• 10 hours
  • Medium

Free online content available in this course.



Got it!

Last updated on 3/2/22

Execute the Steps of Risk Management

Identify Risks before You Address Risks

Proper risk management is not just about making a list of risks at the start of the project. It can be split into five steps:

  1. Learning about the project.

  2. Identifying and describing the risks.

  3. Evaluating the risks and their potential impact on the project before ranking them.

  4. Prevention strategy: defining actions to limit the potential impact.

  5. Monitoring the development of risks throughout the project lifecycle (a key step).

Completing these five steps will ensure effective project management, as well as effective risk management throughout the project lifecycle.

Completing these 5 steps will ensure effective risk management throughout the project life cycle.  Describing the project 2. Identifying the risks 3. Ranking the risks 4. Prevention strategy 5. Monitoring the risks
The five steps of risk management.

Completing each of these steps will help reduce your vulnerability to risks. However, if you miss any, your project could be vulnerable!

Don’t forget that you probably won’t anticipate all the risks even if you do a detailed analysis. As in much of life, there is no risk-free option in project management.

Your experience, ability to anticipate, and reactions, are essential parts of the process.

You will need to:

  • identify new risks

  • decide when they may present problems

  • make quick decisions when problems occur

That is why it is important to come up with a risk management strategy.

Define A Risk Management Strategy

These five steps (done in this order) will help you to ensure the security of your projects. Here’s an overview to help you better understand how to manage your risks.

1. Use the Project Description

It would be hard to develop a good strategy if you didn't understand the project before working on it.

Many of the risks you will identify will be linked to the context and the stakeholders.

Be sure to consider the current organizational structure, the available technical equipment (for digital projects), and the current and required use.

All methods for describing a project are important for risk analysis. The more detailed and specific the project description, the easier it will be to handle a wide range of risks.

Project environment  Current organizational structure  Knowledge of the project  Identifying the risks  Organization  Project description
Tools for describing a project and its context are important when identifying the risks.

In the next chapter, you will see how to use the project description. For now, just remember that it is impossible to produce a proper risk analysis without one.

2. Identify the Risks

You have the project description, and now you need to identify the associated risks. To do this, go through the generic aspects as well as the unique (or specific) ones. Completing the first step (describing the project) allows you to create your list of risks.

Generic Risks

Identify them by focusing on basic aspects of the project such as cost, quality, or delivery and determining whether the risk is high or low.

Specific Risks

Identify the risks that are unique to a specific project.

During the identification phase, describe the risks in detail, clearly outlining all the different factors.

Generic risks  Cost  Quality  Delivery  Specific risks  Unique aspects of the project  Identifying the risks

Generic and specific risks

3. Rank the Risks

Not all risks are equal. We should prioritize them in the following way:

First, consider their potential impact on your project in case they become problems.

Then, rank them according to their potential impact, and determine which could have the biggest.

This phase is essential, but if you try too hard to guarantee your project’s security, you could end up paralyzing it. You must accept that you can’t do everything yourself.

The Pareto principle states that 80% of the consequences come from 20% of the causes. It works for risk management too!   

Causes 20% Consequences 80%
The Pareto principle

It’s not always exactly 80-20, but remember, just a few of the risks represent the majority of the potential impact.

Identifying a risk doesn’t automatically tell you what you need to do. You must tailor the response to the situation. Ranking the risks helps limit the number you must focus on.

4. Prevent the Risks

Some people will panic, whereas others will avoid or stop an issue as quickly as possible.

Likewise, identifying your project’s risks and doing nothing about them would be a waste of time.

According to Merriam-Webster, to prevent means “to keep from happening or existing.” You’ll do this with your strategy by implementing steps.

How can you reduce the chance of a risk becoming a problem? How can you reduce the potential impact of this problem on the project?

You must answer these two questions in your prevention plan. First, this plan will outline the various measures you have created to decrease the risks identified during phase 2. Then you would focus mainly on preventing the risks you ranked as the most critical during phase 3.  

Prevention strategy Impact on the project   Likelihood of it becoming a problem  Preventive action  Reducing the likelihood of the risk becoming a problem  Risk Preventive action Reducing the potential impact on the project Acceptable level of risk
Lessening risks thanks to preventive action

In the last chapter, I was telling you about my beach walks near cliffs 🌊. There were ”Danger: risk of falling” signs, which is an example of safety factors a preventive action can take to reduce a risk (in this case, falling off a cliff).

5. Monitor the Risks

The previous phases often happen before the project has begun and are the foundation of your risk management strategy.

But don’t forget the last part! This final step does not involve any deliverables. Yet, it is just as important as all the others for two reasons:

  1. The risks you identified at the start of the project can change, much like the project as a whole. The potential impact of the risks can increase or decrease due to various factors including changes in the project environment. You should revisit the prevention plan and update the criticality levels at meetings.

  2. New risks can appear due to a change in the project’s scope, an altered project environment, or new stakeholders. Every time a significant change occurs, you should check for any additional risks. To do so, go back through the previous steps, identify the new threats, rank them by order of impact, and outline preventive actions.  

Let's Recap!

  • There are five key steps for an effective risk analysis strategy.

  • Project description tools are the basis for risk analysis.

  • Rank risks according to their potential impact.

  • Identifying the risks is not enough; you must also implement actions to reduce their potential impact.

  • Your risk management is not finished once you have drafted the prevention plan. You must keep monitoring and reevaluating the risks throughout the project lifecycle.

You now know what risk is, when to launch your risk analysis, and the key phases in risk management. This quiz will help to confirm that you understand these concepts.

After the quiz, come back for the second part of this course, where we will work together on a risk analysis.

Ever considered an OpenClassrooms diploma?
  • Up to 100% of your training program funded
  • Flexible start date
  • Career-focused projects
  • Individual mentoring
Find the training program and funding option that suits you best
Example of certificate of achievement
Example of certificate of achievement