project risk management assignment pdf

How to Create a Project Risk Management Plan

By Kate Eby | February 27, 2023

• Share on Facebook
• Share on LinkedIn

Link copied

Teams can use a project risk management plan to identify and assess the potential risks to a project. We’ve gathered expert tips on creating an effective risk management plan, as well as step-by-step instructions for creating an example plan.

On this page, you’ll find information on what to include in a project risk management plan and how to create a plan , as well as step-by-step instructions for completing an example project risk management plan .

What Is a Project Risk Management Plan?

Project teams create a project risk management plan , a document that helps identify and assess potential risks to a project. The plan outlines how your team will analyze and mitigate the potential risks to ensure project success.

The project risk management plan is one of the most important documents in project risk management . You can learn more about project risks in general — as well as specific types of project risks — in our comprehensive guides

What Does a Risk Management Plan Cover?

A risk management plan should cover a number of areas detailing potential project risks and how your team will deal with them. It will include a description of the project, along with how your team will identify and assess risk.

At a minimum, your project risk management plan should include the following details:

• Project description, including its purpose
• The team plan for identifying, logging, and assessing potential risks
• How the team will identify broad categories of risk
• How the team will evaluate the severity of each potential risk
• How your team will continue to monitor risks throughout the project
• How team members will be assigned as owners of various risks
• Your organization’s tolerance for certain risks, along with criteria for a risk being too large to accept

“A risk management plan defines how the risks for a project will be handled to ensure that the project can be completed within the set timeframe,” says Veniamin Simonov, Director of Product Management at NAKIVO , a backup and ransomware recovery software vendor. “The plan should cover methodology, risk categorization and prioritization, a response plan, staff roles, and responsibility areas and budgets.”

“The risk management plan will address ‘What are we going to do? How are we going to do it? What are the processes we're going to follow?’” says Alan Zucker, Founding Principal of Project Management Essentials . “It may include things such as what are the major categories you're going to use to define your risks. It might also include some guidelines for assessing risks.”

Components in a Project Risk Management Plan 

A project risk management plan will include certain components and describe how your project team will use certain tools to understand and manage potential risks. Some components include a risk register, a risk breakdown structure, and a risk response plan.

Here are components or tools that a project risk management plan often includes or describes:

• Risk Register: A risk register is the document your project team will use to identify, log, and monitor potential project risks.
• Risk Breakdown Structure: A risk breakdown structure is a chart that allows your team to identify broad risk categories and specific risks that fit within each category. Your team can decide on the broad categories, depending on your project.
• Risk Assessment Matrix: A risk assessment matrix is a chart matrix that allows teams to score the severity of potential risks based on both the likelihood of each risk happening and the impact to the project if a risk happens.
• Risk Response Plan: A risk response plan is a document that details how your team plans to respond to each potential risk to try to either prevent it from happening or lessen the impact if it does happen. You can learn more about project risk mitigation . 
• Roles and Responsibilities: The risk management plan can provide details on the project risk management team, including the lead member for risk management. It also likely details the roles and responsibilities each team member will have in addressing and dealing with specific risks.
• Risk Reporting Formats: The risk management plan describes how the project team will document and report its work on monitoring and dealing with risks. It describes the risk register format that the team will use. It might also describe how risks will be added to or deleted from the register and how the project team will provide periodic summarized risk reports to top project and organization leaders.
• Project Funding and Timing: The plan will likely have a section describing the overall funding and timing for the project. That section also likely details funding for all project risk management work.

To determine what you need to include in your risk management plan, see the following requirements based on project size:

An Organization’s Risk Management Plan Often Doesn’t Change with Projects  

Many risk management experts emphasize that an organization’s project risk management plans might not change much from project to project. That’s because the plan sets out particulars that will be followed for all projects.

“Remember, it's just an approach document that answers the question: How?” says Kris Reynolds, Founder and CEO of Arrowhead Consulting in Tulsa, Oklahoma. “The company or the department as a whole should have a single risk management plan that gets built as you're building your project management methodology. And it’s your Bible. It’s your guidebook. 

“But it isn't going to change across projects,” Reynolds continues. “What changes are the artifacts, including the risk register. But your approach of how you're going to address risk or analyze risk or plan for risk is in the project risk management plan document. As a company or organization, you create that document, and it exists for a year or two years without changing.”

To create a project risk management plan, your team should gather important documents and decide on an approach for assessing and responding to risks. This process involves gathering support documents, listing potential risk management tools, and more. 

Consider some of these basic steps and factors as you begin creating the project risk management plan:

• Gather Supporting Documents: Gather and read through supporting documents related to the overall project, including the project and project management plan. It’s important for your project risk team to have a full view of project goals and objectives.
• Frame the Context: Make sure your team understands both the business value of the project and the impact on the organization if the project fails.
• Decide on Risk Assessment Criteria: Decide how your team will identify and assess important risks. That will require your team to have an understanding of which types of risks your organization can tolerate and which risks could be ruinous to the project.
• Inventory Possible Risk Management Tools: Make a list of risk management tools and documents that your team might use to help identify and manage project risk.
• Known Risks: At the start of a project, team members will be able to identify a number of known risks , such as budget issues, shortages of material, and human and other resource constraints, which are measurable and based on specific events. 
• Unknown Risks: At the start of a project, team members will not be able to identify a range of unknown risks that could impact your project. Those risks are not as easily or objectively measurable as known risks and can crop up at any point during a project. A main goal of project risk management is to help your team discover and address unknown risks before they happen.
• Unknowable Risks: Your team will not be able to anticipate unknowable risks that could affect the project, such as catastrophic weather events, accidents, and major system failures.
• Understand Human Bias: Studies have shown that people overestimate their ability to predict and influence the future. We often think we have more control than we do. Those biases can affect how we assess and manage risks in a project. We tend to give too much credence to what happened with past processes, fall into agreement with others in our group, and be more optimistic than we should be about how long a project will take or how much it will cost.  It’s important to account for all of those biases as your team identifies and assesses project risk.

