Subscribe to CIO Magazine »

Risk management and project management go hand in hand

Effective risk management underpins successful projects

Consider this: Effective risk management underpins a successful project – true or false?

In-depth: How to create a clear project plan.

Was 'true' your first reaction? We believe that you’re right.

All three of us are strong believers in the positive value of a well-managed and controlled approach to project risks. An Internet search for “images of risk management” will return many illustrations of dice being rolled.

If it is done well, risk management measures the uncertainty involved when you 'roll the dice' during your project, and allows the project manager to obtain a consensus on how to best handle risks and unexpected events on the project.

This article does not cover in detail the processes necessary for effective project risk management. A large amount of material and advice exists on the subject. Rather, we put forward just a few 'pointers to consider' for your project – whether it is already underway or getting ready to start.

Take-away points to consider

We put forward the following considerations for risk management (this list is not exhaustive or prioritised):

  1. Risk management affects all aspects of your project – your budget, your schedule, your scope, the agreed level of quality, your communications and stakeholder engagement, the success when the project’s output is implemented, and so on.
  2. Risks can be positive (i.e. opportunities), as well as negative (generally referred to as risks).
  3. Risk management is about behaviours that prove that risk management is a top priority for you and the team, such as “being constantly aware of what might happen,” agreeing on strategies for all risks, and undertaking actions to prevent negative risks from becoming issues (i.e. occurred events) whilst maximising the opportunities of positive risks.
  4. Risk management needs to be conducted from the start of the project, constantly discussed and monitored, and involve all members of the project team.
  5. How you choose to handle risks depends on your most influential project stakeholders’ 'appetite for risk'.
  6. Each identified risk needs to be assessed, a strategy for dealing with it agreed upon by all appropriate parties, and tracked until closure.
  7. Project risk management is not “the project manager tracking risks in a Risks Register and sharing it occasionally when or if people ask to see it” – it is much more than that.

The essentials of project risk management

A project risk can be defined as an uncertain event or condition that, if it occurs, will have a positive or a negative effect on a project’s objectives. Some very comprehensive guidelines and procedures for managing risk are available from many sources. For example, the Project Management Institute describes the following summary process to managing project risks:

  1. Plan risk management.
  2. Identify risks.
  3. Perform qualitative risk analysis.
  4. Perform quantitative risk analysis.
  5. Plan risk responses.
  6. Monitor and control risks.

You may come across other models. Your means of conducting risk management and the behaviours you and your team display in 'making it real' make all the difference. We have mentioned 'behaviours' a few times in this article. We are referring to the communication (in all its shapes and forms) that you use, the importance with which you treat risks, and the willingness and drive to see actions through to completion and closure.

Here are a few questions for you to ask yourself:

  1. At the start of a project, do you plan how you and the team will approach risks? By this, we do not mean jumping straight to a Risks Register, but putting some serious thought into how risks will be managed during the project.
  2. Do you understand and monitor the appetite for risk of your customer and influential stakeholders?
  3. Do you involve all people in the team to identify project risks – not only at the start, but throughout the project?
  4. Do you review the risks of previous projects, and look to lessons from the past as part of your initial review and identification process?
  5. Do you strive to ensure each risk has an owner, and that the method to tackle them is agreed upon, i.e., whether to mitigate the risk with an action, to transfer, avoid or accept it and so on?
  6. Do you readily assess opportunities as well as negative risks, and devise strategies to maximise the likelihood of opportunities occurring in order to exploit or enhance them?
  7. Do you assess “triggers” to each risk so that you can monitor if/when there is danger of their becoming real?
  8. As well as qualitative assessment of risks, are you able to apply a quantitative financial or time value to each risk, both negative and positive, should it eventuate? If the impact is negative, will it turn into an issue? Can this estimated financial value help you justify an appropriate project contingency in terms of cost and/or time?
  9. Are you pro-active in tracking the agreed strategies to handle risks?
  10. Do you maintain a project Risks Register on a regular basis – moving priorities up and down the list, watching for low-priority risks that may escalate in importance, being attentive to risks that are likely to occur soon?
  11. Do you discuss the “current high-priority risks” with your key Stakeholders at each project review (in whatever forum you have for such review meetings)?
  12. Do you discuss what will happen if major and problematic “unknown unknowns” occur on your project, perhaps with action scenarios if such events happen?

Remember: Risk management is your friend and ally

As per the title of this article, risk management is the project manager’s friend. Done well, it helps you ensure that the 'appetite for risk' is appropriately understood at the start; that all risks are agreed upon, prioritised, assessed, communicated and understood in alignment with this 'risk appetite'; and that you have a solid platform to track agreed actions, including escalation up the management chain if necessary.

The key is to demonstrate positive behaviours in a way that ensures risk management is kept at the forefront of all your project activities. There is always the potential of 'unknown unknowns' impacting your project, but the more you can assess reasonable risks from the start of the project and actively manage them throughout, the better placed you will be as a team to realise a positive outcome for your project.

If you have an opinion on this article, we would really like to hear from you.. Please email us at with your point of view.

Other articles by these authors:

Read more in CIO Management.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Project Management Institute
References show all


Pedram Daneshmand


Hi Gary, Gareth and Jeff

Thanks for the article. I think it was a good summary to one of the most complex topics of these days: Risk Management.

I would like to contribute with some comments for consideration of the readers too:

- Implementing the risk management is a journey with no end destination. The interim milestones should be planned, statused against and modified as we go through this journey, however to maximist the outcome of the risk management plan the project, the project team should acknowledge and understand this.

- While there is no destination for this journey, the main goal is the continuous improvement approach and group commitment to the same goal. I usually call the Risk Management as a group activity with PM (or RM) would be the leader not the only player.

- As highlighted by PMI Practice Standard of PRM, the general critical success factors for project risk management are: Recognise the value of risk management, Individual Commitment/Responsibility, Open and Honest Communication, Organisational commitment, Risk effort scaled to project and Integration with project management.

- A trully two way consulting and communication channel is critical too. We should listen and learn from constructive ideas and experiences. There is no one answer when it comes to the risk management.

- The importance of training is also obvious and critical. The right trainings should be planned for the right levels.

- And the last but not the least is the risk management culture in your organisation/project. I really believe the soft skills of a good risk management implementation is the key for its success. Risk management process is a great opportunity which can be used for team building, get together and work as a team not individuals.

Thanks and regards,
Pedram Daneshmand

Senior Associate Director
Blue Visions Management Pty Ltd

Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: risk management, project management
Latest Blog Posts
  • The Future of IT: From Chaos to Service Automation
    Technology has become the heart and soul of every business, but IT workload and system complexity become more challenging. This whitepaper details the future of IT, the major challenges facing CIOs, and the three ways to transform IT so CIOs can lead the way.
    Learn more »
  • Secure application delivery for a mobile workforce
    Mobility has given people new freedom to work anywhere, at any time - but it has also brought endless complications for IT. We show you how you can empower people to use Windows applications and native mobile apps on any type of device - with full security.
    Learn more »
  • MAM Evaluation Guide: 10 Must Haves
    Your employees demand more apps, more data, more convenience—which places a major strain on IT. Satisfy both sides with a Mobile App Management (MAM) solution. Here’s a guide to help you understand the critical success factors before getting started.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index