Call us today 800 544 1995

Project Risk Management

What is Project Risk Management?


Project risk management addresses the planning, identification, analysis, response planning, and monitoring and control of risk on a project.

The following processes and the primary goals of Project risk management are defined as:

  • Plan risk management. Goal: risk management plan
  • Identify risks. Goal: risk register
  • Perform qualitative risk analysis. Goal: project documents updates
  • Perform quantitative risk analysis. Goal: project documents updates
  • Plan risk responses. Goal: project documents updates
  • Monitor & control risks. Goal: project documents updates, change requests

From A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Fifth edition, Project Management Institute, Inc. 2013, page 309.

Project Risk Management

A key objective of performing project risk management is to increase the probability of project success by minimizing or eliminating negative risk events and increasing the probability of positive events.

For the exam, understand the following concepts:

  • Risk Management includes the processes of planning risk management, identifying risks, performing qualitative and quantitative analysis of risks, planning responses to risks, and finally monitoring and controlling risks on the project
  • Risk is always in the future
  • Risk involves uncertainty - it may or may not occur
  • Assess your organization's risk attitudes based on three general elements:
  • Risk appetite - what degree of uncertainty can the organization accept based on anticipation of a reward?
  • Tolerance for risk: are they risk tolerant or risk averse?
  • Risk threshold - at what level of the organization refuse to tolerate the risk?
  • There will be known risks and unknown risks
  • Risks can be negative or positive and are identified as threats or opportunities
  • Risk is considered from the moment the project is conceived

Plan Risk Management

Plan risk management process defines how you will conduct risk management activities for a project. It includes the process of defining and providing sufficient resources and time to perform risk management activities.

Planning for risk management begins when the project is originally conceived and should be completed early in the Planning process group. Understand that if risk is a significant aspect of your project management planning, you may need to enlist the help of risk management professionals within your organization or external to your organization.

Just as with quality, there is a cost in addressing the risk aspects of your project. However, understand that failure to address risks in a project can ultimately be much more costly, not only to the project, but also to the organization as a whole.

Risk Management Plan

The output of the Plan Risk Management process is the creation and completion of the Risk Management Plan. The major categories in a risk management plan include:

  • Risk management methodology
  • Roles and responsibilities
  • Budgeting
  • Timing
  • Risk Categories
  • Definitions of probability and impact
  • Probability and impact matrix
  • Revised stakeholder’s tolerances
  • Reporting Formats
  • Tracking 

Project Risk Categories

The risk categories in a project management plan can be graphically represented with a tool that is similar to the work breakdown structure (WBS) called a Risk Breakdown Structure (RBS).

The RBS enables you to see all project risks grouped by basic themes and the specific risk areas occurring in relation to each theme. Tom DeMarco and Tim Lister in their 2003 book, Waltzing with Bears, identified five key risk categories on a software project:

  • Scope Creep – from the stakeholders
  • Inherent schedule flaws – usually due to unknown and uncertain elements, and also due to a miscalculation on the size of the product to be built
  • Employee turnover – this possibility is usually left out of the estimation process, especially the time needed to ramp up replacement resources
  • Specification breakdown – this is a show stopper, in which the customer cannot agree on what is being delivered, effectively bringing the project to a standstill. However, in reality, the conflict is usually so deep that it is often covered up and the project goes ahead with a flawed, ambiguous target. This will result in a project that is either canceled or does not meet customer expectation.
  • Poor productivity –usually a result of the impact of the previous four risks described

PMP Certification Exam - Project Risk Management - Memory Check


  • ___Plan risk management
  • ___Identify risks
  • ___Perform qualitative risk analysis
  • ___Perform quantitative risk analysis
  • ___Plan risk response
  • ___Control risks

A. The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact

B. The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating the risk process for effectiveness throughout the project

C. The process of developing actions and options to enhance opportunities and to reduce threats to project objectives

D. The process of defining how to conduct risk management activities for the project

E. The process of determining which risks may affect the project and documenting their characteristics

F. Process of numerically analyzing the effects of identified risks on overall project objectives

Materials in this course are based on the text, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Fifth edition, Project Management Institute, Inc. 2013
Question 1: The project manager overhears two stakeholders discussing the current project. Each stakeholder is discussing the risk impacts of the project on each of their departments. The first stakeholder states that the project will have impact on her department, but states that the team has effective strategies for dealing with it. The second stakeholder is voicing great concern because it may cause them to double their workload. They are looking to acquire additional headcount to meet the need but the company just implemented a hiring freeze (!) At this point, the second stakeholder does not know how serious the impact on her department will be. At the next stakeholder meeting, what will you most likely discuss with the stakeholders?

a. Stakeholder register
b. Stakeholder risk tolerances
c. Risk management plan
d. Risk avoidance strategies

Question 2: The tool that lists the categories and subcategories of risk on a project is known as a:

a. Risk breakdown structure
b. Quantitative risk analysis matrix
c. Probability and impact matrix
d. Stakeholder tolerance matrix

Question 3: An assumptions analysis is used to:

a. Identify historical information for risk analysis
b. Identify root causes
c. Assess the validity of risk assumptions
d. Assess the effectiveness of potential risk responses
Answer: B – In this instance, the stakeholders are discussing their tolerance for risk. The first stakeholder can deal with it well, while a second stakeholder will have real difficulty. The risk register (A) is a risk repository for all risks; the risk management plan (C) focuses on how risk will be managed and audited, and a risk avoidance strategy (D) is a specific risk response may not be possible.

Answer: A – This is the definition of an RBS. PMBOK® Guide, 5th edition, p. 317

Answer: C – Assesses the validity of assumptions as they apply to the project. PMBOK® Guide, 5th edition, p. 325

Chicago