Steps in Developing a Project Risk Management Plan

After your project team has gathered documents and done other preparation work, you will want to follow nine basic steps in creating a project risk management plan. Those start with identifying and assessing risks.

Here are details on the nine steps of project risk management to keep in mind while drafting your project risk management plan:

• Identify Risks: Your team should gather information and request input from team and organization members to determine potential risks to the project. Some specific risks can threaten many projects. Other risks will vary, based on the type of project and the industry. “If you're talking about a software project, you could have risks associated with the technology, resources, and interdependencies with other systems,” says Zucker. “If you have vendors you're working with, there may be risks associated with the vendors. There may be risks that are software- or hardware-specific. If you're working on a construction project, those risks obviously would be very different. ”You can learn more about project risk analysis and how to identify potential risks to a project .
• Assess Potential Impact of Each Risk: After your team identifies potential risks, it can assess the likelihood of each risk, along with the expected impact on the project if the risk happens. Your team can use a risk matrix to identify both the likelihood and impact of each risk. You can learn more about how to create a risk matrix and assess risks .
• Determine Your Organization's Risk Threshold and Tolerance: Your team will want to understand your organization’s risk threshold , or tolerance for risk. Organization leaders might decide that some risks should be avoided at all costs, while others are acceptable. Take the time to understand those views as you prioritize project risks.
• Prioritize Risks Based on Impact and Risk Tolerance: Once your team assesses the potential impact of a risk and your organization's risk tolerance for risks, it will prioritize risks accordingly. “Prioritize risks based on their disruptive potential for an organization,” says Simonov.
• Create a Risk Response Plan: Your team should then create a response plan for each risk that the team considers a priority. That response plan will include measures that could prevent the risk from happening or lessen the risk’s impact if it does happen.
• Select Project Risk Management Tools: Your team will need to decide on the best risk management tools to use for your project. That will likely include a risk register and a risk assessment matrix. It might include other tools, such as Monte Carlo simulations. Learn more about various tools and documents to use in risk management . 
• Select an Owner for Each Risk: Each identified risk should have an assigned owner. In some cases, a department might be an owner of a risk, but most often, the team will assign individuals to monitor risks. In some cases, the owner will be responsible for dealing with the risk if it happens. Teams can list the owners of each risk on their project risk register. 
• Determine Possible Triggers for Each Risk: As your team conducts a closer assessment of all risks, it should identify risk triggers where possible. Triggers are events that can cause a risk to happen. Your team won’t be able to identify triggers for all risks, but it will for some. For example, if you have a plant without sufficient backup power, a trigger could be warnings of a violent storm that could cause a power outage.
• Determine How Your Team Will Monitor Risks: An important part of your plan includes recording concrete details about how your team will ensure that it can continually monitor risks throughout the life of a project.

Risk Management Plan Examples, Templates, and Components

Examples of project risk management plans can help your team understand what information to include in a plan. The risk management plan can also detail various components that will be part of your team’s risk management.

Project Risk Management Plan Template

Download the Sample Project Risk Management Plan Template for Microsoft Word  

Download this sample project risk management plan, which includes primary components that might be described in a project risk management plan, such as details on risk identification, risk mitigation, and risk tracking and reporting.

Download the Blank Project Risk Management Plan for Microsoft Word

Use this blank template to create your own project risk management plan. The template includes sections to ensure that your team covers all areas of risk management, such as risk identification, risk assessment, and risk mitigation. Customize the template based on your needs.

Project Risk Register Template

Download the Sample Project Risk Register for Excel

This sample project risk register gives your team a better understanding of the information that a risk register should include to help the team understand and deal with risks. This sample includes potential risks that a project manager might track for a construction project.

Download the Blank Project Risk Register Template for Excel  

Use this project risk register template to help your team identify, track, and plan for project risks. The template includes columns for categorizing risks, providing risk descriptions, determining a risk severity score, and more.  

Quantitative Risk Register Template

Download the Sample Quantitative Project Risk Impact Matrix for Excel

This sample quantitative project risk impact matrix template can help your team assess a project risk based on quantitative measures, such as potential monetary cost to the project. The template includes columns where your team can assess and track the probability and potential cost of each project risk. The template calculates a total monetary risk impact based on your estimates of probability and cost.

Risk Breakdown Structure Template

Download the Risk Breakdown Structure Template for Excel

Your team can use this template to create a risk breakdown structure diagram that shows different types of risks that could affect a project. The template helps your team organize risks into broad categories.

Step-By-Step Guide to Creating a Project Risk Management Plan

Below are step-by-step instructions on how to fill out a project risk management plan template. Follow these steps to help you and your team understand the information needed in an effective risk management plan.

This template is based on a project risk management plan template created by Arrowhead Consulting of Tulsa, Oklahoma, and was shared with us by Kris Reynolds.

