4 Tutorials that teach Managing Project Risks
Take your pick:
Managing Project Risks

Managing Project Risks


This lesson reviews ways to manage project risks

See More
Try a College Course Free

Sophia’s self-paced online courses are a great way to save time and money as you earn credits eligible for transfer to over 2,000 colleges and universities.*

Begin Free Trial
No credit card required

27 Sophia partners guarantee credit transfer.

245 Institutions have accepted or given pre-approval for credit transfer.

* The American Council on Education's College Credit Recommendation Service (ACE Credit®) has evaluated and recommended college credit for 21 of Sophia’s online courses. More than 2,000 colleges and universities consider ACE CREDIT recommendations in determining the applicability to their course and degree programs.


What's Covered

This lesson reviews ways to manage project risks.  Three elements will be discussed:

  1. Types of Project Risk
  2. Elements of Risk Management
  3. Contingency Plan


A project manager will need to continually make the effort to identify and classify events that threaten a project's success. Unexpected challenges always occur on projects, but it's the project manager's responsibility to use their expertise to find these risks and uncertainties early in a project and implement mitigations that will reduce their impact.

Risks are often found and triggered in this phase of a project. No matter how diligently a project is documented during the scope and planning phases, there's just no way to define every deliverable perfectly. So risks will occur, and it's up to the project manager to find and investigate them.

Term to Know

Monitoring Risks

The process of continuously identifying, assessing and tracking risks that potentially will impact a project negatively.

A risk can relate to any of the following:

1. Scope creep. Deliverables or additional requirements might be added to a project.

Example If a new stakeholder is added to a project after the planning phase, they might have additional requirements that affect the project.

2. The quality or the performance of deliverables may not be meeting the standards set in the project scope.

If a mobile email application is expected to be delivered with fewer than five errors, but testing is currently seeing 100 bugs, then that's a risk.

3. Tasks might take more time or more effort than expected. Dependency issues might lead to slippage in a critical path.

Example If a senior programmer is taking longer to code their work because they are adding features that are unnecessary for a product, that is a risk.

4.  Risk with budget. If the schedule or quality is an issue, then budget will be impacted also. 

ExampleThe  need to add an additional programmer when a task slips due to inexperience with the development team.

5. Risks with people and non-people resources. There might be issues with personnel, including work performance issues. Or there might be issues with materials. 

Example If the mobile email application is being developed for an unreleased smartphone, and the development versions of those phones are not available for testing, that's a risk that must be managed carefully. Risk can occur anywhere on a project, but this list should provide guidance about the most common places where risk appears.


Think about what might impact the triple constraints of time, scope, and cost.

If the project manager identifies risk in the schedule, then the risk to scope and cost must also be identified. Then the risk and the mitigations should be documented in the risk register.

The risk register should be reviewed and updated periodically over the course of the project. When new risks are found, they should be discussed in team meetings. But risk, especially those with fast impacts, can be brought up with the team any time.


The risk register is used to monitor and track risks. It's the project manager's responsibility to keep the risk register updated. But every member of the team should be encouraged to identify risks and notify the project manager when they're discovered. Risks in the risk register should be reviewed at every team meeting, and the project manager should also take that opportunity to remind the team of the importance of risk identification and mitigation.

Using the risk register, current risks should be evaluated to determine the current status of the risk and the current effectiveness of any mitigation. 

A good question to ask is, "Has the probability of the risk occurring and the impact of the risk changed since the risk was first identified?" 

To better ensure all risk types are monitored and reviewed, the risk register can be organized by the categories of risks that we discussed earlier.

ExampleThe earlier a risk is identified, the easier it will be to mitigate that risk. More options will be available to a project manager if a risk is identified in earlier phases when resources might be easily added to tasks to help mitigate the risk.

A project manager should constantly search for new risks that might impact the project. It's their role to take the big picture view of the project, and that often involves identifying dangers that might affect a project in the future. Again, the project manager should also encourage and involve the team in this process.


Whenever an identified risk either occurs or is considered too dangerous to be allowed to happen, the project manager should plan one or more contingencies to mitigate the risk. Contingencies are actions taken to address the risk. The project manager and any team members who can assist should devote the time necessary to develop these contingencies.

Term to Know

Contingency Planning

Identifying various actions to manage risks if they occur.

Project managers should encourage open, what-if thinking when discussing these contingencies. Any ideas that manage the risk effectively should be considered. Risks that are high impact and high probability must have contingencies, and perhaps more than one. These contingencies should be discussed and recorded in the risk register.

No matter how prepared a project is, risks will happen. And when they do, the project manager must be ready to take action. The following steps should occur:

  1. Risk happens. The triggering of the risk starts the process.
  2. Recognize the risk has happened. The project manager documents the occurrence and communicates the status to the team and stakeholders.
  3. Reference contingency plans. If mitigations have already been identified, those should be considered if they are still appropriate. New mitigations might be developed also.
  4. Select the contingencies to use.
  5. Consult with the team and the stakeholders. The project manager meets with team members who have expertise with the elements of the risk to determine how the mitigations might impact the project. The project manager then meets with the project sponsor and/or the stakeholders to review the contingency plan and determine if it is still the right course of action.
  6. Finalize selected contingency plan. Implementing a contingency plan often involves changes to the schedule, cost, and scope of a project. So change requests might need to be created for the stakeholders also. Once the plan and any necessary change requests are approved, the project manager can then move forward.
  7. Implement the plan. If the contingency plan is approved, the project manager will then make the appropriate changes to the project documents, such as the scope, schedule, budget, and requirements. And they will need to shift or reassign resources and tasks to implement the contingency plan.
  8. Finally, update the risk register. Once the plan is executed, the risk register should be updated to reflect the actions that were taken.


Managing and avoiding risk is one of the primary responsibilities a project manager has. In this lesson, you learned about project risk management and the varying categories of risk. You learned how the triple constraint relates to risk. You learned about the elements of risk management and how the entire team should be encouraged to identify risks. You learned about contingencies and why they're important to risk management. Finally, you learned the steps to use when risks become reality. 

Good luck.

Source: This work adapted from Sophia Author Jeff Carroll.

Terms to Know
  • Contingency Planning

    Identifying various actions to manage risks if they occur.

  • Monitoring Risks

    The process of continuously identifying, assessing and tracking risks that potentially will impact a project negatively.