Project risk management: what it is and how to do it

When carrying out important projects, it is necessary to plan in advance to resolve any problems that may arise in their progress. Therefore, in project management, an extremely important area is that of risk management . If you want to know everything about project risk management and how to apply it to your business, read on!

What is project risk management?

Risk management is the process of identifying all the risk probabilities in a project and establishing action plans to circumvent possible problems. According to the sixth edition of the PMBOK® Guide, project risk management includes the processes for conducting planning, identification, analysis, response planning, implementation of responses and monitoring of risks in a project.

For example: if your project is the construction of a building, one of the risks identified and analyzed could be an accident on the construction site, such as a fall. A planned action to circumvent this possible problem could be a daily inspection that would ensure that workers are using safety equipment properly. Another example would be a possible delay in the completion of the work, which could occur for several reasons.

When dealing with complex or strategic projects, this management is very important, as it is necessary to be prepared for any obstacles that may hinder the progress of your project. But before continuing: do you understand what project risks are?

What are risks

A risk in a project is an event that has some level of probability of happening and that can impact the progress of the project.

Although the name suggests they are bad things, this is not necessarily true. In reality, a risk can negatively impact (threat) or positively (opportunity) your project.

In addition, they may be known or unknown. Known risks are those that were previously identified in the project planning. The strangers are those who were not previously identified and were not expected by those responsible for the progress of the project. But, after all, how to manage them?

How to do risk management in projects?


Risk management step-by-step

According to PMBOK , there are seven processes that must be part of risk management. They are as follows:

1. Risk management planning

The planning of risk management , as its title says, is to plan how management will be executed, monitored and controlled. This includes the definition of a methodology and the delegation of roles and responsibilities to those involved, who will be in charge of tasks related to this management.

In addition, the plan must contain information related to the budget, forecast of time to be spent, etc.

2. Identification of risks

The risk identification stage consists of mapping all the risks to which your project is exposed. Details on each of them, such as their causes and effects, the activities affected, their triggers, etc., must be included in this mapping.

3. Conducting qualitative risk analysis

The qualitative analysis concerns a prioritization of the identified risks, either due to their probability of occurrence or the impact they can generate on the project. The classification can be made on a scale where the probability can go from very high to almost nil, and the impact can go from very serious to insignificant.

It is also possible to cross-reference this information in a probability and impact matrix , in order to prioritize the risks that are at the same time very likely to occur, and represent a major impact to the project. Like this:

Using a probability and impact matrix to manage negative risks, we tend to develop specific strategies for each type of risk as follows:

  • If a risk is trivial, with rare probability, and negligible consequences, it is customary to accept it and act only if the problem does occur, in order to avoid wasting time with improbable risks that almost do not impact the project.
  • If a risk is moderate, the ideal is to mitigate, acting to reduce the likelihood and impact of the risk.
  • If the risk is intolerable, the ideal is to do everything possible to prevent or eliminate the likelihood of its occurrence and impact.

4. Conducting quantitative risk analysis

Here, a quantitative assessment of the impact that the prioritized risks will cause on the project is carried out if they become a real problem. This assessment must be expressed in numbers , which can range from money that can be lost, to a delay in completing the project.

5. Planning for risk responses

Here, finally, we begin to develop strategies and action plans to address the identified risks. This step can consist of preventing problems, so that they do not become a reality, investing in the elimination of their causes and in the repair of failures, or in plans to manage the problems if they happen.

In addition, a person responsible for the management of each risk is also assigned, who will be in charge of circumventing the problem in case it happens.

6. Implementation of risk responses

The implementation of risk responses is nothing more than putting into practice what was planned to circumvent the problems. For this to be done in the best possible way, it is important that the planning steps have been very well thought out.

7. Monitoring of risks.

This step consists of monitoring the project throughout its realization, observing when it is being exposed to risks and identifying the right time to implement the planned response.

Here, new risks that may be arising as the project progresses must also be taken into account, so that risk management becomes a continuous and cyclical process .

Risk management tools

The PMBOK guide mentions several tools that can be used for risk management. The analysis of checklists, for example, identifies risks based on previous similar projects. In addition, risks can be identified through brainstorming meetings. But one of the most important, complete and used tools in risk management is the SWOT matrix.

SWOT Matrix

The SWOT matrix was created by Professor Albert Humphrey, from Stanford, in the 60s. It consists of the elaboration of an analysis that maps 4 categories of attributes of your project, which are the following:

  • Strenghts (Forces);
  • Weaknesses (Weaknesses);
  • Thepportunities;
  • T

Its main purpose is to assess the internal and external factors that meet your project in order to identify its strengths and weaknesses ( internal factors ), as well as its opportunities and threats ( external factors ).
What are forces?
In the case of the building project, we could mention the use of cutting-edge equipment and materials in construction, for example.
What are weaknesses?
Among the weaknesses, we could mention a number of professionals that may not be enough to complete the work within the established deadline.
What are opportunities?
An opportunity, in this case, could be to take advantage of a drop in the prices of construction materials to buy the necessary for the work, for example.
What are threats?
One threat, in shock with the opportunity, could be a rise in material prices due to an economic crisis or high demand, for example.

After gathering this information, the ideal is to do a complete analysis of the entire scenario that your project faces and then plan for risk management.


After planning risk management, a formal record of the material obtained is required. In fact, the ideal is that this planning is part of the scope of the project .

It is also worth remembering that a good risk management plan must contain information about all risks, details about each one, their level of severity , those responsible for preventing each risk and for contouring the problems, etc.

Leave a Comment