Risk Management – Risk Assessment

  • 0

Risk Management – Risk Assessment

Risk Assessment

Risk Assessment consists of two components –

  • Risk identification and
  • Risk analysis & prioritization

Risk identification focuses on enumerating possible risks to the project. The basic activity is to try to envision all situations that might go wrong in the project execution.

Risk analysis and prioritization activity considers all aspects (need to specify the aspects) of the risks and prioritizes them for purpose of risk management.

Although these two are distinct activities, they are often carried out simultaneously. All the relevant stakeholders need to be involved during the Risk identification and analysis process.

Risk identification

At the time of project initiation, Project Manager identifies the project risks. Risk identification is an exercise in envisioning what can go wrong.  Risks are identified under different categories.

The categories of risks are:

  • Business risk
  • Technology risk
  • Process risks
  • Resource risks
  • Customer risks
  • Schedule risk
  • Others

These risks are identified along with the category to which that belongs.

Some examples of risks under different categories are –

Category of risk Classification of Risks
Business risk
  •  Competitor may introduce the product early
  • Loss of market opportunities if project is delayed
Technology risk
  • Technology is new and not proven
  • Project is complex
Process risks
  • Process needs to be defined for the project
  • Lack of process compliance
Resource risks
  • Required skills not available
  • Manpower attrition
Customer risks
  • Delay in customer feedback
  • Changes to requirements
  • Tight schedules
  • Estimates are not scientific

Project Manager identifies the category of risk and the risk

Risk Analysis and Prioritization

The risks identified for the project indicate the possible events that can hinder the project in meeting its goals. The consequences of different risks may be different. While identifying strategies for risk management, it is beneficial to analyze and priorities the risks, so that appropriate strategies can be identified and management energies can be focused on high priority risks.

Risk analysis consists of –

  • Assessment of the probability of occurrence the risk and
  • Level of consequences of the risk.

For each risk identify the probability of risk occurrence as – Low, Medium and High. Risks are prioritized based on the Decision Analysis and Resolution (DAR) identified.

For each risk identify the level of consequence of the risk as – Low, Medium, High and Very High.

Based on the combination of probability of occurrence and level of consequence the risk priority (in terms of impact on the project) is determined. An example for identification of the risk priority is given below

Risk priority (impact on the project) is this table, which is going to be part of our PMP. If so, this should be an annexure.


Probability of occurrence of risk

Level of consequences

Low Medium High Very high 


Negligible Negligible Marginal Critical


Negligible Marginal Critical Catastrophic
High Marginal Critical Catastrophic Catastrophic


The risk priorities are only indicative. Based on the project specific risks, the Project Manager needs to identify the risk priority and assign impact values as per the guidance given below.

  • Catastrophic (Value: 1)
  • Critical (Value: 2)
  • Marginal       (Value: 3)
  • Negligible       (Value: 4) 


The Project manager provides impact values in the Risk Analysis and Management Plan for each risk.


Risk occurrence thresholds are defined to decide majorly based on the below mentioned factors.

    • Risk avoidance
    • Risk control
    • Risk transfer
    • Risk monitor
    • Risk acceptance

Leave a Reply