• Cover Section: Provide information for the cover section , also known as the summary section . This will include the name of the project, the project overview, the project goals, the expected length of the project, and the project manager.
• Risk Management Approach: Write a short summary of your organization's overall approach to project risk management for all projects, not only the project at hand. The summary might describe overall goals, along with your organization’s view of the benefits of good project risk management.
• Plan Purpose: Write a short summary explaining how the plan will help your team perform proper risk management for the project.
• Risk Identification: Provide details on how your team plans to identify and define risks to the project. Those details should include who is assigned to specific responsibilities for risk identification and tracking, as well as what information and categories will be included in your team’s project risk register.
• Risk Assessment: Provide details on how your team will assess the probability and potential impact of each risk it has identified. Your team should also include details on any risk matrices it plans to use and how the team will prioritize risks based on those matrices.
• Risk Response: Provide details on the ways your team can choose to respond to various risks. In the case of high-priority risks, that will include prevention or mitigation plans for each risk. In the case of low-priority risks, or risks that might be prohibitively expensive to mitigate, it might include accepting the risk with limited mitigation measures.
• Risk Mitigation: Provide more details on how your team plans to lessen the likelihood  or impact of each risk. Your team should also provide details on how it will monitor the effectiveness of prevention and mitigation strategies, and change them if needed.
• Risk Tracking and Reporting: Provide details on how your team plans to track and report on risks and risk mitigation activities. These details will likely include information on the project risk register your team plans to use and information on how your team plans to periodically report risk and risk responses to organizational leadership.

Do Complex Projects Require More Complex Project Risk Management Plans? 

Experts say that complex projects shouldn’t require more complex project risk management plans. A project might have more complex tools, such as a more detailed risk register, but the risk management plan should cover the same basics for all projects.

“The problem is, most people get these management plans confused. They then start lumping in the artifacts [such as risk registers] — which can be more complex and have more detail — to the risk management plan itself,” says Reynolds. “You want it to be easily understood and easily followed.

“I don't think the complexity of the project changes the risk management plan,” Reynolds says. “You may have to circulate the plan to more people. You may have to meet more frequently. You may have to use quantitative risk analysis. That would be more complex with more complex projects. But the management plan itself —  no.”

Effectively Manage Project Risks with Real-Time Work Management in Smartsheet

From simple task management and project planning to complex resource and portfolio management, Smartsheet helps you improve collaboration and increase work velocity -- empowering you to get more done. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.

Discover a better way to streamline workflows and eliminate silos for good.

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

ASSIGNMENT ON PROJECT RISK AND PROCUREMENT PREPARED BY

Related Papers

Energy Policy

Edwin Hon Wan Chan

Sdiwc Conferences

Various risk factors influence construction projects cost and schedule performance from project conception to completion. In the context of project management contract assessment helps allocate integrated risks. The aim of this thesis is to investigate standard conditions of contract, namely FIDIC, Turnkey EPC (Engineer, Procure, Construct) conditions of contracts as a standard contract format. Implications of the contract clauses for the risk management strategy to be adopted by contractors are analyzed through pre defined risk assessment plan RMP. Relevant conditions will be scrutinized in terms of induced risk events. The basis for defining major risk categories and events are described through RBS (Risk Breakdown Structure) schemes, as well as, proposed actions and mitigation plans. Finally, EPCCM; modeling system is created to assist contract administrators, to diminish time, effort, wading back and forth between construction cases and developed projects. The result is a more efficient and proactive contract management environment by providing database for lessons learned in addition to tracking ongoing projects contractual risks, and consequently for issuing relevant decisions and activity plans.

Liza Wikarsa

Risk management is like a form of insurance that is concerned with future events/risks in an IS project, particularly in software development projects, whose exact outcome is unknown, and with how to deal with these uncertainties in advance. Unfortunately, not many IT (Information Technology) developers properly define potential risk events and estimate the probability of the risk event occurring, the possible outcome if it does occur, when it might occur. Risk events can, in fact, affect time, cost, scope, and quality of the project outcomes. Therefore, there is highly important to have risk management mechanism put in place so that the project team can minimize potential risks while maximizing potential opportunities. It is also essential to fully understand the risk management process that consists of risk identification, risk analysis, risk response development, and risk control. In addition, the project team is highly recommended to identify sources of risks for IT projects and principles behind project risk management.

Journal of Green Building

Edwin H W Chan , Pengpeng Xu

SDIWC Organization

Ronald Kibuuka Ssempebwa

Risk is defined as an event that has a probability of occurring, and could have either a positive or negative impact to a project should that risk occur.(Van Scoy, 1992) Risk management is a broad factor affecting quite a number of business sectors however it’s also a factor which must be addressed by every human being on earth regarding their way of living otherwise if ignored human life is left in harm’s way and susceptible to death, diseases and poverty. However to a project, risk management is an ongoing process that continues through the life of a project. It includes processes for risk management planning, identification, analysis, monitoring and control. Many of these processes are updated throughout the project lifecycle as new risks can be identified at any time. It’s the objective of risk management to decrease the probability and impact of events adverse to the project. On the other hand, any event that could have a positive impact should be exploited. (Laurie Williams 2004). The purpose of this Essay is to address the challenge of dealing with risks and opportunities professionally which is becoming one of the key success factors in business today. Most companies have realized the requirements turbulent markets present and have started to adapt to this turbulence. But risks and opportunities are greater in turbulent markets, so they call for active strategic risk management.

