What is Risk Management: Staying on top of the Risks in your projects

Through our lives both professionally and personal we constantly run into little hiccups that we did not see coming. Maybe you put off paying those toll tickets and years later, you get a letter in the mail for over a thousand dollars! Yikes! Alternatively, lets take a look at the IBM Mega Disaster when in 2007 they estimated they could come up with an application for Queensland’s health department to be complete by 2008 for 6 million dollars. But due to unforeseen problems the project ended up taking several years and costing 1.2 billion dollars. An enormous strike to the Queensland. This headache could have all been avoided had Queensland  asked themselves What is risk management? before jumping into such a large project hole with IBM.

Surprisingly project risk management is largely underused, while its necessity is constantly growing.  Project risk management is the methods that project managers use to measure risk, and how to deal with risks if they occur whether they be positive or negative. It comes in many forms and can go through many methods of use. It is a great tool to foresee risk and to prevent similar risks from happening again in future projects.

Risks in project management much different from the risks you and I take throughout our personal days. In project management, there is a plan, and ideally, everything would go according to plan without any problems, though this is rarely the case, every time something goes outside of the plan, whether it be negatively or positively it is called a risk, and there is a lot of work that goes into preparing for these risks.

What is Risk Management: Communicating about Risks

Many project failures show time and time again, project managers being smacked in the face by an unforeseen event that has the ability to cripple the project or even the business! Although, more often than not, someone saw the big hand coming in for the smack (maybe they’ve seen it before), though failed to alert the project manager.

Meetings, whether you find them useful or not, they are 100% necessary for managing large complex projects. If you find yourself with problems leading your project meetings here is a great Guide for Effective Meetings. However, one of the first meetings a project manager should have as part of the risk management plan is with his or her project team members and possibly stakeholders called the risk assessment meeting.

Inside this meeting, it is usually a good practice for project managers to lay out the project:

  • What are the steps?,
  • Who are the vendors and what are they going to do?,
  • What is the timeframe,
  • What is the budget, etc.

Risk can effect / be caused by these elements of project progression without a moment’s notice, and without trying to foresee the risks ahead of time; it can cause a rather large mess sometimes even destroying the project.

After laying out all of the steps in the project, in the risk assessment meeting, it is a good idea to push all employees to contribute on each and every step of the project. Team members can say what they think would go wrong through brainstorming and then building on ideas from any of their past experiences that the team members usually bring with them from their professional careers.  Through these methods, risks can be identified, and plans can be set into place to help resolve or at least mitigate the damage done by the risk.

Risk Owners and Risk Managers

Now having some (if not all) of the risks plotted out, I ask you one question. Have you ever met one of our worst enemy the ‘’Bystander effect’’? It is a sad effect that humans go through when we all see a problem but don’t act on it when we see it happening because ‘’someone else will do something right?’’ This happens all too often in project management as well, someone sees a problem happening, and nobody acts to resolve the problem thinking that someone else will take care of it, or ‘’that is NOT my job’’.

But is all the shrugging and looking from side to side justified? After all they were not told who would solve what risks… After setting out what the risks are, and what their plans of resolution are, it is necessary that the project manager now plans out who the risk owners are as part of the risk management plan.  Alan Web writes in his book, The project manager’s guide to handling risk ‘’The idea of handling specific risk issues is a useful one; it allows authority to be concentrated in people who can have the greatest impact and it ensures that all risks are covered by individuals with accountability for what occurs.’’ With risk owners in place all plans of action will be carried out on time and swiftly without having to discuss time and time again, ‘’who will do what?’’.

In addition to risk owners, some larger projects could benefit from having a risk manager. Someone appointed by the project manager to ensure the carrying out of current risk resolution plans. In addition the risk manager acts as a filter of all risks coming up from team members selecting what risks should be accepted or rejected, ultimately if the company should even take of such a risk.

>> This is worth a read: Do you have an efficient time management?

Dealing with Project Risks

We’ve talked quite a bit on how to get the risks of the project out of the minds of team members and into the air and onto the risk management plan, assigned said risks to members to take care of them if they occur. But is that all? How will each risk be dealt with? What is each risk? What is risk management?

Analyzing risks

Risk analysis is the process needed that helps project managers and risk managers identify and control problems that could snare a project. In order to execute risk analysis you have to identify the risks that will happen, what the likelihood of these risks triggering is, what is the severity of the risk, and what needs to be done to rectify the problem.

Risk Identification

There is a very large variety of risks that can trigger that could cause a major upset in the project, and identifying those risks is the first step of risk analysis. These risks can come from literally anywhere so it is good practice to have a list of these threats present in a meeting to help the brainstorming juicer for ideas and contingency plans.

