Project Risk Management: Aspects and Tools


Projects have become a common phenomenon in the operation of organizations. This assertion is evidenced by the high rate at which organizations are adopting project approach in an effort to achieve the desired organizational goals. However, the success with which projects are completed is dependent on the effectiveness with which various projects aspects are taken into account.

Risks are inherent in every project due to their unique characteristics. This paper evaluates the various aspects that are associated with project risk management. In a bid to identify these risks, the project management team should study the entire project and identify the risks of the project by using effective methodologies, tools, and techniques. This paper entails a review on some of the tools and techniques that managers should take into account in identifying and analyzing risk.


Project management requires the project manager to define the project scope clearly by outlining the relevant assumptions and constraints with regard to budget and schedule. However, the assumptions made may not turn out as true while some of the assumptions may be undisclosed, which increases the degree of uncertainty. Most projects are characterized by a high degree of complexity arising from different aspects such as technical, interface, commercial, and relational aspects.

Moreover, the success of a project is subject to the effectiveness of managing the various stakeholders such as the subcontractors, clients, suppliers, and the project teams amongst others. These stakeholders have specific expectations and requirements regarding the project. Failure to integrate them in the project management may lead to conflicts, hence derailing the project (Hynuk, Benoit, Bourgault, and Pellerin 14).

The above aspects illustrate the view that projects are risky due to their characteristics, changes in the external environment, and their deliberate design. This research paper illustrates the various aspects associated with project management. Some of issues assessed include the reasons of identifying risks in project management, risk identification techniques and methodologies, how risk management is involved in statistics and probability coupled with risk analysis and implementation.


Importance of risk identification

Projects are established with the objective of achieving a predetermined goal. However, the existence of project risk may diminish the likelihood of achieving the desired goal. Ward and Chapman (98) assert that risk is an integral part in every project and it should be managed effectively to an acceptable level. Subsequently, it is essential for project managers to engage in a comprehensive risk identification process.

Ward and Chapman define risk identification as “the process of determining which risks are likely to affect the project and documenting the characteristics of each risk” (111). Effective risk identification enables the project manager to categorize the various external and the internal risks, which may affect the project outcome.

The internal risks include the various aspects that the project manager in collaboration with the project team members can influence or control. Some of these sources of risks relate to project costs and task assignment. On the other hand, external sources of risks are beyond the project managers’ ability to control or influence. Examples of such sources include market, political, or legal changes.

Risk identification enables the project manager to implement effective risk mitigation measures, hence minimizing the likelihood of project failure. Poor risk definition increases the probability of project failure as the project manager will adopt a poor risk management process (Barber 585). Therefore, effective risk identification minimizes the probability of the project exceeding the predefined costs, time, and scope. Kutsch (3) asserts that risk identification enables the project manager to minimize the negative consequences.

Risk identification tools and techniques

Project managers can take into account various tools and techniques in their quest to identify risks effectively. Some of these tools and techniques are evaluated below.

Documentation reviews

Project managers can conduct a structured review of the formulated project documents such as the project plan and the project scope. Furthermore, the project manager in collaboration with the entire project team should evaluate the formulated project assumptions in order to determine their inherent risks. Documentation review is a source of great insight on different project aspects that may be a potential source of project risk (Barkley 132).

Information gathering technique

This technique entails gathering data from various sources using different techniques such as brainstorming, Delphi technique, and SWOT analysis, and interviewing.

