A 6-step project risk management process

Your no-nonsense guide to better risk assessment.
If you were one of those people who spent a lot of time in outdoors-themed organizations growing up, then you know that they emphasize being prepared for whatever life throws at you. The goal, at least in a wilderness setting, is to anticipate potential problems to the degree that they’re easier to handle. In survival situations, proactivity outweighs reactivity.

The same strategies hold true with project risk management. The better prepared you are, the less time you spend struggling to deal with issues, which leads to successful projects.

What is project risk management?

Project risk management is the act of identifying, assessing, and mitigating risks that might occur during any given project. Risk, in this case, is defined as anything (good or bad) that might have an effect on the project objectives and outcome. It could be taking a chance on a new team member and who ends up helping you finish the project ahead of schedule. Or it could be a network crash that sets you back weeks.

Like wilderness survival, the goal of project risk management is to be as prepared as possible for anything that might happen. You’re planning for the just-in-case moments, rather than expecting to fail. But, without solid risk management plans, things can go south quickly.

What are the 6 steps in the project risk management process?

I’ve broken down the project risk management process into 6 steps. I’ve published a
that will guide you through most of these steps. And I’ve linked a few other helpful templates you can adapt into your own efficient process to identify, assess, and plan for potential risks.

1. Risk identification

The first thing to do is identify all the possible sources of risk in your new project. This could be good things (yay!) or bad things (Boo-urns!), even things that are just mildly annoying (meh). The goal is to simply figure out what they are.

Chances are, you’ll be able to identify most of the potential sources of risk based on previous experiences in past projects. However, there might also be things that happen that you’ve never encountered before. That’s why it’s a good idea to include others in the risk identification process. Running a
of sorts can be an effective method for coming up with new risks that you’ve never encountered before.

2. Risk analysis

Once you’ve identified risks you may encounter in a project, it’s time to take a deeper look into each. In this analysis phase, you’ll classify the risk, determine its impact on the project, and plan an initial strategy for mitigating the risk.

There are a few ways you could analyze risk. A
allows you to create a visual representation of the impact of the risk and how likely it is to happen. Again, this is where you can jump into my
, which will help you run both quantitative risk analysis and qualitative risk analysis.

3. Risk ownership

Being prepared on every single level also means knowing exactly how to avoid a not-so-fun round of the blame game. By assigning ownership of risk, you proactivity hand off the response to the appropriate team — while fostering a culture of support and empowerment. The risk owner should be the person who has the best skills to mitigate individual risks on your team.

For example, if something goes wrong with the back-end of an app you just finished, you can’t expect your copywriter to step up and solve the problem (unless you want to market it as a feature, rather than a bug). If you’re following this project risk management process, you would have given ownership of this risk to your engineers and empowered them to put the mitigation plan in motion when ready.

You can see an example of risk ownership assignments in my

Screen Shot 2021-10-19 at 10.31.15 AM.png

4. Risk prioritization

Once you decide who’s responsible for the risk, prioritize it. In this step, you’re looking for things that are going to have a big impact on the end result (either good or bad) and that are very likely to happen. Prioritization is a part of the risk assessment process and where the
comes in handy. As you can see by the diagram below, the matrix clearly tells you what kind of priority each kind of risk should be — guesswork is typically not part of this step.

5. Risk response plan

This is probably the most critical step of the process. Each type of risk you encounter (or at least the high priority ones) should have a risk response plan in place to help with risk mitigation, should the risk actually occur. Ideally, you’ll have a plan in place for everything you’ve identified, but focusing on the high-priority risks is a good place to start.

Your response plan should have clear steps to follow that help mitigate the risk, including who’s in charge of what, what needs to be done, and how fast it needs to happen. Here’s what the plan looks like in my

Screen Shot 2021-10-19 at 10.29.45 AM.png

6. Monitor risk management strategy

Finally, you need to monitor your strategy to make sure that it’s working the way that it should and that you’re adequately prepared for each potential risk. This should include post-mortems at the end of the project to assess how you handled the situations that came up, as well as a way to improve your processes around how you manage risk.

Positive vs negative risks and the impact they can have on your project

Even though we’ve already touched on this a little, it’s always worth calling out that

It’s entirely possible that when you’re running your project, you’re going to encounter situations that are risky, but ultimately very good for your project. These are going to be things that allow you to finish early, find innovative solutions to your business problems, or even bring in more customers to your business.

The other end of this is negative risk. This is the bad place you want to avoid as much as possible.

Negative risk tends to result in things like failed projects, blown deadlines, or scope creep.

It’s worth noting here that good or bad, risks can’t necessarily be prevented and they’re not your fault when they happen. That’s why project risk management focuses so much on planning for potential situations that may never happen. But, if they do, you’re prepared.

Improve project risk management with Coda

Coda can’t help you prevent risk from occurring, but Coda’s building blocks and templates can help you better manage the situations when they come up. I want to mention two of my favorite that work to clearly identify both the risk itself and the points in the project where something might happen.

Gantt chart

Gantt charts, or timelines as Coda calls them, are excellent ways of visually identifying potential risks. Seeing your entire schedule laid out this way can help you identify moments where risk may occur. I highly recommend playing around with
to highlight those moments. For example, you could use different colors within the chart that indicate the severity of the potential risk (red for high impact, green for positive impact, etc.).

There are also going to be moments when critical tasks overlap in ways that aren’t ideal or conflict with other aspects of the project, Gantt charts, because of the way they’re designed, make those moments obvious.

Test out this
to decide whether it’s a useful tool for your project risk management.

Kanban boards

Similar to Gantt charts, kanban boards can be used as a way to help with project risk management. The kanban system uses cards that identify the various tasks that need to be completed within a project. As a risk management tool, these cards can be color-coded to highlight moments where risk may occur. It provides you with a quick way to identify risks, so you can hand off potential issues to the people most suited to dealing with them (that’s the assign risk step from above).

It ends up looking something like this.

Of course, if you’d like to play around with that, we’ve got you covered. This
has everything you need to get started.

Project risk management FAQ

What are the 3 types of project risk?

What are examples of project risks?

What is the difference between project risk and project crisis?

How does a project manager mitigate the risks?

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.