OCLC Systems & Services

H Frank Cervone

Journal of Nuclear Materials

Gerald Kulcinski

RELATED PAPERS

Marcella Aprile

Maria José B. Finatto

Jorgelina Meoli

Akio Kishida

Clinical Ophthalmology

Natalia Andino

Zohreh Meshkati

Frank Fariello

Mediterranean Journal of Social Sciences

Svetlana Trbojevik

Marko Stojanovic

Journal of Herbal Medicine

Frontiers in neurorobotics

Raja Chatila

Brazilian Journal of Development

Vanderlei Sergio tavares

Umar Muhammad Noor

Le Centre pour la Communication Scientifique Directe - HAL - Diderot

Odile Plattard

Acta Botanica Mexicana

laura yañez

Journal of Water and Soil Science

Babak Bahreininejad

Christopher West

The American Journal of Cardiology

ABHISHEK SHARMA

Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing

Pedro Garcia

Edetania: estudios y propuestas socio-educativas

José Antonio Caride

Global Journal of Human-Social Science

Shahariar Khan Nobel

Có Thai 3 Tháng Đầu Ăn Bánh Mì Được Không

baubi sausinh

edi prastiyo

See More Documents Like This

RELATED TOPICS

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

• Contact sales

Start free trial

The Risk Management Process in Project Management

When you start the planning process for a project, one of the first things you need to think about is: what can go wrong? It sounds negative, but pragmatic project managers know this type of thinking is preventative. Issues will inevitably come up, and you need a mitigation strategy in place to know how to manage risks when project planning .

But how do you work towards resolving the unknown? It sounds like a philosophical paradox, but don’t worry—there are practical steps you can take. In this article, we’ll discuss strategies that let you get a glimpse at potential risks, so you can identify and track risks on your project.

What Is Risk Management on Projects?

Project risk management is the process of identifying, analyzing and responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal. Risk management isn’t reactive only; it should be part of the planning process to figure out the risk that might happen in the project and how to control that risk if it in fact occurs.

A risk is anything that could potentially impact your project’s timeline, performance or budget. Risks are potentialities, and in a project management context, if they become realities, they then become classified as “issues” that must be addressed with a risk response plan . So risk management, then, is the process of identifying, categorizing, prioritizing and planning for risks before they become issues.

Risk management can mean different things on different types of projects. On large-scale projects, risk management strategies might include extensive detailed planning for each risk to ensure mitigation strategies are in place if project issues arise. For smaller projects, risk management might mean a simple, prioritized list of high, medium and low-priority risks.

Project management software can help you keep track of risk. ProjectManager is online software that helps you identify risks, track them and calculate their impact. With our Risk view, you can make a risk list with your team and stay on top of all the risks within your project. Write a description, add tags, identify a resolution, mark impact and likelihood, even see a risk matrix—all in one place. Get started today with a free trial.

How to Manage Project Risk

To begin managing risk, it’s crucial to start with a clear and precise definition of what your project has been tasked to deliver. In other words, write a very detailed project charter , with your project vision, objectives, scope and deliverables. This way risks can be identified at every stage of the project. Then you’ll want to engage your team early in identifying any and all risks.

Don’t be afraid to get more than just your team involved to identify and prioritize risks, too. Many project managers simply email their project team and ask to send them things they think might go wrong on the project. But to better plot project risk, you should get the entire project team, your client’s representatives, and vendors into a room together and do a risk identification session.

With every risk you define, you’ll want to log it somewhere—using a risk tracking template helps you prioritize the level of risk. Then, create a risk management plan to capture the negative and positive impacts of the project and what actions you will take to deal with them. You’ll want to set up regular meetings to monitor risk while your project is ongoing. Transparency is critical.

Get your free

Risk Management Plan Template

Use this free Risk Management Plan Template for Word to manage your projects better.

What Is Positive Risk In Project Management?

Not all risk is created equally. Risk can be either positive or negative, though most people assume risks are inherently the latter. Where negative risk implies something unwanted that has the potential to irreparably damage a project, positive risks are opportunities that can affect the project in beneficial ways.

Negative risks are part of your risk management plan, just as positive risks should be, but the difference is in approach. You manage and account for known negative risks to neuter their impact, but positive risks can also be managed to take full advantage of them.

There are many examples of positive risks in projects: you could complete the project early; you could acquire more customers than you accounted for; you could imagine how a delay in shipping might open up a potential window for better marketing opportunities, etc. It’s important to note, though, that these definitions are not etched in stone. Positive risk can quickly turn to negative risk and vice versa, so you must be sure to plan for all eventualities with your team.

Managing Risk Throughout the Organization

Can your organization also improve by adopting risk management into its daily routine? Yes! Building a risk management protocol into your organization’s culture by creating a consistent set of risk management tools and templates, with training, can reduce overhead over time. That way, each time you start a new project, it won’t be like having to reinvent the wheel.

Things such as your organization’s records and history are an archive of knowledge that can help you learn from that experience when approaching risk in a new project. Also, by adopting the attitudes and values of your organization to become more aware of risk, your organization can develop a risk culture . With improved governance comes better planning, strategy, policy and decisions.

In the video below, Jennifer Bridges, professional project manager (PMP) explains what project risk management is and what are the key steps in this important process.

To manage project risks throughout your organization, it’s important to create a risk management plan. A risk management plan is a document that guides the risk management efforts of a team. It describes the potential risks of a project, the risk mitigation strategies to respond to them, the resources that will be needed and the reporting guidelines that will be followed. We have created a free risk management plan template for Word you can use for all your projects.

