How to Manage Project Risk: A 5-Step Guide

Written by Coursera Staff • Updated on

The risk management process includes five steps: identify, analyze, evaluate, treat, and monitor. You can mitigate risks by avoiding, accepting, reducing, or transferring them.

[Featured image] A project manager leads a meeting with their team.

The key to a successful project lies in thoughtful planning and management. However, despite careful development, all projects carry some level of risk. Furthermore, the unique risks of each project can make it challenging to transfer lessons learned from one to the next. A continuous risk management process is one way to tackle unexpected project risks. Read on to learn more about common project risks, along with effective risk management strategies and tools.

What is risk management in project management?

In project management, risk is any potential event that can impact your project, positively or negatively. Risk management is the process of identifying and dealing with these events before or as they happen. Risk can come in many different forms—employee sickness, inclement weather, unexpected costs, and transportation delays among them.

Projects all have inherent risks. The ability to shepherd a project through risk is therefore one of the most important skills project managers are expected to have.

Risk categories in project management

Project risks can affect the time and resources required to bring a project to completion. Risks can be internal (within the control of the project team) or external (outside of the project team's control. Note the following types of risks and examples.

  • Financial risks such as rising costs, inaccurate budget forecasts, increases in labor and materials, low sales, and challenges in securing funding.

  • Strategic risks result from errors in strategy, such as choosing a project management methodology that doesn't work for the project, basing efforts on a company culture that needs updating, experiencing high employee turnover, or investing in technology that is difficult or expensive to use.

  • Performance risks result from team members' missed deadlines, delays, undefined goals, and key performance indicators (KPIs), using insufficient or outdated market research, and scope creep (when initial goals expand or shift away from a project’s original intentions).

  • External risks occur outside of the control of the project team, such as changing laws and regulations, market volatility, inclement weather, vendors' missed deadlines, labor strikes, civil unrest, vandalism or damage, and supply chain issues.

  • Positive risks (opportunities) are unexpected but have a positive effect on your project, such as finishing tasks earlier than expected or under budget, outperforming original goals, becoming more efficient with a new tool, or benefitting from a policy change.

What is the most common project risk?

A common project risk is scope creep. Adding unplanned project tasks, changing the project’s objectives mid-course, or incorporating new stakeholder requests are all examples of scope creep. The longer a project lasts, the more likely it is to experience scope creep.

Risk management vs. risk mitigation

The risk management process entails planning for and anticipating risks. Risk mitigation strategies are tools used to address risk when it happens.

Placeholder

How to manage project risk

It's important to understand common risk management processes and risk mitigation strategies so that you can drive successful project outcomes. The risk management process  helps you plan for and anticipate risks, while mitigation strategies offer tools to deal with them if they do happen.

The risk management process, or lifecycle, is a structured way of tackling risks that can happen in your project. Though you’ll find some slight variation, the risk management process, or lifecycle, generally follows the steps listed below. This process helps address both positive and negative risks.

1. Identify risks.

The first step to getting a grasp on potential risks is to know what they are. In this step, you’ll identify individual risks that might affect your project by making a list (or spreadsheet) of risks that might arise. Examples of common project risks include implementing a new technology program for the project, having a poorly defined project objective or deliverable, and not having adequate measures to protect the health and safety of project team members.

Use your own project management expertise and consult similar past projects to see what challenges you might expect. You’ll also want to have stakeholders, team members, and subject matter experts generate ideas with you; they may bring fresh insights that can help strengthen your perspective.

2. Analyze potential risk impact.

In the risk analysis stage, you’ll explore the probability of each risk occurring, as well as the potential impact each risk will have on your project. You could begin putting this list of risks in a risk register—a chart that lays out each risk, followed by information like priority level and mitigation plans. You can record both qualitative and quantitative information.

3. Assign priority to risks.

In this stage, you’ll assign priority to risks by using the probability and impact of each risk to determine their risk levels. This means assigning each risk a high, medium, or low priority based on the factors you’ve determined. Evaluating your risks gives your team the chance to see where to focus their energy in mitigating risk.

