12 Sure-Fire Ways to Improve Project Risk Management

    2=Planning, 4=Control, Leadership, Productivity

  •  Minute Read

Mike was a functional project manager in an organization where I managed a PMO. He was winsome and a hard worker. But his projects were trending in the wrong direction and his manager was not happy with Mike's performance.

In a one-on-one meeting, I asked Mike how he was identifying, analyzing, and managing his risks. He supported risk management in principle but was not actually applying it with his teams. 

Why? Frankly, he did not know how. Warren Buffett says, "Risk comes from not knowing what you are doing."

12 Risk Management Problems and Solutions

Today, I want to share 12 powerful ways to improve risk management and drive more consistent results. I will first present a common reason for poor risk management and then present a better way to apply risk management.

  1. Failure to lead by example. In order for organizations to mature and benefit from risk management, leaders including sponsors and project managers must walk the talk. People resist change. Without a consistent example by those in authority, people will likely seize opportunities to revert to their former behaviors. What must we do? Lead by example.
  2. Failure to focus on the risks that matter. Some project managers start their programs and projects with gusto. They facilitate risk identification exercises that result in a boatload of risks.  However, there is no evaluation and prioritization of risks. And for these reasons, people become overwhelmed and take no action. Be sure to evaluate and prioritize risks.
  3. Failure to right-size risk management. Some project managers adopt a risk management plan from another project manager with little change. The plan may require too much or too little process and fail to help the team achieve its objectives. Make sure the risk management plan is tailored to the project at hand.
  4. Failure to develop risk management habits. Some organizations identify and evaluate risks, but they fail to continue the process. Teams must periodically reassess risks and adjust response plans in order to manage the risks effectively in a changing environment.
  5. Failure to identify risks early. Some project managers wait until things are out of control before they exercise risk management. Identify and evaluate risks early in new programs and projects.
  6. Failure to involve high-power / high-interest stakeholders. Powerful stakeholders have a way of showing up late in the game and disrupting the flow of things. These people have no evil intent. Rather, they simply were unaware of new strategies, processes, and projects. Once they discover the initiative, the stakeholder can greatly impede a team’s efforts to complete the related activities. Identify, engage, and communicate with key stakeholders.
  7. Failure to be transparent. There are times when it’s appropriate to withhold or postpone the release of information. However, make your risks known when possible. Coach, author, and speaker John Maxwell says there is value in transparency. Share the risks with your team and get their help.
  8. Failure to capture risks in a consistent format. Have you ever looked at a risk register and found yourself confused and frustrated? The risk descriptions were difficult to understand. Use this simple syntax: Cause -> Risk -> Effect when writing risk statements.
  9. Failure to evaluate whether the risk responses are effective. Until we take action to manage risks, nothing matters. Once we respond, we must evaluate the effectiveness of our actions. Are we getting the results we expected? Evaluate responses and tweak the response plans as needed.
  10. Failure to engage risk owners. Some project managers try to manage ALL the risks themselves. For example, a project manager with no information technology background may be trying to address technology risks. Identify and recruit risk owners who have the expertise and ability to develop and execute effective risk response plans.
  11. Failure to make risks specific. Risk statements are often too general (e.g., we may lose business). No one understands the root issues. Try digging deeper by using the 5 Whys. Rewrite the risk statements with greater specificity in the cause of the risk, the risk itself, and the effect.
  12. Failure to focus on the objectives. Individuals can drift in their thoughts and efforts. We move from one topic to another topic and find ourselves lost at sea. We’ve forgotten why we started the journey. Consistently point team members and other stakeholders to the project objectives.

Start your preparation for



Have you been thinking about taking the PMI-RMP® exam? And are you ready to begin your preparation? Join me in the PMI-RMP® Short Course

You may also like

What is a RAID Log?

What is a RAID Log?