Why manage risk: a strategy every project manager should know about

Let's learn how to apply risk management in practice, so that you don't have to deal with the consequences of miscalculations. A guide for project managers is in this material.

Project risk management

We didn't budget for the possible extra costs - we had to look for money, move the deadlines, and panic.

Do not calculate how much time it will take to design the site, taking into account the edits from the customer - delayed the terms, lowered their credibility rating, reputation and hope for a client who comes on the word of mouth.

If in these and not only these cases the principle "Do well - it will be fine," then risk management would not exist, as well as the risks themselves.

But, they are there. Only a manager who knows how to work with them will reduce the level of headaches and reduce the number of problems.

PwC surveyed 120 board members and senior executives in 2020. The large-scale survey revealed a need for strong risk management.

Is it possible to calculate all the risks? Definitely not. In addition to internal risks, there are external, circumstantial risks: natural (cataclysms), state (adoption of new laws). No project is insured against risks.

At the same time, risk management is not an intuitive search for hazards, but a systematic action. For this purpose the world has adopted international and national standards in risk management: COSO ERM, ISO 31000.

And to prevent problems there are organizations: FERMA, IFRIMA (International Federation of Risk and Insurance Management Associations). The most successful teams that have prevented risks are awarded the European Risk Management Awards.

How not to turn away from risks, and learn how to subdue them and prevent them so you don't have to fight the consequences - details in this article.

"It's enough to manage a project by managing its risks."

A risk is an event that is likely to happen or not happen. When a risk is realized, it becomes a problem. Let's say a marketer has a risk of not having time to send an expert comment in an article to a reputable media outlet. For some reason he doesn't send it, and the article comes out with another expert's commentary.

So the marketer missed a chance to increase his recognition, recognition of the agency in which he works and to earn points of trust. Risk-manager (this can be a project-manager) will calculate in advance how not to burden the marketer with additional tasks and better control the implementation of strategically important task.

"It's enough to manage a project by managing its risks."
© Tom Demarco, software engineer, writer

What kinds of risks are there? Time risks, budget risks, risks of changes in the scope of work, interrelated risks (when you can't start the second task until the first one is done).

Why is risk management important?

With this discipline, the manager identifies, assesses, and controls financial and legal risks. This helps to avoid problems and reduce the likelihood of failure.

Important: All risks cannot be warned once at the beginning of a project and forgotten about. Risk management is a regular process, constantly "turning your head" toward likely hazards.

Is risk management handled by one person? More and more companies today are opting for a systematic approach that involves the entire team. Since every employee faces risks, everyone is responsible for the overall work.

Project managers set up open, transparent communication and allocate responsibilities in the task tracker for this.

Usually this role is taken over by the top or project managers when planning a project and drawing up a roadmap.

Components of risk management

Companies in construction, aviation, energy, insurance and finance, and healthcare use the ERM system to manage risks. This is a stricter regulation - it suits companies where risks are too high. But it can also be partially applied to other areas by adjusting it to your own needs.

Components of ERM (Enterprise risk management):

  1. Internal environment: corporate culture, company values, management philosophy regarding risks.
  2. Goal-setting: this component is related to the planning of goals, objectives that will be consistent with the mission of the company.
  3. Event Definition: identifying important business sectors and related events that may carry risks.
  4. Risk assessment: it is important to understand the financial impact of the risk.
  5. Reaction: there are several ways: 1) risk avoidance (stopping an activity that has risks); 2) reduction; 3) sharing (insuring one's product, property; that is, sharing risks with a 3rd party); 4) acceptance.
  6. Control: how to prevent a problem with increased control, for example, by installing an alarm system - you will prevent the risk of theft.
  7. Information and communication: transparency in these processes, quality collection and processing of information for analysis.
  8. Tracking: analysis of processes, timely response.

Guide: how to manage risk

The risk management process is like a map of terrain with vantage points, at each of which you have to check in, go up and check out what's next.

There are five such "items" in total. They correspond to 5 verbs and are similar to the components of ERM, but for convenience in a more simplified form: identify, analyze, evaluate, "treat" (reduce risks) and control.


Identify the likely risks, make a table. Examples of risks: poor security conditions for the team, blurred customer purpose, new software implementation. At this stage, it is important to consult with stakeholders, study similar experiences, and consult auditors.


Examine the likelihood of each risk and how it affects your project. In the table, indicate the level of priority and spell out plans for how to mitigate if anything happens.

Evaluate (prioritize risks)

Prioritize risks based on an analysis of likely consequences. This can be a high, medium, or low priority. The assessment will help you and the team see where the right resources are to be focused to reduce risk. That is, what to do first.

Reduce risk

Make a plan for how to mitigate each of the risks and write it down in the table. Here are 4 strategies for dealing with risks: avoid (the risk of heavy rain - do not plan the event on that day), accept (if the risk is not so high, or can not be avoided), reduce (put a temporary buffer, attract additional investment), transfer (delegate some work to a 3rd party).


Keep track of each risk as you implement the project. Designate responsible team members. This way, you'll feel like you have the risks under control. If they manifest, you'll be ready to take action.

Risk management is a critical part of project management. Remember that risks are inevitable in any project. Don't become a hostage to control, who "shakes" as if anything happens. After all, there are circumstances - it is impossible to manage them in an era of uncertainty. Cold calculation and rational approach are your main "friends".

Pay attention to a sound strategy and how you will react if the risk does materialize. Over time, with experience, you will learn how to deal with any risks in your project.