Risk Analysis and Risk Management
How to evaluate and manage risks
How to evaluate and manage risks
By Thomas Bering, CfL, November 2020
If you work in project management, risk analysis is a tool that can save you many problems and sleepless nights.
In this article, we take a closer look at what risk analysis is, why and when you should use it, and how to conduct an effective risk analysis. We will also explain how to ensure that you get the maximum benefit from your risk analysis.
The purpose of a risk analysis is to identify all the potential risks that you might encounter in a given project.
Every project carries a multitude of risks that lie in wait and can potentially undermine even the most thorough project plan—or in the worst case, make the difference between success and failure. Fortunately, it is possible to anticipate most of the risks in your project, and once you are aware of a potential risk, you can plan how to handle it if things go wrong. This way, you can neutralize many unforeseen risks before they even become reality.
In short, risk analysis is about assessing both the likelihood of something happening and the consequences if it does.
A risk analysis helps us identify all the risks that, in one way or another, could undermine our project. These risks might affect the timeline, budget, or resources, or they might relate to assumptions that make it impossible to carry out planned activities.
The risk analysis simultaneously helps us assess which risks we are most likely to encounter and which ones have the potential to cause the most damage.
When working with risks, we have two options. We can try to prevent risks so that the event becomes less likely, or we can develop a plan to mitigate the consequences if the event occurs. With a thorough risk analysis, you have the tool to plan the necessary actions.
Risk analysis is an effective tool when working with project management. It is used, among other things, in the following situations:
However, risk analysis is not only valuable in project management. Here are examples of situations where you will typically work with risk analysis and risk management:
Risk analysis is an effective tool when working with project management. It is used, among other things, in the following situations:
However, risk analysis is not only valuable in project management. Here are examples of situations where you will typically work with risk analysis and risk management:
Typically, the project manager is responsible for conducting the risk analysis, but the project manager should involve employees who have insight into the relevant areas. It is often a good idea for the participants in the project group to contribute to identifying and assessing the various risks.
If the project group does not have the necessary expertise to anticipate risks, it may be necessary to involve some of the project’s stakeholders or external experts.
Lay the foundation for your success as a project manager and learn to design a process from start to finish, including a thorough risk analysis.
In the course, you will gain insight into the unique leadership characteristics associated with the role of a project manager.
Typically, the project manager is responsible for conducting the risk analysis, but the project manager should involve employees who have insight into the relevant areas. It is often a good idea for the participants in the project group to contribute to identifying and assessing the various risks.
If the project group does not have the necessary expertise to anticipate risks, it may be necessary to involve some of the project’s stakeholders or external experts.
Brainstorm potential risks. What could potentially go wrong in the project? Make sure to uncover risks from all areas of responsibility within the project group.
The greatest challenge with risks is that they often go unspoken. Ensure that even the smallest risks are noted, and share the list among all involved to inspire each other.
Evaluate the likelihood that each identified risk will materialize. Rate your assessment on a scale from 1 to 5, where 1 means unlikely and 5 means almost certain.
Follow the same approach as with likelihood. Evaluate the extent of the consequences if the identified risk materializes, again using a scale from 1 to 5, where 1 is insignificant and 5 is catastrophic.
Use the risk analysis matrix below to evaluate the overall risk level. For example, if you assign 5 points for likelihood and 5 points for consequences to a particular risk, it will have 25 risk points and be considered critical. A risk with 2 points for likelihood and 2 points for consequences will have 4 risk points and thus represent a lower risk level.
In this way, you can highlight which risks to prioritize and determine how much energy to devote to developing an action plan for each risk.
Develop a plan detailing the measures to be taken to prevent or mitigate each risk. These measures may aim to reduce the likelihood of the event or to minimize the consequences if the event occurs. You can download a template below.
Download template for risk analysis and management
Once you have conducted a thorough analysis of the project’s risks, it is important to actively use the analysis for its intended purpose—namely, to manage the identified risks. When managing risks, there are several options:
You can implement measures that aim to avoid or reduce the likelihood of a given situation occurring.
You can take actions to lessen the impact if a risk materializes.
In some cases, it may be possible and even advantageous to share the risk with others. A good example is insurance. You pay another company to take on risks. The same applies when renting office buildings instead of owning them. Another example is IT infrastructure, web hosting, etc.
No project is without risks, and we must accept that some things are beyond our control. If the cost of sharing, avoiding, or reducing a risk does not measure up to the potential consequences, you may have to accept and live with a given risk. This is especially relevant for risks that score low on the risk analysis matrix above.
Here you’ll get a thorough introduction to how to plan and execute projects. We walk you through the phases of a project and common pitfalls.