Risk Management and Mitigation

Risk Management and Risk Mitigation is the process of identifying, assessing, and mitigating risks to scope, schedule, cost and quality on a project.  Risks come in the form of opportunities and threats and are scored on probability of occurrence and impact on project.

Risk Management is 1 of 10 Knowledge Areas in the Project Management Body of Knowledge (PMBOK®). Project Managers need to understand the fundamentals of this knowledge area to get the Project Management Professional (PMP®) certification.

This 1-Page summary gives you a downloadable quick Reference Guide of the fundamentals of project risk management and mitigation.

What You Need

      1.  A Risk Management Plan

A defined and documented process agreed upon by project stakeholders for how risks will be identified, assessed, a decision made on mitigation (or if the risks will be accepted), how a response plan will be developed and what controls will be put in place to monitor risks over the duration of the project.

      1. Identify Risks – Capture Form

     A way to efficiently capture identified project risks and add to the Register.

      1. Risk Register

     A log of identified risks and their status.

      1. Qualitative / Quantitative Analysis Tools

Methods for analyzing / evaluating the probability and impact of risks on the project objectives.

      1. Response / Mitigation Plan

Determine if the risks are acceptable or not based on assessment and plan for mitigation.

    1. Control Risks

Assess effectiveness through methods like risk audits and continually improve your project execution.

Risk Register Example

A typical register may look like the table below.  Risks are added to the register as they are identified and the impact and probability of occurrence are assessed through qualitative and quantitative methods.


Qualitative Risk Assessment

Qualitative assessment is a subjective evaluation of factors visualized in a heat map and prioritized based on probability and impact.  Rating scales are pre-defined and impact scales are tailored to the organization and the project objectives.

Quantitative Risk Assessment

Qualitative assessment is an objective numerical probabilistic assessment of impact and probability of factors.  There are many methodologies available – some examples include:

        • Critical Path Method
        • Fault Tree Analysis
        • Monte Carlo Simulation
        • Sensitivity Analysis
        • FMEA

Probability and Impact Matrix (Heat Map)

A typical matrix may look like the table below – example probability and impact definitions are shown:


Risks on the register are scored to determine impact on the project and what (if anything) needs to be done to mitigate and control the risks.  Risks with a mitigation and control plan are logged on a Response Matrix.

The colour coding on the Heat Map indicates the severity of the risks:

        • HIGH = Severe and likely to happen
        • MEDIUM = Moderate risk; impact is no so severe
        • LOW = Low risk of occurrence, low project impact if it does occur

Risk Mitigation

The objective of risk mitigation is to reduce the probability and/or consequences of a risk event to an acceptable threshold and define appropriate response.  Questions To Ask:

        • What are the available options?
        • Tradeoffs (cost / benefit) of each option?
        • Impacts of current decisions on options?

Risk mitigation actions may be costly and time consuming; actions taken are balanced against priority level of the risk.  Organizations typically transfer risk where possible, for example through product warranty.

Low-risk factors may be recognized by the Organization but absorbed as a matter of policy.

Risk Response

A typical response matrix may look like the table below:


Download this Reference Guide, print it off and take it with you so that you always have at your fingertips a quick primer on project risk management.

Get More Notes

Risk Management

Risk Management Risk Mitigation

Click to download the free reference!