In general, risk is the chance or probability that a person will be harmed or experience an adverse health effect if exposed to a hazard. In finance, risk is the probability that actual returns will differ from expected returns. In project management, risk is any unexpected or uncertain event or condition that can affect your project either for better or for worse.

Project risk management is the set of processes a company implements to protect the project from possible threats and to take advantage of opportunities. According to the PMBOK® Guide, risk management is defined as the “systematic process of identifying, analyzing, and responding to project risks.”

Risk management allows the project manager to:

• Identify events that are undesired (threats) or desired (opportunities).

• Understand the impacts of these on a project’s objectives.

• Work to reduce the negative effects or increase the beneficial effects.

One key point to consider is that in many sectors today, risk management has become a regulatory requirement, and several standards now exist (e.g. ISO 31000). It must therefore be considered in the organizational strategy and as part of all activities.

Finally, a robust risk management process is an important tool for project managers and should be implemented from the start of a project. It allows project managers to identify and characterize risks for a more informed view of the project, accommodate for the cost of risks early on, and also guide decision-making throughout the life of the project. 

To begin managing risk, it’s necessary to start with a clear and precise definition of what your project has been tasked to deliver. In other words, write a detailed project charter, with project vision, objectives, scope, and deliverables, so that the risks can be identified based on the project objectives at every stage of the project. Then the project manager would want to engage the project team early in identifying any and all risks.

With every risk that has been defined, the project manager needs to log in a risk tracking template to prioritize the level of risk. Then, create a risk management plan to capture the negative and positive impacts each brings toward the project and what actions you will take to deal with them. The project manager needs to set up regular meetings to monitor risk while the project is ongoing.

The first step in the risk management process is to identify all the events that can negatively (risk) or positively (opportunity) affect the objectives of the project milestone and scope. Risk identification is the process of determining which risks may affect the project. These events can be listed in the risk matrix and later be captured in the risk register. Risk or opportunity is characterized by its description, causes, and consequences, qualitative assessment, quantitative assessment, and mitigation plan. It can also be characterized by who is responsible for its action. Each of these characteristics are necessary for risk or opportunity to be valid.

6 Methods & Tools For Risk Identification

Risk analysis involves examining how project outcomes and objectives might change due to the impact of the risk event. Once the risks are identified, they are analyzed to identify the qualitative and quantitative impact of the risk on the project so that appropriate steps can be taken to mitigate them. There are two types of risk and opportunity assessments: qualitative and quantitative. A qualitative assessment analyzes the level of criticality based on the event’s probability and impact. A quantitative assessment analyzes the financial and time duration impact or benefit of the event. Both are necessary for a comprehensive evaluation of risks and opportunities. 

What are Qualitative & Quantitative Risk Analyses? 

Difference Between Qualitative & Quantitative Risk Analysis

When To Perform A Qualitative And Quantitative Risk Analysis?

Tool For Risk Analysis: The Risk Assessment Matrix

Risk Assessment Matrix is a straightforward, easy-to-read visual medium that provides insight into project risks by categorizing them by their likelihood of occurrence and the severity of their impact. A Risk Assessment Matrix is used to:- 

• Identify potential risks while considering both internal and external factors.

• Present complex information in a simplified format to make it easier to assess issues and drive decision-making.

• Prioritize project actions and assist in strategic planning.

• Provide project members and stakeholders with a snapshot of factors with the potential to affect project outcome.

Risk Response is a process of controlling identification risks. It is the basic step in any risk management process. Risk response strategy is a set of actions to prevent or reduce the likelihood of occurrence or the impact of a risk that needs to be implemented if the risk event occurs. The project team needs to establish a trigger point for implementing action and assigns responsibility (risk owner) for implementation. Risk response also includes a contingency fund to cover implementation costs.

6 Types of Risk Response Strategies

The Using of Risk Response Strategies

Risks and opportunities and their response plans need to be monitored and controlled. According to PMBOK 6th Edition, Monitoring risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project. The frequency of this will depend on the criticality of the risk. Developing a monitoring and control structure will ensure that appropriate risk responses are being actioned. 

Risk Monitoring & Control Tools & Techniques

Risk Reassessment

Risk reassessment in project management involves identifying new risks and reassessing current ones. It also involves closing risks that are outdated and no longer threatening to the project, risk reassessments involve the following activities:

1. Identifying new risks

2. Evaluating current risks

3. Evaluating the risk management processes

4. Closing risks 

Risk Audit

Project teams may have defined risk responses. The question is—“Are the responses effective?” Project managers facilitate risk audits to examine the risk responses' effectiveness and determine whether changes are required. The team also examines the processes to identify, evaluate, respond to, and control risks.

Variance & Trend Analysis

As with many control processes, we now look for variances between the schedule and cost baselines and the actual results. When the variances increase, there is increased uncertainty and risk. It is important to monitor the trends and respond before the situation gets out of hand.

Reserve Analysis

During the cost planning, the contingency and management reserves are added to the project budget as needed. As risks occur, the reserves may decrease. Depending on how your organization handles reserves and your risk management plan, project managers may request more reserves when inadequate.

4 Steps to Monitor Project Risks

1. Monitor Agreed-Upon Risk Response Plans 

For each risk or set of risks, a response should be planned. Risk owners or their assigned risk action owners execute the plans. Some risks merit an immediate response. For example, if a supplier fails to meet a deadline, the supplies are ordered immediately from another vendor.

2. Track Identified Risks

The project manager uses tools to track the overall project risk and ensure that the project team delivers the project on time, on budget, and in accordance with requirements. 

3. Identify and Analyze New Risks

New risks arise over time. Project managers periodically work with their project team to identify new risks. Project managers should identify new risks when key milestones are reached, changes in key team members as well as a major change to the project.

4. Evaluate Risk Process Effectiveness

The risk management process which includes identifying risk, risk assessment and risk response need to be examined for effectiveness. These processes might be modified were necessary to obtain better results.