What are the 5 steps in a Risk Management process?

Risk management in projects involves identifying, assessing, and controlling risks.

risk management

Here is a traditional risk management process:

Step 1: Identify

Identify risks that could impact your project. There are various ways to identify risks, for instance by using the following methods:

  • Root Cause Analysis
  • Documentation Reviews
  • Threat modeling
  • Pre-mortem
  • Post-mortem
  • Nominal group technique
  • Facilitated workshops
  • Scenario analysis
  • Brainstorming
  • Interviews
  • Cause and effect diagrams
  • Delphi technique
  • Affinity diagrams
  • Prompt list
  • Checklist analysis
  • Failure modes and analysis
  • Assumption analysis
  • Do a visual inspection of the area
  • Inspect accident / incident reports
  • Inspect engineering change proposals, technical publications, manuals, or safety data sheets.

Step 2: Analyze

Rate risks based on impact and likelihood.

Step 3: Prioritize

Based on the rating, find out which risks are unacceptable and urgent to be mitigated.

Step 4: Action plan

Identify solutions against those risks which are seen as a priority. What are you already doing? What further action is necessary? Action by whom? Action by when? Assign an owner to the risk.

Step 5: Monitor and review

Communicate results from the risk assessment with your team and relevant stakeholders. Continue to monitor risks.

Keep in mind

In addition, it is important to think about residual risks, meaning the risk that remains after mitigating the original risk. And secondary risks, which are new risks that come as a result of mitigating a risk. When avoiding, reducing or transferring a risk, often new risks are triggered.

Some risks might be considered insignificant, however as they interact with other events, or conditions, they might cause great damage, or create a significant opportunity.

risk management

Interested in learning more?

References and resources

  • ISO 31000:2018, (2018) Risk management – Guidelines, provides principles, framework and a process for managing risk. Source
  • Deloitte & Touche LLP. (2012). Risk assessment in practice. Deloitte. Source
  • Shore, D. A. (2016). What Could Go Wrong? How to Manage Risk for Successful Change Initiatives. Harvard Professional Development. Source
  • American College of Healthcare Executives. (2017). Leading a Culture of Safety: A Blueprint for Success. Source
  • PwC Risk in Review. (2017). Managing risk from the front line. PwC. Source
  • Canadian Centre for Occupational Health & Safety, 2019 Source
  • Park, K. (2015). Risk angles. Deloitte. Source
  • Perez, J. C. (2016). Assessing risk from vendors and other third parties is key to business success. Qualys Blog. Source
  • The Institute of Internal Auditors. (2014). Managing third-party risks. Source