4 Elements of Project Risk Management

Date: 06/12/2022| Category: Best Practices Glossary|

As we have already discussed, the role of the Risk Manager is extremely important for the success of a project and an organisation. In this article, we will take a closer look at 4 fundamental components of Risk Management that are part of the Risk Assessment process activities related to a project:

  • Risk Identification
  • Risk Quantification
  • Risk Response Development
  • Risk Response Control

Risk Identification

Identifying the risks that may impact the project is the first process that must be carried out in the context of Risk Management.

This consists of identifying events that could be a threat to the success of the project and which could be the following two types:

  1. Internal risks: things that the project team can manage and influence (PMI definition)
  2. External risks: things that are beyond the control or influence of the project team (PMI definition)

Internal risks are easier to identify than external risks, which are not always obvious or predictable in advance.

The Risk Identification process involves the whole team. The activity should take place in the form of a brainstorming or open forum in which the Project Manager presides as moderator. The team must agree on the identification of all risks and whether these are really risks that may have an impact on the project.

This process serves to strengthen cooperation between team members by allowing them to think and discuss independently and freely, but it is also useful to give them more responsibility for risk management practices.

Risk Quantification

Once the risks have been identified, it is necessary to quantify them. The aim is to determine which risks would be most damaging to the project if they occur.

There are many procedures to carry out Risk Quantification but, regardless of the process, a basic and fundamental concept in Risk Management is to involve both the Project Manager and the team in determining the probability that a risk might actually occur.

There tend to be two procedures and they consist of:

  1. Assigning a percentage probability to each risk
  2. Assessing each risk according to a scale of values: low – medium – high

Another factor to be taken into account with regards to the probability of a risk occurring is Risk Severity, i.e. the impact that a risk would have on the project should it actually occur. The severity of the impact can also be measured on a low – medium – high scale.

The best procedure is to carry out an activity that quantifies the risk by both the probability of the event occurring and the impact (severity) it would have. In this way, the team can be aware and cautious in weighing each assessment without running the risk of over- or underestimating a risk.

Risk Response Development

There are several strategies that can be applied in the Risk Response Development phase, two of the most important being the Mitigation Strategy and the Contingency Strategy. Both of these strategies are planned, but each of them focuses on risk at a different time during the course of the project. Namely:

  • Mitigation: addresses the risk before it occurs and attempts to reduce its impact a priori
  • Contingency: addresses the risk only when it occurs and attempts to reduce its side effects

While planning the mitigation strategy, it is good practice to develop an appropriate contingency plan so that every possible solution is ready to be implemented.

Also read: What is a contingency plan and how to write it?

Risk Response Control

Risk Response Control involves the execution of the Risk Management Plan in order to respond to risk events during the course of the project.

In the best case, if the mitigation strategy is well thought out and precisely executed, the contingency plan does not even have to be implemented.

Even if the contingency plan is not a document that will definitely be used, it is still necessary to have it produced as a safety tool in case a risk arises that could not be contained beforehand.

It is better to have a contingency plan ready to use than to have to develop one in a hurry.

QRP International offers different courses in Project Management. Have a look at our website or write to us for more information!

Share this post, choose Your platform!


Subscribe to the QRP International neswletter and get all the news on trends, useful contents and invitations to our upcoming events.

QRP International will use the information you provide on this form to be in touch with you. We'd like to continue keeping you up-to-date with all our latest news and exclusive content that's designed to help you to be more effective in your role, and keep your professional skills current.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at marketing@qrpinternational.com. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.