← Go Back

To properly mitigate risk, a project manager must know how to effectively manage it. The inability to ascertain hazards can cause a project to careen off the rails rather quickly. Risk management is a process that begins at the conception of the venture and is followed throughout the life cycle of the project.

Although most project managers are aware of the dangers of avoiding risk, many are not quite sure how the entire process of risk management works or what it even means.

Risk Management

The objective of risk management is to ensure uncertainty never deflects the endeavor from the established business goals. It is a process that includes the identification, assessment and prioritization of risk to control the probability of impact. Now that you have an understanding of risk management, the next question to ask is “what are some risk management techniques?”


The idea behind this initial process is to recognize, uncover and describe risks that could affect the outcome of your project. The main question here to ask is “what could stop us from reaching our set goals and objectives?” Thinking of risk as a sudden event is a misperception. Identifying an issue and discussing it in advance is the key to beginning the risk management process.

There are a variety of techniques that organizations will use during the identification process to establish solid risk management strategies. The following are a few examples of how people identify corporate risk:

  • Brainstorming
  • Interviews and self-assessments
  • Risk surveys
  • Event inventories or loss data
  • Facilitated workshops
  • Root cause and Checklist analysis
  • SWOT analysis
  • Influence diagrams
  • Expert judgement
  • Assumption analysis

During this initial phase, any form of analysis is simply for information gathering purposes. Identifying the causes of an issue and developing preventative techniques is the main motivation for identifying risk.


Once risks are correctly identified, it is time to analyze them and prioritize that which will have the greatest impact on your project. Assessing the wrong list, or an incomplete list of risks, will do a company no good, so it is critical that you do not skimp on step one.

Once it is time for risk assessment, it is important you have the proper tools at your disposal to effectively mitigate the potential hazard. Risk analysis is generally lumped into two main categories: Qualitative and Quantitative.

Qualitative Risk Analysis

The root word of qualitative is “quality” and that is what these techniques focus on. Qualifying risks under this method involves making a simple list of the risks themselves, along with ranking them and mapping them out. The following are some common tricks used for assessing risks from a qualitative aspect:

  • Probability and impact assessment and matrix: Analyzing and rating risks using probability and impact on things like cost, schedule and performance.
  • Risk categorization: Grouping risks by common root causes to develop effective responses.
  • Risk urgency: The risk ranking from your probability matrix combined with urgency can help place risks priorities.
  • Expert judgment: Professional opinions from people in the industry or with similar project experience.

In addition to looking at the qualities of risks, it is also important to quantify them. Most companies typically use a little of both techniques in their risk management strategies.

Increase your business agility with Clarizen’s project management software

Quantitative Risk Analysis

These methods are more about definitive measuring and probabilistic techniques. The greatest risk of all is the risk of losing money and you cannot use qualitative systems to count your cost. The following are a few simple ways in which organizations are counting their risks:

  • Probability distributions: Used in modeling and simulation to represent the uncertainty of values in things like task costs and labor.
  • Cost and Schedule risk analysis: Cost estimates and scheduling are used as input values that are chosen randomly for each iteration.
  • Sensitivity analysis: This is a simple technique to determine how much impact a risk poses to a project.
  • Expected Monetary Value analysis (EMV): Calculating the average outcome of scenarios that may or may not happen.

There are a multitude of methods to “count” risk during the analysis process. Once assessment has taken place, the final stages of planning must begin.


The question of “what are some risk management techniques?” should never pop up during this phase. At this point, you should already be familiar enough with mitigating risks, that the planning process is the easy part. This final step is more about getting ready for risk and continuous management. The following are some simple techniques that will smooth out the planning process for you:

  • Assessments and meetings: Ongoing risk assessments and status meetings should be scheduled for reassessment of current risks and the closing of risks. It should always be an agenda at status meetings and a continual topic of conversation.
  • Risk audits: Examining and documenting how effective current risk responses are is part of the auditing process. It also looks at the efficacy of the risk management process as a whole.
  • Variance and Trend analysis: Comparing planned results to actual results using performance data to control and monitor risk events.  
  • Technical performance measurement: Comparing technical accomplishments as the project is executed to what is on the main schedule.

Risk management isn’t just about understanding and knowing when risks may arise. It is also planning for them and establishing an ongoing process to continually mitigate risk. A savvy project manager understands that risk is always an element to consider, but it doesn’t have to be a surprise. Through keen identification, assessment and planning, the risk factor is properly mitigated and the project forges on successfully.