How to Evaluate Risk Velocity

Life is filled with risks. Some risks occur slowly. Others strike with little warning. Let’s look at how to evaluate risk velocity and why it matters.

What is Risk Velocity?

Risk velocity is the time to impact. Think of velocity as an estimate of the time frame within which a risk may occur.

Why Risk Velocity Matters

When the velocity is low, we have more time to respond to the risks. For a threat, we may take steps to reduce the probability and impact. The risk owner has time to develop a contingency plan (i.e., a plan we will execute if the risk occurs) and a fallback plan (i.e., a plan we will execute if the contingency plan fails).

If the velocity is very high, threats strike quickly. Thus, these risks are more likely to become issues, costing more time and money. Here are some causal factors for high-velocity risks:

  • Sponsor notifies you that two critical team members need to be transitioned to another project within two weeks
  • The servers that you ordered for your test region are going to be two to three weeks late
  • Wildfires are emerging into the area of your offices

Imagine that two risks have a risk score of 20 on a scale of 25. But Risk A will likely to occur in a two to three weeks where Risk B will take at least six months. Which risk merits your attention most? See the difference?

How to Reduce Risk Evaluation Bias

We all have biases; many are helpful. In projects, we have biases towards successful projects and motivated teams. If a project sponsor says that schedule is the top priority, the project team has a bias towards meeting the schedule.

However, some biases are harmful. Stakeholders may attempt to sway project decisions in unfair ways. These biases undermine the health of the project and breed distrust.

Let’s look at different types of biases and ways to reduce bias in the risk evaluations. These steps will help ensure the right decisions are made for the right reasons.

What are the Motives and Perception?

Stakeholders may exhibit different types of bias. PMI’s Practice Standard for Project Risk Management explains motivational bias is “where someone is trying to bias the result in one direction or another.” Cognitive biases occur as people make inferences in an illogical fashion. Cognitive biases are based on people’s perceptions.

How to Manage Bias

  1. Uncloak the bias. Project managers should watch and listen for bias. Expose the bias in one-on-one meetings or team meetings, whichever is most appropriate. Be careful – do not judge or challenge too quickly. Be slow to speak. Listen. Seek to understand.

  2. Have open conversations. When a bias is not understood, the project manager should dig deeper. If the bias is based on the wrong perceptions, provide the facts. If the bias is ill intended, ask non-threatening questions that allow the individual to understand how the bias may negatively affect the project.

  3. Reduce the subjectivity. Project managers use qualitative methods to evaluate risks quickly. Some project managers fail to understand that they may be creating greater bias. Let’s look for ways to reduce the subjectivity while keeping the convenience and speed of the qualitative methods.

How to Reduce Bias When Evaluating Risks

For small projects, I use a KISS (Keep It Super Simple) Method for qualitative risk assessments. This one-dimensional technique involves rating risks as:

  • Very Low
  • Low
  • Medium
  • High
  • Very High

While the KISS Method is a simple and quick way to prioritize risks, it is also subjective and open to greater bias. When I use this method, I focus on open and honest conversations about the ratings.

A more common qualitative method is the two-dimensional Probability/Impact matrix. With this method, we rate probability and impact on a scale such as 1 to 10, with 10 being the highest. This method provides a more in-depth analysis of risks as compared to the KISS Method. However, a scale of 1-10 is still highly subjective.

How can we reduce the subjectivity?

The first step is to define qualitative terms (e.g., Low – Very High) for the ratings. Here is an example:


Another step is to define ranges for the scale (e.g., 0-5% for Low). Defining the scale reduces subjectivity and drives greater consistency in the ratings.


If the probability or likelihood of a risk is approximately 15%, we assign a probability rating of 5. If the potential impact on the budget or schedule is 55%, we assign an impact rating of 9. The resulting risk score would be 45 (i.e., 5 x 9 = 45).

If stakeholders need objectivity, perform a quantitative risk analysis. Quantitative risk analysis takes more time than qualitative risk analysis. However, this method provides objective information and data for business decisions.

Read: How to Actually Perform a Qualitative Risk Analysis>>


My Top 10 Most Popular Blog Posts of 2017

My aim this year was to help more project managers than ever. It happened. Allow me to share the results of my most popular blog posts of 2017.

picture of Harry Hall writing my most popular blog posts of 2017

One of my goals was to have 50,000 people visit the Project Risk Coach website. Thanks to you, I had more than 57,500. Visitors spent an average of 4 minutes and 29 seconds per visit. My visitor traffic continues to grow at a steady pace. I experienced a significant increase in the last quarter of 2017.


Where were the visitors from? Here were the top counties:

  • The United States
  • The United Kingdom
  • Australia
  • India
  • Canada

Most Popular Blog Posts of 2017

You may have noticed that I wrote more about project risk management than ever with a sprinkling of general project management articles. Hopefully, you’ve gained further insights for identifying, evaluating, responding to and controlling your risks.

