Take your project career to new heights with AIPM membership. Join now to unlock the benefits of Australia’s leading body for project professionals.
Take the quiz
Join thousands of project professionals across Australia who have powered their career prospects with RegPM™ certification.
The demand for project management skills continues to grow across a range of industries, and professionals are building lucrative and rewarding careers.
For nearly 50 years, the AIPM has been driving project management across Australia.
12th Nov 2020
Whether you’re on a Construction site managing the different trades, or working for an IT start up on the launch of a new app, you will need to consider what the potential project risks could be and ensure you have a plan to tackle those risks, in order to achieve success.
Having the ability to manage risk is an essential skill for today’s project managers. Risk management in project management is the process of identifying potential risks before the project commences and creating a plan to mitigate those risks or prevent them from happening altogether. Risk management is about taking informed risk and understanding your organisation’s risk appetite.
According to the International Organization for Standardization (ISO) “organisations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives”.
ISO states that managing risk is:
The risk owner coordinates the management of project risk, and who that person is will depend on the industry and organisation. In some cases, it may be a dedicated Risk Manager or Operations Manager, or risk management may be placed in the hands of the project team. While the risk owner helps coordinate risk management in project management, everyone takes and manages risk.
Risk owners require several skills to manage project risk well, which include:
“It’s important to ensure risk management is stitched into the rhythm of all of your project activities. To identify risks well, focus on clearly understanding your objectives and the context of your situation, which will change over time. Invite diverse views in an environment where everyone feels free to express their opinions about risk and look for opportunities as well,”
Gareth Byatt, Independent Risk Consultant
A risk management plan is a document, which outlines how to approach risk management in project management, and how to best understand and manage the risks related to the project, the responsibilities of team members and stakeholders in managing those risks and the steps that will be taken in the case those project risks arise.
The risk management plan should be created long before the project commences, and throughout the project lifecycle should be continually referenced to ensure that the process to manage risk is working and that risks are being addressed.
Once you have your risk management plan in place and the project commences, risk will need to be continually monitored throughout the project lifecycle.
That’s where the risk register comes in, which is a separate document to the risk management plan. The risk register is typically reviewed in project meetings and the risk owner can use it as a tool to assign ownership and actions to different risks.
However, according to Byatt managing project risk should be more than “recording risks in a risk register and reviewing it once a month, as this is risk reporting, not risk management”.
Another aspect of risk management in project management is ensuring that there is a framework around safety and risk associated with your project. This is where risk control measures come into play.
Risk control measures reduce hazards, cultivate a strong safety culture, and help ensure a safe working environment for those working to get your project across the line.
If you’re looking to integrate risk management into your next project, here are some simple steps to follow:
When it comes to identifying and assessing the potential risks related to the project, consider how a risk could occur, what the impact would be and what you can do to reduce the probability and impact (if you can) of the project risk. Understanding how much control you have over the risk is key. For some risks, you may have very little control over them. Keep in mind that along with identifying risk events, as mentioned above you should also list any project risks that can be identified as opportunities or uncertainty related to the project. Risk events and opportunities are often easier to identify as they have clear impacts, whereas uncertainty can be harder to measure as the result of a risk is unknown and is difficult to measure.
Questions to ask when identifying risk:
Whether it is a dedicated risk manager, or a member of the project team, every project will need a risk owner assigned to keep track of risks throughout the project lifecycle. The risk owner is the key person who manages the risk management strategy. This doesn’t mean that the risk owner must address every risk that could impact the project, however, instead they have the responsibility of assigning ownership to team members and stakeholders, as well as updating and keeping track of the risk management plan. If you’re the risk owner, it’s key to make sure that every member of the team is aware of their role in reducing and mitigating project risk.
As part of your risk management strategy in project management it is essential to touch base with subject matter experts, such as contractors and senior stakeholders. Receiving input from others will help ensure you have crossed off all the potential project risks, as you may find that others have insights into risks you may not have discovered on your own. They can also provide advice on effective strategies they have implemented in previous projects, that you could integrate into your risk management plan. Also see if your organisation has risk registers from past projects completed available to review and any lessons learned reports.
Once you have a list of the possible risks, the next step in your project risk assessment is ranking the risks by assigning probability. That way you will know which risks are more likely to occur and which would have the largest impact on your project. The risks that you measure that will have the highest impact, should be addressed first. There are many different formulas for measuring risk, however one of the popular ways is assigning a number to the risk.
For instance, you could arrange a probability scale as follows:
0.01 to 0.33 = Low
0.34 to 0.66 = Medium
0.67 to 1.00 = High
Once you have all the project risks ranked according to the probability of the risk occurring, the next step will be planning out the actions you will take. With some risks you may be able to eliminate them entirely, however others may need to follow a mitigation strategy.
Example 1: Eliminating a risk event
IT Manager, Sam is managing the launch of a website upgrade. Each member of the project team plays an important part in getting the project across the line. Sam considers what would happen if one of the project team was to become ill, injured or resigns during the project lifecycle. To eliminate this risk, Sam decides to cross train all members of the project team, so that if he was to lose a member of the team, someone else would be able to step in with the skills and knowledge to take over that role.
Example 2: Mitigating / managing an uncertain risk
Lauren is a Construction Manager, running a large infrastructure build in Brisbane, Australia. Lauren has mapped out her risk management strategy and has flagged extreme weather in Queensland as an uncertain risk to the project. Lauren and her project team know they cannot prevent this risk, however, they can create an emergency management plan and ensure they have adequate business insurance against natural disasters.
Just as one project comes to an end, you may find yourself handed your next project, leaving little time for a post project review. However, the greatest learnings can come from analysing how your project went, including the risk management. So when the project comes to an end, take the time to evaluate what went well on the project, what could have been handled better and the learnings you can you take with you to your next project.
If risk management in project management is an area you would like to learn more about there are plenty of online resources available. You can attend online webinars that provide insights into better managing risk, undertake a course specific to risk management or read online articles and resources that will help you brush up on your skills.
Subscribe to receive future blog articles, the latest news and announcements, straight to your inbox.
A contract management plan is key to successful contract management. Find out why you need one and how to create one here.
Learn about the contract management process and build your contract management skills with practical tips from a lawyer.
Find out about the range of project delivery methodologies and how you can build robust project delivery skills.