Risk Management Done Right

This is the third blog is a four-part series on project management. The first in the series, titled, “ Project Management 101: The Four Components of Project Management”  was an overview of project management. The second installment, “Project Management 102: The Four Benefits of a Well-Defined Charter” addressed why all project plans should begin with a Charter. This third blog in the series will build on the content of the previous two blogs.  

When implementing a new project, managers have a lot on their plates. From our experience supporting healthcare facilities in implementations and optimizations over the past 20 years, we’ve noticed a few trends. One of the most common issues is that Project Managers frequently overlook Risk Identification and Risk Management. They are often task-oriented, focusing on the items that need to be accomplished, working through current issues facing the project. Instead of tackling risks head-on, risks are usually left someone else to deal with after the project is complete. Why does this happen? There are multiple reasons, most have to do with not wanting to point fingers or lay blame. Although it can be difficult and uncomfortable, identifying risks and using good risk management are key processes that, when utilized, can mitigate risks and help ensure a successful project. Let’s discuss six key points to effectively manage risk in a project:

  1. Identify Risks Early. The first step in Risk Management is simple. Begin by listing all possible risks to the project. This risk identification should be started in the planning phase, meaning when the charter is drafted early in the planning process, look ahead to risks that could potentially derail your project. Risk identification and the steps listed here should not be done in a silo. There’s a perception that project management and all the components should be done by the project manager, however, everyone involved has a different perspective on the project and should contribute their ideas and concerns. It is important to create a list of different categories to consider so that risks are clearly identified in all areas. Those risks include external factors, other vendor contracts, compliance, customers, resistance to change, cultural risks, lack of knowledge, resources, etc. Even weather risks such as hurricane or tornado season should be factored in.
  2. Identify how the risks might affect your project. After the risks have been identified, determine why and how each risk might affect the project. Are there resource constraints? Are there enough people available for the project? Is there a concern that the approved budget is insufficient to support the project? Spelling out in detail how this risk will affect the project will allow those leaders who are owners of that risk to understand what they need to do to mitigate the risk.
  3. Identify an owner for each risk. It is imperative that each risk have an owner. By showing ownership of the risk the team, the PM, and leadership all understand who is working on the risk to prevent that risk from having an untoward effect on the project. If no owner is assigned, the finger pointing starts “I thought you were working on that one!” or double effort ensues when multiple people work on the risk in silos.
  4. Document how each risk is going to be mitigated. This is a key component of risk management. Documenting a list of risks but not working on them and communicating what is being done to mitigate each risk creates black holes and misunderstanding. Clear and consistent communication to all involved by documenting what is being done ensures that all ideas are being explored to resolve the risk or mitigate it, resulting in the least adverse effects on the project as possible.
  5. Score the risks. There are multiple scoring methods out there, so choose one that is best suited for your project or your organization. Make sure to include a scoring methodology that defines the probability of the risk occurring and the impact of that risk. The definitions and the standard probability and impact matrix helps standardize the interpretations and helps compare risks between projects. Scoring the risks also helps stakeholders, as their tolerance for one risk may overshadow risk in another area. Tolerances should not be implied, but need to be taken into consideration. Having standardized scoring levels the playing field improves communication, and removes the emotion.
  6. Re-evaluate the risks routinely. Each risk should be re-evaluated routinely during the project, although the timing of the review will be dependent on the type of risk and the length of the project. This provides information to the team about where this risk is at, what is being done, and also a re-scoring of the risk. Re-scoring the risk and comparing it to the previous score communicates to everyone if the risk is escalating, staying the same or reducing.

It is important to understand that project risks can be substantially decreased. Some studies quote a 90 percent decrease in project problems through the use of risk management. Risk management isn’t just listing risks, but rather evaluating and mitigating the risks’ impact on a project. These six steps are the basic components to help to reduce risks to a project and ensure success. For more information about risk mitigation and our project management services, visit our solution page or contact us Jacobus Consulting to learn how we can assist you in your journey.



Fang, C. & Marle, F. (2010). Interactions-based risk network simulation for project risk prioritization. Paper presented at PMI® Research Conference: Defining the Future of Project Management, Washington, DC. Newtown Square, PA: Project Management Institute.

Mulcahy,R. (2005). PMP Exam Prep. Rita’s Couse in a Book for Passing the PMP Exam Fifth Edition. RMC Publications, Inc.

Sturiale, A., Chicca, L., & Gerosa, S. (2017). Don’t Gamble With Uncertainty: A Monte Carlo Analysis Helps Project Teams Go Beyond Risk Management. PM Network, 31(10), 30–31.