  1. Brainstorming – project managers usually rely on the brainstorming technique in identifying risks. The brainstorming technique provides project managers with an opportunity to identify a broad list of risks that might be encountered in the project. Subsequently, the project manager is able to undertake effective risk analysis. The brainstorming process usually involves experts on project management, which increases the likelihood of identifying and defining different risk categories.
  2. Delphi technique – this technique usually involves gathering information from experts on project risk. The selected risk experts participate in the risk identification process anonymously. Questionnaires are used in gathering information on potential risks. The responses obtained are circulated to selected experts so that they can provide their input and comments. Subsequently, the likelihood of reaching a consensus on the likely risks is achieved. The Delphi technique is very effective as it aids in the elimination of bias and undue influence on the risk identification outcome (Barkley 132).
  3. Interviewing- project risks can also be determined by interviewing experts on project risks such as project managers. For example, an organization may inform a number of external project managers on the intended project. Subsequently, the project manager can provide information on different aspects that should be taken into account in order to implement the project successfully.
  4. SWOT analysis – this technique entails evaluating the project’s strengths, weaknesses, opportunities, and threats. This technique enhances the breadth of risks (Barkley 133).


Project managers can gather data on project risks from similar projects that have been conducted previously. This technique is relatively simple and efficient to implement. However, one of the greatest disadvantages is that the project manager may not conduct an exhaustive risk analysis. The project manager should list all the potential risks that are likely to affect the project. Additionally, it is essential for the project manager to adjust the checklist continuously by including potential risks as the project progresses.

Diagramming techniques

Project managers can adopt various diagramming techniques. Some of these techniques include the influence diagrams, process flow charts, and the cause-and-effect diagrams. One of the most commonly used cause-and-effect tools is the fishbone diagram. The fishbone diagram enables the project manager to identify the technical sources of risk such as project requirements, project complexity and interfaces, and quality. The external sources of risk include the market, customers, regulatory environment, subcontractors, and suppliers. On the other hand, the organizational sources of risks taken into account include project funding, project dependencies, resources, and prioritization.

Process flow charts are another example of diagramming technique that project managers can incorporate in identifying risks. The flow charts enable the project manager to determine the relationship between the various risk elements. On the other hand, “influence diagrams entail graphical representation of causal influences and other relationships” (Hassett and Stewart 92).

How risk management is involved in statistics and probability

Hassett and Stewart (92) assert that effective risk management requires the project manager to examine the intrinsic uncertain situations and events associated with a particular project. This goal can only be achieved if the project manager incorporates the likelihood of an uncertain event occurring [the probability] and its impact. One of the frameworks that can be used in assessing risk is probability. Subsequently, statistics and probability are very useful in undertaking risk analysis.

Risk analysis

According to Barkley (136), risk analysis can be achieved by incorporating both qualitative and quantitative risk analysis techniques. Qualitative risk analysis entails “the process of assessing the impact and the likelihood of identified risks occurring” (Barkley 133).

Qualitative risk analysis

This type of analysis enables project managers to determine the significance of taking into account the specific risks inherent in a project and the corresponding risk responses. However, qualitative risk analysis can only be successful if the project manager evaluates the probability of the risk occurring using qualitative analysis tools. Some of the qualitative risk analysis tools that can be incorporated in risk management include –

  1. Probability or impact risk-rating matrix – this technique entails developing a matrix, whereby risks are rated as being low, very low, high, very high, and moderate. The rating of a particular risk is undertaken based on its impact scales and probability. A high rating on risks is an indicator for further analysis, for example, through quantification in order to determine the most effective risk management technique to adopt. The risks are assigned a scale of 0.0 to 1.0. On the other hand, the risk impact scale depicts the severity of the risk occurring on the predetermined project objective. The risk impact scale can be either cardinal or ordinal. Ordinal scales entail rating the impact as low, or high, while cardinal scale entails assigning values to risk impact.
  2. Project assumption testing; this technique entails evaluating identified project hypothesis against two criteria, which include the project consequence and the stability of the assumption.
  3. Risk probability and impact; this technique entails analyzing the risk impact and probability based on being high, very high, low , very low, or moderate. This aspect enables the project manager to determine the risk events that require aggressive risk management technique.
  4. Data precision ranking – this qualitative risk analysis technique entails evaluating the extent to which the qualitative data available is unbiased and accurate, hence its relevance in risk management. A number of aspects are assessed in analyzing the data. Some of these aspects include the quality, integrity, reliability, and availability of the data and the level of understanding on the risk.

