Risk is a natural part of life. It doesn’t matter what you’re doing, there’s at least some risk involved (and we’re talking about everything from brushing your teeth to wrestling alligators).
The same holds true for businesses. Risk is just a part of everything you do, whether you want it to be or not. However, just because there’s risk involved, doesn't mean you can’t still make a project work with proper risk control measures. Risk assessment is a critical part of project management and helps you determine whether or not you can (or should) risk the risk.
What is risk in project management?
Before talking about risk assessment, it helps to talk about what risk is in project management. In this case, risk is anything that could potentially happen that affects the desired outcome of a project. This could refer to any potential hazards and risks that affect the people, processes, technology, and resources that you use in a project.
It’s worth noting that risks are different from issues. Risks are things that might happen, where issues are things that have already happened. For example, if you know there could be an interruption in your supply chain, over the course of a project, that’s a risk. If your servers break on launch day, that’s an issue.
What is risk assessment?
Risk assessment is the act of looking at the risk through the lens of the various aspects of your projects. Risk and hazard identification helps you figure out the likelihood of risk happening, what potential risks could be, and how those risks might impact your project.
Risk assessment isn’t designed to help you avoid risk, per se. It’s more about helping you decide whether or not the risk is worth it and to come up with a further action plan that will help you manage that risk.
Why it’s important for a business to conduct project risk assessment?
Risk assessment may feel like just another thing that you have to deal with when you’re running projects, but the reality is it’s a critical part of your workflow. Rather than focus on what could happen if you don’t complete risk assessments, let’s look at how it helps your business.
The best way to deal with a problem is to identify the level of risk and be ready for it (even if it may not happen). Sure, it means you could be worrying about something that doesn’t happen. But if it does and you’ve got a plan in place for mitigating the risk, you’ll be glad you took the time to come up do the assessment. If you’re stuck in a cycle of reacting to problems after they happen, you’re never going to get ahead of potential risks in your business and it’s always going to feel like you’re playing catch up.
Just like being proactive, conducting risk assessment gives you a way to be accountable when things go wrong. Rather than stumbling around trying to explain why something suddenly went wrong to a client, you can go to them and say, “So, as we discussed, this happened. Luckily, we have a plan in place to deal with this exact scenario.”
It doesn’t matter how bad the risk might be, if you’ve got a plan in place to deal with it, you’re showing your clients that you care about positive outcomes, regardless of what happens.
People don’t like hearing about risk, but like hearing that you’re prepared just in case something comes up. Running a risk assessment at the beginning of your projects gives you a way to come to your clients and show them what might happen over the course of a project.
You might think that showing people what could go wrong is a bad thing, but when you also show them that you’ve got plans in place to mitigate the risk, you’re increasing confidence. Remember what we said about proactivity? It’s better (and frankly more professional) to show your clients that you’re proactively managing risk, than it is to react to problems after the fact.
Fewer things improve collaboration than having plans for everything, including risk. We’ve all been in situations with people who are just flying by the seat of their pants, dealing with the various problems as they come up, rather than having a plan for all the things.
Risk assessment won’t help make your collaborative projects smoother, per se. But it will help you better manage those moments when you encounter an identified risk, so everyone can get back to work faster.
How to do a risk assessment in 5 steps
You think that with all the benefits that come with the process, that risk assessment would be a long, complex thing. The reality is, though, that you can run through the entire assessment process pretty quick, if you know the steps and have the right risk assessment tools.
Step 1: Identify the risks.
Before you can do anything with risk, you need to identify what they might be within any given project. As we defined above, risk is anything that could potentially impact the outcome of a project. It helps to get kind of creative during this step, so that you’re able to capture everything that could possibly happen, regardless of how far-fetched it might seem.The more risks you identify, the better prepared you’ll be.
Step 2: Determine the likelihood of risk happening.
Once you’ve identified hazards and potential risks within a project, calculate the risk score and rank everything by how likely it is to actually happen. For example, it’s not likely that your office is going to burn down in a fire (unless you live in a fire-prone area), but it’s entirely possible that your data center could burn down or that your network will crash on launch day.
You do this to help you prioritize the areas you need to prepare for. That fire? It probably doesn’t need a response plan and can be ranked as low risk. The network, though, that could actually happen. In fact, it happens to companies all the time when they’re launching new products, so this should be ranked high as a type of risk you’ll need to be ready for.
