Project Risk Management

Projects Fail Because of Risks

Risk management in projects is unfortunately still a strongly neglected topic. “Projects fail because of risks!” Many project participants are still not aware of this. Problems in projects are caused by risks to which no or too little attention has been paid. Perhaps the risks have not been discovered in the risk analysis, this is possible. But let’s be honest: aren’t we often infinitely optimistic when it comes to projects – and always see only the good sides? But often there is another important factor. The risks are simply repressed! I even claim: Suppressing risks is the biggest enemy for project success.

Risks are not necessarily something bad, because risks have a direct relation to profit. Simply put: The more risks a company is willing to take on with its projects, the greater the realizable benefit can be—but only if you have the risks under control with consistently applied risk management at project and company level. Those who do not take any risks will definitely stand still!

The following can often be observed in project execution practice: Risk management only begins when risks are obvious, i.e. have usually occurred or are foreseeable. In such cases, risk management is only carried out as crisis management, i.e. when it is actually already too late.

“We carried out risk management after the project kick-off. The topic is now closed for us. Now we can focus on the actual project activities again.” Unfortunately, you hear this statement very often. Did you do your duty when you identified and evaluated risks and defined and initiated measures for this risks at the beginning of the project? What do you think? I hope you say “No, that’s not enough!” The examples mentioned show that risk management in projects:

  • has to start early and
  • has to be repeated periodically

Risk Management is a Continuous Process

Risk Management in projects is a process that, regardless of the project duration and the complexity of the project, will not just be executed once but repeatedly. In the following figure on the next page, you will see the main activities of the risk management process, which is based on the PMBOK® Guide of the PMI. These activities form a closed loop. Risk management planning lies outside of the loop because it is created at the beginning of the project and only adjusted as needed. Now and then, it is taken by the hand again, for example, if questions arise about risk management in the project or when new employees entering the project need to be trained.

Risk Management Is Project Management for Adults

Tim Lister

The most important step of the risk management process is risk identification because only risks that are identified can be analyzed and treated with appropriate actions. Therefore, risk identification takes up most of the space in this book. The continuous communication is a central element of the risk management process and is constantly used—but is unfortunately not included in the PMI risk management process. Therefore, communication is not on the closed loop but in the center. If risks are being communicated and remain a constant topic, then this automatically contributes to their reduction.

The Project Risk Management Process

The Risk Management Process Includes the Following Steps

Plan Risk Management: Define how risk management is carried out in the project, who is involved with which responsibilities, which processes are used and which activities are performed.

Identify Risks: Identify risks and opportunities that affect the project or individual work packages/activities. Create a detailed list of all risks their causes and effects.

Analyze Risks (qualitative/quantitative): Analyze the identified risks and determine the probability of occurrence and impact (positive/negative). Then prioritize the risks and determine which risks will be further addressed.

Plan Risk Responses: Determine a risk response strategy for the individual risks and define actions to reduce the probability of occurrence and/or impact of risks (or increase it for opportunities) to address the overall risk exposure.

Implement Risk Responses: Implement the defined risk response plans.

Monitor Risks: Monitor the implemented responses plans. If necessary, adjust actions or define new actions. Track identified risks, identify and analyze new risks, and evaluate the risk process effectiveness throughout the project.

Communicate Risks: Communicate periodically existing and new risks and other risk management activities to project stakeholders.

The most important step in the risk management process is the risk identification

Risk Management Is More Than Just Risk Analysis!

Risk management is frequently put on a level with risk analysis. That’s not true, though! Analysis is only the exact examination of the specifics. Before risks can be analyzed, you have to identify them. The risks are more closely examined in the process step “Analysis” in order to understand them better. Afterward, probability and impact can be evaluated. Then, planning responses, monitoring and control will follow, and last but not least, the communication of risks and actions mustn’t be forgotten.

Take the Next Step


With an effective risk management you keep your project under control and eliminate 90% of all project problems before they occur. Don’t wait for the next project crisis. Take preventive action through active risk management! With my book Project Risk Management you get indispensable knowledge on how to successfully apply risk management in projects. You will receive practical instructions and tips that you can implement immediately in your project. With this knowledge you will make your projects even more successful and save your project life from many problems.