How to Manage Project Risk: A 5-Step Guide

Written by Coursera Staff • Updated on

The risk management process includes five-steps: identify, analyse, evaluate, treat, and monitor. You can mitigate risks by avoiding, accepting, reducing, or transferring them.

[Featured image] Three coworkers look at a sheet of paper while discussing project risk.

What is risk management in project management?

In project management, risk is any potential event that can impact your project, positively or negatively. Risk management is the process of identifying and dealing with these events before or as they happen. Risk can come in many different forms—employee sickness, inclement weather, unexpected costs, and transportation delays among them.

No project is without risk. The ability to shepherd a project through risk is therefore one of the most important skills project managers are expected to have.

Risks commonly affect the following aspects of a project.

  • Budget: Risk can shift the amount of money you need to complete a project.

  • Schedule: Schedules and timelines can face delays or unexpected changes.

  • Scope: Initial goals can expand or shift away from a project’s original intentions, leading to scope creep.

Risks can also have the following characteristics:

  • External risk: An external risk is a risk outside of the control of the project team. These can include, for example, a contracted vendor missing deadlines or inclement weather.

  • Internal risk: Internal risks are risks that a project team can control. Some examples include project members not meeting deadlines or inaccurate budget estimates.

  • Positive risk (opportunity): Not all risks are bad. A positive risk, also known as an opportunity, is an unexpected event that can have a good effect on your project. The results of positive risk might include finishing tasks earlier than expected or under budget or outperforming original goals. Positive risks might happen due to internal factors, like team members becoming more efficient with the help of a new tool, or external factors, like a policy change that aids your project.

Read more: 4 Phases of the Project Management Lifecycle Explained

How to manage project risk

You will want to understand a typical risk management process and risk mitigation strategies. The risk management process will help you plan for and anticipate risks and mitigation strategies will give you tools to deal with them if they do happen.

Risk management process

The risk management process, or lifecycle, is a structured way of tackling risks that can happen in your project. Though you will find some slight variation, the risk management process or lifecycle, generally follows the following steps. This process can be used for both positive and negative risks.

1. Identify 

The first step to getting a grasp on potential risks is to know what they are. In this step, you will identify risks that might affect your project by making a list (or spreadsheet) of risks that might arise. Use your own project management expertise and consult similar past projects to see what challenges you might expect. You will also want to have stakeholders, team members, and subject matter experts generate ideas with you; they may have insight into the field that you have overlooked.

2. Analyse 

In this stage, you will list the probability of each risk occurring, as well as the potential impact each risk will have on your project. You could begin putting this information in a risk register—a chart that lays out each risk, followed by information like priority level and mitigation plans. You can record both qualitative and quantitative information.

3. Evaluate 

In this stage, you will assign priority to risks by using the probability and impact of each risk to determine their risk levels. This means assigning each risk a high, medium, or low priority based on the factors you have determined. Evaluating your risks gives your team the chance to see where to focus their energy in mitigating risk.

4. Treat 

Come up with a plan to mitigate each risk. We will go into how you can treat risks in more detail below. Record these plans in your risk register as well.

5. Monitor 

In the last step, set up a process to monitor each risk as your project begins. You can do this by assigning team members to keep an eye on specific risks and mitigate them. This makes sure you will have a constant sense of where the risks are and how likely they are to happen, so you will be ready to tackle them if they do occur.

Risk mitigation: The process of dealing with risks

The risk management process lays out a path for you to deal with risks before they happen. But what are the actual ways you can mitigate them? Avoid, accept, reduce and transfer are four common ways to mitigate risk. Deciding which step to use for each risk is not an exact science, and you will have to use your judgement and expertise to determine which is best. Here is some more detail and guidance on each mitigation tactic.

1. Avoid 

Not all risks can be avoided, but it can be a good idea to try to keep it at bay, when you can. Avoid a risk if there is a high chance that a risk will happen. Has a partner vendor gained a reputation for providing low-quality work? Try to find a different one. Are you event-planning during the rainy season? Move the event indoors or to a sunnier season.

2. Accept 

However, accepting risks at times, can make sense if they have a low chance of happening and will have low impact on your project. Ultimately if the risk does happen, it should not derail your project. Say you have ordered sunflower arrangements for a wedding reception, but the florist says there is a small chance they will not have enough and will have to replace some with tulips. Since the probability of risk is low and having tulips instead of sunflowers will not upend the wedding, you might accept the risk instead of troubling yourself to find a new florist.

3. Reduce 

Reducing risk means changing elements in your plan to minimise the risk’s probability of happening or potential impact on your project. Medium and high risks are good candidates to try and reduce. Reducing usually requires some effort or investment. For example, a project manager could hire new team members if the team is falling behind on work. 

This might also mean including risk reduction tactics in your project plan. Time buffers for complex or time-sensitive tasks can allow you some flexibility if work starts to fall behind. Having a contingency budget can help absorb unexpected costs if they arise.

4. Transfer

Transferring risks entails shifting the risk to another party outside of your project. This can mean obtaining an insurance policy or outsourcing parts of the work to a third party. The risk might still occur, but the direct impact on your project will be absorbed by somebody outside of your project. 

Risk management is an important part of project management because risk is almost inevitable in any project. Do not worry—it is rare to ever completely eliminate risk. Listen to Stanton, a program manager at YouTube, talk about his experience managing risk throughout his career in the video below.


Tools to manage risk

Tools can provide you structure for your team’s thoughts and efforts and serve as a point of reference throughout a project. Here are a few you might consider using in your risk management process.

  • Risk management plan: A risk management plan is generally a living document that contains all information related to risk in your project. This can contain an executive summary, your risk register, mitigation plans, risk owners, and any other information pertaining to risk. Project managers may update the document as the project progresses and needs fluctuate.

  • Risk register: A risk register is a chart that contains all the risks associated with a project, as well as their priority levels, mitigation plans, and other important details. A risk register might also be called a risk matrix. You can find project management software that can help you compile risk registers or else create your own in a spreadsheet. 

Here is what a risk register might look like as a project team prepares a company offsite.

RiskProbabilityImpactRisk levelOwnerMitigation plan
Adverse weather50%HighHighProject managerAvoid: Choose indoor venue
Transportation for participants is delayed10%LowLowEvent coordinatorAccept
Catering costs $1,000 more than expected30%MediumMediumEvent coordinatorAvoid: Find caterer that can guarantee a fixed price up front
Activities may lead to injury10%MediumMediumLegal associateTransfer: Require liability waivers

Learn how to manage risk in your project

There are many parts to managing risk, including a formal process to plan for risk and several strategies to use to mitigate them. If you are looking for a way to learn risk management formally, you can self-study or enroll in a project management course, like the Google Project Management: Professional Certificate.

Keep reading

Updated on
Written by:

Editorial Team

Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...

This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.