Risk Management is the process of identifying, analysing and responding to risk factors that may occur throughout the project lifecycle and its related objectives.

With project complexity rising, risks associated with a project is rising as well. As a result, organizations are increasingly less able to deliver projects on time, and successfully. According to the recent researches on project risk management trends, only 30% of projects are being delivered on budget, and only 15% of projects are actually delivered on time.

Respondents stated that decision-making needs improvement and they agreed that proper risk management is vital for achieving the objectives and also for long-term success. Proper risk management implies control of possible future events and is proactive rather than reactive.

Risk Management

A management discipline based on the continuous identification and control of events that can cause unwanted change. As the outcomes of business activities are uncertain, they are said to have some element of risk. These risks include strategic failures, operational failures, financial failures, market disruptions, environmental disasters, and regulatory violations.

Why do we manage risk?

Project problems can be reduced as much as 90% by using risk analysis or three basis questions: What can go wrong? What will we do to prevent it ? What will we do if it happens?

Can risk be removed completely?

While it is impossible to remove all risk from the project, it is important that they are properly understood and managed. The risks can be accepted in the context of the overall project management strategy.

How do we manage risk?

Use the below risk management processes:

What helps to identify risks?

Uncertainty is a lack of knowledge about an event that reduces confidence in conclusions drawn from data. The work that needs to be done, the cost, the time, the quality needs, Communications needs etc., can be uncertain. The investigation of uncertainties may help identify risks.

Typical Risk Factors:

When looking at risk, one should determine:

  • The probability that it will occur (What)
  • The Range of possible outcomes (Impact or Amount at Stake)
  • Expected timing (When) in the project life cycle.
  • Anticipated frequency of risk events from source (how often)

Common Software risks & Potential risk Categories

Impact / Probability Matrix

A Common method / tool to determine whether risk is considered low, moderate, or high by combining two dimensions of risk:

  • It’s Probability of occurrence
  • It’s impact on objectives if it occurs

Probability scale and Impact Scale

Probability: A scale of 1%-100% will be used for Probability:

  • (1-20)% means very low
  • (21-40)% means low
  • (41-60)% means medium
  • (61-80)% means high
  • (81-100)% means it is a fact

Impact: A scale of 1-5 is normally used for impact ratings, where:

  • 1 means negligible
  • 2 means minor
  • 3 means moderate
  • 4 means significant
  • 5 means severe

Risk Register:

The above data to be updated in the risk register for effective monitoring and control.

What the PM/PL do when the project is on-going?

  • Look for occurrence of risk triggers
  • Monitor residual risks
  • Identify Analyze and plan for new risk
  • Ensure execution of project management plan
  • Evaluate Effectiveness of risk management plan
  • Develop new risk responses
  • Collect and communicate risk status
  • Communicate with stakeholders about Risk
  • Determine if assumption are still valid
  • Ensure proper risk management procedure is followed
  • Revisit watch list to see if additional risk responses need to be determined
  • Implement corrective actions to adjust to the severity of actual risk events
  • Look for any unexpected effects or consequences of risk events
  • Update risk management and response plan
  • Perform variance and trend analysis on project performance data
  • Use contingency reserves and adjust for approved changes


An organization will not be able to fully eliminate or eradicate risks. Every project engagement will have its own set of risks to be dealt with. But, adequate knowledge about possible risks and frequent risk assessments are the best way to minimize the risks in a proactive manner. So, the entire management team of the organization should be aware of the project risk management methodologies and techniques, which may help to minimize the projects risks and maximize the project success rate.