6 Steps in the Risk Management Process

So, how do you handle something as seemingly elusive as project risk management? You make a risk management plan. It’s all about the process. Turn disadvantages into an advantage by following these six steps.

Identify the Risk

You can’t resolve a risk if you don’t know what it is. There are many ways to identify risk. As you do go through this step, you’ll want to collect the data in a risk register .

One way is brainstorming with your team, colleagues or stakeholders. Find the individuals with relevant experience and set up interviews so you can gather the information you’ll need to both identify and resolve the risks. Think of the many things that can go wrong. Note them. Do the same with historical data on past projects. Now your list of potential risks has grown.

Make sure the risks are rooted in the cause of a problem. Basically, drill down to the root cause to see if the risk is one that will have the kind of impact on your project that needs identifying. When trying to minimize risk, it’s good to trust your intuition. This can point you to unlikely scenarios that you just assume couldn’t happen. Use a risk breakdown structure process to weed out risks from non-risks.

Analyze the Risk

Analyzing risk is hard. There is never enough information you can gather. Of course, a lot of that data is complex, but most industries have best practices, which can help you with your risk analysis . You might be surprised to discover that your company already has a framework for this process.

When you assess project risk you can ultimately and proactively address many impacts, such as avoiding potential litigation, addressing regulatory issues, complying with new legislation, reducing your exposure and minimizing impact.

So, how do you analyze risk in your project? Through qualitative and quantitative risk analysis, you can determine how the risk is going to impact your schedule and budget.

Project management software helps you analyze risk by monitoring your project. ProjectManager takes that one step further with real-time dashboards that display live data. Unlike other software tools, you don’t have to set up our dashboard. It’s ready to give you a high-level view of your project from the get-go. We calculate the live date and then display it for you in easy-to-read graphs and charts. Catch issues faster as you monitor time, costs and more.

Prioritize Risks & Issues

Not all risks are created equally. You need to evaluate the risk to know what resources you’re going to assemble towards resolving it when and if it occurs.

Having a large list of risks can be daunting. But you can manage this by simply categorizing risks as high, medium or low. Now there’s a horizon line and you can see the risk in context. With this perspective, you can begin to plan for how and when you’ll address these risks. Then, if risks become issues, it’s advisable to keep an issue log so you can keep track of each of them and implement corrective actions.

Some risks are going to require immediate attention. These are the risks that can derail your project. Failure isn’t an option. Other risks are important, but perhaps do not threaten the success of your project. You can act accordingly. Then there are those risks that have little to no impact on the overall project’s schedule and budget . Some of these low-priority risks might be important, but not enough to waste time on.

Assign an Owner to the Risk

All your hard work identifying and evaluating risk is for naught if you don’t assign someone to oversee the risk. In fact, this is something that you should do when listing the risks. Who is the person who is responsible for that risk, identifying it when and if it should occur and then leading the work toward resolving it?

That determination is up to you. There might be a team member who is more skilled or experienced in the risk. Then that person should lead the charge to resolve it. Or it might just be an arbitrary choice. Of course, it’s better to assign the task to the right person, but equally important in making sure that every risk has a person responsible for it.

Think about it. If you don’t give each risk a person tasked with watching out for it, and then dealing with resolving it when and if it should arise, you’re opening yourself up to more risk. It’s one thing to identify risk, but if you don’t manage it then you’re not protecting the project.

Respond to the Risk

Now the rubber hits the road. You’ve found a risk. All that planning you’ve done is going to be put to use. First, you need to know if this is a positive or negative risk. Is it something you could exploit for the betterment of the project? If not you need to deploy a risk mitigation strategy .

A risk mitigation strategy is simply a contingency plan to minimize the impact of a project risk. You then act on the risk by how you prioritize it. You have communications with the risk owner and, together, decide on which of the plans you created to implement to resolve the risk.

Monitor the Risk

You can’t just set forces against risk without tracking the progress of that initiative. That’s where the monitoring comes in. Whoever owns the risk will be responsible for tracking its progress towards resolution. However, you’ll need to stay updated to have an accurate picture of the project’s overall progress to identify and monitor new risks.

You’ll want to set up a series of project meetings to manage the risks. Make sure you’ve already decided on the means of communication to do this. It’s best to have various channels dedicated to communication.

Whatever you choose to do, remember to always be transparent. It’s best if everyone in the project knows what is going on, so they know what to be on the lookout for and help manage the process.

Risk Management Templates

We’ve created dozens of free project management templates for Excel and Word to help you manage projects. Here are some of our risk management templates to help you as you go through the process of identifying, analyzing, prioritizing and responding to risks.

Risk Register Template

A risk register is a risk management document that allows project managers to identify and keep track of potential project risks. Using a risk register to list down project risks is one of the first steps in the risk management process and one of the most important because it sets the stage for future risk management activities.

Risk Matrix Template

A risk matrix is a project management tool that allows project managers to analyze the likelihood and potential impact of project risks. This helps them prioritize project risks and build a risk mitigation plan to respond to those risks if they were to occur.

Managing Risk With ProjectManager

Using a risk-tracking template is a start, but to gain even more control over your project risks you’ll want to use project management software. ProjectManager has a number of tools including risk management that let you address risks at every phase of a project.

Make an Online Risk Register

Identify and track all the risks for your project in one place. Unlike other project management software, you can manage risks alongside your project rather than in a separate tool. Set due dates, mark priority, identify resolutions and more.

