KEVSTEMPLATES.COM
Risk Management
Effective risk management is essential for project success. This section provides comprehensive guidance on identifying, assessing, and responding to project risks.
What is Risk Management?
Risk management is the systematic process of identifying, analysing, and responding to project risks. It involves maximising the probability and impact of positive events (opportunities) and minimising the probability and impact of negative events (threats).
Risk Management Topics
Risk Assessment Matrix
Learn how to use a risk matrix to visualise and prioritise risks based on their probability and impact.
- 5x5 and 3x3 matrix formats
- Colour-coded risk zones
- Risk prioritisation techniques
Probability & Impact Scoring
Understand how to score risks using probability and impact scales for consistent assessment.
- Probability scales and definitions
- Impact categories (cost, time, scope, quality)
- Risk score calculation
Risk Response Strategies
Explore the different strategies for responding to threats and opportunities.
- Threat responses: Avoid, Mitigate, Transfer, Accept
- Opportunity responses: Exploit, Enhance, Share, Accept
- Contingency planning
Risk Register Best Practices
Best practices for creating and maintaining an effective risk register.
- Risk register structure and fields
- RAID log integration
- Review and update cadence
The Risk Management Process
| Phase | Activities | Outputs |
|---|---|---|
| Identify | Brainstorming, checklists, interviews, SWOT | Risk list |
| Assess | Probability/impact scoring, risk matrix | Prioritised risks |
| Plan | Select response strategy, assign owners | Risk response plan |
| Implement | Execute responses, allocate contingency | Updated risk status |
| Monitor | Track triggers, review effectiveness | Risk reports |
Key Risk Management Principles
1. Proactive, Not Reactive
Identify and address risks before they become issues. A risk that has occurred is no longer a risk—it’s an issue.
2. Proportionate Response
The effort spent managing a risk should be proportionate to its potential impact. Don’t over-engineer responses for minor risks.
3. Clear Ownership
Every risk must have a single owner responsible for monitoring and implementing the response.
4. Regular Review
Risk registers are living documents. Review and update regularly as the project progresses.
5. Transparent Communication
Ensure stakeholders are aware of significant risks and the plans to address them.
Risk vs Issue
| Risk | Issue |
|---|---|
| Uncertain event that may occur | Event that has occurred |
| Future-focused | Present-focused |
| Managed through mitigation plans | Managed through resolution actions |
| Recorded in Risk Register | Recorded in Issue Log |
| Has probability < 100% | Has probability = 100% |
Related Resources
- Risk Register / RAID Log - Download template
- Project Healthcheck - Risk review checklist
- PRINCE2 Risk Theme - PRINCE2 approach to risk
- Portfolio Risk Management - Enterprise-level risk
- Getting Started - New to project management?
- PM Glossary - Key PM terminology