6 Steps in the Risk Management Process


Would you buy a T-shirt that said, “Risk Happens”? If you answered yes, then you’re a project manager. Risk is part of your planning makeup. When you start the planning process for a project, one of the first things you think about is: what can go wrong?

It sounds negative, but it’s not. It’s preventative. Because issues will inevitably come up, and you need a mitigation strategy in place to know how to manage risks on your project.

But how do you work towards resolving the unknown? It’s sounds like a philosophical paradox, but it’s not. It’s very practical. There are many ways you can get a glimpse at potential risks, so you can identify and track risks on your project. To manage risks effectively, follow these 6 steps in your risk management process.

A Short Definition of Terms

Before we get started on a risk management plan, it’s a good idea to define some terms that can be confused.

Risk: something that might happen that will have an impact, either positively or negatively, on the project. It can be an event or a condition.

Issue: something that has already happened in a project, which might have been a risk previously identified, or another unknown problem that can have a small or large impact.

You’re going to have both, of course, when you execute your project. But you’re going to handle them slightly differently, so it’s best to start off avoiding any mix-ups.

how to manage risk

Risk Management Steps

So, how do you handle something as seemingly elusive as project risk management? The same way you do anything when managing a project. You make a risk management plan. It’s all about process.

Process can make the unmanageable manageable. You can take what looks as if a disadvantage and turn it into an advantage if you follow these six steps.

Identify the Risk

You can’t resolve a risk if you don’t know what it is. There are many ways to identify risk. As you do go through this step, you’ll want to collect the data in a risk register.

One way is brainstorming or even brainwriting, which is a more structured way to get a group to look at a problem.

As noted earlier, you can tap your resources. That can be your team, colleagues or stakeholders. Find those individuals with relevant experience and set up interviews so you can gather the information you’ll need to both identify and resolve.

It doesn’t hurt to speak with that person in your organization who is the glass is always half-empty type. Their doom-and-gloom perspective can be surprisingly helpful to see risks that might not be evident to everyone else.

Look both forward and backwards. That is, imagine the project in progress. Think of the many things that can go wrong. Note them. Do the same with historical data on past projects. Now your list of potential risk has grown.

As you’re identifying risk, you’ll want to make sure you that your risk register isn’t filling up with risks that are really outliers and not risks at all. Make sure the risks are rooted in the cause of a problem. Basically, drill down to the root cause to see if the risk is one that will have the kind of impact on your project that needs identifying.

When trying to minimize risk it’s good to trust your intuition. This can point you to unlikely scenarios that you just assume couldn’t happen. Remember, don’t be overconfident. Use process to weed out risks from non-risks.

Analyze the Risk

Okay, you’ve got a lot of potential risks listed in your risk register, but what are you going to do with them? The next step is to determine how likely each of those risks are to happen. This information should also go into your risk register.

When you assess project risk you can ultimately and proactively address many impacts, such as avoiding potential litigation, addressing regulatory issues, complying with new legislation, reducing your exposure and minimizing impact.

Analyzing risk is hard. There is never enough information you can gather. Of course, a lot of that data is complex, but most industries have best practices, which can help you with your analysis. You might be surprised to discover that your company already has a framework for this process.

So, how do you analyze risk in your project? Through qualitative and quantitative risk analysis, of course. What does that mean? It means you determine the risk factor by how it impacts your project across a variety of metrics.

Those rules you apply are how the risk influences your activity resources, duration and cost estimates. Another aspect of your project to think about is how the risk is going to impact your schedule and budget. Then there is the project quality and procurements. These points must be considered to understand the full effect of risk on your project.

Prioritize the Risk

Not all risks are created equally. You need to evaluate the risk to know what resources you’re going to assemble towards resolving it when and if it occurs. Some risks are going to be acceptable. You would grind the project to a halt and possibly not even be able to finish it without first prioritizing the risks.

Having a large list of risks can be daunting. But you can manage this by simply categorizing risks as high, medium or low. Now there’s a horizon line and you can see the risk in context. With this perspective, you can begin to plan for how and when you’ll address these risks.

Some risks are going to require immediate attention. These are the risks that can derail your project. Failure isn’t an option. Other risks are important, but perhaps not threatening the success of your project. You can act accordingly.

Then there are those risks that have little to no impact on the overall project’s schedule and budget. Some of these low-priority risks might be important, but not enough to waste time on. They can be somewhat ignored, because sometimes you just should let stuff go.

Assign an Owner to the Risk

All your hard work identifying and evaluating risk is for naught if you don’t assign someone to oversee the risk. In fact, this is something that you should do when listing the risks. Who is the person who is responsible for that risk, identifying it when and if it should occur and then leading the work towards resolving it?

That determination is up to you. There might be a team member who is more skilled or experienced in the risk. Then that person should lead the charge to resolve it. Or it might just be an arbitrary choice. Of course, it’s better to assign the task to the right person, but equally important in making sure that every risk has a person responsible for it.

Think about it. If you don’t give each risk a person tasked with watching out for it, and then dealing with resolving it when and if it should arise, you’re opening yourself up to more risk. It’s one thing to identify risk, but if you don’t manage it then you’re not protecting the project.

Respond to the Risk

Now the rubber hits the road. You’ve found a risk. All that planning you’ve done is going to get implicated. First you need to know if this is a positive or negative risk. Is it something you could exploit for the betterment of the project?

For each major risk identified, you create a plan to mitigate it. You develop a strategy, some preventative or contingency plan. You then act on the risk by how you prioritized it. You have communications with the risk owner and, together, decide on which of the plans you created to implement to resolve the risk.

Monitor the Risk

You can’t just set forces against a risk without tracking the progress of that initiative. That’s where the monitoring comes in. Whoever owns the risk will be responsible for tracking its progress towards resolution. But you will need to stay updated to have an accurate picture of the project’s overall progress to identify and monitor new risks.

You’ll want to set up a series of meetings to manage the risks. Make sure you’ve already decided on the means of communications to do this. It’s best to have various channels dedicated to communication.

You can have face-to-face meetings, but some updates might be best delivered by email or text or through a project management software tool. They might even be able to automate some, keeping the focus on the work and not busywork.

Whatever you choose to do, remember: always be transparent. It’s best if everyone in the project knows what is going on, so they know what to be on the lookout for and help manage the process.

Managing risk is complicated. A risk register or template is a good start, but you’re going to want a robust project management software to facilitate the process of risk management. ProjectManager.com is a cloud-based tool that fosters the collaborative environment you need to get risks resolved, as well as providing real-time information, so you’re always acting on accurate data. Try it yourself and see, take this free 30-day trial.

Get the Best PM Tools for Your Team

Start a Free Trial