  1. How to Develop a Project Charter
  2. 7 Things You Ought to Know About Identifying Risks
  3. How to Determine Project Budget Reserves
  4. 7 Ways to Treat Risks
  5. The What, Why, and How of Projects
  6. How to Improve Results With Better Risk Statements
  7. 7 Ways to Identify Risks
  8. How to Think Ahead With a Project Plan
  9. 7 Benefits of Keeping a Project Journal
  10. How to Build and Use a Risk Register

Focus of 2018

I am grateful that the demand for my consulting services, particularly in the P&C insurance industry, has been great in 2017. In 2018,  I’d like to teach more with individuals and small groups, both online and face-to-face.

I see my primary audience as practicing project managers in the United States with a college education. Most are between the ages of 30 and 60 and most work in the financial industry.

Irrespective of where you live or what you do, I hope you will find the Project Risk Coach as a go-to resource for project management tips, tools, and techniques.

Please Take My Reader Survey

Reader Survey. Please help me help YOU. It is my sincere desire to provide greater value to you in 2018. Click here to complete a quick survey.

7 Ways to Identify Risks

one person interviewing another person to identify risksSuccessful project managers have a common trait – they identify and manage risks. Let’s look at seven tools and techniques to identify risks.

Often project managers start with a splash. They get the team together, identify lots of risks, and enter them into an Excel spreadsheet. However, the risks are never discussed again.

What happens when project managers and their team fail to identify risks in an iterative fashion? Teams spend their time and energy on things that do not matter. Risks are not identified and turn into more costly issues. Project teams are not aware of emerging killer risks.

How to Improve Results With Better Risk Statements

Vague risk statements lead to poor risk response planning. When organizations or project teams fail to respond to significant risks (i.e., threats and opportunities), these groups fail to achieve their goals and reach their potential. Risk management starts with identifying risks and writing clear risk statements.

man writing better risk statements

Why do people define risks poorly? I am convinced that most people simply don’t know how. Allow me to share some simple tips that can improve your ability to write clear risk statements.

Test Your Risk Statements

When I ask someone to identify a risk, individuals often respond with something  like “there is a conflict between two executive sponsors” or “the estimates are incorrect” or “we are experiencing system outages.” But these are facts or conditions that are true, not statements of uncertainty. In other words, these are causes that give rise to uncertain events or conditions.

How to Identify and Manage Secondary Risks

Have you ever tried to address an issue and created a different problem?

A response to risk can create other risks. These secondary risks may be more significant than the primary risks if we are not careful.

Secondary Risks

Photo courtesy of Adobe Stock (edited in Canva)

One of the Pink Panther cartoon episodes pits the Pink Panther against a mouse in his house. The mouse was driving the Pink Panther crazy; he had to find a way to eliminate this problem.

The Pink Panther, dressed in a catsuit, chased the mouse out of the house and down the street. The neighborhood dogs pursued the “cat.” The Pink Panther ran for his life but was torn to shreds.

What is a secondary risk?

A secondary risk is a risk that is created by a response to another risk.

7 Things You Ought to Know About Identifying Risks

Increase Your Risk Management IQ

Every project manager deals with risks. We all face significant uncertainty. Allow me to share seven things you ought to know about identifying risks.

Project managers must address unrealistic time frames where failure seems unavoidable, scope creep, ambiguous requirements, delays from third parties, and the lack of required skills, to name a few.

man stopping dominoes from falling


How do we manage risks and the causal factors?

Risk management begins with the practice of identifying risks. In this process, we consider future events or conditions that may impact our ability to achieve our goals. Risk identification includes figuring out where, when, how, and why such events may occur.

Not sure how to get the most value from risk identification? Well, here are answers to common questions. If you understand these basic principles, you have the foundation for an effective and efficient risk identification process.

How to Actually Define Risk Categories

Tom is the program manager for a large, complex program comprised of eight projects. He thinks his project managers have identified most of their risks, but he’s not sure where to focus his attention. What areas have the highest risk exposure? Let’s look at how to actually define risk categories and how they can help Tom (and you).

a hierarchy chart representing risk categories

What are Risk Categories?

Risk categories allow you to group individual project risks for evaluating and responding to risks.

Project managers often use a common set of project risk categories: schedule, cost, quality, and scope. But project managers may use other categories.

The Risk Management Plan

Most of your project problems can be avoided or greatly reduced through risk management. The simple act of identifying and discussing risks goes a long way towards reducing problems in your project.

Let’s look at how to start the risk management process. Here are some questions that we should answer.

  • How will you identify risks?
  • Who will be involved?
  • How often will you perform risk management activities?
  • What tools and techniques will you use?
  • Who will own the project risks

How to Plan Your Risk Management From Start to Finish

Steven Covey introduced the concept of Quadrant II activities—working on things that are important but are not urgent. Planning is a powerful Quadrant II activity that can save you time and energy. Think about the future so you can make better decisions in the present. Let’s talk about how to plan your risk management from start to finish.

picture of clip board

First Things First

Some people think of risk management plans in the wrong way. Risk management plans are not a list of risks and what you plan to do (e.g. risk register). Rather the plan is your approach to risk management.

  • How do you plan to identify and evaluate risks?
  • How will you develop risk response plans?
  • How will you periodically review risks and your risk management processes?
  • What are your risk thresholds?
  • How will you escalate issues?

Here are four tips for creating your plan.