Project Management

Lessons Learned and Risk Management

From the Taking the Plunge Blog
by
In case you actually read this description, the beginning of the blog is about preparing for the PMP exam. It then evolved into maintaining my credential. While maintaining relevant credentials is important, it doesn't make a good long-term topic. Watch for experiments, some serious topics as I try out new things and "take the plunge", and maybe a little bit of fun.
Agile | Exam Prep | PDU | PMP | Project Management | show all posts

About this Blog

RSS

Recent Posts

Lessons Learned and Risk Management

Whose Idea Is It, Anyway?

Rejuvenating Your Career

Which Certification Should YOU Get Next?

Volunteering and Change

Categories

Agile, Artificial Intelligence, Business Acumen, Career Development, Certification, communication, Exam Prep, Influence, Information Technology, Innovation, Job Duties, Lessons Learned, PDU, PMP, Project Management, Risk Management, volunteering

Date

linkedin twitter facebook Request to reuse this  


I was recently asked “…what is the difference between ‘lessons learned’ and a ‘risk register’ other than when they are accomplished?” The conversation is still in progress, and I hope to continue it, but as I was responding I realized that I should probably post a follow up to my article “Lessons Learned from Lessons Learned” (https://www.projectmanagement.com/blog-post/73046/lessons-learned-from-lessons-learned) discussing the connection between lessons learned and risk management.

I’m not going to rehash my approach to lessons learned here – you can follow the link for that – but the checklist created and maintained through the process can have direct ties to risk management on future projects. It’s entirely possible for something identified during lessons learned on one project to present itself as a risk on a future project. Here are some real examples:

  • The acquisition hasn’t stabilized and priorities keep shifting; project funding may be reduced or cut.
  • The legacy system isn’t fully understood; cascading issues may be found during testing, causing delays to the schedule.
  • The vendor uses subcontractors that can be slow or uncommunicative, leading to delays and/or additional expenses.
  • Overseas tensions are impacting shipping costs and delivery times.
  • Technical environment provisioning is slow and/or faulty and we don’t currently have the resources to fix it.
  • The organization is displaying signs of change fatigue.
  • Estimates are consistently over-optimistic.

The risks that make it onto the lessons learned checklist should go through risk analysis for each project where they are relevant; the probability and impact may not be the same on each one. Some ongoing risks may get absorbed into Business as Usual (BAU). They’re not ignored, it just becomes accepted that it’s likely they’ll have to be dealt with, so they’re included in the plan without being part of that project’s risk analysis.

I don’t have a good average for how long a risk will stay on the lessons learned checklist. This would be either until it is no longer considered a risk or until it becomes part of BAU.

To be clear, this doesn’t change how you manage risks, it just creates a new channel for risk identification. It might even make it easier if you’re one of the few people who reviews old risk registers from past projects to identify risks that may affect future projects.

If you find this helpful and have additional insights, or have a better approach, drop a note in the comments. Feedback is always welcome.
Posted on: June 07, 2026 10:44 PM | Permalink

Comments (2)
Please login or join to subscribe to this item
avatar
Luis Branco CEO| Business Insight, Consultores de Gestão, Ldª Carcavelos, Lisboa, Portugal
I like the connection you make between lessons learned and risk identification.

One question that comes to mind is whether lessons learned should be viewed primarily as a source of future risks or more broadly as a mechanism for improving future decision-making.

A lesson learned may certainly become a risk in a future project, but it may also influence planning assumptions, estimation approaches, governance practices, supplier strategies, and other decisions long before a risk materializes.

In that sense, lessons learned are not simply a repository of past experiences. They are part of a continuous learning cycle that helps organizations improve the quality of future decisions.

Perhaps the real challenge is not capturing lessons learned, but ensuring they actively influence how future projects are planned, governed, and executed.

avatar
Aaron Porter
Community Champion
IT Director| Blade HQ Payson, UT, United States
Should lessons learned be viewed primarily as a source of future risks? No. They are most effective when they are forward looking, not just a log of what happened that nobody will care about in 12 months, or less. That was the point behind the post this one links back to. I wanted to make the connection to risk in this post because I did not explicitly make it in the prior post. Thanks for your thoughts!

Please Login/Register to leave a comment.

ADVERTISEMENTS

While hunting in Africa, I shot an elephant in my pajamas. How an elephant got into my pajamas I'll never know.

- Groucho Marx

ADVERTISEMENT

Sponsors







Newsletters

Jun 24: Acumen Is a Process, Not a Place
Jun 17: 7 Ways to Show Business Acumen Every Day
Jun 3: The Career Problem Facing New PMs

See all newsletters