk Management Framework. Save the pin and click to read the article. #projectmanagement #riskmanagement #projectmanagementarticles #projectmanagementtips
Pin it to your project management board.

An Opportunity is an event or condition that has a positive effect. As a project manager, you need to try and leverage opportunities.

The Impact is the effect of risk or opportunity. The effect may influence the feasibility, costs, durations, overall risk level, availability of resources, a person, and so on.

We can assess risks qualitatively as Low, Medium, High impact.

We can also describe impact as a monetary or duration value as $2450 or 7 calendar days of delay.

Probability is the likelihood of risk or opportunity to happen.

Again it can be Qualitative like Low, Medium, High probability. Or Quantitative as 75%.

Risk Response or Risk Respons Plan is the action you will take to try to avoid or mitigate risk.

Example of Risk Management Process

Think beyond scope, costs, and schedule during Risk Management activities.

Before you start digging into each step. Here’s what I want to show you:

The examples of the process!

Why?

You may have a limited view on risk management. You may think about it only in terms of scope, time, and costs.

Therefore, you will develop responses to the plans with this limited mindset.

However, dealing with risks and opportunities, you need to be creative.

It helps you to come up with more efficient solutions.

So, review this article to learn what you can do with a risk:

Risk Management Examples: 9 Behind the Scenes Stories

Seven Steps of Project Risk Management Process

Below is the overview of the seven steps of risk management.

Each step is a separate process. There are in-depth articles for these steps. So, you can dive deep into each different process.

Risk Management Process Overview

1. Plan Risk Management

As all in project management – it starts with planning.

Why?

Well, there’re many reasons:

  1. Risk Management takes all the project documentation, processes, and workflows as an input. Everything is a source of risks.
  2. You don’t do Risk Management alone. You need to know your stakeholders. So, you need to plan their engagement.
  3. You need to collect the assets and knowledge that your organization has. It helps you to avoid creating a wheel.

So, you need a simple Project Risk Management Plan.

It should cover the details for each step we discuss below.

Keep in mind:

There is no such thing as a universal risk management approach. You need to select tools, techniques, and processes for each project individually.

You can find all the details here:

Simple Project Risk Management Plan that Works

2. Identify Risks

The next step is to identify risks.

You do it with techniques described in the Risk Management Plan. You use these techniques at the spots and with project information you identified in the plan.

Open Manhole and a quote: Even a small project has hundreds of risks. Log them all - evaluate later.

Here, you can learn about the most efficient risk identification techniques:

Do You Know These 6 Practical Risk Identification Techniques?

There’s one technique that makes the process efficient.

But many companies neglect it.

Why?

It takes efforts and dedication to collect lessons learned.

The main by-product of lessons learned for Risk Management is the List of Risk Categories.

Below you will find 43 Risk Categories as a kickstart. Expand it with your own ones throughout your career.

Read about it here:

43 Important Risk Categories for Effective Risk Identification

How many risks should you have after Risk Identification?

Here’s the truth:

Even on a small project, there are up to a hundred of risks.

What should you do with all of them?

You need to log them all into a Risk Register.

Don’t evaluate them – write them down!

Here you can learn everything about the Risk Register and get a template:

Risk Register – All You Need to Know About It

3. Perform Qualitative Risk Analysis

Impact-probability matrix used in qualitative risk analysis
Don’t overcomplicate Qualitative Risk Analysis. If you can prioritize risks using only three levels of Impact and Probability – do it. Benefits of ten levels grade appear only when you have hundreds of risks.

Dealing with all risks is costly.

You will never have a project that allows tackling all the risks.

You need to select risks that have the most severe adverse effect on the project. Moreover, the probability of such a threat should be adequate.

Therefore, by performing Qualitative Risk Analysis, you go from a hundred of risks to maybe a dozen.

You take this dozen of risks to the next step in the process. You will Plan Risk Responses.

The rest of the risks remain in the Risk Register and get into a Watch List section.

Why?

Risks can evolve and change their Impact and Probability during the project lifetime.

