Project Risk Management

Published: 2009-03-01
Last updated: 2022-03-16


In this sub-section about project risk management, we describe what is a risk and how we prepare a plan or strategy for managing risks.


The following diagram shows an overview of the process that consists of four generic steps. We go through these four steps in every risk management workshop.


Risk Management ProcessRisk Management Process


Let's start with a definition of terms.


What is a Risk?


Our daily life language usually refers to risks as events that could have a negative impact. A closer look into the dictionary Longman, 1998, offers us: A risk is the possibility that something harmful or undesirable may happen. For our purposes, we adopt the definition also used in the insurance business. A risk is the probability that an event might occur which could have a negative impact. Such an event we call risk event.


Risk = probability (event with negative impact may happen).


(Similarly, we can define the term opportunity as the probability that an event might occur which could have a positive impact. Entrepreneurs of the gambling industry count on that as well.)


Risk management focuses on the question: What can we do about those events that might impact our project negatively?


Principle of Risk Management


We can prevent some of these events by taking actions which make the event impossible to happen. For most of them we can take actions that decrease their probability. Finally, for those we cannot prevent we can prepare actions that make it easier for us to deal with their impact.


Principle of Risk ManagementPrinciple of Risk Management


The following form (there is a template in section Free Downloads) reflects this in a more detailed way.


Risk Assessment FormRisk Assessment Form


Prioritizing Risks


Following the process, we start with step 1, identifying risks, i.e. identifying as many risk events as possible, usually in a brainstorming session. The result is a list of such events. In step 2, evaluation of risks or risk analysis, we estimate probability (in %) and impact (in $) of each event. By multiplying these figures we obtain the expected value of risk, or just risk value. Risks with high risk value will be high on our priority list. Another way of showing the different priorities of risks is by arranging them in the probability-impact-diagram. Mathematically spoken, the risk value is the statistically expected value of impact or damage that risk event could cause.


Priority of Risks: Impact vs. ProbabilityPriority of Risks: Impact vs. Probability

It is common practice to include those risks with either very high probability or very high impact into the top priority risks, even if their risk values are low.


Preventive, Mitigating, or Corrective Actions


Step 3 focuses on identifying preventive or corrective actions, again in brainstorming sessions, and by referring to lessons learned from earlier projects. In step 4, evaluation of actions and residual risks, we estimate the cost of each action. For most events, we cannot reduce the probability of its occurrence down to 0 %. After taking preventive action, we usually end up with a residual probability which, of course, is lower than the original one. If we now multiply residual probability with the impact we obtain the residual risk value. By adding the cost of action we get the expected value of action.


By comparing risk value with the expected value of action we can decide if we want to take the action, i.e. integrate it into the WBS or not.


The decision to prepare for corrective actions depends on the company’s or organization’s accounting principles: it is good practice to include them in the project contingency.


As we proceed through the planning phase, and later through the implementation and closure phase, we repeat these risk management workshops periodically since new risk events can come into our view which we should not miss.



35+ templates, tools, and checklists in one set

To save you time in your daily work as a project manager, I packaged more than 35 project management templates, tools, and checklists into one zip file.

  • You un-zip it, and you get all items in formats you can edit to your requirements.
  • They strictly contain only standard functionality and no macros or other code.
  • You are allowed to use your logo.
Templates & Checklists for Implementation and Closure Phase
for only
or click here for more info.



Traditional PM
Learning Path Navigation







Related topics

  • Risk Analysis Explained

    In this sub-section, we present some basic ideas of risk analysis.

  • Planning the Project Budget

    In this sub-section we describe how we are going to plan the project budget.

  • Assigning Resources

    In this sub-section we describe the transition from planning the project schedule to planning the project budget, i.e. assigning resources.

  • Critical Path

    In this sub-section, we describe how we can analyze the critical path of a project.

  • Planning the Project Schedule

    In this sub-section we describe how we are going to plan the project schedule.

  • Effort Estimation

    In this sub-section we describe the transition from planning the project scope to planning the project schedule, i.e. effort estimation.

  • Planning the Project Scope

    In this sub-section we explain how to plan the project scope.

  • Project Planning

    In this section, we describe the project planning process that prepares implementation and closure.


























Return to Planning Phase

Return from Project Risk Management to Home





Your Comments

Have your say about what you just read! Leave me a comment in the box below.
Enjoy this page? Please pay it forward. Here's how...

Would you prefer to share this page with others by linking to it?

  1. Click on the HTML link code below.
  2. Copy and paste it, adding a note of your own, into your blog, a Web page, forums, a blog comment, your Facebook account, or anywhere that someone would find this page valuable.