Navigating Risks in Project Management

By Johnmark Hinton, Director of Customer Success

Do you want to see into the future and avoid project mistakes? Would you like a guarantee that your project will run smoothly? How about creating one plan in the beginning and not changing during the project? Project Risk Management won’t help with that, but what it can do is give you insight into potential issues that may impact your project and allow you to minimize or maximize the effects on your project. In this blog, we’ll cover how to assess and manage potential risks before they ever strike.

Risk Management

Let’s start by defining risk management. The Project Management Body of Knowledge Guide published by PMI, states that the “objectives of project risk management are to increase the probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks in order to optimize the chances of project success.” 

All software projects inherently contain risk because many of them include creating, updating, or removing something that is valuable to an end user. Some see risks as being harmful to a project, but there are positive risks that can occur as well. Here are some examples to help you differentiate the two types:

  • Positive Risk – The test team may finish their tasks quickly, which may allow other tasks to start early
  • Negative Risk – The test team may finish late which may delay other tasks and may negatively impact the schedule

Creating a risk management process takes time and effort at the beginning of the project, however, it can greatly pay off over the project’s life by allowing you to focus your effort, influence, and energy on the right risks at the right time. 

Risk Assessment

Identify Potential Risks

The first step to a risk management process is to identify potential risks. Depending on the project, you may work with a group to brainstorm risks or interview team members for a more focused insight. 

For example, in a software implementation project, a business risk may be that end-users are hesitant to stop their current process and start using the new software. 

Analyze the Risk

Once you’ve identified the risk, the second step is to analyze and determine the probability and potential impact on the project. You might use lessons learned from previous projects or a small team for the analysis. Using a High/Medium/Low scale, you can easily rate and communicate the risk details.

Overanalyzing risks can cause chaos, but under analyzing will not allow you to react promptly. Assigning a number to the rating scale can provide a mathematical approach and help avoid the dreaded “Paralysis by Analysis.” Defining a point system may be helpful, for example:

Medium Probability (2 Points) – Some users have hesitated in adopting new software in the past. However, this implementation will reduce their daily workload, and will be more likely to use the latest software.

High Impact (3 Points)– If the users do not adapt to the new software, we may be out of compliance or lose USDA reimbursement. 

Prioritize the Risk

Next, you will prioritize the risks and assign points according to the level of priority assessed. You may use more criteria in your analysis, so the prioritization can range from very simple to more complex.

Risk# Risk Name Probability Impact Priority (0-6)
1 End-users are hesitant to stop their current process and start using the new software. Medium (2) High (3) 5

Risk Control

So you’ve identified, analyzed, and prioritized the potential risks that could impact your project, now what? While there are several considerations for a risk management plan and plenty of information and templates online to help you create one, it’s always good to start with the basics.

Communicate project risk plan details to the project team. Be prepared to influence them on why a plan is necessary and how it will increase the project’s chance of success.

Several risk responses may apply to your projects, such as avoidance, mitigation, acceptance, transference, and sharing. Here, we will focus on mitigating and accepting risk and preparing a response.

Mitigate/Plan for the Risk

Assign each risk to a team member to monitor and track throughout the project’s life. Some risk impact and probability scores may increase or decrease over the course of the project’s life, so a dedicated person to monitor the risk is essential. 

Document the task(s) needed to mitigate or prevent a risk from occurring. This is a vital step of any risk plan. You should write the mitigation steps only when you have collected information regarding the risk details.

Example: “The area supervisors will meet with end users throughout the project to evaluate their awareness and desire to use the new software.”

Respond to the Risk

This can be done when the risk occurs and you want to limit the impact on the project. At this point, either you have chosen to accept the risk and now must put the response in place, or the mitigation plan was not successful.

Example: “Area Supervisors and product champions will meet with site managers who are not using the software as intended to reinforce the need for compliance.”

Getting the Plan Started

Not all plans will be the same for every project, and there is much more to a risk plan than discussed here, but your process should be just enough to positively impact your project without adversely affecting your schedule. A little planning today can avoid chaos and rework as your project continues. If you are ready to start on your plan, the website Project Management Docs offers free project management templates and has a great Risk Management Plan Template to help get you going.

If you enjoyed the information and would like to discuss it in more detail, reach out to me on LinkedIn.


Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 6th ed., Project Management Institute, 2017.


About the Author

Johnmark serves as the Director of Customer Success and brings over 15 years of IT experience, including software support, product management, and project management. Johnmark earned a degree in software development and several technical and industry certifications, including Project Management Professional (PMP). Johnmark’s success comes from nine years of experience in the Army, where “Complete the Mission” became a way of life.