Last month, over 44,000 project professionals from 179 countries came to 4PM.com to improve their skills.

Project Risk Management Template

By Dick Billows, PMP, GCA

Easy to Skip Risk Management

Project managers often skip the risk management process because the sponsor wants them to start work quickly without wasting time on things like risk management. This may well doom the PM to fighting fires for the rest of the project. On even a small project we can undertake a simple risk assessment process, investing as little as an hour and possibly saving dozens of them by utilizing the form below with our team and/or stakeholders.

Risk Management in Theory

Risk management is a concept with a very sound foundation.  That is, the cost of responding to unanticipated problems is always much larger than the cost of risk responses planned well in advance.  Further, if we keep the scale and cost of our risk management in proportion to the scale of the project and the risks we are avoiding, risk management always more than pays for itself.

Risk Management in Practice

Project managers routinely feel a great deal of pressure to start work on a project quickly since many executives think planning and risk management are simply bureaucratic paper shuffling processes with no real-world pay off. There is some truth to that assumption, particularly in bureaucratic organizations where any activity like risk management is an opportunity for more papers, more procedures and more endless meetings.  In addition, there is the fantasy that good project managers are good firefighters and so spending time and money on risk management is wasted.  When bad risks flare up; we just fight the fires.

Risk Management "Best Practices" In the Real World

Savvy project managers make a case for limited risk management using examples from previous projects of delays and cost overruns that were avoided because some risk management was done. Wise executives respond well to those examples, particularly if the data is quantified from a previous project. Even the most skeptical sponsor will usually listen to arguments about the specific damage that can be done to the project completion date and budget by one or two specific risks.  A slow gradual education approach with executives works best.

Risk Management Steps

Small Project Plans
Done within your organization for the manager or your boss

Medium Project Plans
Affects multiple departments within your organization or done for customers/clients

Strategic Project Plans
Organization-wide projects with long term effects
Course

Risk Management Plan

On a small tier #1 projects we may limit the entire risk management effort to 30-60 minutes. The only steps would be to ID risks and plan risk responses for 2-3 major risks.

For tier #2 projects we would add qualitative risk analysis of 10 to 20 significant risks and perhaps quantitative risk analysis of 2 to 3 top risks.  The aim of the risk analyses is to develop cost data as justification for our risk responses.

On tier #3 projects the scale of the effort and the consequences of failure justify extensive risk management.  Spending several weeks and over $10,000 on risk analysis would not be unusual and it would be normal to hire outside experts to assess the risks quantitatively.

Identify Risks

Risk identification could be done over coffee with the sponsor and a few key stakeholders identifying key threats and opportunities (all risks are not bad).

The risk identification is usually broken up by major deliverables with separate groups working through the identification process. The project manager should provide each group with the risk categories they should address.

The project scale justifies the use of multiple teams with each assigned one or more categories of risk by type (regulatory, competitive, technological, etc.) or the risks associated with a specific deliverable (facility construction, systems development, etc.).

Qualitative Risk Analysis

None

Use Qualitative analysis for smaller risks.

Qualitative analysis is used as a screening tool to identify risks with large expected value and to justify more expensive quantitative analysis.

Quantitative Risk Analysis

None

Only for very significant risks or opportunities.

Used to justify risk responses that cost a great deal of money or time.

Risk Response Plan

Short statement of how we will respond to each risk if it occurs.

More detailed set of risk responses using one or more of the following strategies: avoidance, mitigation, deflection or acceptance with a contingency plan.  Larger projects may combine all four of these risk reduction strategies in sophisticated responses with careful monitoring of the project using risk triggers for early warning.

Qualitative or Quantitative Risk Analysis Template

Risk event

Probability of Occurrence

Magnitude of Impact

Risk Response
 

Medium

High

Low

Medium

High

None

Type of Action

               
               
               
               
               
               
               
               
               

 
Deep Dive on This Topic with Additional Articles:

Risk Management: A Focus on Prevention, Not Fire-Fighting

Why Do Projects Fail?

Project Planning: Using the Project Charter to Solve Problems

$9.99 Focused Topics

Amazon eBooks & video on project techniques like:

- Plan Risk Management

- Identify Risks

- Qualitative Risk Analysis

- Quantitative Risk Analysis

- Plan Risk Responses

See all 38 Focused Topics

A Class of One Learning

Advanced PM

Advanced IT PM

Advanced Construction PM

Advanced Healthcare PM

Specialty Certifications

IT/Systems PM

Construction PM

Healthcare PM

Business & Marketing PM

PMP Certification

All Project Certifications

PMI