What is Risk Management?

by Sylvie Edwards

An important domain of project management is risk management. Every project has its risks, and in order to successfully achieve your enterprise risk management objectives, you must set objectives and develop a plan for the unexpected.  Before you can properly identify and manage risks, it’s important to understand risk management. So what is risk management, risk management frameworks, and why is it important for any good project? 

What is risk management?

You can’t look at the basics of risk management without first providing a few definitions. The Project Management Institute (PMI) refers to project risk management as “the processes of conducting enterprise risk management planning, identification, analysis, response planning, response implementation, and monitoring of risks on a project” (PMBOK Guide 6th Edition, glossary).

ProjectManager.com defines it as: “Project risk management is the process of identifying, analyzing and then responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal. Risk management isn’t reactive only; it should be part of the planning process to figure out the risks that might happen in the project and how to control that risk if it in fact occurs.”

The Prince 2 manual states, “The purpose of the Risk theme is to identify, assess and control uncertainty, and, as a result, improve the ability of the project to succeed.”

Here’s another take on the definition: “Project risk management covers all the activities and processes of planning for risk management, identification and analysis of project risks, response planning and implementation, and risk monitoring on a project. Effective project and enterprise risk management requires a conducive company culture, as well as the necessary risk management processes, structures, and budget to identify, assess, and address potential opportunities and adverse effects.” (OTC – www.ownerteamconsult.com)

So, all of the definitions are fairly aligned with one another and point in the same direction. That is at least a good start. Let me sum it up as I personally view this work: Having the right risk management framework, processes, and tools to support the uncertainties and opportunities brought about by the progressive elaboration of a project within an organization from inception to closing.

Common risk management frameworks

Project risk management is supported by a framework, processes, and tools which are specific to its delivery within the project methodology. Without these elements, we would not have project risk management at all. These might vary slightly from organization to organization, but at a basic level, they are much the same. A key success factor for any framework is that it needs to be adjustable or “tailorable” to each project but still remain the same for the organization. This will help in its adoption and understanding as it will not change but simply be flexible to the size or complexity of the project at hand.

Most of the common frameworks are derived from the existing PMI, Active Risk Management, or International Standards Organization. Some organizations simply use the standard processes while others take the standards as a basis and create their own framework to be used on projects. Most if not all will contain processes around planning, identification, analysis, monitoring, communications, representation, and documentation of risks events including one-time versus iterative processes.

Frameworks provide a view of how we will break down the processes and activities in order to perform risk management. Elements, structure, and delivery of the framework will be defined and documented in the risk management plan once the team has tailored it for use on a particular project.

Risk management objectives

Whatever we use (tools/techniques) and however we go about it (sequence), wat our main risk management objective is in doing risk management is to deal with the uncertainties and opportunities that a project brings into the organization while being planned, implemented, and delivered. A lot of these are generated by the fact that projects, by their definition, are temporary, bring about a unique product, service, or result upon delivery, and are progressively elaborated. All of these factors can and will contribute to the number of risks that a project manager and the team will need to deal with. It is key to have the support in place to be proactive at this versus reactive and passively waiting for a risk to occur and jumping in to try and resolve it. Often, by the time a risk is discovered in this manner, it is too late, and it has escalated to being an issue for the project and sometimes a crisis. Both these scenarios usually mean a lot more chances of failure or not meeting our project objectives.

What you should consider when planning for project risks

Once risk management objectives are set, it’s time to learn how to manage risks. You should start thinking and planning for risk from the moment the project is designated as such to the moment where lessons learned, and the closure report is put to bed. Project risk management once started does not take a break, it will follow the project and needs updating at every step of the way. Risks don’t take a day off for anything.

It is important to clearly understand not only how the work will be done (via the use of the framework) but also how it will use communications and other aspects to be supported throughout.

Some key considerations, in terms of risk, when setting up the project would include but not be limited to:

  • Who are our stakeholders?
  • What is their tolerance level to risk?
  • How comfortable is the Sponsor with this project?
  • Have we done this work before? What was the outcome?
  • How is this project different from other projects?
  • Do we have the expertise to do this work?
  • Would lessons learned from a previous project be helpful?
  • Is resourcing a possible issue?

Needless to say, the best support for this needs to be the buy-in of the entire project organization. The efforts need to be supported by good communications practices, and no amount of knowledge will ever stop the need to provide good project risk management on any project.

Why is risk management so important?

One might think this, but the easy way here is to jump in, learn, and get risk management ingrained in the very fiber of how we run every project. Once you have your team, the executives, and most of the stakeholders on board with it, it becomes a good routine that will save projects time, money, and efforts in the long run. Some statistics out there (I wish I remembered where I read this) state that a project run with risk in mind will be less likely to fail and that issues can be minimized by about 90% with the use of good risk management practices.

Take a look at your project risk management practices and see if they are up to speed with your projects and the need of your organization for value. There is always room for improvement,

but if you are doing it, at least, you have a leg up on some of your competition.


Find more content on enterprise risk management!

You may also like