Let’s talk about risk management in project management. Without exception, for all project professionals identifying and managing risk in order to achieve your objectives is an essential skill to have.

Whether you’re on a Construction site managing the different trades, or working for an IT start up on the launch of a new app, you will need to consider what the potential project risks could be and ensure you have a plan to tackle those risks, in order to achieve success.

What is risk management in project management?

Having the ability to manage risk is an essential skill for today’s project managers. Risk management in project management is the process of identifying potential risks before the project commences and creating a plan to mitigate those risks or prevent them from happening altogether. Risk management is about taking informed risk and understanding your organisation’s risk appetite.

According to the International Organization for Standardization (ISO) “organisations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives”.

ISO states that managing risk is:

  • iterative and assists organisations in setting strategy, achieving objectives and making informed decisions;
  • part of governance and leadership, and is fundamental to how the organisation is managed at all levels. It contributes to the improvement of management systems;
  • part of all activities associated with an organisation and includes interaction with stakeholders; and
  • considers the external and internal context of the organisation, including human behaviour and cultural factors.


Who manages project risk?

The risk owner coordinates the management of project risk, and who that person is will depend on the industry and organisation. In some cases, it may be a dedicated Risk Manager or Operations Manager, or risk management may be placed in the hands of the project team. While the risk owner helps coordinate risk management in project management, everyone takes and manages risk.

What skills do I need to manage project risk?

Risk owners require several skills to manage project risk well, which include:

  • Communication: Having the ability to communicate well with stakeholders, so that everyone understands the role they play in reducing the impact of risk.
  • Strategic thinking: Being strategic and having the ability to problem solve and come up with solutions for the project risks identified.
  • An understanding of the organisation: Knowing the businesses’ strategic direction, goals and risk appetite.
  • Planning: Ensuring that the risk management plan is being actioned throughout the project lifecycle.
  • Resourcefulness: Being quick to act under pressure to ensure that the project risks are addressed as soon as possible.


“It’s important to ensure risk management is stitched into the rhythm of all of your project activities. To identify risks well, focus on clearly understanding your objectives and the context of your situation, which will change over time. Invite diverse views in an environment where everyone feels free to express their opinions about risk and look for opportunities as well,”

Gareth Byatt, Independent Risk Consultant​


What is a risk management plan in project management?

A risk management plan is a document, which outlines how to approach risk management in project management, and how to best understand and manage the risks related to the project, the responsibilities of team members and stakeholders in managing those risks and the steps that will be taken in the case those project risks arise.

The risk management plan should be created long before the project commences, and throughout the project lifecycle should be continually referenced to ensure that the process to manage risk is working and that risks are being addressed.

What is a risk register?

Once you have your risk management plan in place and the project commences, risk will need to be continually monitored throughout the project lifecycle.

That’s where the risk register comes in, which is a separate document to the risk management plan. The risk register is typically reviewed in project meetings and the risk owner can use it as a tool to assign ownership and actions to different risks.

However, according to Byatt managing project risk should be more than “recording risks in a risk register and reviewing it once a month, as this is risk reporting, not risk management”.

What are risk control measures?

Another aspect of risk management in project management is ensuring that there is a framework around safety and risk associated with your project. This is where risk control measures come into play.

Risk control measures reduce hazards, cultivate a strong safety culture, and help ensure a safe working environment for those working to get your project across the line.

What are the steps to risk management in project management?

If you’re looking to integrate risk management into your next project, here are some simple steps to follow:

1. Identify and assess the potential risks

When it comes to identifying and assessing the potential risks related to the project, consider how a risk could occur, what the impact would be and what you can do to reduce the probability and impact (if you can) of the project risk. Understanding how much control you have over the risk is key. For some risks, you may have very little control over them. Keep in mind that along with identifying risk events, as mentioned above you should also list any project risks that can be identified as opportunities or uncertainty related to the project. Risk events and opportunities are often easier to identify as they have clear impacts, whereas uncertainty can be harder to measure as the result of a risk is unknown and is difficult to measure.

Questions to ask when identifying risk:

  • Are there any regulations or laws that you need to comply with?
  • What external events outside your control could affect the project?
  • Could certain risks result in reputational damage to the organisation?
  • Do the risks associated with the project align with the organisation’s risk appetite?
  • Are there examples of similar projects completed that you can draw on to identify risks?


2. Assign a risk owner

Whether it is a dedicated risk manager, or a member of the project team, every project will need a risk owner assigned to keep track of risks throughout the project lifecycle. The risk owner is the key person who manages the risk management strategy. This doesn’t mean that the risk owner must address every risk that could impact the project, however, instead they have the responsibility of assigning ownership to team members and stakeholders, as well as updating and keeping track of the risk management plan. If you’re the risk owner, it’s key to make sure that every member of the team is aware of their role in reducing and mitigating project risk.

3. Draw on subject matter experts

As part of your risk management strategy in project management it is essential to touch base with subject matter experts, such as contractors and senior stakeholders. Receiving input from others will help ensure you have crossed off all the potential project risks, as you may find that others have insights into risks you may not have discovered on your own. They can also provide advice on effective strategies they have implemented in previous projects, that you could integrate into your risk management plan. Also see if your organisation has risk registers from past projects completed available to review and any lessons learned reports.

4. Determine the probability of a project risk occurring

Once you have a list of the possible risks, the next step in your project risk assessment is ranking the risks by assigning probability. That way you will know which risks are more likely to occur and which would have the largest impact on your project. The risks that you measure that will have the highest impact, should be addressed first. There are many different formulas for measuring risk, however one of the popular ways is assigning a number to the risk.

For instance, you could arrange a probability scale as follows:

0.01 to 0.33 = Low
0.34 to 0.66 = Medium
0.67 to 1.00 = High

5. Consider the action you will take

Once you have all the project risks ranked according to the probability of the risk occurring, the next step will be planning out the actions you will take. With some risks you may be able to eliminate them entirely, however others may need to follow a mitigation strategy.

Example 1: Eliminating a risk event

IT Manager, Sam is managing the launch of a website upgrade. Each member of the project team plays an important part in getting the project across the line. Sam considers what would happen if one of the project team was to become ill, injured or resigns during the project lifecycle. To eliminate this risk, Sam decides to cross train all members of the project team, so that if he was to lose a member of the team, someone else would be able to step in with the skills and knowledge to take over that role.

Example 2: Mitigating / managing an uncertain risk

Lauren is a Construction Manager, running a large infrastructure build in Brisbane, Australia. Lauren has mapped out her risk management strategy and has flagged extreme weather in Queensland as an uncertain risk to the project. Lauren and her project team know they cannot prevent this risk, however, they can create an emergency management plan and ensure they have adequate business insurance against natural disasters.


6. Include risk management in your post project review

Just as one project comes to an end, you may find yourself handed your next project, leaving little time for a post project review. However, the greatest learnings can come from analysing how your project went, including the risk management. So when the project comes to an end, take the time to evaluate what went well on the project, what could have been handled better and the learnings you can you take with you to your next project.

How can I upskill in risk management?

If risk management in project management is an area you would like to learn more about there are plenty of online resources available. You can attend online webinars that provide insights into better managing risk, undertake a course specific to risk management or read online articles and resources that will help you brush up on your skills.