Umbrella, take it or leave it

When you look out of your bedroom window in the morning to see dark stormy clouds – do you think I better remember my umbrella or it won’t rain today? Are you risk aware or cross your fingers type of project manager?

The word risk can do one of two things for a project manager – they use it to actively manage project success or tick off another register from the methodology to do list.

Risk management is a foundation discipline in project management and yet there is confusion in project communications between the Project Sponsor, Project Team and Stakeholders – you know the look you get when they are asked to attend a risk workshop.

My definition of a project risk

Risk = an event that may happen and if it does will impact your project’s deliverables. Whereas an issue is something that has already happened and you need to take action now.

So how can we make it simple for the people we work with, to get them involved, have them take responsibility and find ways better ways to communicate the importance of risk management.

There is so much material available on line and your organisation should have an approved risk management framework in place. No matter what you use, know about it or have heard from professionals it will be based on the international standard ISO 31000:2009 Risk Management.

To help you start the process, these are the basic elements recommended for a project risk management approach:

Risk Register

The single source of truth that is actively maintained at each review point. Maybe for you that is 6 weeks before critical milestones or prior to moving to the next stage of your project. Remember to plan for these reviews, workshops require preparation and people – this is not one person’s role, it takes a team.

Risk Category

Is a grouping of likely events for analysis and reporting. The categories are applied across the portfolio and are not specific to your project. Some organisations use groupings such as reputation (brand), compliance, environment, finance, resources…
Risk Event – describes the situation, what could happen, who does it impact, when could it occur. Give the event a name and unique ID for tracking. Link the event to a project deliverable.

Risk Assessment

A process to calculate the likelihood and consequence (impacts) of the event occurring. Give it a rating (measure). Some organisations use critical, high, medium, low or 5, 4, 3, 2, 1. There are two assessment measures, first is for the initial calculation and the second is the residual calculation based on the expected effectiveness of the mitigation plan.

Risk Mitigation

A plan of strategies and actions to reduce the likelihood and consequence of the event happening. Focus on the critical and high rating risks and plan mitigation actions. These actions should be added to your project schedule, have budget allocated and a resource assigned for reporting the status of the action. Remember the good old traffic light red, amber, green – it works a treat.

Risk Trigger

Identify what evidence or incident tells you your risk has eventuated and you need to take immediate action – you are now in issue management.

Take time to explain the risk management process, you may know it and understand its value but don’t assume everyone does. Keep it simple, make it relevant by telling stories.

So, if you notice dark stormy clouds (event), you take an umbrella to work (mitigation) and if the rain starts to fall (trigger) the likelihood of you getting wet is very low (assessment). That’s how easy it is to identify, assess, plan and control risks.

What story are you telling your teams about risk management – we must do this, we probably should do it, or we don’t have time?

Whatever approach you take, make sure your Project Sponsor and Project Team are on board – you don’t want to be the only one standing there in the rain getting soaked.

If you would like a risk register template, contact me at

Written by Jeanette Cremor
Independent Project Consultant

Image source: Unsplash
Photographer: Todd Diemer