Risk management


Risk management is the practice of identifying, evaluating, and preventing or mitigating risks to a project that have the potential to impact the desired outcomes.

A risk is an uncertain event or condition that, if it occurs, has a positive (opportunity) or negative (threat) impact on a project's objectives such as scope, time, cost, quality.

Project risks are something that may happen and allows it to be managed (proactive).

Key activities

Risk management includes the following key activities:

  • Risk management planning – The risk management plan is developed, describing the approach for risk management.
  • Identification – Gathers both the initial set of project risks and periodic and ongoing risk identification over the management and delivery of the project.
  • Analysis and evaluation – An analysis of the risks is first conducted to determine their causes, and estimate their likelihood and consequences. The risks are then considered and prioritised according to their potential impact on the project, and each risk is assessed to determine its level of acceptability.
  • Treatment – Developing and implementing risk treatment strategies to minimise the potential adverse impacts of risk. A risk can have one or more treatment actions, these may be:
    • avoid
    • transfer
    • mitigate (reduce) or
    • accept.
  • Risk monitoring and reviewing – Monitoring and reviewing each risk on a regular basis, assessing its current status, taking further actions as necessary, including escalating the risk if needed.
  • Communication and consultation – Communication and consultation ensures that information relating to project risks are made known within the project team, governance committees and to stakeholders.

Key outputs

  • Risk management plan.
  • Risk register.
  • Risk treatment plans.
  • Risk reports.

Last updated: 16 April 2021

Give feedback about this page.

Share this page:

URL copied!