Risk Management – Principles and Definitions

We all hear about risk management (and risk assessment). The notion of trying to determine up front all the various things that ‘could’ go wrong is definitely a difficult task to undertake. Many a project that has hit rough times (or failed completely) can often find its troubles attributed to an unforseen problem that was not adequately taken into account up front. Now while no one has a crystal ball and can foresee every single issue that may (or may not) arise, it is important to still make a discerned effort into assessing as many conceivable risks and derive action plans to contend with them.

There are a whole slew of publications available regarding risk management and risk assessment. Degree and certificate programs are also available to those wishing to explore this area further. Truth be told, whole companies and careers are built around the notion of cataloging risks and formulating plans of action should problems appear as well as providing suggestions on how to proceed in order to mitigate potential risks.

Generally speaking, project managers are not formally schooled in the concept of risk management. Their background encompasses aspects of risk assessment, but depending on their role, it is likely to be one piece of the set of overall duties a project manager may be required to perform.

With that being said, it is important to take a moment and define some of the key concepts and definitions pertaining to risk management. What are some of the key takeaways and ideas that a project manager should be mindful of if attempting to perform a risk assessment on their project? What are some of the core principles that they should be aware of in order to best handle their project?

Risk Management – What is it?

In its purest form, risk management is the identification, classification and prioritization of risks. This is generally done in tandem with efforts to monitor, control and mitigate the risks. Risks themselves can be from factors internal to the project, such as the adoption of a new technology, team members that are new to the project manager, or resource constraints and internal dependencies. Additionally, risks can also be external, such as the health of the financial markets, competitive pressures, legal liabilities or even accidents. The sheer number and type of risks that may (or may not) factor in to a given project gives a good idea of how complex and problematic risk assessment can become.

Principles of Risk Management

There are specific core principles in regards to risk management. When looking to perform an actual risk assessment, the following target areas should be part of the overall risk management procedure (as defined by the International Standards Organization; ISO):

  • The process should create value
  • It should be an integral part of the organizational process
  • It should factor into the overall decision making process
  • It must explicitly address uncertainty
  • It should be systematic and structured
  • It should be based on the best available information
  • It should be tailored to the project
  • It must take into account human factors
  • It should be transparent and all-inclusive
  • It should be dynamic and adaptable to change
  • It should be continuously monitored and improved upon as the project moves forward

When first addressing a risk management procedure for a project, take note of the aforementioned principles to ensure that your specific assessment is matching up with the core ideals as defined by ISO.

Risk Management Process

There is a specific procedure that one should follow when it comes to performing a risk assessment. The overall process can be itemized as follows:

  1. Identification – Perform a brainstorming session where all conceivable risks are itemized
  2. Planning – Once defined, plan for contingencies as part of the overall project plan; implement controls as needed
  3. Derive Safeguards – Place specific ‘fallbacks’ into the overall project plan as contingencies for risks if they arise
  4. Monitor – Continuously monitor the project to determine if any defined (or un-expected) risks manifest themselves

Note that the diagram that is part of this post dictates the aforementioned process in a graphical format.

Dealing with Risk

Once the risks are identified and the specific risk process has been instantiated, what should the project manager do with the defined risks? There are actually certain techniques to be aware of pertaining to risk. Being aware of what the risks are will dictate how effective each of the individual risk management options might be.

  • Avoid the Risk – This may seem obvious, but it is an actual technique. There are instances where a perceived risk can be avoided entirely if certain steps are taken. An example of this might be a concern over a vendor supplying a given deliverable at a specific timeframe. It may be decided to perform the actual work for the deliverable in-house thereby eliminating the risk of the external vendor.
  • Reduce the Risk – While some risks cannot be avoided, they can be reduced. This may be accomplished by fine tuning aspects of the overall project plan or making adjustments to specific areas of scope. Whatever the case, reducing a risk reduces the impact it will have on your project.
  • Share the Risk – If a certain risk cannot be avoided or reduced, steps can be taken to share the risk in some way. Perhaps a joint venture with a third-party will reduce the downside risk for the organization as a whole. This could reduce the sunk cost and potential losses of the project if sharing of risk results in it being spread out over several different individuals or groups.
  • Retain the Risk – This is actually a judgement call. Once all options are exhausted, the team members, sponsor and project manager may just decide to retain the risk and accept the downside potential as is. This decision is usually made by first determining the upside potential of the project. If it is deemed that the project’s expected upside far outweighs the sunk cost and downside, than the risk itself may be worth it. Note that in certain cases, insurance can be used to mitigate the downside, although the actual risk retention itself is what is being accepted by the team.


