You are here: Home Blogs A Risk Management Implementation
Thursday, 14 June 2012 18:54

A Risk Management Implementation

Written by 
Rate this item
(0 votes)

As program or project managers, we have our hands full with the day-to-day management of our initiatives, and it is difficult enough to keep a lid on all the tactical actions that are taking place, let alone plan for the future.  Nonetheless, we all know that planning is a key element to success. Most successful program or project managers are effective because they simultaneously balance the immediate challenges and demands facing them with future needs, opportunities and risk-avoidance. In particular, they are able to do so because they identify and communicate these elements at the right levels throughout the organization. How do successful program and project managers remain successful in their day-to-day work while spending only the minimum amount of effort directed towards long term ends?

The focus of this article is a specific risk management strategy which we believe is simple to implement and can directly help to improve one’s ability to identify, manage, and effectively communicate risks.

What are “Risk” and “Risk Management”?

What are risk and risk management? According the PMBOK®, Risk is an uncertain event that can be either positive or negative. Additionally, risk management is, “… the systematic process of identifying, analyzing, and responding to project risk.” Risk management incorporates various processes. Models differ – one example is Risk Planning, Identification, Qualitative Analysis, Quantitative Analysis, Response Planning, and Monitoring and Controlling. While risks are “uncertain” events that have not yet occurred, an Issue is an event that has already transpired. A trigger is an indication that a risk is about to or has occurred, and is usually based on parameters that have been “set off”. This brings us to the following diagram, which depicts Issues arising from Risks.


Before we delve into the details of Risk Management implementation, we want to discuss a few aspects of risk. First, by definition, projects are the creation of a unique entity; therefore, a certain amount of risk will always be present. Secondly, one must acknowledge that risk is not bad and, as we have discussed in a previous article (RISK – the PM’s Best Friend), when managed effectively, risk control can yield positive outcomes for the program or project manager and their program/project. While some consider “risk” to be intrinsically negative, risk outcomes can be positive. Such positive risks, or opportunities, as they are commonly referred to, are the events you seek to act upon to create a net positive impact on your project.

When our goal is the identification of project risks, it is helpful to categorize them; when does this risk arise and where is likely to have impact?  For instance, is the project risk sourced within technical, quality, schedule, or resource aspects of the project? Balancing risk categories can help provide greater assurance that one is being effective when examining various areas of the project.

A Specific Risk Management Implementation

For years, each of us have used and practiced a similar Risk Management implementation (process and tool) which has proven to be quite simple, yet effective.


The specific implementation discussed here includes a tool and its associated processes. The tool or Risk Register (in our case a Microsoft Excel Spreadsheet) provides a mechanism for capturing project risks and issues, yet also covers all of the PMBOK® KPA processes, with the exception of Risk Planning. We suggest Risk Planning can be covered within one’s Project Management Plan. The planning component within the Risk Management plan can be relatively short (summarized within a couple of paragraphs) by referencing the self-contained Risk Register, identifying the methods for updating the Risk tool, and communicating the Risks and Issues from the Risk tool.


As stated previously, we choose to manage some project risks via a spreadsheet template (see diagram).











As can be seen, each of the processes is included within the spreadsheet (or Risk Register), with the exception of risk management planning. The idea is that each horizontal entry represents one Risk or Issue. If it is a risk, the format for capturing it is in a specific format: “IF <event> BY <date> THEN <consequence>.” Because risks are uncertain events, it is useful to state them in this format so that the point at which this Risk may become an Issue is clear. Note: not all risks become issues; that is part of their inherent uncertainty.

As part of Risk Identification, we also capture the date on which the risk was identified and the category to which the risk belongs. Risk identification has been shown to be a significant part of risk management  in that it makes one aware of potential events or issues that may impact the group.

Following this, we want to quantity and qualify the individual risk itself. Many organizations use a “risk matrix” to control this (e.g. magnitude and likelihood). The mechanism employed here multiplies the probability of risk (value between 0.0 and 1.00) by the Impact of the risk if it were to become an issue (values range 1 to 100). This produces a REN or Risk Event Number, a way of ascribing a value (1 to 100) to each risk. Depending upon your organization’s preferences, you may consider color-coding the REN cell (clear, yellow, red) as a means of drawing attention to high-probability, high-impact risk.

Additionally, this mechanism enables us to collectively sort all of the risks, allowing us to recognize at any point how close any particular risk is to turning into an issue. It also allows users to sort and compare project risks.

Continuing left to right, the next field is labeled “Mitigation.” Within this field, we want to capture our Risk Mitigation Plans. This requires that we look ahead, consider and plan as to what we will do to manage our Risks and their potential progression to becoming Issues. We find that having multiple plans in place helps to maintain a balance as to how we’ll manage our Risks. To this end, we prefer to categorize the plans as either MITIGATE, MONITOR, ENCOURAGE, or ACCEPT.

