Skip to content

Dealing with project risks effectively

Added to your CPD log

View or edit this activity in your CPD log.

Go to My CPD
Only APM members have access to CPD features Become a member Already added to CPD log

View or edit this activity in your CPD log.

Go to My CPD
Added to your Saved Content Go to my Saved Content

In my last post I talked about how to identify risks on a project and how to ensure the risks were specific to the project and not general business-as-usual risks. Here I'd like to focus on how to manage those risks effectively and plan for their occurrence.

The key here is to effectively manage the risks so that those risks that pose a threat to project success are mitigated but also so that those risks that might present new opportunities, such as a better deliverable, quicker or at lower cost, are identified and acted upon.

It's important to remember too that projects are always liable to change as they progress so the risk management process should be responsive to change and the risks should be re-assessed from time to time if the project is long or complex.

Risk management is not a separate discipline but an integral part of project management so should be part of the regular activities of a project manager. One of the most important elements of risk management is complete honesty.  Without an honest approach to the risks involved there will always be unvoiced issues and these can be the biggest risks of all.

So how can you be sure that, once you have (honestly) identified your risks, that your risk management procedures are effective and add value to the project?

1. Document the risks
Create a risk log listing each risk with a description, stating who is responsible, the likely impact and the mitigating actions that could be taken. It needs enough information to be useful in monitoring and reporting on risks but not so much that it cannot be easily updated. A straightforward, up-to-date risk log will be useful during the whole life of the project.

2. Prioritise the risks
In order to prioritise effectively you need to understand what factors could make the risk more likely to occur and what impact that would have on cost, timescale and scope/quality of the final deliverable. So prioritise the risks using a combination of a probability rating and an impact rating. Some risks may be very likely to occur but have low impact; others may be less likely to occur but have a major impact so the overall priority needs to take this into account.

3. Plan the response
For each identified risk decide, firstly, what could be done to minimise the chance of it occurring and, secondly, what action could be taken if the risk does occur. You will then be better prepared to deal with it if you have to (any risks that could not be anticipated are, of course, another matter).

The usual options to mitigate risks that are threats (rather than opportunities) are:

  • Accept
  • Avoid
  • Transfer
  • Reduce

And one other point: risk management can and does help ensure more successful projects and it should be an integral part of the project management process but it should not be so large a task that the effort expended is out of all proportion to the size of the project or the potential impact of the risks.

Finally make sure the responses are implemented, without following through on the risk reduction measures then the risk management process will add little value overall.

Other blogs in this series:


This is a project management fundamentals blog written and sponsored by Parallel Project Training. For more about our project management training courses visit our website or visit Paul Naybour on Google+.

2 comments

Join the conversation!

Log in to post a comment, or create an account if you don't have one already.

  1. Unknown User 31 July 2015, 08:07 AM

    A realy useful post.  I recently worked on a project where the team had no project management knowledge and skill at all.  This blog really helped me to help them understand the importance of risk managment and why it was an activity we all needed to be awre of.

  2. Unknown User 27 January 2017, 03:47 PM

    I wonder if nowadays, when planning a project, organisations stated taking into consideration any possible risk of terrorist attack. How do they assess and reduce the risk for such risk?