Risk Management Worth the Effort

All projects are risky because they are unique. They are born in a frame of suppositions and restrictions, with different levels of complexity. Ultimately, they are all oriented to generate benefits by achieving stakeholders’ expectations,  which could change dramatically. 

Learn five Sales Strategies for the Telecom Industry to ease the sales cycle of the Telecom Industry. Most important: more than a race of speed is a race of resistance and perseverance.

Risk management has the goal to identify and manage risks that could impact positively or negatively in the project’s result.  Costs, scope, or timing are some factors to take into consideration. In other words, risk management aims to take advantage of positive risks (opportunities) or to avoid and mitigate negative ones (threats).

Not managing threats could drive into issues such as delays, over costs, low-quality products, or image damage. But, taking advantage of opportunities can reduce timing and costs, exceed expectations, and image improvements.

Identifying Risks

The first step in risk management is recognizing the possible risks and gather data about them. The key benefit of this process is to identify risks and the potential sources of them. Equally important is to collect enough info so the project team can properly respond to those identified risks.

The documentation of the project is key to the risks’ identification process. The priorities to collect are:

  • Suppositions registers
  • Cost estimations
  • Timeline
  • Resources requirements
  • Incident register
  • Environmental factors

Once this info is collected, there are several useful tools to identify risks:

  • Expert advisors: people familiarized with similar projects that can bring their past experiences and show potential risks.
  • Brainstorms: meeting with project team-oriented to get a complete list of potential risks and sources. 
  • Root Cause Analysis: to discover the subjacent causes that can drive into a problem. It also works to develop preventive actions by responding to questions as “Project could be delayed or over cost due to…”
  • Periodic meetings: to update risks status.

The output of the identification of the risks usually are:

  • Risk register: which must contain a list of identified risks, ownership of them and potential response to a certain risk.
  • Risk inform: which must contain information about the source of risks. Also, a summary of each risk with the number of identified menaces and opportunities, classification of risks, metrics, is included.

Risk Analysis

Risks could be classified using qualitative and quantitative methods with occurrence probability, the potential impact on the objectives and other factors. Risks are prioritized.

Qualitative analysis is subjective because it is based on the risk perception of the project team. Contrarily, the quantitative analysis uses numerical methods to calculate the combined effect of risks. 

Usually, as a result of both tests, risks are categorized by priority in a Matrix, considering their occurrence chance and impact in the project. This matrix is used to apply proper actions according to each risk.

Response to Risks

Each team decides from several options of responses when facing each threat risk:


When a threat is out of the project scope of work. The project manager communicates the situation to the customer, sponsor, or organization board to determinate an action plan.


The project team acts to end the threat or to protect the project of its impact. It could imply a change of a specific aspect of the initial planning. Examples of these actions are:

  • Elimination of the root cause of the threat.
  • Schedule an extension.
  • Scope a reduction.


It implies changing the ownership of the threat to a third party. Typical examples are insurance, certificates of warranties.


Consists of taking actions to reduce the probability of occurrence and/or the threat. The sooner the mitigate action takes place, the more effective they are. Examples are:

  • Adopting less complex processes.
  • Increasing testing stage.
  • Move to a more stable vendor.


When the threat is a low priority, inevitable or the correction actions are too expensive, it is recognized but ignored. Contingency reserve could face this sort of risks but could mean using valuable resources useful if the threat becomes real.   

Risks are part of the life of every project, but most of them can be avoided or mitigated. Any of these actions are much better than not taking care of a strategy to manage risks.

Learn five Sales Strategies for the Telecom Industry to ease the sales cycle of the Telecom Industry. Most important: more than a race of speed is a race of resistance and perseverance.

You may also like

managing your tech team

6 Best Practices for Managing Your Tech Team

project management in technology

Incredible Best Practices for Project Management in Technology

agile project management

Agile Project Management — A Brief Overview