Discover project risk management


Project Risk Management

Project Risk Management

When someone is learning project management, the initial focus is usually put on successfully delivering the product or services included in the scope.  The mind of new project managers usually goes there first:

how can I successfully manage this project?

The project manager will usually focus on the execution first, and then with experience will try to put more emphasis on planning.  After all, putting the appropriate level of planning into a project can save a lot of time, and increase your success rate as a project manager.  A project manager will also discover the importance of communication, procurement and team management.  He will likely also develop his leadership skills.

And at some point, he will also discover the art of project risk management.

I am often asked to provide some advice and coaching on project risk management.  This is the first of 2 posts summarizing some key thoughts on risk management I like to share with those who are learning about this topic.  It is a bit long so I decided to split it in 2.

What is risk management?

Uncertainty risk management

If we could just plan perfectly, and then execute this perfect plan and have everything happen as intended, we would probably not need risk management.  This may be a dream for some, but it is rarely or never the reality.  Uncertainty will be part of your project.  Uncertainty is why you need risk management as a project manager.

Project Risk Management includes all the activities designed to better manage the uncertainty.

Project Risks are defined as being either a positive event, called an opportunity, or a negative event, called a threat.  The project management theory and other framework on risk management are designed to include both under the label of risk management.  This is sometimes unfortunate, as most persons do not think at all of opportunity as being a risk.  Try to tell people that there is a risk that your kids will be healthy, or that there is a risk that your marriage will succeed.  These sentences don’t sound quite right.  In some ways, by bundling these two concepts under risk management, we are creating a form a miscommunication.  Of course, experts talking to experts are happy with this risk framework.  However, a good communication should extend beyond experts.  That is why I often prefer to talk about uncertainty management, especially if talking to clients, management, or other stakeholder external to the project team.

PMBOK project risk management

But it is what it is.  And PMBOK has a chapter called Project risk management.  It defines risk management as:

Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project.  The objectives of project risk management are to increase the likelihood and impact of positive events, and decrease the likelihood and impact of negative events in the project.

 PMBOK 5th Edition, Chapter 11 – Project Risk Management, p. 309.


Project risk relates to the uncertainty present in all projects.  The uncertainty is about the future.  A problem that has already occurred should be managed as an issue, not a risk.

Project risks are not just external events.  The organization and the project team can bring risk elements to the project, with the project management practices used, the number of concurrent projects, the complexity of projects, governance processes, and stakeholders involved.  Lack of interest in discussing and managing risk is in itself a source of risk for the project.

Key processes

Project Risk Management includes the following key processes:

  • Plan Risk Management
  • Identify Risks
  • Perform Qualitative Risk Analysis
  • Perform Quantitative Risk Analysis
  • Plan Risk Responses
  • Control Risks


Key documents

The risk register is the key output of the project risk management process.  The risk register is developed early in the planning phase of the project.  Even if developed in planning, it should not just be a planning exercise.  It should be used as a management tool during the whole project.

Changes requests are another important output of the risk management process.  As events will happen, the project will sometimes need to adapt quickly and a change request will need to be approved.

Plan Risk Management

The project management plan includes the plan for all areas of the project.  Plan risk management is one of those “plan to have a plan”.  It defines how risk will be managed during the project.

Key documents to use when planning risk management includes:

  • the project charter: including high-level risks
  • stakeholder register: with risks relating to stakeholder’s requirements and preferences.


The risk management plan would describes how risks will be managed during the project.  Risk management is something that should happen throughout the project, and it is good to discuss early the timing and frequency of formal risk management process.

The written document may not be very elaborate.  The type of written documents needed will depend of course on the type and complexity of projects.

The dialogue on risk management

The dialogue is the most important to part of plan risk management.  It is important to be able to discuss risk, establishing a culture of risk management and enabling an open dialogue on risks.  In some ways, this is even more important than just completing templates, analysis of risks, and other documents as a simple required exercise.

Uncertainty exists in all projects.  Make sure your management style does not have too many blinds spots.  Discuss risks regularly.

Part 2 – the processes

In part 2, I will review each process of the project risk management process.  Part 2 will be published in 3 days.

  • Identify Risks
  • Perform Qualitative Risk Analysis
  • Perform Quantitative Risk Analysis
  • Plan Risk Responses
  • Control Risks

The goal is not to present everything in PMBOK on the subject.  I want to share some thoughts on the subject, what is important to consider and not forget.




The extra box

Listen to this episode of the podcast PM for the Masses, featuring an interview with Carl Pritchard, expert on project risk management.

006 Risk Management and the Secret Sauce of Carl Pritchard