Developing an Effective Risk Management Plan

June 16, 2020 •

When problems arise mid-project, it generally isn’t due to some unforeseen, unavoidable  circumstance, but rather to a misstep or series of missteps that could have been avoided with proper planning. That, in essence, is the risk management definition (by Oxford Dictionary): “the forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their potential impact.”

Whether you’ve landed here because you’ve learned the consequences of not enlisting risk management the hard way, or you simply wish to avoid the plight of your peers who have, proceed forward to find out exactly what it takes to assemble a rock-solid risk management plan to keep future projects on track.  

Identify Potential Risks

The first step in the risk management process is to identify any and all potential risks that could negatively impact a project team member’s ability to successfully manage their portion of a given project. With diligence and a good deal of collaboration, you and your team will be able to gather all such potentialities and assemble them into a single document, known as a risk register, which you will be able to reference throughout the course of the project. 

Creating A Risk Register

As with any other phase of a project, compiling potential risks into a risk register is a collaborative effort. In the interest of being thorough, ask yourself and your project team the following questions regarding the scope, budget, resources, timeline, and your team’s ability to deliver.

  • Scope Is the scope of this project within the existing abilities of the risk management team you’ve assembled? Are there any tasks that your team does not have experience with? If so, will you need to add anyone to the team, and have you accounted for any risks that might arise as a result?
  • Budget Have you put together a detailed budget for this project? To what degree might you risk running over?
  • Resources Are the resources you have in place going to be sufficient to complete this project? Will your team require any additional training, credentialing, or background checks before they are able to participate?
  • Timeline Have you scheduled an adequate amount of time to complete this project? Are there any conflicts that need to be addressed before you can begin?
  • Deliverability Is it absolutely reasonable to believe you can deliver on this project? Is there anything you think might hinder your team’s ability to do so?

Gathering Your Data

Of course, before you can assemble your risk register, you’ll need a whole hoard of data to fill it out with. As we’ve mentioned, this is intended to be a collaborative effort. As a project manager, it simply isn’t a feasible task to undertake on your own. Here are some tools you and your team can use to gather the data you’ll need.

Assumption Analysis

To avoid falling victim to inaccurate assumptions posed during the project, your team should start by documenting all that you can think of collectively. Then, identify any risks that each assumption may pose, if inaccurate, and decide whether or not each assumption is valid given the level of risk it may entail if proven otherwise. 

Thought Showers

Formerly known as “brainstorming,” the idea here is to hold a spontaneous discussion amongst your most trusted team members and compare notes regarding all risks that each individual may foresee. This helps to fill in any gaps and avoid taking on any unforeseen risk.

Seek Expert Guidance

It is not a sign of weakness, but rather one of humility and responsibility, to seek out the guidance of those more knowledgeable than yourself in a given field. Seek out this type of wisdom when available, as it can be a great asset to your project. Just remember to evaluate their opinion for potential biases, as you would any other. 

Hold A Facilitated Workshop

A facilitated workshop provides an invaluable opportunity to gather together all major players into one room, including both stakeholders and the various department heads in your company. In this unique environment, everyone with a vested interest in the success of the project gets the opportunity to work through potential differences in opinion, helping to build trust and achieve alignment toward the common goal. 

Interviews and Assessments

It may also behoove you to hold interviews with team members, industry professionals, and anyone else who might be able to shed light on potential pitfalls your project may encounter. Use self-assessments, surveys, and questionnaires to evaluate your existing crop of potential risks as well as the viability of your team members.   

Analyze Potential Risks And Opportunities 

Once the above has been thoroughly addressed, the next step is to put your data through a series of analyses, based on both qualitative (type and severity) and quantitative (likelihood of occurrence) measures. 

Strengths, Weaknesses, Opportunities, and Threats (SWOT)

During this exercise, your risk management team will brainstorm for all four parts listed above, group all related items into appropriate categories, and then rank each item in relation to one another. This will leave you with a ranked lineup from which you can draw the further analyses.

Qualitative and Risk Analysis

Here, your project management team will put together a narrative of possible scenarios (if/then) and assign value based on the likelihood and severity of risk involved should each come to pass.

Quantitative Risk Analysis

This is the portion where you will take all of the information gathered in your qualitative analysis and quantify it. The main idea here is that at the end of it, you will hold a series of figures that illustrate the likelihood and potential cost (time and money) should each contingency come to fruition. Later, these will be included in your assessment of total risk. 

Evaluate For Likelihood And Severity

Once you understand the scope and potential cost of each risk individually, the time comes to make a judgement call on each of them.

  • How likely is each one to reach fruition? 
  • What is the cost?
  • Can we mitigate the risk? If so, how? 
  • Which risks warrant prioritization?

The answers to these questions will help you identify the most acute threats to your project, and aid you in prioritizing their solutions during the next step of the process.

Risk Response Planning

Now that you have identified, quantified, analysed, and prioritized each potential risk, it is time to figure out how you’d plan to address each one. There are five contemporary methods used to treat threats to your project, and it is up to you to decide the one best fit to combat each one.

  • Avoid it In certain cases (not all) you can simply avoid the risk inherent to a certain task by removing said task from the project plan altogether. While this is certainly a tidy solution, it is not always a feasible one.
  • Accept it In cases with no other obvious solution, you might just be willing to bite the bullet and take the risk on the chin. Sometimes the juice is worth the squeeze.
  • Prepare for the worst and hope for the best This timeless strategy is reserved for those situations that are too impactful for you to simply accept outright, and that there is little hope of avoiding altogether. In cases such as these, you will develop a detailed response plan to mitigate each eventuality, and monitor closely to set your plans into motion immediately should they occur to minimize the cost.
  • Minimize it You might also choose to mitigate the severity of certain risks that appear somewhat likely to come about. One way to achieve this is to attempt to reduce the likelihood that it will actually happen. Then, you will want to plan to minimize the potential impact it causes if it still does. This is the most proactive strategy.
  • Transfer the risk to another party Some projects are simply too large or too complex for you and your project management team to tackle alone. In these cases, the best practice is to outsource some of the work to private contractors or other experts in the field(s) where you lack expertise. Now, sharing the work also means sharing the risk. With careful documentation, you will be able to unload some of the risk onto these parties and avoid things like workers’ compensation and other liability suits. 

Risk Management Evaluation

The final step in project risk management is to monitor and evaluate your response plan as the project unfolds. Were there any unforeseen risks that slipped through the cracks during brainstorming sessions? Was your quantitative analysis accurate, or did one of the foreseen circumstances cost you more (less?) heavily than expected? How about your quantitative analysis? Were there occurrences which, in hindsight, seemed destined to happen which you failed to adequately prepare for?

Risk management is an ongoing, and perpetually-evolving facet of any high-functioning organization. There is going to be inherent risk in any large business undertaking, but mastering the details of the risk management process will help you to shift the odds in your favor and allow your business to flourish.

Need to build customer relations in your business? Visit NOW Insurance for more information.


  1. Business Credentialing Services. Your Complete Guide to Developing an Effective Risk Management Plan.
  2. Project Manager. The Risk Management Process in Project Management.