Project and Program Risk Management

Project and Program Risk Management


Last updated September 12, 2017


Delivering on-time, on-budget projects that meet the customer’s requirements

For project-driven organizations, projects are king. They are the lifeblood of the company and all revenue is earned from their success. Many factors influence project performance, including schedules, resources and funding. But one factor stands out above all others that make the difference between success and failure – risk.

Every one of us takes risks on a daily basis. Just getting out of bed in the morning is a risk. You might stub your toe in the dark on the way to the light switch or trip over the dog and break a leg. These events do not usually happen, but the possibility exists. The same is true for your project. Risk exists in all projects, and the potential that a particular risk will occur depends on the nature of the risk. Risk, like most of the elements of the other planning processes, changes as the project progresses and should be monitored throughout the project. As you get close to a risk event, that’s the time to reassess your original assumptions about the risk, your plans to deal with the risk and to make any adjustments as required. Not all risks are bad. Risks can present opportunities as well as threats to a project. All risks have causes, and if the risk event occurs during a project, there are consequences as a result of that risk.

Those consequences will likely impact one or more of the project objectives, and you will need to know whether the consequences have positive or negative impacts. Risk is, after all, uncertainty. The more you know about risks and their impacts beforehand, the better equipped you are to handle a risk when it occurs. The processes that involve risk, probably more than any other project planning process, concern balance. You want to find that point where you and the stakeholders are comfortable taking the risk based on the benefits you can potentially gain. In a nutshell, you are balancing the action of taking a risk against avoiding the consequences or impacts of a risk.

The first step is performing the Risk Management Planning process. Here, you determine the approach you will use for risk management activities and document your plans for them in a risk management plan. You will look at that process now. Risks come about for many reasons. Some are internal to the project, and some are external. The project environment, the planning process, the project management process, inadequate resources, and so on, can all contribute to risk. Some risks you will know about in advance and plan for during this process; others will occur unannounced during the project.

At its core, Project Risk Management is the identification, analysis and control of potential threats that can impact the project. Because projects often involve many parties inside and outside your organization, the question becomes “How can you proactively control and mitigate a threat if you don’t know about it?” Each group within a project typically maintains a list of project risks and mitigation actions on their own spreadsheet, making it impossible to prioritize resources on the biggest risks that could derail a project.

Risk Management Planning Inputs

Risks associated with a project generally concern the project objectives, which in turn impact time, cost, scope, quality or any combination of the four. As you might have guessed, the project scope statement is an input to this process since it spells out your project objectives.

The inputs of this process are as follows:

  • Enterprise environmental factors
  • Organizational process assets
  • Project scope statement
  • Project management plan

Tools and Techniques for Risk Management Planning

The Risk Management Planning process has one major tool and technique: planning meetings and analysis. The purpose of these meetings, which are held with project team members, stakeholders, functional managers, and others, who might have involvement in the risk management process, is to contribute to the risk management plan. During these meetings, the fundamental plans for performing risk management activities will be discussed and determined and then documented in the risk management plan. The key outcomes of performing these planning meetings are as follows:

  • Risk cost elements are developed for inclusion in the project budget.
  • Schedule activities associated with risk are developed for inclusion in the project schedule.
  • Risk responsibilities are assigned.

Templates for risk categories are defined or modified for this project. Definitions of terms (probability, impact, risk types, risk levels, and so on) are developed and documented. The probability and impact matrix is defined or modified for any project. Ultimately, your goal for this process concerns documenting the risk management plan (the output of this process).

Top capabilities for project risk management include:

  • Centralized risk register that eliminates disconnected spreadsheets
  • Built-in accountability management clearly assigns mitigation actions and timeframes increasing an organization’s risk-bearing capacity
  • Executive dashboards with key performance indicators deliver visibility to high priority risks that could impact project cost, schedule or technical performance
  • Automated alerts engine that notifies project managers early to avoid surprises
  • Workflow management that guides each risk through its lifecycle ensuring that nothing falls through the cracks.

Whether you are building the world’s next rocket, a liquefied natural gas production plant or the next generation air traffic control system, managing project risk is critical to delivering a successful project.

Happy learning! We wish you good luck in your PMP certification journey!

Find our PMP® Certification Online Classroom training classes in top cities:

Name Date Place
PMP® Certification 6 Jan -21 Jan 2019, Weekdays batch Your City View Details
PMP® Certification 12 Jan -9 Feb 2019, Weekend batch New York City View Details
PMP® Certification 18 Jan -15 Feb 2019, Weekdays batch Boston View Details

About the Author

Vijay Reddy has several years of experience in delivering and managing IT Services, Software Development, Product and Production Support and has expertise in IT strategy consulting, Governance and risk management, IT security, cloud computing and implementation around large customer accounts, managing the delivery of large outsourced IT Service and software development engagements and in depth understanding of deal structures and delivery options and models. His experience has been across diverse industry segments – Banking, consumer products, Retail, Oil & Gas and Hospitality. Vijay is an APM Group International certified and accredited Project Management (Prince2®), Programme Management (MSP®) and IT Governance (COBIT5®) Trainer, Exams Proctor, Supervisor and Invigilator. He is also EXIN accredited trainer for ITIL – 41 credits (All Modules leading unto expert), ISO 20000, ISO 27002, Lean IT and Cloud Computing.

Recommended articles for you

Risk Assessment in Project Management


Keeping an Eye on Project Management Risks


PMP Risk Management Part V – Assessing the Project Risk