Risky Business: The Project Manager and Project Risk

Insights | 13 June 2019

Projects, by definition, are uncertain. To be successful, a project manager needs to address risk management proactively and consistently throughout a project. A risk if it occurs, has a positive (opportunity) or negative (threat) effect on one or more project objectives such as scope, schedule, cost and quality.

Risk management should be an integral part of every project undertaken. Areas of risk to be addressed include the:

  • Business environment
  • Marketplace
  • Execution approaches (e.g agile versus traditional)
  • Availability and quality of resources
  • Development of deliverables

6 Steps to Successful Risk Management

  1. The extent, type and visibility of risk management on a project needs to be aligned with both the individual risks and the importance of the project to the organisation. How to manage risk is typically encapsulated by the project manager in a risk management plan or risk management approach, or even by simply collating a checklist to manage and control project risk.

As a guide, a risk management plan (or equivalent) includes:

  • Methodology (including tools and techniques)
  • Roles and responsibilities
  • Risk categorisation and severity
  • Budgeting
  • Timing
  • Definitions of risk probability and impact
  • Tracking
  1. Identification of risk is an iterative process – it is not just performed once off at the beginning of a project. New risks may evolve throughout a project, existing risks may need to be revised in terms of probability and impact, other risks happen.

Risks are logged in a risk register for subsequent management control and visibility. A clear expression of each risk is logged with its cause, the likely event and the effect the risk could have on the project.

Whilst the project manager is key to ensuring risks are defined and documented, remember that participants in risk identification should include project team members, customers, subject matter experts, other project managers, stakeholders and risk management experts. Everyone involved in the project should be encouraged to identify potential risks.

  1. Analyse. Risk analysis can be viewed from 2 aspects: qualitative and quantitative. Qualitative analysis is a quick and cost-effective way of establishing risk priority by assessing and combining probability and impact.

Quantitative analysis takes the resulting prioritised risks and looks at numerically analysing the effect on overall project objectives. The risk register is updated with the results from the analyses.

  1. Response. Once a risk has been identified and analysed, a decision must be made concerning which is the most appropriate risk response. Responses to threats include escalate, mitigate, avoid, transfer or accept. Responses to opportunities include escalate, exploit, share, enhance and accept.

A response plan can subsequently be embedded within the project plan and can then be actioned as appropriate. Where appropriate, contingent response strategies may need to be developed; these are often referred to as contingency plans or fallback plans and include identified trigger events that set the plan in effect.

  1. Implement. Risk responses, once agreed upon, need to be executed in order to address overall project risk exposure, minimise project threats and maximise project opportunities.

Often time and energy are expended on identifying and analysing risks, then documenting responses in a risk register, but no action is taken to implement the response. The implement step is important to ensure that risks are being managed proactively.

  1. Project managers need to monitor risks just as they track project progress. Throughout the project a project manager is continually alert to monitoring risk response plans, tracking identified risks, identifying and analysing new risks and the evaluation of the effectiveness of risk management for the project.

A Project Manager’s role is to manage risk within their projects in an integrated, iterative and systematic manner. By doing so they are required to ensure threats have a reduced impact on the project outcome, whilst at the same time improving the likelihood of opportunities for the project.

If your organisation requires assistance in executing complex programmes or transformation, contact us today on 1300 70 13 14.

About The Author

Tracey Copland, Head of Best Practice at PM-Partners group

Tracey has been involved in management, finance and business consulting including Portfolio, Programme & Project management for 20+ years. Together with her skills and experience, Tracey is a flexible professional seeking to achieve a high work standard, focussing on value-add.

Having been with PM-Partners group for 15 years, Tracey has held roles including Consultant/Trainer, Head of Training and currently, Head of Development. Tracey has provided training and consultation services to clients in both the public and private sectors, across various disciplines and at all levels including Project, Programme, Portfolio and Change Management, and Agile practices.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enquire Now


    1300 70 13 14


      Stay Informed

      Subscribe to our newsletter and receive quarterly industry news updates and stay informed of forthcoming PM-Partners group events.