Skip to content

5 Tips in Project Risk Management

5 Project Risk Management Tips
5 Tips in Project Risk Management

Project Risk Management is often treated as the “Brussel Sprout” of Project Management. It is the vegetable no one wants to eat but, without it, the meal (read “project”) is just not as healthy or as complete as it should be. In fact, it is actually quite a bit more than that. A project without effective risk management is a project that is likely to fail. Notwithstanding this dire outcome, few projects put enough effort into managing the risks that are inherent in every one of them, and even fewer project team members actively and effectively manage the risks on their projects. This is often due to the fact that Project Managers and Project Leaders find most of their time is taken up fighting figurative fires in trying to deliver the project, attending client and contractor meetings, chasing deadlines, resolving design and contractual issues etc. They therefore either delegate the responsibility of project risk management to a junior colleague, or they hold one risk review workshop, compile a risk register and then forget about it for the rest of the project.

Unfortunately, this approach is the very thing that results in Project Managers and Project Leaders finding that most of their time is taken up fighting fires. Without effective Project Risk Management, projects are likely to remain in a continuous state of turmoil, and constantly bordering on chaos. However, by recognising the need for effective Project Risk Management, and understanding that this will make the project a lot easier to manage, Project Managers and Project Leaders can make their own lives (and those of their clients, stakeholders and sponsors) a lot less stressful.

One of the keys to this is not to get overwhelmed by the prospect of managing hundreds, or even thousands, of “unmanageable” risks on your project. The number of real day-to-day risks on projects does vary significantly, depending on project size and complexity, but these seldom exceed one hundred, even on highly complex mega-projects. The reason for this is that most of the risks are already managed through the defined project execution processes and deliverables. In Project Risk Management, it is important to identify the risks which are not covered through the formal project execution processes and deliverables, and manage those risks separately, through a dedicated project risk management process. This process can be greatly simplified by applying the following five Project Risk Management tips:

Understand the key factors which will determine the success or failure of your project

This will help you prioritise and focus on managing the risks that may have a significant impact on the outcome of your project.

Know the boundaries of your scope

This will help you eliminate those risks which are either not within your remit, or over which you have no control. These risks should be completely removed from your risk register or, at the very least, transferred to the relevant external parties who are responsible for their management.

Describe your risks accurately

If the risks in your risk register have been poorly described it will be difficult to manage them, as you may not know their cause, or the effect that they may have on your project. An effective way of describing risks is to define them as: “The threats (or opportunities), and events that may arise as a result of these threats (or opportunities), resulting in consequences which may affect the objectives of your project”. The potential consequences of a risk may be included in the risk description, but should be separated for purposes of mitigation identification. By describing risks in this way, you will be better able to identify mitigations that deal with the probability of risk occurrence, and mitigations that deal with the risk impacts, separately. For more information on the importance of accurately describing risk, see our previous blog post on this subject at:

Eliminate irrelevant “perceived” risks

Many risk registers are populated with risks which are either irrelevant to the outcome of the project, or have no basis in reality. When running risk management workshops, or reviewing risk registers, it is important to keep an eye out for the “alarmist” risks. These may be risks like: “Rapid deterioration in weather conditions, resulting in a squall blowing through offshore facilities during installation activities, resulting in property damage and possible fatalities”. This is a very valid risk for projects being executed in areas which are prone to these types of weather condition but, if the project is being executed in a benign weather area, or at a time of year when there is a guaranteed calm weather period, then this risk has no place in your risk register.

Establish realistic and achievable risk mitigations

Having your risk register populated with accurately described, and relevant, risks is all good and well but, if the mitigations identified to manage these risks are neither realistic nor achievable, then the benefit of having identified and registered these risks in the first place is seriously undermined. A key to risk mitigation identification is to ensure they are S.M.A.R.T. In other words, all risk mitigations should be: Specific, Measurable, Achievable, Realistic and Time-Bound.

For more information about our project risk management services and software, or if you just want to express your own views on the subject, please feel free to get in touch via our “Contact Us” page.

6 thoughts on “5 Tips in Project Risk Management

  1. Becca Holton

    I love how you called risk management the brussel sprout of project management. It sounds like an accurate description. It also makes a good point why you shouldn't just skim over the details of risk management.

    1. Mike Shuttleworth

      Thanks Becca. I never was very fond of brussel sprouts, but my mum said they would help me grow up and be a Project Manager, and so they did! 😉

  2. Bobby Saint

    You made a good point about eliminating irrelevant "perceived" risks. It is always important to qualify what would register as a valid risk or not when running risk management workshops. They would certainly help in the development of a smooth business operation. If I were to organize my own, I would certainly consider this factor. Thanks.

    1. Mike Shuttleworth

      Good to know you found this to be a useful tip, and thanks for the feedback Bobby.

  3. John Wesley

    "all risk mitigations should be: Specific, Measurable, Achievable, Realistic and Time-Bound" Well said! I understand this to the deepest level. A great read indeed. Thanks for sharing.

  4. John Academy

    Nice thought about risk management. This is true that once we can identify the risk and have written about the risk. It may like what are the factors and what can make a difference in future progress. awesome idea and tricks. Thanks


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.