FAQ

What are the five steps in a Risk Management process?

Risk management in projects involves identifying, assessing, and controlling risks. Here is an example of a simple and easy risk management process for beginners.

Step 1: Identify

Identify risks that could impact your project. There are various ways to identify risks. If applicable, do a visual inspection of the area, inspect accident / incident reports, engineering change proposals, technical publications, manuals, safety data sheets, or existing checklists. Use predictive scenarios to brainstorm hazards and risks, by using for example a 'pre-mortem' method.

Step 2: Analyze

Rate risks based on impact and likelihood.

Step 3: Prioritize

Based on the rating, find out which risks are unacceptable and urgent to be mitigated.

Step 4: Action plan

Identify solutions against those risks which are seen as a priority. What are you already doing? What further action is necessary? Action by whom? Action by when? Assign an owner to the risk.

Step 5: Monitor and review

Communicate results from the risk assessment with your team and relevant stakeholders. Continue to monitor risks.

Keep in mind

In addition, it is important to think about residual risks, meaning the risk that remains after mitigating the original risk. And secondary risks, which are new risks that come as a result of mitigating a risk. When avoiding, reducing or transferring a risk, often new risks are triggered.

Some risks might be considered insignificant, however as they interact with other events, or conditions, they might cause great damage, or create a significant opportunity.

Interested in learning more?

References and resources

  • ISO 31000:2018, (2018) Risk management – Guidelines, provides principles, framework and a process for managing risk. Source
  • Deloitte & Touche LLP. (2012). Risk assessment in practice. Deloitte. Source
  • Shore, D. A. (2016). What Could Go Wrong? How to Manage Risk for Successful Change Initiatives. Harvard Professional Development. Source
  • American College of Healthcare Executives. (2017). Leading a Culture of Safety: A Blueprint for Success. Source
  • PwC Risk in Review. (2017). Managing risk from the front line. PwC. Source
  • Canadian Centre for Occupational Health & Safety, 2019 Source
  • Park, K. (2015). Risk angles. Deloitte. Source
  • Perez, J. C. (2016). Assessing risk from vendors and other third parties is key to business success. Qualys Blog. Source
  • The Institute of Internal Auditors. (2014). Managing third-party risks. Source