When you left for work this morning, did you pack an umbrella to mitigate the risk of arriving in the office soaked? Or did you consider the need for sunglasses to ward off that nasty glare on your walk to work? There’s always a risk of what the weather might bring, so naturally, you plan and prepare accordingly. As a project manager, handling project risk management in your organisation is the same.

In this article, we’ll discuss the fundamentals of risk management in project management. We'll share tips and techniques for managing project risk in your organisation, providing examples and outlining an actionable plan to give you a head start for managing risks in your projects. 


What is project risk management?

Managing project risk refers to the steps you take to identify, analyse and deal with problems or issues that might arise during the project. The reason why project risk management is important is that risks can throw a project off course. If you had planned a large, outdoor networking event for dozens of notable clients and it rained, you’d have a lot of unhappy – and damp – clients (if they decided to show up at all). It’s good practice to stay on top of the things that might cause problems and have a plan to deal with them before they create problems.

What is project risk management?

There are plenty of benefits for looking out for risks in project management. You’ll have a smoother project and more successful outcomes if you can handle risks effectively – we’ll come to strategies for risk management in project management a little later in the article.

Successful project managers understand how to use project and risk management together to offset potential issues – and they would have likely checked the weather forecast and organised a marquee.

How do you define risk in project management?

The definition of risk in project management is anything that might have an impact on your ability to get the project completed in line with the business case or project charter. Often, you’ll see teams define risks as being negative: situations that might cause problems on projects. There are some examples of typical project risks below.

However, during your risk identification, you should also look to define positive risk. These are situations that, if they happened, would present an opportunity too good to miss. For instance, if you launched a new website, you might get more traffic than you were expecting, which would be an opportunity worth capitalising on. What's next?

Considering positive risk as well as the negative in a thought-out plan can help you achieve more from your projects and could lead to new, untapped opportunities.

If you can do this well, you will feel confident taking on larger and more complex projects at work, because you’ll know that you have a plan to cope with whatever challenges come along.

Top 10 examples of project risk

It’s easier to understand the ideas behind risk management if we look at some situations where risk might occur. While the top 10 project risks will be different for every project, here are some examples that will give you inspiration for your own risk log:

  1. Poor estimates might lead to longer delivery times;
  2. A natural disaster might affect our ability to deliver the project on time;
  3. Poor communication across our virtual team might lead to misunderstandings;
  4. The supplier might not be able to deliver on time;
  5. The price of a core raw material may increase during the project, putting the budget up; and
  6. We may not be able to secure the resources required for delivery.

More specifically, the IT environment can often have specific challenges, so here are some software project risk examples to consider:

  1. The data centre might be the subject of a hacking attack (in which case, these tips on disaster recovery will help with planning you management approach);
  2. The testing phase might take longer than planned – this is a common risk;
  3. There might not be adequate documentation around legacy systems that allows us to integrate effectively with existing software; and
  4. The team may not have adequate skills to code to a high enough quality standard.

These are project management risk examples only, so it’s important that you can run a risk workshop with your team to identify risks that relate specifically to your project. Try to find as many as you can. This will not only help you manage the project more confidently but will also boost your chances of success – and bringing in a project on time, on budget and without any major issues.

RMIT student, Mitchell Hart talks about the benefit of his further education and how that helps him assist colleagues with scenarios they might find themselves in.

A postgraduate education can expose you to case studies across all different industries, by examining a range of common and specific risks in different situations. You’ll also get the opportunity to meet people from a variety of backgrounds. Learning from past experiences – both your own and of others – is a good way to help identify more risks on projects, as you’ll have a greater understanding of the kinds of things to look out for.

Developing a project risk management plan

Risk planning will provide structure to a project, ensuring you mitigate risk at every corner. Looking at risks don't just happen during project initiation or on a reactive basis. You should be reviewing risk throughout the project, and a plan will help with that.

A solid plan usually includes a review of the environment in which the risks will take place. In other words, the business context. This provides direction for all those involved in the project and sets the scene for how short and long-term term risks are managed. For example, the risks inherent in managing software development projects are different from those that you would find on a construction project.

How to develop a project risk management plan

The role of risk management in the project planning process is to ensure that risks are given adequate visibility during the early stages of the project. It also helps to embed a culture for risk mitigation from the very beginning of a project.

As project risk is highest during the initiation and design phases – because you don’t yet know exactly how the work will be done or what’s required – you should carry out a thorough planning process as early as practical during the project, supporting your activities from the very beginning.

Here's an example:

A compliance project was being undertaken by a large organisation, to ensure the business complied with upcoming legislation. The project manager in charge completed a risk log at the beginning of the project, but it was not regularly reviewed. As a result, one potential risk identified at the beginning was not adequately managed and grew into a significant problem for the team. External auditors needed to be brought in to review the impact of the issue and help focus the team on getting ready for the legislative change. 

The team in the above example only paid lip service to the idea of project risk management, and the project suffered as a result. Planning helps you to set a clear process from the beginning. The importance of a plan was not lost on this team following the auditors’ visit.

Portfolio risk management is the area where risk and portfolio management intersect. A portfolio manager took all the risks from projects across the portfolio and aggregated them to see the total impact of risk. The risk exposure on individual projects seemed manageable, but when viewed holistically across the organisation, it was clear that the risk profile the business was carrying was simply too high. Portfolio and risk management skills, from the PMO team and the project teams working together, were able to adjust the project mix to get the risk exposure back to a level that senior managers felt comfortable with.