Gantt Charts for Risk Management Plans

Use our award-winning Gantt charts to create detailed risk management plans to prevent risks from becoming issues. Schedule, assign and monitor project tasks with full visibility. Gantt charts allow team members add comments and files to their assigned tasks, so all the communication happens on the project level—in real time.

Risk management is complicated. A risk register or template is a good start, but you’re going to want robust project management software to facilitate the process of risk management. ProjectManager is an online tool that fosters the collaborative environment you need to get risks resolved, as well as provides real-time information, so you’re always acting on accurate data. Try it yourself and see, take this free 30-day trial.

Deliver your projects on time and under budget

Start planning your projects.

Introduction to Risk Assessment in Project Management

Project Management Institute’s (PMI) inclusion of risk management skills in multiple PMI certifications indicates the importance of risk across industries and in all projects. The risk management process includes risk identification and risk assessment. During an assessment, the project manager uses standard risk tools and quality data to help the team better avert later problems, manage the project cost, and keep project work on schedule. Risk assessment is the process by which the identified risks are systematically analyzed to determine their probability of occurrence and the potential impact of that occurrence.

On this page:

What is a risk assessment?

What are risk assessment pmp and risk reassessment pmp, when is a risk assessment needed, why is a risk assessment important, example use of risk assessment: hurricane impacting town, what inputs are needed for a risk assessment, what is a risk data quality assessment pmp, what outputs does a risk assessment generate, how to create a risk assessment, risk assessment matrix, risk assessment best practices, risk assessment pmp and risk reassessment pmp.

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.

Project teams use risk assessment, a qualitative measure using risk data and the parameters of probability and impact, to identify, categorize, prioritize, and manage risks before they happen.

A “risk reassessment” is the work done to update the original risk assessment due to changes in the project or overall risk management efforts.

For the original and subsequent assessments, the quality of data used to determine the impact directly correlates to the accuracy of the risk assessment and resulting decisions.

Project Management Professional (PMP)® credential holders have shown their knowledge of a risk assessment and their understanding of the high cost of a failure to do a risk assessment. For the PMP certification exam, students need to know the importance of a risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk.

Within the PMP exam context, “risk assessment PMP” and “risk reassessment PMP” are informal terms referring to taking identified risks and assessing them using qualitative data, such as the probability of occurrence, to determine the potential impact. From that, project managers determine the risk score, which is an input to subsequent risk response activities.

Risk identification should happen early in the project , closely followed by the risk assessment. Project teams should conduct risk reassessment throughout the life of a project. Updating the risk register is a good reminder to update the corresponding risk assessment. The project’s scope and risk management plan will inform how frequently the reassessment should be conducted (projects of bigger scope should have more reassessments; similarly, smaller scope requires fewer reassessments).

Performing a risk assessment is critical to ensuring the success of a project because it puts the project team in a state of preparedness. When done with verified tools and quality inputs, risk assessment may take time but can prevent problems from negative risks and enable opportunities from positive risks. As shared in the PMI conference paper Risk Assessments—developing the right assessment for your organization , “The best project organizations are those who realize that a risk assessment template is a valuable asset in managing the organization’s bottom line.” Risk assessment connects to managing cost, timelines, and quality.

For an example of how a risk assessment can be used, we use the example of a small municipality located on the east coast of North Carolina. The coastal town has been impacted by natural disasters in the form of hurricanes several times in the past fifty years. A hurricane is a storm that starts in the ocean and moves inland, causing all levels of flooding, electrical storms, and damaging winds. The National Weather Service provides annual forecasts of which geographic regions are predicted to have hurricanes, as well as the number of occurrences and strength of hurricanes.

The town manager (“project manager”) and the town administration (“project team”) know a hurricane will happen but not when or how strong it may be. In the risk category of weather events, the project manager and project team identify the risk type of hurricane storm. Then the project team identifies specific potential risks, such as flooding that may cause building damage. The team assesses each risk in terms of probability (or how likely it is to occur), the impact if it occurs, and the probability-impact score (weighing the significance of the risk on the project). The information is captured in a risk assessment matrix as part of the project management and risk management documentation.

For example, they do a risk assessment after the project manager and team identify the risk of water damage to downtown buildings due to hurricane-induced flooding. The team uses standard tools to determine the probability of that specific risk (flooding) and the impact if it occurs (water damage to buildings). The project team uses verified data, like National Weather Service hurricane projections, for probability estimates. For the potential impact, the project team uses cost and quality data like town records to determine what could happen to town property. The data and risk scoring are organized in the project risk assessment matrix and communicated to stakeholders.

Continuing our example of the identified risk of water damage to ground floors, if the assessment indicates the risk is highly likely to occur with a high impact of damage, it will have a higher risk score. That can mean more time invested in risk response planning (such as securing funding to buy and store sandbag materials during flooding to reduce the impact of water damage on buildings). The risk response plan would likely include purchasing sandbag materials before a hurricane, storing them in an accessible space, and training the town staff to set up the sandbags to protect critical buildings when a hurricane is imminent. The cost of buying and storing sandbag materials to protect the buildings is much lower than the cost of fully repairing water-damaged buildings.

In this risk example, the project team:

• determined the appropriate risk categories (natural disasters)
• determined the types within the category (hurricane storms)
• identified a risk event (hurricane bringing flooding to downtown buildings),
• assessed the impact of that risk (flooding damages ground floors),
• assessed the probability of the impact (flooding may be higher or lower but always occurs with hurricanes),
• documented the risk information, including risk scores in the risk assessment matrix,
• communicated the risk assessment results to the team and stakeholders, and then
• used the risk assessment matrix as an input for risk response planning (making sandbag materials available when needed and training people to set them up).

