Project Management

Project Risk Management | Risk Management Plan

risk management guide

This article will explain project risk management methodology, risk analysis, risk management process, and project risk management plan.

What is Risk?

Risks are the unforeseen events that may have negative or positive effects on a project’s goals. These events may originate from different types of resources such as poor management, financial errors, security threats, accidents, and severe climatic conditions.

Many engineers think that risks have always negative effects on the goal of the project’s goal. However, during the life of the project, some risks which have positive effects on a project may occur. Best practice for risk management involve identification, assessment, and prioritization of risks throughout a life cycle of the project.

The Steps of the Risk Management Process

Every activity in the projects has a risk. Team members usually begin establishing a risk management process by analyzing the things that may go wrong. Because problems may inevitably arise from unexpected origins. In order to establish an effective risk management strategy, some basic steps should be followed.

Recommendation of The PMBOK Guide for effective risk management:

  •  Planning
  •  Identification
  •  Analysis (Qualitative and Quantitative)
  •  Response Planning
  •  Monitoring and Controlling

Risk Management Terms

1.Risk Management

Risk management is a process of understanding and managing the risks of the project in a proactive manner. Risk management involves strategies such as Acceptance, Avoidance, Reduction, Transfer, and Sharing.


The issue is a risk that has already happened. Although, a risk is an event that has the potential to cause loss. On the other hand issue is a current problem.

3.Issue Management

Issue management is the practice of cope with current problems. Decision making and problem-solving are common techniques for issue management. However, risk management strategies (Acceptance, Avoidance, Reduction, Transfer, Sharing) are different from issue management strategies.

4.Known Risks

They are the risks that can be identified and analyzed before they occur. For example one of your project’s main subcontractor terminated the contract agreement with you during a critical phase of the construction project. You analyzed this risk before it’s occurrence and bring another qualified subcontractor for the same work quickly.

To manage known risks, contingency reserve is added to the project’s budget.

5.Unknown Risks

Unknown risks are the risks that can’t be identified and analyzed before their occurrence. A risk response planning isn’t possible to manage this type of risks proactively. For example, you are building a dam project and during the construction works of social events occurred. We add the Management reserve to the project’s budget to manage unknown risks.

6.Negative Risks

Negative risks are threats that have negative impacts on the project. Negative risks may cause loss of time, money loss, stakeholder and customer dissatisfaction. To manage negative risks efficiently minimizes or removes their negative impacts.

For example, a machine malfunction may slow down your productivity. If it happens you can’t finish the activities on time

7.Positive Risks

Positive risks are the desired opportunities or events that have positive impacts on the objective of the project. Project manager and stakeholders get satisfied in case of their occurrence. Increasing their probability of occurrence is a good risk response strategy.

For example, your company is conducting a healthcare project. The owner will pay a bonus in case of early delivery. If it happens, your planned profit rate for this project will increase.

8.Residual Risks

Residual risks are the risks that remain after implementing a risk response plan. It is difficult to remove the risk completely so that the remained risk is deliberately accepted.

For example, a transportation company reduces the risk of an accident by improving maintenance. However, a residual risk remains due to the driver’s fault.

9.Risk Threshold

Risk threshold is the amount of risk which an organization can accept. For example, a firm has a policy that if risk increases the project’s direct costs not more than 10% is acceptable. However, a percentage of more than 10% isn’t a value that the company is willing to accept.

10.Risk Owner

A risk owner is a person who manages controls and monitors the identified risks within a project. Also, the risk owner is responsible for the implementation of risk response strategies.

11.Risk Tolerance

Risk tolerance is the degree of risk that an organization can accept (or absorb).

12.Risk Trigger

A risk trigger is something that stimulates a risk to arise. For example, poor maintenance is a risk trigger for machine malfunctions.

13.Secondary Risk

A secondary risk is a new risk that is occurred as a result of risk treatments.

A Guide for Project Risk Management Plan

People face risks in their everyday life. Likewise, people, organizations, companies, and projects face risks in their life cycle. Based on the risk circumstances and type, they practice methods to overcome these risks. Project risk management is a significant process that aims to manage these risks and eliminate the destructive effects of them. Project risk management plans are the road maps that use techniques to response risks and issues.

What is a Project Risk Management Plan?

The risk management plan is a document is an extensive document which describes how risk management will be managed throughout the projects’ life cycle. A risk management plan is needed in order to manage the risks of the project.

Processes of the Project Risk Management Plan

Here below are the processes to be performed while creating a project risk management plan:

• Plan Risk Management
• Risk Identification
• Risk Analysis
• Risk Response Planning
• Risk Monitor and Control

1.Plan Risk Management

Plan risk management process is the first process of a risk management plan. In the Plan Risk Management process, you define how the project manager or project team will conduct risk management activities throughout the construction project. You should also define the specific project approaches, artifacts, and organizational policies for risk management.

The cost management plan, project scope, schedule management plan, enterprise environmental factors, and organizational process assets are the inputs of the plan risk management process.

2.Risk Identification

Identifying risks is necessary to define and categorize your project’s risks. In the Risk Identification process, you should define how the project team will identify risk and document risk characteristics. You should also define the techniques of how the project team will utilize to identify and characterize risks, for instance, brainstorming, assumption analysis, root cause analysis, expert judgment, etc.

Creating a risk register is a part of the risk identification process.

3.Risk Analysis

After the identification of all risks of a project, the next step is to analyze each risk using qualitative and quantitative risk analysis techniques. Probability of occurrence and level of impact are two criteria used for evaluating risks. Qualitative risk analysis process relies on determining probability occurrence and level of impact of each risk. On the other hand, quantitative risk analysis relies on numerical and statistical analysis. Expected monetary value, decision tree analysis, Monte Carlo Simulation techniques can be used for quantitative risk analysis.

4.Risk Response Planning

In the Risk Response Planning process, you should define how the project manager or project team will improve options and take actions to minimize threats and develop opportunities for construction project goals. Risk response strategies for negative risks and positive risks are different. It’s impossible to eliminate all the project risks.

Below risk response strategies can be used for positive risks

  • Exploit
  • Enhance
  • Share
  • Accept

Below risk response strategies can be used for negative risks

  • Avoid
  • Transfer
  • Mitigate
  • Accept

You should also determine the high-level risk response strategies the project manager may use such as avoidance, acceptance, monitor and prepare, mitigation, transference, etc.

5.Risk Monitoring  and Controlling

In the Risk Monitor and Control process, you should define how the project team will monitor and control identified risks, will identify new risks and will close outdated risks. Risk monitoring and control process is required to keep track of the risks.

It’s not possible to identify all the risks during the planning phase. Therefore project team should continue to identify new risks throughout the project. In this step also you should describe the communication line between the risk response owner and the project manager. Holding status meetings regularly helps to control and monitor risks effectively.

Download Template

See Also

Procurement Management In Construction