Ideally, a project risk management plan should follow the standards set out by your organisation, so that all risks across the portfolio are managed in the same way. If you aren’t sure how to write a risk management plan, your first point of call should be your organisation’s Project Management Office. They should be able to provide you with a template. They should also be able to share an example plan, perhaps from another project. You can also take a graduate diploma program in project management online from RMIT, which provides theoretical frameworks to help you develop a project plan and understand how they are applied in real-work contexts.

While the details of a project may be substantially different from another, what should be included in a project risk management plan is going to be similar across the board. You should be able to use a sample plan to construct your own.

How can you manage project risk?

Before you can manage risk, you need to identify it. Brainstorm as many possible scenarios or problems that might hit your project.  Assessing risk is one of the first points of call. From here, we need to understand what risk analysis in project management entails.

Risk analysis is examining each project risk and working through a structured set of criteria to assess the potential impact on a project, should the risk occur. This, combined with how likely it is to happen, gives you a quantifiable assessment of the risk based on your analysis.

The output of your risk analysis will tell you how much effort you should be putting into managing the risk in your project.

Risks with a high likelihood of occurrence and a high possible impact are the ones where you want to spend most of your time.

Now that you have a list of priority risks, you can agree with the team on how to manage them. There are many risk management techniques in project management. The most commonly used are:

  • Avoid: prevent the risk from happening at all e.g. cancelling an outdoor event if the forecast was bad weather;
  • Transfer: pass the impact of the risk (or some of it) to another party e.g. taking out insurance;
  • Mitigate: reduces the impact of a project threat or the chance of it happening by acting e.g. providing each attendee with an umbrella on arrival; and
  • Accept: don’t take any action at all as a way to facilitate project risk management.

The approach to turning risks into a positive is a bit different. Let’s use the case of a new website getting lots of unexpected traffic:

  • Exploit: take action to make sure the situation happens e.g. trying to get some publicity in advance of the site launch to encourage extra traffic;
  • Share: get other people on board to help pursue the opportunity e.g. reaching out to influencers online to get them to share your new website with their followers, to boost traffic;
  • Enhance: do what you can to make a situation even better, should it occur e.g. thinking about what you could do to capitalise on the extra traffic, like offering a free download or making sure your sales pages look smart; and
  • Accept: don’t take any action at all and just accept whatever you get.

However, your ‘rules’ of risk management need to reflect the size and scale of your project. For example, you wouldn’t perform detailed, extensive risk analysis on a small project. Equally, a detailed analysis isn’t enough on large-scale, high budget projects.

The best way to handle risk is to think critically about the situation, carry out a structured project management risk analysis, and then decide on a course of action. A cookie-cutter approach won’t work, which is why it’s important to have an advanced understanding of the discipline and be able to apply the techniques.

Clinton Truong is an online project management student at RMIT

Postgraduate study is one way to deepen your knowledge of project management. RMIT student, Clinton Truong, says that the learnings from the RMIT's diploma of project management modules can often be used immediately in daily life. Whether it’s managing risks or program management, it’s not unusual for him to begin using course knowledge on the job the very next day, as he works full-time alongside his studies.

The benefits of Scrum and agile methodologies for managing project risk

Agile methods like Scrum are widespread for managing projects. Some agile approaches naturally mitigate risk, such as shorter delivery windows or sprints. However, this doesn’t mean that you can ignore more formal approaches.

Agile risk management is very similar to risk management on any other project. The risk workshop, where you identify risks and do an initial assessment, will likely happen during sprint planning. Risks are assessed, prioritised and managed throughout the sprint. A core feature of Scrum is the ability to tweak what the team is doing to serve the project better. This process flags areas where the agile approaches used can be adapted to accommodate project needs.

Scrum and agile methods are known for their close working relationships between team members, and this can really help with flushing out risks and managing them effectively. Project managers who work closely with Scrum Masters ensure risk is considered, analysed and effectively managed across the project.

Working with your team on project risk management

Scrum teams may be far more aware of the impact of risk than teams using other project methodologies. Having said that, it’s not the methodology that is important. Whether you are in an agile environment or a more traditional project delivery setting, successfully managing risk in your organisation relies far more on people than processes. It’s essential to communicate regularly, foster honest relationships and build competencies to ensure project management team success.

Risk management and teamwork go hand in hand, but your project team won’t always have the relevant experience. They will be looking to you to guide them. You can create a smaller group to be your risk management team. This group should be made up of the people responsible for carrying out the risk action plans. On an IT project, your team members might be developers or workstream leaders, for example. Meet regularly to review the risk log, add new risks, update progress on existing risks and close risks that have passed.

Your project risk management checklist

So, how do you manage risk? This checklist will help.

Your quick project risk management checklist

The need to balance risk and reward is inherent in any change project. Understanding the core concepts is one thing but being able to transfer them to the workplace is another.

We’ve only started to touch on the complexities, benefits and processes in project risk management in this article. It’s important to keep your skills up to date and relevant for today’s business climate.

You can boost your knowledge of project management through online study with our graduate certificate in project management online, as well as graduate diploma in project management. Additionally, you will have the opportunity to network with a peer group interested in the same things as you. You can also learn more about our online project management programs by contacting our Student Enrolment team on 1300 171 701.