By using qualitative risk analysis technique, the project manager can rank the various risks identified based on their relative scores. The project manager can make a decision on how to allocate resources to projects. Moreover, the effectiveness with which the project manager undertakes a cost-benefit analysis regarding a particular project is increased significantly. Subsequently, the project manager can make an effective recommendation regarding project cancellation, initiation, or continuation.

Incorporating probability and statistics improve the effectiveness with which project managers prioritize risks. This aspect arises from the view that the project manager can determine the risks that can be addressed at a future date and those that require an immediate response. Additionally, incorporating probability enables the project manager to determine significant risks based on their respective ratings. Effective integration of statistics and probability enables project manager to determine the risks that require additional analysis.

Quantitative risk analysis

This type of analysis enables the project manager to analyze every risk inherent in a particular project and its likely impact numerically and probabilistically. Some of the quantitative techniques used include sensitivity analysis, simulation, and decision trees. Sensitivity analysis enables the project manager to identify the risks that are most likely to have a significant impact on the project. Barkley asserts that sensitivity analysis “examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values” (139).

Decision tree technique entails determining the critical path associated with a particular decision. Thus, the project manager can determine the costs and rewards associated with a particular decision. Using critical path analysis, the project manager can determine the decision that leads to the most favorable outcome.

On the other hand, simulation entails using a model that effectively translates the intrinsic project uncertainties into potential consequences on the set project objectives. The Monte Carlo technique is the most commonly used method in performing simulation. Quantitative risk analysis enables the project manager to forecast the trend of project results. Moreover, using the quantitative technique increases the likelihood of completing the project with the set period and achieving the set project objectives.

Implementing: risk response planning

After effective risk analysis, the project manager should formulate the most appropriate action to adopt in order to manage risk. Risk response planning is undertaken by taking into account the cost effectiveness of the measure, the extent to which the risk response is realistic, severity of the risk, and the level of acceptance by the various project stakeholders.

Some of the diverse risk response strategies that project managers can adopt include risk avoidance, risk mitigation, risk transference, and risk acceptance. Risk avoidance entails adjusting the project plan in order to protect the project from the adverse effects of the risk. On the other hand, transference entails shifting the risk impact to a third party, who has the ability to deal with the risk in the event of its occurrence. Mitigation entails reducing the likelihood or the impact of the risk event to a level that is acceptable while risk acceptance involves facing the risk for example by formulating a contingency plan (Barkley 140).


The above review shows that risks are inherent in every project. Therefore, it is difficult for project managers to eliminate risks. However, the occurrence of risk may affect the project outcome adversely. Subsequently, project managers have an obligation to ensure that the project risks are managed effectively. One of the ways through which this goal can be achieved is by ensuring effective risk identification.

Some of the techniques that can be used in identifying project risk include reviewing the necessary documents, diagramming techniques, and checklists. Effective project risk management requires project managers to incorporate statistics and probability. The outcome of the risk analysis should form the basis of deciding the most applicable risk response, for example, risk acceptance, transference, mitigation, and avoidance.

Works Cited

Barber, Richard. “Understanding internally generated risks in projects.” International Journal of Project Management 23.1 (2005): 584-590. Print.

Barkley, Bruce. Project Risk Management, New York: McGraw Hill. Print.

Hassett, Mathew, and Donald Stewart. Probability for risk management, New York: ACTEX Publications, 2006. Print.

Kutsch, Elmar. “Deliberate ignorance in project risk management.” International Journal of Project Management 28.2 (20010): 245-255. Print.

Hynuk, Sanchez, Robert Benoit, Mario Bourgault, and Robert Pellerin. “Risk management applied to projects, projects and portfolio.” International Journal of Managing Projects in Business 2.1 (2008): 14-35. Print.

Ward, Stephen, and Chris Chapman. “Transforming project risk management into project uncertainty management.” International Journal of Project Management 21.3 (2003): 97-105. Print.