Learn how to perform Qualitative Risk Analysis here:

How to Perform Qualitative Risk Analysis for the First Time

4. Perform Quantitative Risk Analysis

(Optional for small and medium projects)

Decision making chart used in quantitative risk analysis
Getting into the level of details required by Quantitative Risk Analysis is not efficient for smaller projects. Cost impact may not be adequate to the efforts you spend.

You may analyze risks further by identifying specific numbers for probability in percents and Impact – in dollars.

By multiplying the numbers, you get the monetary impact of a risk. It’s called the Expected Monetary Value (EVM).

Here’s an excellent article by Harry Hall on this topic:

Evaluating Risks Using Quantitative Risk Analysis

But for smaller projects, you usually don’t need quantitative risk analysis. It doesn’t provide many benefits for the efforts you put into it.

5. Plan Risk Responses

So, now you have a dozen of risks you will work with.

What should you do?

  • You can do something to avoid risk.
  • You can do something to reduce Impact and/or Probability of a threat.
  • You can do nothing and let the risk happen but use the reserves to minimize the negative impact.
  • You can do nothing and accept the risk and its effects.

But don’t limit yourself to some standard actions:

“An Efficient Risk Response Plan comes from collaboration with stakeholders.” - Dmitriy Nizhebetskiy

Sometimes you need to look beyond your Gantt Chart, your budget, and the team that you have.

Here, you can read more about Risk Response Strategies:

Risk Response Strategy (Definitive Guide with Examples)

6. Implement Risk Responses

Each Risk Response Plan is a part of your Project Management Plan.

  • It’s an amount of budget allocated for the specific risk.
  • It’s a separate task someone needs to perform.
  • It’s a new process you developed.

So, at a specific moment of your project, someone needs to implement the Risk Response plan. Moreover, this person should report on progress.

Also, you need to do specific actions:

  • Assign a Risk Owner. Each risk should have an owner. This person will monitor and work specifically on allocated risk when the time comes.
  • Communicate with stakeholders about the upcoming risks and responses you will do.
  • Collect data about the risks: number of risks that happen or didn’t occur. The efficiency of risk responses and impact of risks on schedule, budget, scope of work. Also, don’t forget about the client’s happiness.
  • Identify any residual risk after you implemented risk responses.

These activities go across the board of all project management efforts. Each risk response is like a micro sub-project.

Text on the image: Risk Responses are a part of your project plan. They are tasks, reserves, processes, experts. It’s NOT something outside of your project.

Here’s a tip:

Delegate ownership for implementing risk responses as much as possible. You need to focus on the bigger picture of project progress, overall risk levels, and new sources of risks.

7. Monitor Risks

As with all controlling processes in project management, it’s the same thing here.

You need to ensure that your risk responses are efficient and timely.

You need to keep an eye on new risks that appear. And they do appear all the time!

Also, you need to control the overall risk level for the project.

At some point, you may feel the need to make changes to the project baselines or your risk management approach.

Sometimes new risks may challenge the feasibility of your project.

So, you need to assess all the input that you get.

Here are some more practical tips on identifying new risks:

How to Identify Risks in Project Management (a practical guide)

If you want to get all these articles as one PDF get access to PM Basics Library.

You need to monitor all known risks. Impact and/or Probability can change during project lifetime.

What Should You Do if Risks Messed Up Your Project

Following this process doesn’t safeguard you from problems.

  • You may fail to identify a severe risk.
  • Your risk response plan may appear inefficient.
  • Small risks may get a severe commutative effect.
  • Some risks will be out of your control.

So, you need to be ready to lead your project through this crisis.

And here the catch:

You need to focus your efforts on getting your project back to the project plan.

I mean you should not re-plan the whole project. That will create new risks.

You need to develop corrective actions that will put the project back on track.

If there is no way you can do that – only then recommend canceling the project. You can start all over again with new input.

It will ensure you will waste the client’s money for nothing.

Read more about resolving project management crises here:

How to Survive Project Management Crisis

The Next Step

If you want to become a Project Manager or you are an Accidental Project Manager, but you want to become a professional one – get access to proven project management training.

Get FREE Access to PM Basics Library

My Mission

I help aspiring leaders to get a role of a project manager by teaching essential basics of project management so that they can achieve their potential to full extent.

Learn More

PM Basics Community

Member Area

Login