Fundamentals of High Quality Project Risk Management

High quality project risk management relies on information, common sense, experience -- and to a certain degree -- gut instinct and intuition. Risks are threats to project success. Risks that are both possible and probable must be identified and analyzed  to fully understand what can happen, what is likely to happen, and if the worst should occur, what would be the result?  This is the essence and purpose of "project risk management".  Read on to learn how it works.

It Takes a Process to Manage Project Risk

Risk management is both a strategy and a process.  As a strategy, it embraces the concept that all projects have risk, and the goal is to ensure that those risks are managed to ensure that projects can be completed successfully.  Risk is no reason to avoid projects - it's a basis for making decisions about project scope, planning and execution.  There may very well be projects that are deemed to risky to proceed, but on the whole, most risks can be managed.  That's where the process come in.

As a standardized governance process, project risk management can be broken down into five working elements: risk origination (the risk is identified), risk assignment (responsibility is assigned), execution (risk response is planned and put into action), oversight (status is monitored) and closure (the risk is eliminated).

In practical application, standardized risk management steps can be applied differently within any given operation or project, depending on project needs and organizational capabilities. The ultimate goal of risk management is to create realistic processes for resolving project risks, so that time is well spent, and project results are appropriately protected. Above all, risk management strategies and practices must be well suited to the projects encountered, and to individual organizational needs and capabilities.

Working with the 5 Phases of Managed Risk

What's the benefit of a standardized approach to managing project risk?  You get a roadmap to follow, ensuring consistent results, ready to be adapted to the needs of the project at hand.  That's the purpose of the 5-phase process described below:

ORIGINATION: Identify risks according to multiple defining elements:

  • Risk characteristics by name and impact.
  • Risk identifier (code) for reference and tracking purposes.
  • The name of the individual raising the risk.
  • The date the risk was raised.
  • A target risk response date (when must this risk be analyzed and addressed).

ASSIGNMENT: Risk assignment procedures establish the mechanics by which risks are assigned to appropriate staff members for further analysis and action:

  • Who can submit (raise) risks for action as part of risk management processing?
  • Who will be responsible for risk review and analysis?
  • Who will be responsible for developing and selecting risk response and control strategies?
  • Who will be responsible for approving risk assessments and related response and control strategies?
  • Who will execute risk response and control plans?
  • Who will monitor risk status and the progress of any risk management activities?
  • Who will approve risk closure?
  • Who will be responsible for reviewing the success of the risk management process?

EXECUTION: Risk management execution procedures determine the actual steps involved in the risk review process, establishing the sequence of events and flow of information as risks are identified and evaluated. For planning purposes, these execution steps can be broken down into seven elements, as follows:

  • The risk is raised and initially identified.
  • The risk is assigned and prioritized for further action.
  • The risk is reviewed according to established criteria (category, probability, impact & target values).
  • Risk response strategies are devised (acceptance, avoidance or mitigation).
  • Risk response strategies are approved.
  • Risk response strategies are implemented as needed.
  • Risk management activities as listed above are documented.

OVERSIGHT: Tracking risk status and management results:

  • Management of the risk review schedule, which can include organization and prioritization.
  • Progress must be readily measured to ensure that risks are reviewed on a timely basis, and to maintain a realistic risk review schedule suited to project circumstances, overall project status, and external resource demands.
  • Management of individual risk activities, to include the status of all tasks and decisions necessary to manage individual risk events.
  • Have risk review assignments been completed as needed?
  • Have response and recovery action plans been completed as needed?
  • Have risk response plans been properly communicated so that the project team can act upon them? Are mitigation activities working?

CLOSURE: Risk closure procedures involve several basic steps:

  1. Risk status is assessed to determine if a risk is "open" (meaning that further analysis or action may be required) or "closed" (no further action or analysis is required).
  2. Risk status is documented. This documentation should address all elements and results of the risk management process as pertaining to the risks at hand. This should include the completion of all forms, and documented evidence of the ways and means by which specific risks were evaluated, as well as the results of the risk response and control activities.
  3. Risk management "lessons learned" are analyzed and recorded. Every project should conclude with a post project review, to include a comprehensive "Lessons Learned Analysis".  An effective "Lessons Learned Analysis" must include an examination of the risk process itself, as well as an evaluation of all risk management results as a contributing factor to overall project success or failure.

Where Does It Fit? Risk Management and the Project Lifecycle

Risk management takes place through multiple phases of the project management process, starting with an initial risk assessment as part of project selection, continuing with a comprehensive risk analysis, as part of project definition, sizing of risk management practices as part of project governance, tracking risks through project oversight, and evaluating risk management results as part of project review activities

Continue reading more on risks and project risk management in our featured articles Identifying and Analyzing Project Risks, Taking Action to Control Project Risk and Are You Ready for a Risky Project?

About Us- has been around since 2001.  What will you find here?  We have articles (covering a wide range of topics relating to our IT service strategy and project fast tracking methodologies).  We have templates and whitepapers to download.  We have our series of IT management infographics.  And, we have our "Toolkit productivity packages", combining "education and execution" - with time-saving concepts, steps and templates packaged in digital downloads.  Our current Toolkit offerings include the Fast Track Project Toolkit and IT Service Strategy Toolkit.

Learn more about the Service Strategy Toolkit from



If you are, then you need the IT Service Strategy Toolkit from! The Toolkit teaches you how to "add value" to IT projects and services -- using our time-saving "service strategy process". It's ready for instant download, filled with 400+ pages of steps, guidelines, practices and templates. Find Out More

Featured Management Topic: Project Fast Tracking

Strategic fast tracking is a streamlined project management process, used to level the playing field when "project problems" get in the way of on-time success. Our informative "fast tracking" article series explains more:

Part 1: What is Strategic Fast Tracking?

Part 2: Evaluating Projects for Fast-Track-Ability

Part 3: Pinpointing Project Priorities

Get an illustrated view of the fast tracking process in the "Step-by-Step to a Fast Tracked Project" infographic.

Articles, Tips & Offers Right to Your Inbox

Sign up for the newsletter and be the first to know about our latest blog articles, templates, white papers, infographics, and special offers.

We won't overload your inbox and we don't share or sell subscriber information. Just enter your email address below.