Project Management

Project Risk Management: An Introduction

From the The Money Files Blog
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from

About this Blog


Recent Posts

5 Key Financial Dates For Projects [Video]

Trends and Emerging Practices in Project Risk Management (Part A)

Why are your governance processes failing? [Infographic]

What tool do I use for tracking a project budget? [Video]

5 Considerations for Project Testing

Categories: risk

project risk management

What I like about the PMBOK® Guide – Sixth Edition is that the language allows for scope to adapt the information to your own environment. For example, the definition of the project risk management Knowledge Area starts like this:

Project Risk Management includes…

which opens itself up to the interpretation that there could be other factors included as well as the ones listed.

In this article, and over subsequent articles, we’re going to look at the Project Risk Management Knowledge Area. Why? This blog is normally about things to do with project financial management, and what’s more relevant than managing risk so you don’t get a massive budget impact? OK, I’m sure you can think of other relevant things, but risk management is definitely a factor in controlling your budget.

Doing risk management on your project involves:

  • Risk management planning
  • Identification of risk
  • Risk analysis
  • Response planning and implementation
  • And monitoring risk.

The reason why we do it isn’t just to save the company’s purse. It’s to increase or decrease the likelihood and impact of risks (depending on whether they are opportunities or threats) in order to optimise the chance that the project will be successful.

Note: when I first started learning project management, on my first training course, risk was considered as a purely negative event. It’s thanks to thought leaders in the field and the development of the profession that risk is now more widely known to represent both the good things that could happen as well as the bad things. In other words, risk is a reflection of uncertainty, not doom.

Risk is not inherently bad – even the negative risk. We take risks in daily life, every time we cross the road, or take a flight. But we calculate the risk (subconsciously) and do it anyway if our brain tells us that the odds are worth taking.

Business and project risk are no different. The goal of project risk management is to identify the things that might happen on a project and weigh up whether it’s worth doing anything about them. Oftentimes, it is worth expending energy to do something about them because ignored risks can turn into issues and be suddenly a lot harder to deal with.

Levels of risk

There are two levels of risk on a project.

First, we have the individual project risk. Take a risk, assess it, and note the impact it will have on the project. That’s at a very granular level, and while we do a lot of that, and it’s a useful exercise, we also need to look at the bigger picture. That’s the next type of risk.

Second, we have overall project risk. Let’s say your project risks are all assessed as low impact and low likelihood. Individually, each risk isn’t very risky. But now let’s say you have 5,000 risks. That’s a lot of ‘not very risky risks’ and aggregated, the picture looks very different. When you consider how those risks might interact with each other, the picture gets even worse. If one risk happens, it could make others more likely, or more impactful. Overall project risk looks at the whole picture of the cumulative, aggregated position that is created by all the risks.

When you look at the risk profiles of several projects, you can see different trends emerging again. At a portfolio level, you aggregate the risk profiles of all the projects and programmes.

Ultimately, you want risk at any level to be in line with stakeholders’ risk appetite. When a project gets too risky, stakeholders will be nervous. The exposure to the business feels too great. The portfolio management team, in conjunction with the corporate risk team, will take that kind of decision.

At a project level, your role is to escalate up to the PMO, your programme manager or even your boss and let them know about the significant risks facing your project.

That’s the reason we have risk management processes. It makes all this easier. When you have a risk framework and structure within the organisation, you can more easily pass information to the places it needs to go and keep your risks in check.

Next time: I’ll be looking at trends and emerging practices in risk management for projects.

Pin for later reading:

Posted on: June 01, 2020 01:39 PM | Permalink

Comments (6)

Please login or join to subscribe to this item
Thanks for sharing., very interesting.

Your article is too good. I got the activity from my college to comment on a blog on this site. So, I found your article good enough to comment on.
When I was in high school my teacher told me that "higher the risk, higher the chance of profit". It means that the projects having high risk have a higher chance of profit and vice versa.
I agree with your opinion that risk is present in our day to day life. For example- in school exams all the questions are uncertain, filling the application form of college and university and getting an acceptance letter is also uncertain. In both the situation, the risk is present but the level of risk is different.
Risk is an essential part of every project. But by performing various steps one can plan the uncertain happenings of the future and can control the risk up to some extent- :
1. Identify the Risk
The first step is to identify the risk by performing a SWOT analysis. SWOT refers to Strength, Weakness, Opportunities and Threats. By identifying all these elements it will become easy to control the risk.
2. Analyze the Risk
In this step, the identified risk is analyzed properly. Whether the risk is low or high, controllable or not.
3. Proper Planning
This step is very important as it includes the process of making a proper plan for controlling the risk. Most of the time two or more plans are prepared so that if plan A doesn't work then there will always be an option for plan B.
4. Monitoring and Controlling
In this step, the plan is executed for controlling the risks. The process is monitored by the Risk management at every step to avoid the chance of deviations.
In the end, I would like to say that your article helps me in understanding risk management in a project.

Thank you!
Sudeep Chopra

Very interesting and informative. Thanks for sharing!

Thanks Elizabeth. Very informative and good introduction to project risk management. Looking forward to subsequent articles in this area.

Really good article. I love the breakdown in levels.

Please Login/Register to leave a comment.


"The radical of one century is the conservative of the next. The radical invents the views. When he has worn them out, the conservative adopts them."

- Mark Twain