Project Risk Management - Process Landscape

Enjoy Your 

4 Core Steps to An Effective Risk Management Process

Apr 3, 2019
project risk processes


Project Risk Management is an important set of processes – designed to ensure that the least number of unplanned disruptions occur during project execution, and when they do, be prepared to deal with them. While we can never predict the future with certainty, we can apply a simple and streamlined risk management process to determine risk items within a project and minimize the impact should they occur.  

This article presents the overall structure of a thorough risk management process.  It provides a review of the major process steps comprising project risk management.


Implementing a project risk management approach is vital for any project organization. Risk management doesn’t have to be resource intensive or difficult for organizations to undertake.  With some formalization, structure, and a reasonable amount of effort on the part of the project team, risk management can provide very tangible benefits.

In General, the effectiveness of risk management efforts will be dependent on three factors:

  1. How determined the effort to manage risks
  2. Maturity of the project team / organization
  3. The state of risk management process and tools

Determination and maturity are environmental variables related to the project team and the organization.  Item three is the focus of our upcoming series of articles – provide an efficient but effective risk management protocol that is easy to understand and simple to use.


Let’s begin with a robust definition for Project Risk Management.

Project risk management is the process of identifying, assessing, controlling (via risk  response development) and monitoring risks over the life cycle of a project – repeating the process periodically – such that the delivered project satisfies its objectives.

There seems to be only one guarantee in risk management – the project team will never identify all of the risks.

Simply put, we know what the project risks are, how much they can hurt us, and we’ve got a plan to deal with them – while keeping a watchful eye out for their arrival.  And we’ll do this as many times as necessary throughout the project to ensure its satisfactory delivery.

Project Risk Management Challenges

There seems to be only one guarantee in risk management – the project team will never identify all of the risks.  Here are typical risk management challenges that I’ve faced as a PM.

  • Poorly defined processes
  • Cumbersome or bureaucratic processes
  • Lack of interest leading to lack of effort
  • Lack of skills
  • Risks are not communicated
  • Risks, when identified, are not assessed or planned for
  • A tendency to hide potentially bad news
  • Disinterested sponsorship
  • ‘Get in and do it’ attitude – foregoing proper planning and risk management
  • Failure to integrate risk beyond planning stage
  • Poor project planning processes

In our 5-part series we will endeavor to provide a solution to each of these issues via an effective and efficient process structure and tool set.

Benefits of an Effective Risk Management Program

For our purposes, the cumulative benefits of project management improve 3 major project areas:  communications; data; and decision making.

project risk presentation - processes

In summary, a properly run project risk effort forces a deeper understanding of the project.  As a result, the project team has access to data and the logical decisions made from that data that it otherwise would not have.  Risk management is now augmenting other project monitoring functions – if not outright exceeding them.  Properly communicating project risks has the effect of marshaling organizational interest and resources which would not otherwise have been available.  To review a detailed examination of the benefits of project risk management see our article entitled “10 Benefits of Project Risk Management.”

Ultimately, the convergence of data, communication and decision making will have a decisive impact on your project’s performance – up to and including the point of its salvation.

For those doubting the power of risk management, checkout some of the minefields it can uncover in the “Project Management Basics” article entitled “Risk Management Examples: 9 Behind the Scenes Stories.“

Risk Management Processes

As our first of a series of 5 articles regarding Project Risk Management, this effort is intended to provide a summary overview of risk management and its 4 major processes.  These 4 processes include:  

  1. Risk Identification
  2. Risk Assessment
  3. Risk Control
  4. Risk Monitoring

Risk Identification

In the first step of the risk management process, the project team will proceed to identify any and all risks that threaten the successful delivery of the project.

Generally speaking, there are a number of approaches used to identify risks. These will involve ‘brainstorming’ to some degree.  In addition, there are systematic methods and use of historical project risk and performance data.  

The output from this step will be a partially constructed Risk Register.  The Risk Register will become quite familiar to all during the course of this blog series, but for now suffice it to say that the register is a tabular spreadsheet like document containing all of the details of a particular risk – including a response plan and an owner.  For those ready to jump ahead, checkout “’s” article entitled “Guide to Using a Risk Register.”

Risk Assessment

Once project risks are identified, we transition into the Risk Assessment process.  The steps here will fully define the risk in terms of its probability and impact as well as other qualitative factors.  

Once completed, this phase will leave us with a fully assessed and ranked/prioritized set of project risks rounding out the Risk Register.

Risk Control

Project Risk Control means the development of a risk response strategy for selected ‘over the threshold’ risks in the Risk Register. These responses are the individual plans the team will put in place to minimize the likelihood of occurrence and/or impact of a given ‘significant’ risk.

Risk Monitoring

With a now completed Risk Register, the Risk Monitoring will detail the project team’s responsibility of periodically monitoring the individual risks defined in the register.    

This risk process also defines the periodicity of continuing risk management efforts – identifying, analyzing, and controlling new or emergent risks – throughout the project life-cycle.  


Thus, we begin a brief and hopefully illuminating journey into an often-stubborn area of project management – the identification and management of project risks.  Our introduction has included briefs of challenges, benefits, background and a risk management definition.  

Written By:
Kerrie Gill, PMP, ITIL

Latest Posts from the 

Technology Practice