#1 Risk Management Approach


Experts say that a strong risk management approach can decrease problems on a project by as much as 80 or 90 percent. The #1 Risk Management Approach describes Approach to Risk Management as a comprehensive knowledge area.

In combination with solid project management practices, having a well-defined scope, incorporating input from the appropriate stakeholders, following a good change management process, and keeping open the lines of communication, a good Risk Management Approach is critical in cutting down on surprises, or unexpected project risks.

Such a process can also help with problem resolution when changes occur, because now those changes are anticipated and actions have already been reviewed and approved, avoiding knee jerk reactions. laying down the purpose, objectives, responsibilities and scope for risk management within this particular project.

Consider the project management team and other key stakeholders (for example third parties), when defining risk responsibilities. The scope of risk management is also important as it helps clarify the boundaries of risk management, and by inference clarifies what aspects of risk will need to be managed by others to support the risk management strategy.
This article describes the risk assessment approach identified to rank research topics in a road mapping approach.

Risk Planning #1 Risk Management Approach

Risk management planning is the key to establishing a common understanding of the project’s key parameters/metrics, the sensitivity of those parameters, management’s risk tolerance, as well as establishing the practical aspects of how the process will work and how the results will be documented and reported. The program manager and a small cadre of key project members can best perform this planning activity

In the planning process, the key Program Evaluation Criteria need to be agreed to and established. They can be categorized into various impact areas: Business Performance, Product Capability, Schedule, Costs etc.

Similarly, the overall risk sensitivity of the project should be established. This can be done by determining how the likelihood/probability of a risk event occurring is defined. Is the likelihood of an event considered high if it has a 50% chance of occurring? Low? Medium? The characterization of a likelihood as high/medium/low will vary widely across various industries, companies within an industry and even among various projects within a company.

Risk Identification #1 Risk Management Approach

Risk identification is the next step in the process and it forms the basis for all the future activities. This is the step where the hard work of drawing out concerns, frustrations and risks must occur. It is an activity worth spending considerable time to complete. During this step, the program manager has to work hard to control his/her emotions and let everyone have their say. Program managers may feel as if they are under attack or be simply overwhelmed with the magnitude of the risks being identified. One has to maintain a view that developing a plan to handle these risks now is easier than waiting until late in the program and have a totally unexpected ‘gotcha’ arise.

The appropriate timing for an initial risk identification session can be somewhat tricky to determine but it should be held early, soon after the basic program requirements, milestone dates, etc. have been outlined, but before the budget and business case are baselined. Done properly, the risk identification session should identify areas that require additional effort, money, time, etc. impacting the business case/budget.

Risk Assessment #1 Risk Management Approach

This is where the Project or Risk Manager schedules a workshop with the core team to assess the risks already identified. A 3X3 matrix similar to that shown in (Exhibit 1) can be used to capture the relative importance of various likelihood/consequence combinations. The agreed relative importance of various likelihood and consequence combinations is captured in this example by the Roman numerals shown in each circle. In this case, risk events with a medium likelihood but a high consequence are considered to be more important than a high likelihood but medium consequence event. How those trade-offs are made are unique to each Project, Company and Industry.

#1 Risk Management Approach

As part of the risk ID meeting, allow the identifier of the risk event also characterize their risk by placing it on a 3′ X 4′ version of the Risk Priority Matrix. Their assessment can often be ‘inflated’ (i.e. high likelihood, high consequence) in the broader project view but it provides a starting point. Since everyone believes their job/function is most important, people tend to rank those risk events related to their job the highest. 

This ‘inflation’ is best addressed by repeating the assessment step, maybe with a subset of the team, at a subsequent session once all the risks have been identified. This session can also be used to ‘combine’ similar risks to eliminate redundancies. A program manager must be careful, however, to not unwittingly eliminate a risk as being redundant when in fact there is a nuance, that is key.

An important aspect is also to create Risk Response Plans as part of Risk Management Meetings and assign ownership for the different Risks identified.

Risk Monitoring & Controlling #1 Risk Management Approach

Once the risks have been identified, assessed, and risk response plans generated, the work associated with monitoring and controlling begins. Monitoring and controlling involves determining if a triggering event has occurred and initiating the response plan when appropriate, monitoring for changes in the environment leading to changes in the likelihood/consequence of an event and tracking to ensure the continuing viability of a response strategy/plan. All of this must be tracked and reported through some logical process.

Risk Reporting #1 Risk Management Approach

Tracking and reporting on the risk management process can be accomplished using a relatively simple matrix. Such a matrix captures all the aspects associated with each risk event (risk item definition, likelihood, consequence, response strategy, response plan, trigger event, closure date, etc.). Recording the risk items within a worksheet program allows the risk item list to be readily sorted and/or filtered. The structure is also simple enough that others will be more inclined to use it. Depending upon the sophistication level of those involved in the tracking process, a more extensive database program can also be used.


Using a risk management approaches will improve the operation of a program by improving overall visibility, facilitating communication and providing an excellent basis for capturing lessons learned. A successful risk management process involves all the program participants, evaluates risks against established criteria, develops risk responses plans in advance of the occurrence and has triggering events identified. By having documented plans and an on-going process, the number of ‘knowable’ risks is minimized providing more capacity to respond to those that are truly ‘unknowable’. This will increase a program’s chances for success and reduce the number of sleepless nights for the program manager.