Managing Project Risk

Managing Project Risk

Brad Egeland
Business Solution Designer and IT/PM consultant and author with over 25 years of software development, management, and project management experience. Visit Brad’s site at

Basic risk management on projects hasn’t changed much over time. During the planning phase of any project, the project manager and team need to plan for risks. Plain and simple. Do we manage risk on every project? Sadly, no… or at least not in enough detail. Should we? Definitely. Risk management should be part of every project – even simple projects. Whether you give it an hour or you give it two weeks – risk management always deserves at least a cursory consideration on the project planning checkoff sheet. For detailed and high-tech projects, you will be gravely sorry if you don’t include an adequate amount of time for risk management. For any risk management process there are several key steps to consider as you plan for a successful project.

Document a risk plan

As the project manager, it is your responsibility to formally document (at the very beginning of the project) how you and your team – along with the customer’s help – will go about identifying, documenting and reacting to risks throughout the project. Gain the customer’s buy-in and sign- off and use it as the yardstick of reference as you move along in your risk management process.

##Identify potential risks Sit down with your team and customer very early in the project and brainstorm on the risks that may affect the engagement. Look at all possibilities that could potentially affect the project in terms of timeframe, costs and resources. This activity is the basis for the rest of your risk planning process and how you review the potential risk items and continue to identify more possible risks throughout the rest of the engagement. One key consideration is cybersecurity. What used to not be part of your risk management evaluation must now be considered – at least to some degree – on every single project… likely more so on specific tech projects. You may even decide that a cybersecurity tech resource be include on the project team on an ongoing basis.

How can we mitigate the risks?

As you work with your team and customer to identify risks, it’s critical to also document what the overall impact to the project may be if the risk is realized and then to also document how that risk could possibly be minimized or mitigated. You’re basically looking for any possible angle to lessen the severity of the risk if it hits your project. In the case of risk mitigation, you know there will be at least some impact to the project in the form of a potential budget increase or a timeframe extension. But with proper planning, you’ll know the action to take to lessen the blow to the project and maintain the necessary forward momentum.

How can we avoid the risks?

I personally prefer risk avoidance over risk mitigation whenever possible because it is the process of taking proactive, evasive action to help ensure that the potential risk is never even realized. Most risks can’t be truly avoided or predicted, but if you possibly can avoid them your project will be better off. You won’t take the risk head-on, and you’ve eliminated the possibility that your project will be knocked off course in midstream.

Readers – what’s your thoughts on these points? Do you plan for risks on every project? What processes do you go through to identify, plan, analyze and consider mitigation and avoidance of risks on your projects? Please share your thoughts and discuss.

Photo by Loic Leray on Unsplash

Recent Articles

Alice's Journey from Inaction to Downfall (based on a true story)

Data-driven decision-making is good. But can over-reliance on data paralyze you?

Project Portfolio Poker and Effective Management of Project Portfolios with Incomplete Data

A challenge that might seem impossible - making important decisions with incomplete information.

Evidence-based team extension

There is frequently a contradiction between what we want to do and what we can practically achieve.