With this example, you should see the risk assessment allows the project team to identify, categorize, prioritize, and mitigate/avoid/exploit risks prior to their occurrence. A risk assessment is a proactive approach in which the risk is identified and assessed to manage cost, reduce negative impact, and protect the project (in this example, town buildings).

A risk assessment should be customized to fit the project context. Standard risk assessment inputs include:

• Project management plan
• Risk management plan
• Risk assessment methodology
• Risk parameter definitions
• Risk tolerance levels
• Risk probability and impact matrix template
• Risk assessment scale (what criteria are used to determine if the risk score is high, mid, or low)
• Risk assessment matrix template

Project managers and project management students use what is informally referred to as the “assessment of other risk parameters PMP” to tailor their risk assessment to a specific project. While probability and impact values are used in all risk assessments, additional parameters, like cost or schedule, can be standalone matrices.

Risk assessment is a qualitative assessment. Therefore, risk data quality (sometimes referred to as “risk data quality assessment PMP”) always impacts the risk assessment quality. A risk data audit helps ensure the quality of data used in the risk assessment. Project managers may use experts or previous project documentation as part of the risk data quality assessment to ensure the accuracy of the overall risk assessment.

The risk assessment outputs are part of the overall project and risk management documentation. A risk assessment can generate the following:

• Project Management Plan updates
• Project document updates
• Risk Management Plan updates
• Risk Register updates
• Risk Response Plan updates

Risk assessment should occur throughout the project. With each iteration, known as a risk reassessment, the risk documentation should be updated accordingly.

For the PMP exam, students need to know the importance of a risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk. Project Managers and PMP credential holders should know the seven steps to risk assessment.

1.      Identify applicable risk types and organize them

You cannot assess risk if you have not identified it. Begin your risk assessment with risk identification. With your project team, identify potential scenarios that could harm your project. Risks can be of any size and with internal or external triggers. Your team may identify risks that include computer viruses, manufacturing defects, natural disasters, or shipping delays. Each risk is identified and documented in the risk register. The risk may be organized by different factors (internal or external triggers, for example) or by categories (environmental, regulatory, technology, or staffing, for example).

2.      Determine how these risks will be qualified and quantified

With risks identified and organized, the project manager should conduct a risk assessment. Each risk must be qualified and quantified. The project manager will use a probability and impact matrix to document the probability of each risk and the impact if it does happen. Remember, the quality of the data used in the assessment impacts its accuracy.

3.      Determine your organization’s risk tolerance

Every organization has a risk tolerance level, with variances due to the type of risk, the specific stakeholders of a project, and the scope of the project. Additionally, there are industries with negligible risk tolerance (such as health care) and others with an acceptance of some level of risk (like software development). While every organization has a risk tolerance level, so the project manager should get stakeholder input to determine risk tolerance for each project.

4.      Determine the final output format of the risk assessment

Within the risk management activities, determine during the risk planning process how the risk assessment output should be documented and communicated. Spreadsheet programs are often used for the ease of organizing large data sets. However, a company may have risk assessment output requirements, such as storing it on a secure server or capturing it in a shareable file, determining the output format. How the risk assessment output is documented is important because it determines how the information is made available to the project team and stakeholders.

5.      Create a plan to maximize the risk assessments applicability to every project

Within a risk assessment and the resulting risk response plan, project managers have a wealth of knowledge that can protect the active project and future projects.

Project managers should have a plan to document the risk assessment, the result of risk responses applied to risks that occur, and the risk assessment matrices with the appropriate risk parameters. Maintaining a consistent and detailed project documentation archive helps ensure a project’s lessons learned are available to other project managers with similar projects, which can reduce the impact of negative risks. The plan should include documentation format requirements, how assessment documentation will be accessed, and how the assessment (and reassessments) will be communicated to the project team and stakeholders.

6.      Create a final risk assessment that is flexible and scalable

Knowing the project manager and team will be doing reassessments throughout the project as part of risk reassessment, the process must be flexible and scalable. You may have to add risks throughout the project or incorporate other criteria to ensure the accuracy of the probability and impact scores. Additionally, the risk assessment should work for projects of different scopes. The risk assessment should be flexible enough to remain aligned with project changes and scalable enough to be used in multiple projects.

7.      Determine the process to update the risk assessment

PMP credential holders know the importance of risk assessment and reassessment in managing the project cost. Without a process to update risk assessments, the project is vulnerable when risks occur. Changes are inevitable, and a risk assessment that is not current is not effective. Project managers should have a consistent risk assessment update process within their overall risk management activities.

Risk management documentation, such as the risk assessment matrix, is part of the overall project management documentation. The risk matrix documents at least four core areas for each identified risk: (1) risk name, (2) probability, (3) impact, and (4) risk level/ranking. The risk assessment also includes the calculated overall Project Risk score (the project’s probability-impact, or PI, score). The risk assessment matrix is an output of the Risk Assessment process and an input to the Risk Response process.