Before we can dig into what we would do with what happens, we must first look at what we can do within our limits, there are actually some risks that are not worth preparing for, these should also be included into the risk management plan.

Preventable risks

This is where risk analysis should be focused on the most, preventable risks are risks that can be foreseen, and dealt with through the ability of innovation, outsourcing, etc.

Non-preventable risks

These are risks that cannot be prevented and really should not be planned for. For example one of the vendors who is supposed to handle a part of your project gets his company destroyed because of a hurricane earthquake combo. The vendor is gone and now your project is delayed and behind in costs. There is nothing you can do about it.

Negative Risks

Most of all risks in project management are negative risks. Negative risks are risks that effect either the budget of the project or the timeline of the project in a negative way. These delays can be brought about in so many ways

  • Personnel – Sickness, injury, or death of a key team member, We all have that one guy on the team who if got sick, or was unable to do his or her part on the project would cause huge delays or maybe the failure of the entire project all together. For example lets say one of the leading engineers on a space project has a revolutionary idea of how to make space travel more applicable. Only he really understands the breakthroughs in the science and is trying to show the way for the project. Say halfway through the project he gets in a car accident and passes away. Now the entire project is at a loss and this is considered an unavoidable risk, there really is nothing that could have been done. This risk can be considered an avoidable risk as well with key team members getting sick, so it falls into both categories.
  • Financial – The company the project is associated with can go belly up in a sad turn of profit loss or stock market crash. For the Business this maybe preventable, but for the project this is a non-preventable risk.
  • Legal – There could be new laws set into play putting snares on certain parts of the project already done, or needing to be done. This can be a preventable risk to an extent, most laws are seen coming way in advance, and a failsafe can be set in place.
  • Natural – As spelt out in my earthquake hurricane combo, we are all still at the mercy of mother nature and cannot completely plan against the worst of her wrath. These major risks are non preventable and can strike any section of the project it desires on a whim.
  • New Tech – This could trigger if there is a failure in current used technology, or if the project is for technology, maybe an advancement in technology makes certain key aspects of the projects outcome outdated and undesirable. This risk can be considered preventable, though it, as well requires deep investigation.

Positive Risks

To escape a bit of all of the doom and gloom of the above section, there also exists risks which are considered positive risks. Positive risks are risks that cause the project to save on time or budget. Or that there is some benefit in the end result which produces a better outcome than expected. E.g. Say there is a engineering team building a plane expected to last 30 years, ( the risk being that it won’t last 30 years) and due to carful engineering the plane lasts 100 years. This is a positive risk and can be factored into future projects.

Risk Analysis Methods

Today there exists many Risk analysis methods that would fit very snugly into a risk management plan.  Let’s talk a bit more closely about one of the more popular methods spoken of in many articles and college textbooks. When people ask what is risk management? they will always hear about the SWOT.

SWOT Analysis

SWOT Analysis is a pretty simple yet powerful tool that can help get the best of the benefits of positive risks by measuring the strengths of your business or even your company. This helps see more clearly what positive risks you can try to turn into opportunities. While, at the same time helping to understand better the weaknesses of your company and or project, with this information you will be better capable to catch and divert/take care of negative risks that would otherwise catch you off guard.

SWOT is an acronym for Strengths, Weaknesses, Opportunities, and Threats and with it we can ask these questions: How can we make the most of our strengths, how can we cover our weaknesses, how can we utilize each and every opportunity, and finally how can we prevent against each threat. They are even a great tool to use against your competition by comparing your company against the competitors, this works great when having to advance one project against a competitor, Virtual Advisor Inc. writes in their article, “Analyzing Your Competition

“Every company has a unique set of strengths, and it’s critical that you determine yours, as well as your competitors’. Hold a brainstorming session with your staff and advisors to perform a formal SWOT analysis. This analysis helps you to see how your strengths stack up against your competitors’ weaknesses and suggests ways to take advantage of marketplace opportunities.”

Lets take a moment and break down the SWOT analysis to see better its usefulness in risk management.

Strengths (internal factors)
Help yourself to understand the current strengths of the project’s or company’s capabilities, this can be something that separates the project/company from the rest. Some examples could be:

  • The company or project manager has a strong record of accomplishment.
  • The company has all of the resources available to complete the project.
  • All team members on the project have the skill levels necessary to complete the project.
  • The company has a great reputation in the market.

