Select Page


Managing Project Risk
By Diane Ellis

Most Project Managers know that it’s essential to manage risks to their project, but not everyone is sure what constitutes a risk rather than an issue, nor how to effectively manage them.

Let’s start with a definition first – what’s the difference between an Issue and a Risk?
I have a fairly simple test I use – Do I have direct control over this problem? If I do have some control or influence, I class it as an issue – something that I can manage.

A risk on the other hand is something I have little control over, all I can do is limit the impact to the project.

Let’s take a real life example.

As Project Manager on a project to implement a new tax (a goods and services tax), due to the complexities involved, we were basically upgrading our systems to support the new tax whilst the Legislation was being finalised.

This project was in the financial services area, so the legislation around the taxes on financial instruments was quite complex, and, even at a late stage, not fully fleshed out.

We were therefore in a position of having to proceed based on some well thought out assumptions.

The problem was – what if the final legislation was different to our assumptions?
I treated this problem as a Project Risk. I had little influence over the people drafting the legislation, and therefore the outcome was a risk to the project.

With any Risk, you need to look at two key factors:.

  • Probability: The first factor is the probability that the risk will eventuate. How likely is it that the risk will occur?
  • Impact: The second factor is the impact to the project. If the risk does eventuate, what will this do to the project? Will it mean a delay, a cost overrun, a need for more staff?


Now we need to look at what we can do as a Project Manager to minimise both the probability that this risk will occur, as well as the impact to the project should the risk eventuate.

In the case above, we had mitigation strategies in place both to minimise the likelihood of the risk eventuating, as well as minimising the impact to the project.

To minimise the probability, we worked closely with the company lawyers to ensure that our assumptions were well thought out, and, to the best of our knowledge, sound. We also worked with external lawyers, who lobbied the government on our behalf to clarify the legislation consistent with our assumptions. We also raised queries directly with the people drafting the legislation, and advised them of our interpretation of the law.

To minimise the impact we also lobbied the government to consider allowing a transition period for complex financial instruments, whilst at the same time ensuring that our project was structured such that some parts could be implemented whilst others were held back.

Not all projects will face risks of this magnitude, however it is essential that all risks to a project be identified at the start of a project, and be closely monitored throughout the project. Risk management should be included in all status reporting, even at the Executive level, as, by definition, these are potential issues which you, as Project Manager, cannot control. You can however, mitigate them.

A simple way to include Risk reporting in your status reports is to include a small table which basically lists, for each risk, the probability (ranked High, Medium or Low), the Impact (ranked the same) and then your plans to mitigate both the probability and impact.

Senior Executives may only wish to monitor those risks which have a High, High impact on the project, whilst your Project Owner will want visibility over all risks.

Diane Ellis has been a Project and Program Manager for over 25 years, and has recently released a new simple guide to project management called Project Management Made Easy. You can learn more about Diane and her new book, as well as sign up for a free course on Troubleshooting the Most Common Challenges Project Managers Face, at

Recommended PM App

Recommended PM App