5 Step Approach to Risk Management – Detailed Discussion

Risk Management Steps
  1. Risk Identification -Planning
  2. Risk Analysis –Planning
  3. Planning Risk Response –Planning
  4. Implementing Risk Response –Executing
  5. Monitoring Risks –Mostly Executing
5 Step Approach to Risk Management - Detailed Discussion
Step 1: Risk Identification

Risk Identification involves identifying:

  • Individual project risks
  • Sources of overall project risk

Risk identification can be done by a large number of stakeholders or non-stakeholders, like the project manager, project team members, project risk specialist (if assigned), customers, subject matter experts from outside the project team, end users, other project managers, operations managers, risk management experts within the organization, etc.

Risks identified early in the project; however, not possible to identify all the risks at the outset of a project; therefore, risks identified throughout the project; but earlier the better

High-level Risks identified in the Project Charter

Step 2: Risk Analysis

Qualitative Risk Analysis of all Identified Risks is carried to prioritize them into Low, Medium and High, depending on their Scores, for further analysis or action, by assessing their probability.

  • A Risk Probability & Impact Matrix helps prioritization of the Risks as Low, Medium or High. For Probability & Impact, a standard scale is used, usually 10 for each, which leads to a maximum Risk Score of 10×10=100.
  • Risks with Low Score are put in the Watch List and no Response is planned for them. However, they are regularly watched in case their Probability or Impact escalates

The Medium and High risks may be further analyzed in Quantitative Risk Analysis, followed by planning a Response, or a Response may be planned straightaway for them without the Quantitative Analysis.

Risk Probability & Impact Matrix
5 Step Approach to Risk Management - Detailed Discussion
5 Step Approach to Risk Management - Detailed Discussion
Step 3: Planning Risk Responses
  1. Planning Risk Responses is the process of developing options to deal with Risks should they occur. Involves doing one or combination of the following:
  • Do something to eliminate the threats before they happen, or, to make sure the opportunities happen
  • Decrease the probability and/ or impact of threats, or, to increase the probability and/or impact of Opportunities
  1. Allocates Resources and inserts Activities into Project Plans as needed
  2. Response for each High and Medium Risk is transcribed in the Risk Register; no Response is planned for Low Risks
  3. Risk Response specifies the measures to be taken should a particular risk occur while considering the overall Strategy –Avoid, Transfer, Mitigate, Accept, Escalate, Enhance, Share or Exploit
  4. The overall strategies may be used singly or in combination
  • Risk: Fire in the warehouse
  • Strategy: Transfer & Mitigate
  • Response: Insure the goods (Transference)

Install Auto Fire Detection & Fighting System (Mitigation)

Step 4: Implementing Risk Responses
  • As the Project starts, and Identified Risks occur, the agreed-upon Risk Response Plans are implemented
  • Good planning followed by good implementation ensures that:
  1. The overall Project exposure to Risks is addressed
  2. Individual project Threats are minimized
  3. Individual project Opportunities are maximized
  • If the Identified Risks do not occur, the sources tied to the Risk are released back to the Organization
  • If any Unidentified Risk occurs, Corrective Actions are taken to minimize the impact of the Risk, and MR are sought from the Management
  • As Identified/Unidentified Risks occur and Response Plans/Corrective Actions respectively are applied, the situation is keenly monitored for any Residual Risk or emergence of any Secondary Risk

The Risk Register is updated with the developments; Risks which are no more valid are crossed out.  At the end of the Project, all entries in the Risk Register would have been crossed out.

Risk Response Strategies
5 Step Approach to Risk Management - Detailed Discussion
5 Step Approach to Risk Management - Detailed Discussion
Step 5: Monitoring Risk Management

Implementation of the agreed-upon Risk Response Plans is monitored, Identified Risks are tracked, New Risks are Identified and analyzed, outdated Risks are discarded, and Risk Management evaluated.  Specifically, Monitoring determines if:

  • Risk Responses are effective
  • Level of overall Project Risk has changed
  • New individual Project Risks have arisen
  • Risk Management approach is still appropriate
  • Project Assumptions are still valid

Risk Management Situations

Situation A

An Emergent Risk (a New Risk, i.e. a risk not listed in the Risk Register), is identified or discovered

Monitoring & Control Actions
  • Analyze and qualify the risk, going through the process of Qualitative risk analysis, followed by Quantitative risk analysis if required, depending on the Risk Score
  • Plan a Risk Response if Score Med or High
  • Allocate CR (unless it is decided to Accept the risk Passively in which case no CR will be allocated)
  • Update Risk Register
Situation B

A previously identified Risk, budgeted with CR, has occurred

  • Implement the Risk Response Plan as devised and defined in the Risk Register
  • Monitor Residual & Secondary Risks
  • Use the CR set aside for the Risk
  • Update the Risk Register
Situation C

A previously identified Risk, not budgeted with CR


An Emergent Risk (Unknown Risk or Unknown Unknown) has occurred

  • Take corrective actions to minimize the impact of the Risk
  • Update the Risk Register
  • Use MR if approved and released by the management of the performing organization
Situation D

A previously identified Risk, budgeted with CR, does not occur

  • Return the associated CR to the company
  • Update the Risk Register
5 Step Approach to Risk Management - Detailed Discussion
Controlling Risk Management Situations
5 Step Approach to Risk Management - Detailed Discussion


  • An MBA graduate specialized in Marketing, with proven abilities in digital Marketing, New product development, and advertisement. A professional Digital Marketer, blogger, web marketing services provider, Advertiser, Promotions, and Relationship Marketer. Highly motivated with a great degree of flexibility to adapt to changes, resourcefulness, and commitment to work; ambitious and capable of resolving multiple and complex issues.


Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version