Select Page


Project Management: Risk Assessment
By Larry Gunter

In this article, I am recommending action for a project team to pursue when addressing risk management. This action includes steps necessary to handle project risks. The team’s objectives, risk process, activities and output are detailed out for this recommendation.

Team Objectives

The team objectives can be very broad topics to assess for risks. Many risk assessments that address the broad objectives, do not fully evaluate the cause which works to fulfill that objective. Risks to the mechanism of the objective is just as important to look for as evaluating the overall objectives (Gray & Larson, 2008, p. 200). It is important to evaluate the entire range of potential risks to the team’s objectives. Three team objectives should be evaluated using an impact scale.

Project Objectives

Low (1) to High (2) 1 2 3 4 5
Total Revenue – 100% 100 % loss – first 3 months < 75% loss – after first 6 months <50% loss after first 9 months <25% loss after first 11 months <0% loss after first 13 months
Special Offerings – (10 options available) Remove 1 offering Remove 3 offerings Remove 5 offerings Remove 8 offerings Remove 9 offerings
Quantity Produced – 100% Production reduced by <9% Production reduced by 10 – 20% Production reduced by 20 – 40% Production reduced by 40 – 60% Production by more than 60%

Risk Event Process

The process for handling risk events is a mathematical evaluation that estimates the impact of the risk events on the project. Risk events are a common threat to every project. Managing through every risk event requires an objective assessment of the risk event. The risk assessment form is one way to prepare for any event.

A simple example of a risk event to oranges grown in Florida is as follows (Skipp, 2010):

Risk Event Response Contingency Plan Trigger Who is Responsible
Cold Weather Losses Reduce Irrigation lines spraying warm water on the trees Temperatures drop to 33 degrees John

The standard example includes an event and the likelihood of its occurrence along with the level of impact to the project. The most important data to discover on this event is when it might occur. Since the event is just the foundation for the evaluation, additional assessment needs to occur. For example, what is the risk level of each event and what is the overall impact to the project for the entirety of the risk events. The program evaluation and review technique (PERT) simulation is a tool to help evaluate the impact of all the risk events (Gray & Larson, 2008, pp. 202-205).

Team Activities

Team activities involve the systematic process for identifying a plan, analyzing and creating a response to a risk and tracking the risk’s impact to the project.

The risk events process does not stop with identifying the risk events. Knowing how to address the risk is also necessary. The project manager or team can decide several courses of action when evaluating the risk events. The first action would be to avoid the risk by changing the project schedule or plan to remove the risk conditions. The second action would be to transfer the risk to other party like carrying construction insurance in case of a work related accident. A third action is sharing the risk which mitigates the event’s impact on the project by allowing more parties to address the event. The last one is a big decision for the project manager and team, that is retaining the risk due to its infrequency. The recognition that the risk is viable is important, but sometimes the output is more important than the possibility of the risk (Gray & Larson, 2008, pp. 205-208).

Creating a contingency plan is a response that is necessary to address risk events. When the risk is technical in nature then testing models ahead of time to reduce the risk is important, when the risk is cost or timing impactful, then scheduling the risk within the project network is important as well as budgeting the overall cost this risk may incur. When the risk is a budget cut due to unforeseen business economy issues then having a contingency plan in place to re-allocate the investment if the project is shut down or postponed is important (Gray & Larson, 2008, pp. 208-212).

The team and project owner must create a contingency plan that includes money for budget overruns or management level decisions. The fact that projects have major shifts depending on the complexity of the output means that the team should add in time buffers that take into consideration these shifts (Gray & Larson, 2008, pp. 212-214).

Handling risk events also depends on the type of risk. Most IT risks are serious due to the negative impact to business revenue that a defective computer software or hardware has. IT engineers handle the majority of these risks. Risks that are of a human resource security nature involve human resource specialists and corporate security personnel who evaluate the risk. Risks that involve property damage or environmental events like floods or hurricanes involve real estate and facility specialists. Each risk comes with a need for specialists to address the nature of the risk as well as the mathematical process to address the risk event (Pawling, 2008).

Team Output

Once all the planning is done, the execution of these risk management plans is put into action. Risk assessment should be done, and revisited throughout the project. Each new evaluation and contingency plan should consider all new information known at the time. The team should track who is responsible for responding and fulfilling actions that address project risk events.

The tracking of changes throughout the project should also be executed by the team. The change request log is an ever changing element of the team’s output and as the scope of the project changes the risk assessment needs to be changed as well. The minor and major adjustments should be noted and controlled by the team (Gray & Larson, 2008, pp. 214-218).

The recommendation for the project risk management team is to evaluate the risks to the team’s objectives in a general sense. The primary evaluation should be on the impact to the project elements that complete the objectives. The team activities include a plan that addresses an analysis and response to any risk and how to track and respond to that risk. The risk event process should include an assessment form. The contingency plan should include time and financial cushions to handle unforeseen risks to the project. The team output includes executing the risk management plan and tracking changes that occur to the project and subsequently to the risk events. Constant updates on the risk assessments require the latest information to best address the risk (Gray & Larson, 2008, pp. 218-219).

Gray, C., & Larson, E. (2008). BUS 517: Project management, The managerial process: 2009 custom edition (4th Edition ed.). Boston, MA: McGraw-Hill.
Pawling, P. (2008, January 01). Risk Management Success.
Skipp, C. (2010, January 14). Freezing in Frostproof: Saving Florida’s Oranges.

Larry Gunter, MBA is a Training Development Consultant at Verizon Wireless. You can read more from Larry on his blog, and you can contact him via his LinkedIn profile.

Recommended PM App

Recommended PM App