What Project Managers Should Know About Monitoring Project Risks


  •  Minute Read

Many project managers do a great job of identifying risks. Some even evaluate risks and develop response plans. However, project managers get busy as their projects progress and fail to monitor their risks, resulting in challenged or failed projects. Here are some key factors that you should know about monitoring project risks.

Do Project Managers Really Control Risks?

I've heard countless debates about whether a project manager can control risks. First of all, what does it mean to control something? Here's the Merriam-Webster dictionary defines control as:

Definition of CONTROL

a to exercise restraining or directing influence over regulate 
  • control one's anger
to have power over rule 
  • A single company controls the industry.
to reduce the incidence or severity of especially to innocuous levels 
  • control an insect population; control a disease

Can project managers really control project risks? Feels more like herding cats, doesn't it?

So, why do people push back on controlling risks? These individuals take the term control literally. They argue, "no one has absolute control over projects."

I'm not sure, but I think these issues resulted in the changes in the Project Management Body of Knowledge (PMBOK). The authors of the 6th Edition changed the Control Risks process to Monitor Risks.


PMBOK 5th Edition
Control Risks

The 5th Edition included the process called Control Risks which was defined as "The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project."

PMBOK 6th Edition
Monitor Risks

The authors of the 6th Edition changed the Control Risks process to Monitor Risks"Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project."

Let's move beyond the debates and talk about monitoring project risks and getting results.

Four Steps to Monitoring Project Risks

1. Monitor Agreed-Upon Risk Response Plans

For each risk or set of risks, a response should be planned. Risk owners or their assigned risk action owners execute the plans. Some risks merit an immediate response. For example, if a supplier fails to meet a deadline, the supplies are ordered immediately from another vendor.

Jim, the project manager of a key strategic project, has monitored the residual risk – the amount of risk remaining – for his most significant risks. One of the key risks had a 60% probability of occurring with a $22,000 impact on a $100,000 project. The risk owner took action that decreased the residual risks and the probability dropped to 20% with an impact of $4,000.

Jim determined that it would be too costly to reduce the risk further. Therefore, he asked the risk owner to monitor the risk and to develop a contingency plan. The risk owner reported to Jim once each month on the risk.

Project managers work with the risk owners to evaluate the effectiveness of the responses. Responses are modified as needed.

2. Track Identified Risks

The project manager uses tools to track the overall project risk. Are the risk response plans ensuring that the project team delivers the project on time, on budget, and in accordance with the requirements?

Trigger conditions are defined when defining risk response plans. Project managers work with the risk owners to determine the trigger conditions and the related metrics. For example, additional resources may be added to an activity if the activity falls behind schedule for two weeks or more.

Monitor Project Risks

Are you struggling to deliver your projects consistently? Let's look at how to monitor project risks.

3. Identify and Analyze New Risks

New risks arise over time. For example, an insurance company was implementing a new policy administration system. A vendor delivered an update while an insurance company was testing major modifications in their interfaces. As the new code was introduced, there was the risk of breaking the interfaces.

Project managers periodically work with their project team to identify new risks. What’s new? What has changed? What have we overlooked?

Project managers should identify new risks for the following events:

  • Major changes to the project or its environment
  • Key milestones reached
  • Occurrence of a major risk
  • Unexpected risks
  • Changes in key team members or stakeholders

4. Evaluate Risk Process Effectiveness

So, you’ve implemented the risk management processes:

  1. Plan for risk management
  2. Identify risks
  3. Perform qualitative risk analysis
  4. Perform quantitative risk analysis
  5. Plan risk responses
  6. Implement risk responses
  7. Monitor risks

That’s great! Are the processes of delivering the results you expected efficiently and effectively? Are you spending too much time in certain areas and not enough time in other areas? Seek to reduce the cost of risk management while ensuring that you accomplish your project goals.

Your Turn

Think about your projects. If you compare the degree of variation from your baselines, how are you doing? Would you say your projects are staying within the expected limits? Or perhaps one project is like a car that is swerving all over the road. You wonder if you will ever get home. If so, make the necessary adjustments in monitoring project risks.

You may also like