In a risk assessment matrix, each identified risk is listed along with its corresponding information.:

RISK CATEGORY

• Risk category : from a standardized list of risk categories (e.g., technology, natural disaster, regulations, transportation, etc.), the ones that most closely align with the project are used; not all projects have risks in all categories; therefore, each project will have a different combination of risk categories in its matrix

PROBABILITY

• Probability criteria : used to assign the probability values for a risk category; criteria should come from a standardized list but customized for each project
• Probability (“P”) score : a value given to each risk driven by the probability criteria; the matrix’s score scale will state the parameters for the minimum and maximum value of a P score; the project manager and project team use data and criteria to assign the P score to each risk
• Impact criteria : used to assign the impact values for a risk category; criteria should come from a standardized list but customized for each project
• Impact (“I”) score : a value given to each risk driven by the impact criteria; the matrix’s score scale will state the parameters for the minimum and maximum value of an I score; the project manager and project team use data and criteria to assign the I score to each risk

PROBABILITY AND IMPACT VALUES

• Probability-to-Impact (“PI”) score : the Probability score multiplied by the Impact score results in the PI score; the PI score is the overall risk assessment score; the PI score is used to rank all project risks by lowest probability and impact to highest, so resources are assigned accordingly
• Total Project Risk : all PI scores are added, and then that sum is divided by the quantity (total number of risks) of risks to determine the average; the project’s PI average value of PI scores is the Total Project Risk value.

Probability and impact are integral data points for risk assessment. Project risk tailoring occurs within the specifics of the risk categories, probability criteria, and impact criteria.

Risk Assessment Matrix Example

Project Manager Kestel’s PMI conference paper “ Risk assessments—developing the risk assessment for your organization ” includes an example risk assessment matrix:

From the completed risk assessment matrix, the project manager communicates the total Project Risk score to the team and stakeholders. Communication is part of risk assessment and helps ensure commonly understood terms are used for standardized risk assessment processes.

The risk matrix template ensures key data is consistently defined and included in the project documentation. For a risk matrix , project managers work with the project team and stakeholders to determine the specific risk criteria and refine the criteria for probability and impact. The format of the risk matrix should be determined early in the project and use company standards for project tools when available. The risk matrix should be stored with other project documentation, along with all risk reassessments for a project.

Project managers should complete the risk assessment as part of their risk management activities for all projects. Best practices for risk assessment include:

• Risk assessments should use quality data.
• Risk assessments incorporate expertise and knowledge from the project team and stakeholders.
• Risk data should undergo an audit to determine quality.
• Risk reassessment is conducted frequently throughout the life of a project.
• Risk assessments should use tailored and scalable tools.
• Risk assessment results, including the overall project risk score, are communicated to the team and stakeholders.

Project Managers should:

• lead the risk assessment efforts using standard tools
• customize the risk assessment matrix to the specific needs of the project,
• document the probability and impact of each risk,
• use standard data and terms for risk audit efforts, and
• communicate risk assessment progress and results to the project team and stakeholders.

Project managers should customize the risk assessment criteria to the project type. For example, you would not assess the risk of a particular weather event occurring using the criteria for the probability of manufacturing defects.

Additionally, project managers should use organizational templates and project management office (PMO) standards when available in their company. Customization of a project’s risk assessment should be balanced against the need for standards to contribute to knowledge sharing. No single tool will ensure quality assessment for all projects, but there are standards shared by all projects.

To prepare for the PMP exam, students need to know the importance of risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk. Students should understand that a risk assessment is a tool to help manage the project’s cost by closely monitoring highly probable and high (negative or positive) impact risks.

American billionaire fund manager and philanthropist Bruce Kovner is credited with saying, “Risk management is the most important thing to be well understood.” A project manager with the PMP credential has demonstrated knowledge of risk assessment and the role it serves within risk management. Remember these components of creating a risk assessment:

• identify applicable risk types and organize them
• determine how risks will be qualified and quantified
• determine your organization’s risk tolerance
• determine the final output format of the risk assessment
• create a plan to maximize the risk assessment’s applicability to every project
• create a final risk assessment that is flexible and scalable
• determine a process to update the risk assessment

Project Managers managing risk using a scalable risk assessment template and standard processes consistently have successful projects. In addition to earning PMI’s Project Management Professional (PMP) certification, you may continue your certification journey by pursuing the PMI Risk Management Professional (PMP-RMP)® certification to advance your risk project management skills further.

• Megan Bell #molongui-disabled-link What is a Project Schedule Network Diagram?
• Megan Bell #molongui-disabled-link Scheduling Methodology: Build & Control Your Project Schedule
• Megan Bell #molongui-disabled-link Schedule Baseline: How to Create, Use, and Optimize
• Megan Bell #molongui-disabled-link How to Use Agile in Project Management as a PMP® Credential Holder

Popular Courses

PMP Exam Preparation

PMI-ACP Exam Preparation

Lean Six Sigma Green Belt Training

CBAP Exam Preparation

Corporate Training

Project Management Training

Agile Training

Read Our Blog

Press Release

Connect With Us

PMI, PMBOK, PMP, CAPM, PMI-ACP, PMI-RMP, PMI-SP, PMI-PBA, The PMI TALENT TRIANGLE and the PMI Talent Triangle logo, and the PMI Authorized Training Partner logo are registered marks of the Project Management Institute, Inc. | PMI ATP Provider ID #3348 | ITIL ® is a registered trademark of AXELOS Limited. The Swirl logo™ is a trademark of AXELOS Limited | IIBA ® , BABOK ® Guide and Business Analysis Body of Knowledge ® are registered trademarks owned by International Institute of Business Analysis. CBAP ® , CCBA ® , IIBA ® -AAC, IIBA ® -CBDA, and ECBA™ are registered certification marks owned by International Institute of Business Analysis. | BRMP ® is a registered trademark of Business Relationship Management Institute.