What Is Risk Management?

Risk management is recognizing, analyzing, and mitigating possible risks to achieving your business objectives. Whether you are a project manager working for a company or the owner of the company, risk management is an essential practice.

Why is Risk Management Important?

  1. It’s a proactive approach
  2. Improves resource management
  3. It improves decision-making
  4. It leads to better contingency planning
  5. It improves the confidence of stakeholders

It’s a Proactive Approach

The opposite of risk management is issue management which involves resolving problems. A lot of people consider risk management to be excessive “whiteboarding” or planning and would prefer to commence execution, but this approach increases the chances of failure By anticipating potential risks, you can take preventative actions to limit the possibility of those risks occurring or their potential impact.

Improves Resource Management

Because it’s a proactive approach, you can manage your time and resources better instead of firefighting issues as they arise. It minimizes the need for additional resources to resolve problems. For example, when I worked as a regulatory affairs project manager, we had to submit product samples at a certain stage in the process of renewing a product’s marketing license. Most of my products were imported, so part of my planning was making sure that I had samples of the product in the country before the license expired. Otherwise, I would need to process a waiver to allow my company to import samples for the process. This would have been a more expensive and longer approach to take.

It Improves Decision Making

Part of risk planning is asking your team whether the juice is worth the squeeze. So, risk planning also involves analyzing all the things that could go wrong and deciding whether it’s even the right thing to do.  A better understanding of possible risks helps decision-makers make informed choices regarding the direction of a project.

Better Contingency Planning

In many cases, you can’t prevent certain risks but you can prepare for them and minimize their impact. Understanding possible risks allows you to create contingency plans to deal with them.

It improves the Confidence of Your Stakeholders

Communicating the fact that you are actively planning for bad things is a confidence boost for stakeholders including your clients or team members.  The truth is that we all know that life is about ups and downs. In our personal lives, most of us always arm ourselves with option B (sometimes option C), so that sense of having a continuity plan matters to your stakeholders. When issues constantly occur (because you didn’t even think to plan for them), it can lower the trust your stakeholders or customers have for you.

How to Identify Business Risks

  1. Collaboratively identify business risks; internal and external risk factors
  2. Facilitate brainstorming sessions
  3. Use historical data

The first step in risk management is identifying risks which can stem from a variety of sources including changes in government policies, technological disruption or market competition.

Moreso, risk identification should be a collaborative effort with members of your team. This gives a more diverse perspective. And I always like to quote Paul Kalanithi (author of When Breath Becomes Air) to buttress this point:

“In the end, it cannot be doubted that each of us can see only a part of the picture. The doctor sees one, the patient another, the engineer a third, the economist a fourth, the pearl diver a fifth, the alcoholic a sixth, the cable guy a seventh, the sheep farmer an eighth, the Indian beggar a ninth, the pastor a tenth. Human knowledge is never contained in one person. It grows from the relationships we create between each other and the world, and still it is never complete.” – Paul Kalanithi

Your business environment includes the internal and external factors that affect the success of your business:

Internal Risk Management

Internal factors include:

  1. Organizational culture and structure
  2. Finance
  3. Leadership and management style
  4. Current technology
  5. Human resources
  6. Business processes

External Risk Management

While external factors include:

  1. Political and legal factors
  2. Social and cultural trends
  3. Competitive landscape
  4. Market trends
  5. Supplier and vendor relationships
  6. Changes in technology

Facilitate Brainstorming Sessions

Facilitate brainstorming meetings with important stakeholders to assemble various viewpoints and document potential risks.

Use Historical Data

Learn from your mistakes. Part of closing gaps or issues is documenting corrective and preventive actions. So, it’s important to review those reports for similar projects. You can also review industry reports, and market trends to identify common risks faced by businesses in your sector.

In practical terms, when organizations announce a change project, employees start asking questions and those questions can also reveal potential risks to the project.

Impact Assessment

The next step is to perform an impact assessment or analysis based on the risks identified. This can be done qualitatively or quantitatively. The former entails assigning low, medium and high labels to risks while the latter involves numbers. Of course, impact assessment exercises can get out of hand; which is the case when people spend a disproportionate amount of time analyzing the situation instead of moving forward with the project.
If you’ve worked on similar projects in the past, you can assign impact scores and share the results with your stakeholders for agreement or modifications where necessary – “do and tell”.

Here’s a popular risk assessment matrix used in project management.

For example, if you consider the impact to be low and probability low as well, then you assign a “low” score to the risk

  Probability →  
↓ Impact Low Probability medium Probability High Probability
Low Impact Low medium High
Medium Impact Low medium High
High Impact Medium High High


Risk Mitigation Techniques

Generally, there are 4 strategies for managing risks. These are:

  1. Risk avoidance
  2. Risk reduction
  3. Risk transfer
  4. Risk Acceptance

Risk Avoidance

Regardless of impact or probability, always identify risks that can be completely avoided because there’s always an opportunity cost involved which could be time or resources. The risk associated with failure in operations or planning is largely in this basket. So, whatever constitutes dropping the ball at your organization falls here.

Risk Reduction

Involves employing strategies to minimize the probability or impact of a risk.

In practical terms, if you are working on a project and you identify that you need additional resources to meet a deadline, The point of timely escalation to secure additional resources is risk reduction. In the business sense, it’s stocking up on raw materials, if you get wind of an impending price increase in raw materials.

Risk Transfer

Certain risks can be transferred to third-party organizations such as insurance companies.

Risk Acceptance

Certain risks can be accepted. For example, in cases where the reward potential cannot be overlooked, or in general where it’s more costly to employ any other strategy. So, in this case, you are putting a resolution plan together to manage issues that will arise.

Developing a Risk Management Plan

Now that you have identified, analyzed, and prioritized risks, it is time to establish a comprehensive risk management strategy that includes the following elements:

A Risk Register

Create a complete risk register that includes all the identified risks, and their impact and that outlines mitigation strategies.

Risk Management Delegation

Assign Individuals or teams the responsibility of executing and monitoring the risk mitigation strategies.

Risk Management Control and Monitoring

Establish a process (such as having regular check-ins with stakeholders) to assess the success of the risk mitigation strategies and update them based on current circumstances.