Weaknesses (internal factors)
Are problems that already exist in the company or that have a record of presenting themselves throughout the history of the company / past projects. Some examples could be:

  • Time scale and deadlines are a problem
  • There are many competing projects
  • Having access to all necessary team members is an issue

Opportunities (external factors)
These are the elements happening outside of the company/project that risk managers must keep an eye on. By taking advantage of these opportunities, projects can see great increases in current and future projects.

  • New innovations in current technology
  • Market demand increases
  • Emerging and developing markets
  • Decrease in vendor prices

Threats (external factors)
These threats are elements that are likely to effect the project in a negative way. Steps for their prevention must be taken to ensure the best possible solution, some examples are:

  • Is there a rise in competitor activities?
  • Are there any political influences that could cause delays?
  • Does the company have cash flow-issues?
  • Can any of the company weaknesses cause a great impact on the project?

>> Take a gander:  Self Improvement at Work – Best Practices for Improving Workplace Productivity

Risk Evaluation

Now you have all your risks identified, congratulations, but now you must be stricken with fear by the five page list of treats to your project. But, don’t worry, now we are going to talk about how to take all of these risks and how to prioritize them. Since not all risks are created equal, some risks are opt to trigger with a higher chance of probability and severity than others.


As show in the diagram above, best practice is to prioritize risks that have a high impact and a high likelihood of happening, and working your way down from there. Analyzing the severity of risks plays a huge part in where to put your focuses in the risk management plan.

The Heart of the Risk Management Plan

The purpose of the risk management plan is to not only figure out what risks are on the horizon and in what order to do them, but what to do with said risks so that Risk managers and risk owners can do these tasks with swiftness if it is needed. Some of the major question that are needed to be answered for each risk should it occur are as follows:

  • What can be done to reduce the risk from triggering?
  • If the risk does trigger, what is the best way to manage each risk?
  • What can we do to ensure opportunities are taken?

Plan and implement Risk responses

Addressing the above questions sometimes is difficult because there are so many risks to take care of, which is why many project managers rely on the Risk mitigation technique. This technique is made up of four simple methods for mitigating the damage of risks and ultimately helping to control costs. These four tactics are Avoid, Mitigate, Transfer, and Accept.


Avoiding a risk is when the project’s plans change to avoid the risk. This is usually a good option when there the risk has a relatively large impact on the project.  For example, the project is to make a oil pipeline through Indian territory, though laws and protests may prevent this from happening, It would probably be best to avoid this risk.


A common risk response, Mitigating a risk is when you take the risk a face value and try steps to reduce the overall damage of the risk should it trigger. For example


When transferring a risk you are taking the risk and just giving it to someone else to take care of. These are usually transferred to a third party or vendor to assume for a price. A good example of risk transfer would be getting insurance on the server of your technology project, if the server catches on fire, the insurance company will take care of this problem.


Accepting the risk means that you do just that, accept that it will happen and take the hit, like that kid who is about to hit your car with his bike. If you can’t avoid it, you just have to let it happen. Not all risks are big and dangerous, and sometimes it is more productive to not use your resources to avoid these risks. For example, a team member needs to take a week off causing a delay in their section, replacing this person with someone from outside the company is impractical, and maybe transferring someone over would cause even worse delays. So in this case it is better to just do nothing.

Preventing Future Risks

One of the most valuable assets from practicing risk management is learning from past mistakes. However, is remembering what went wrong enough? No, part of risk management is being foolproof. After the completion of the project, it’s a great practice to register all risks of the project. Giving special detail to the risks that had triggered, what happened with those risks?, were the outcomes successful?, and were they bad risk resolutions? These are all important questions to have registered not to just have a file of lessons learned. More importantly to have this file on hand for future projects, should similar risks arise, Project managers can rely back to these files and use risk solutions that worked well, and avoid risk solutions that did not work all that well. Getting all of these lessons learned onto paper is a huge opportunity in itself, it saves time spent on worrying about risks, and more importantly it saves money. Preventing future risks in the end is a large part of the answer to question at hand, what is risk management? 

An opportunity that pays for itself and more

How would you like to get up to 25% more productivity from your team members? is a task management program that was built to help control risks from happening. It gives project managers the tools they need to set how long tasks should take, how much the tasks will cost to be completed, and can set up very detailed descriptions of the task requirements and even the risk responses should they be necessary for the task.


Multiple projects can be laid out in great detail allowing for a communication system that project managers can use to keep up to date with everything that is going on at all times. Projects working through virtual teams handing out opportunities left and right.

Meet – the tool that dispenses email for internal communication because it centralizes the tasks of all teams and reduces the number of follow-up meetings and the friction between leaders and teams by producing automatic activity reports. Try it free here.

Leave a Reply

%d bloggers like this: