Every project has its risks. Whether it’s a tight budget, a client who changes assignments every week, or a bickering management team you report to. Risks are an integral part of every project. But as a project manager, you can manage, mitigate, or even eliminate risks. How do you do it? Find out in our article, along with 5 proven tips from practice.

What are project risks and how they differ

Risk is any uncertainty that can affect the outcome of a project. Risk is defined by its probability and impact. Therefore, a risk may or may not occur during the course of a project – it is uncertain.

There are 4 types of uncertainties in project management:

• Unknown-knows
• Unknown-unknowns
• Known-unknowns
• Known-knowns

It’s important to note that the likelihood of a risk occurring will always be uncertain. We can never change that. This fact comes from the very definition of risk.

Our goal as project managers is to turn all types of uncertainty into the category of the known-knowns. This is because these are the most manageable uncertainties, where we are only threatened by their uncertain likelihood. 

The process of managing uncertainties or risks then looks as follows:

• unknown-unknowns -> known-unknowns -> known-knowns
• unknown-knowns -> known-knowns

What the single uncertainties mean and how you can modify the uncertainty type is described in the table below.

UNKNOWN-KNOWNS – forgotten or hidden knowledge (often within organizations that don’t document their employees’ knowledge and findings) – the aim is to improve knowledge management (recording and sharing) e.g. through facilitating discussions between people	KNOWN-KNOWNS – risks that we know about but whose likelihood is uncertain (and irreversible) – easiest to manage and mitigate
UNKNOWN-UNKNOWNS – things we know nothing about and don’t even know that we don’t know anything about – the aim is to spot these risks as early as possible and find out as much as possible about the context. That’s how we’re going to know them. – we should ideally set up a process that allows us to spot the first signs of emerging risks	KNOWN-UNKNOWNS -gaps in our knowledge that we know about (reducible uncertainty) – the goal is to fill in these gaps in our knowledge by studying and researching how to reduce these uncertainties and turn them into knowledge

Risk is not an issue

Well, it can be. But it isn’t. Not yet.

The first difference between a risk and an issue in project management is that the risk may happen in the future (it is not certain that it will happen). But you have an issue now. It has already happened.

The second difference is that an issue is always negative. But risk can have positive consequences for your project.

How to manage risks in 4 steps

1. Identify

At the start of the project, sit down with your team and write down all the risks you can think of in a risk log (more on this below). Just write down everything you think could go wrong during the project and affect its success.

Keep a running log of risks throughout the project. You are guaranteed to discover new information and face new situations. And as Stalin brutally noted – where there is a man, there is a problem. And project management is 80% about people.

⭐Tip no. 1:

Create your own list of risks you have encountered on the projects you worked on and keep it up to date. On the next project you will know:

• what to expect and what to watch out for
• what worked and what didn’t to manage the risk
• how to turn unknown-unknowns into known-unknowns (refer to the table above for a refresher)

2. Analyze

The main goal of this phase is to determine the severity of the risk. This is calculated by multiplying the likelihood and impact of the risk. How do you do it?

⭐Tip no. 2:

First of all, it is important that you don’t overcomplicate it. Keep it simple.

• Select a simple (preferably 3 to 5 step) scale for each of the variables ( likelihood, impact) where you can assign a specific meaning to each step. For example:

Likelihood:

• Low
• Medium
• High

Impact:

• Low (delivery delays of days / budget overruns of hundreds of dollars)
• Medium (delivery delay of weeks / over budget by thousands of dollars)
• High (delivery delay of months / over budget by tens of thousands of dollars)

Think about the type of impact – how it will affect your project. Here are the most common types:

• Budget
• Delivery schedule
• Reputation of the organization
• Quality of outputs
• Project scope
• Environmental impact

3. Choose your mitigation tactics

Project managers use 4 basic tactics to manage risk.

⭐Tip no. 3: They are easy to remember as they start with the letter T.

1. Avoid risk (Terminate)
   • if the risk is small, think about whether you can eliminate it altogether
2. Accept risk (Tolerate)
   • devise back up plan
3. Mitigate risk (Treat)
   • set up control processes
4. Transfer risk (Transfer)
   • makes sense if the severity of the risk is small and strategies to mitigate the risk are cost-ineffective

4. Put your plan in action

Open your risk log and adjust the columns to suit your current project.

The fundamental elements of each risk log that you should never forget are:

• Description of the risk and its categorization
• Evaluation – likelihood, impact, severity
• Who is responsible for managing the risk
• Tactics chosen
• Monitoring and status

⭐Tip no. 4

Use the sample spreadsheet we’ve created for you so you don’t forget anything important when managing risks.

*inspiration by Mike Clayton of Online PM courses

⭐Tip no. 5: Categorize your risks according to the SPECTRES framework and observe in which category you see the most risks. If one category is significantly dominating, try to figure out why this is the case and whether you can address the root causes of the risks in a one-off manner. This will reduce the likelihood and impact of the risk.

S – Social – risks arising from the company or interactions between stakeholders and team members

P – Political – regulation and legislation of local and national policy

E – Economic – financial risks (labour and material costs, exchange rate)

C – Commercial – supply chain issues

T – Technological – unsuitable or outdated technology on the project

R – Regulatory – health and safety regulation

E – Environmental – typically in the construction industry the environmental impact needs to be addressed

S – Safety/security – data breach, health hazards

If you’ve read this far, then you already know how to keep your risks under control. Do you have any proven tips on how to prevent or control risks? Share them with us. We’re happy to add it to the article for others and give you credit.