Step 3: Assess the risk.
Now that you’ve identified the risk and decided which ones are most likely to happen, it’s time to determine the risk rating and assess the impact. If the network crashes on launch day what happens? Odds are you’ve blown your launch and will have a lot of unhappy customers. For each risk you identify, look at the impact on your business, your customers, and your collaborators.
Step 4: Come up with a plan.
Risk mitigation is not possible without a plan. Well, you could, but it won’t be an effective process and odds are it’s only going to take the risk out of your way long enough to complete the project. Rather than fly by the seat of your pants, come up with a risk management plan for each risk you identified in the earlier steps.
Step 5: Document everything.
As always, the more you document, the better off you’ll be. This doesn’t just mean taking notes during the previous four steps. Your goal here is to almost create a manual for dealing with each kind of risk you may encounter during a project, which can easily be done with an adequate risk assessment form. People need to know what works, what doesn’t work, and whether or not your assessment was accurate to begin with.
What is a risk assessment template?
A risk assessment template gives you a process to follow for assessing any potential risk that comes up during your project. It gives you a way to discover what the risks may be, what the outcome of those risks are, and whether it’s worth pushing forward with the project.
A risk assessment template is one of the most practical risk management tools that can help by giving you a clear path to follow when looking at any risks you may encounter during a project. These templates are designed to make sure that you don’t miss any key steps in the risk assessment process.
in this page. By clicking the Add Risk Button, you can add in details about the Risk, the Related Project, its Probability (from a scale of 0-100%), and the Impact this risk may have on your project.
After adding details about the risk you may have added, click the Add Action button to address the risk with a potential action that can reduce its impact or delete the risk in its whole. All Actions are grouped by risks in the
page allows all team members of the organization to see archived Risks and Actions once they have been Addressed or Executed on the respective tables.
👉 Get started with: risk assessment template
Copy this template
Need a risk assessment template to get you started? Not surprisingly, we’ve got just the thing. You can easily copy this template and customize it to your heart’s desire to suit your business and its specific needs. Other risk assessment matrix templates include this
Evaluating risk involves asking yourself a series of questions and using the answers to determine how you’re going to address possible risks. The following questions are a good starting place for any risk assessor, regardless of the line of business you are in:
What is your risk tolerance? Deciding whether you’re going to go for it, regardless of the risks, or play it safe and maybe hold off on something is the first step. If you identify hazards you typically encounter and they aren’t worth the hassle, you’ll want to err on the side of caution.
Which risks should you manage? The answer to this question is usually influenced by how risk tolerant you are. Some of the risks that you’re going to find during your risk assessment aren’t going to be worth the effort to manage if they come up.
What is going to trigger the risk? The risks you identify aren’t just going to happen. There’s always something that triggers risk. The more of these triggers you can identify, the better prepared you’re going to be to manage the risk when/if it comes up.
Once you’ve answered those questions, create a plan for managing the various risks that could come up during a project. Create a
and identify the key stakeholders, figure out what needs to happen to mitigate the risk when it comes up, and make sure you keep a detailed record of any risks that have to be managed, so you can be better prepared next time.
Are risks always bad?
Nope. Risk can be both good and bad. It can be hard to think this way, but it’s just like with anything, you don’t really know whether an outcome is going to be positive or negative, but when you properly assess risk, you can generally get a good sense of how it’s going to go.
For example, if you’re hiring a new team member for a project, you don’t generally know how that person is going to fit into the team or even if they can do the things they claim. But the interview process is basically a risk assessment. You’re taking the time to get to know the person, learn what they’re capable of, and make a judgement call about them.
may seem like similar things, but at their core, they’re different.
Risk assessment, as we’ve discussed, is the process of identifying the risk and assessing factors like what their impact could be and what the likelihood they’ll happen is in a broad scope.
Risk analysis is a deeper dive into specific risks. It’s a part of risk assessment that happens after you’ve assessed the various risks. Analysis can help you reduce the potential impact of the risk or even come up with solutions for avoiding it completely.
Coda is an all-in-one doc for your team’s unique processes — the rituals that help you succeed. Teams that use Coda get rid of hundreds of documents, spreadsheets, and even bespoke apps, to work quickly and clearly in one place. This template is a Coda doc. Click around to explore.