4. Mitigate risks.

Come up with a plan to mitigate each risk and record these plans in your risk register. What is risk mitigation? The four most common ways to mitigate risks include avoiding, accepting, reducing, and transferring. Deciding which approach to use for each risk isn’t an exact science, and you’ll have to use your judgment and expertise to determine which is best.

  • Avoid: While you can’t avoid every risk,  it can be a good idea to do so when you can. Avoid a risk when the probability of it happening is high. Has a partner vendor gained a reputation for providing low-quality work? Try to find a different one. Are you event-planning during the rainy season? Move the event indoors or to a sunnier season.

  • Accept: Accepting risks can make sense if they have a low chance of happening and will have a low impact on your project. Ultimately, if the risk does happen, it shouldn’t derail your project. Say you’ve ordered sunflower arrangements for a wedding reception, but the florist mentions a small chance of running short and having to replace some with tulips. Since the probability of risk is low and having tulips instead of sunflowers won’t upend the wedding, you might accept the risk instead of troubling yourself to find a new florist.

  • Reduce: Reducing risk means changing elements in your plan to minimize the risk’s probability of happening or potential impact on your project. Medium and high risks are good candidates to reduce. Reducing usually requires some effort or investment. For example, a project manager could hire new team members if the team is falling behind on work. This might also mean including risk-reduction tactics in your project plan. Time buffers for complex or time-sensitive tasks can allow you some flexibility if work starts to fall behind. Having a contingency budget can help absorb unexpected costs if they arise.

  • Transfer: Transferring risks entails shifting the risk to another party outside of your project. This can mean obtaining an insurance policy or outsourcing parts of the work to a third party. The risk might still occur, but the direct impact on your project will be absorbed by somebody outside of your project. 

5. Monitor risks.

In the last step, set up a process to monitor each risk as your project begins. Assigning team members to keep an eye on specific risks and mitigate them ensures you’ll have a constant sense of where the risks are and how likely they are to happen, so you'll be ready to tackle them if they occur.

Risk management is an important part of project management because risk is almost inevitable in any project. Listen to Stanton, a program manager at YouTube, talk about his experience managing risk throughout his career in the video below.

Tools to manage risk

Tools can provide you with structure for your team’s thoughts and efforts, and serve as a point of reference throughout a project. The following are a few you might consider using in your risk management process.

  • Risk management plan: A risk management plan is generally a living document that contains all information related to risk in your project. This can contain an executive summary, your risk register, mitigation plans, risk owners, and any other information pertaining to risk. Project managers may update the document as the project progresses and needs fluctuate.

  • Risk register: A risk register, also known as a risk matrix, is a chart that contains all the risks associated with a project, as well as their priority levels, mitigation plans, and other important details. You can turn to project management software to compile risk registers. You may also choose to create your own in a spreadsheet. 

Below is what a risk register might look like as a project team prepares a company offsite.

RiskProbabilityImpactRisk levelOwnerMitigation plan
Adverse weather50%HighHighProject managerAvoid: Choose indoor venue
Transportation for participants is delayed10%LowLowEvent coordinatorAccept
Catering costs $1,000 more than expected30%MediumMediumEvent coordinatorAvoid: Find caterer that can guarantee a fixed price up front
Activities may lead to injury10%MediumMediumLegal associateTransfer: Require liability waivers

Read more: 12 Project Management Books for Beginners

Learn how to identify risk in project management on Coursera.

Project risk refers to any variable that could alter the timeline or final outcome of a project. Taking online courses can be a great way to learn processes and strategies for mitigating project risk. Start learning today in a top-rated course from Coursera:

In the University of California, Irvine's course, Managing Project Risks and Changes, you'll gain insights into developing responses to risks and analyzing project changes. This course takes approximately five hours to complete.

To build up-to-skills in project management, consider SkillUp EdTech's Modern Project Management Specialization. This program takes about two months to complete and covers risk management, effective communication, working with clients, and more. Inside, you'll find guidance on building a portfolio that showcases your new skills. Additionally, you’ll find resources to help you practice for the Certified Associate in Project Management (CAPM)  exam.

To explore project management more broadly and earn a credential, consider the Google Project Management Professional Certificate. In as little as six months, you can build skills for an entry-level role in this field and earn an industry-recognized credential from Google.

Updated on
Written by:

Editorial Team

Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...

This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.