Risk management is a very broad field and often requires a very specialized knowledge set and background to perform adequately. However, from the standpoint of the project manager, he/she is the defacto risk assessment officer if none other have been made available. Being that the project manager is ultimately responsible for the success or failure of the project, being aware of the various concepts and methodologies behind risk assessment and risk management, will give them a leg up in being able to draft a project plan that takes into account any downside potential for the project.

Note: For further information on risk assessment, please read the post: Project Risk Management – Tools & Techniques.

Top 5 Issues for the Project Manager

Being a project manager is not without its problems. Like any profession, there are great rewards coupled with numerous headaches. The number and frequency of both varies depending on a number of factors, such as the complexity of the project, its team members, the culture of the company and even the capabilities of the project manager.

Many things can add to the stress that the project manager has to contend with on a day-to-day basis. Some of these items might just be part in parcel with the job, while others can be mitigated or even eliminated simply with experience and the right set of tools and mindset. But from the standpoint of the ‘main’ issues that a project manager has to contend with, they can be itemized as follows:

1. Sharing Resources

In many situations, a project manager is utilizing resources that are ‘loaned’ to them from other projects or from functional managers responsible for specific deliverables. In any sense, the resource itself may be part of the project, but depending on how the organization is structured, the resource does not necessarily answer to the project manager. As such, what commonly occurs is that the project manager must request resources and then contend with situations where the resource may only be working ‘part time’ on their project. In those cases, it makes assigning tasks to the resource more difficult since the project manager has to be cognizant of what other tasks the resource may be required to perform on other projects or as dictated by their functional manager. This can turn into little tug-of-wars between managers as all are vying for the resources time. Recognizing this situation up front should become part of the risk assessment the project manager performs. Additionally, adjustments should be made to the schedule and fall-back options be drafted in case the resource’s time on the project cannot be completely guaranteed.

2. Dealing with Dependencies

In many situations, a project may be dependent on the success of other projects within the organization. Conversely, other projects may also be dependent on the current project. Whatever the case, the project manager must be fully aware of what these dependencies are and they should be itemized in the main project plan. Additionally, the project manager will need to monitor the progress of the dependent projects and have action plans in place should issues arise with one of them. Keeping tabs on their schedules and milestones and aggregating that information into the broader project timeline will make the dependencies more obvious and easier to monitor.

3. Virtual Teams and Global Geographies

With our new world, the internet, various communication advancements and the rise of other industrial powers has led to a very diverse and dispersed global village. While in the past, cohabited teams were the norm, nowadays, teams are often disparately located, even spanning countries and cultures. This new resource dispersion has added additional complexity to the project manager’s day-to-day duties. They now have to be aware of timezones, language and cultural barriers, differences in legal constraints and a myriad of other factors that come with dispersed teams. What is paramount is that the project manager have an effective communication plan in place. Ensuring that the dispersed team still has an effective medium with which to engage in dialog is extremely important to the success of the project. Whether it be video conferencing, email, wikis, et cetera, a communication plan needs to define the communication methods at the onset of the project. That way, the team members will know where they need to go in order to have discussions with their fellow team. An added benefit is to also always make the location and timezone specifics of each team member evident to the rest of the team. Have that information visible and up-to-date so that team members become familiar with who is located where.

4. Effective Tool Usage

Whether it be a good content management system, version control (for source code and documents), the usage of Microsoft Project, et cetera, knowing which tools to use and how to use them is a must for the project manager. Tools are meant to make ones job easier. But good working knowledge of the tool will make that much more evident to the project manager. Remember that as a project manager, you will have enough problems to contend with daily. The last thing you need is to have to contend with either a clumsy tool that makes your job harder or unfamiliarity with a tool that adds to your daily duties. So it is not only important to have the right tool, it is also extremely important to know how to use it. If you are new to a role and a specific tool is in place that you have not used before, take the time up front to become familiar with it. That will let you know right away if the tool is adequate and also give you the necessary heads-up on how to use it.

5. Dealing with Management Expectations

Like anyone that watched Star Trek, managers are often akin to the captain of a starship. They expect miracles. But as is often the case, reality rears its ugly head. In many cases, it is up to the project manager to explain to management what is feasible and what is not. A feasibility study is an excellent way to give a good synopsis of whether or not the expectations of management can be matched in the real world. (For more information on feasibility studies, please read the post: The Feasibility Study – Key Factors) In any sense, the project manager is often the vanguard in dealing with realistic and unrealistic expectations. And while it is not always easy, it is sometimes necessary to say those dreaded words: ‘I’m sorry, but that can’t be done’.