Project risk management involves identifying, assessing, prioritizing and controlling negative, and positive, risks. With good risk management, projects can greatly improve their success, and avoid failure or identify new opportunities.
To do a project risk assessment you have to identify risks, analyze risks, determine a risk response and document the risks. Then you have to consider how to make the risk assessments part of your project management, get stakeholders involved and clarify risk owners.
There are several types of risks that need to be managed in a project. Risks can come from various sources, for example:
According to the standard ISO 31000 "Risk management – Principles and guidelines on implementation" (Source), risk management can include identifying positive risks, i.e. opportunities. They describe a risk as the "effect of uncertainty on objectives (Source)". Effect can be a positive or negative deviation from what is expected.
Risk management is an opportunity to spot potential risks, put a procedure in place to control risks, and to monitor those risks and spot new ones as they arise.
References and resources