The last two fields include the Risk Owner (who is primarily responsible for the Risk) and a running status of the risk. The latter should be updated each time the risk status is changed, so that one has a history log for all the risks.

Maintaining and Reporting

Through the process of periodic evaluation and review of the Risks (e.g., PM to review Risk Register with entire team on a monthly basis) and updating Issues and Risks individually when necessary, the Risk Register becomes a “living” record. This includes the current potential for a Risk becoming an Issue (via REN), as well as its current owner and status.

Additionally, reporting top risks (via sorting of highest value REN) allows your audience (e.g., team members, customers, and senior staff/sponsors) to quickly notice potential issues that could impact your project, as well as develop plans to deal with associated risks and issues (via the Risk Mitigation Plan section).


This article has provided an overview of a specific Risk Management implementation that can be adapted to most projects. While risk management is far more than maintaining a Risk Register, the tools for making decisions are essential. As a result, it is the hope of the authors that you will find these tools and their implementation useful for providing a framework in which you, too, can be a successful manager of program and project risk.



Article Author Bios

Gareth Byatt, Gary Hamilton, and Jeff Hodgkinson are experienced PMO, program, and project managers who developed a mutual friendship by realising we  shared a common passion to help others and share knowledge about PMO, portfolio, program and project management (collectively termed PM below). In February 2010 we decided to collaborate on a three (3) year goal to write 50 PM subject articles for publication in any/all PM subject websites, newsletters, and professional magazines / journals. Readership of the articles is continuously increasing and we are fortunate to have assistance from people around the world who have taken the time to translate our articles into Arabic, Czechoslovakian, French, German, Indonesia, Italian, Korean, Spanish, Portuguese, and Russian for their readers.  Our articles are published on websites in 30 countries including Australia, Brazil, Canada, Chile, Costa Rica, Czech Republic, Finland, France, Germany, Hong Kong, Italy, India, Jamaica, Jordan, Netherlands, New Zealand, Nigeria, Pakistan, Panama, Poland, Portugal, Russia, Singapore, South Korea, Spain, Sri Lanka, Trinidad, Turkey, UK, Ukraine and the USA.

Our mission with these articles is to help expand good PMO, program, and project management practices by promoting the PM profession, to be a positive influence to the PM Community, be known as eminent influencers of good PM practices, and in earnest hope readers can gain benefit from the advice of their 66+ years of combined experience plus the expertise of co-authors who kindly write with us on particular subjects. As of December, 2011, we have been published over 500 times!  Along with writing articles, each also champions a role in the overall writing program collaboration process:

→      Gareth manages all requests for additional guest author collaborations

→      Gary manages the article development tracking and readership metrics

→      Jeff manages the article distribution and new readership demographics

Each of us can be contacted for advice, coaching, collaboration, and speaking individually as noted in their bios or as a team at:


Gareth Byatt has 16+ years of experience in project, program and PMO management in IT and construction for Lend Lease. Gareth has worked in several countries and lives in Sydney, Australia. He can be contacted through LinkedIn.  Gareth holds numerous degrees, certifications, and credentials in program and project management as follows: an MBA from one of the world’s leading education establishments, a 1st-class undergraduate management degree, and the PMP®, PgMP®, PMI-RMP®, PMI-SP® & PRINCE2 professional certifications. Gareth is a past Director of the PMI Sydney Chapter, he is currently the APAC Region Director for the PMI’s PMO Community of Practice and he chairs several peer networking groups.

He has presented on PMOs, portfolio and program and project management at international conferences in the UK, Australia, & Asia including PMI APAC in 2010. Email Gareth:



Gary Hamilton has 17+ years of project and program management experience in IT, finance, and human resources and volunteers as the VP of Professional Development for the PMI East Tennessee chapter. Gary is a 2009 & 2010 Presidents’ Volunteer Award recipient for his charitable work with local fire services and professional groups. He has won several internal awards for results achieved from projects and programs he managed as well as being named one of the Business Journal’s Top 40 Professionals in 2007.  Gary is the 5th person globally to obtain the six PMI credentials PgMP®, PMP®, PMI-RMP®, PMI-SP®, PMI-ACP®, and CAPM®.  In addition to these, Gary holds numerous other degrees and certifications in IT, management, and project management and they include: an advanced MBA degree in finance, Project+, PRINCE2, MSP, ITIL-F, MCTS (SharePoint), MCITP (Project), CSM (Certified Scrum Master), and Six Sigma GB professional certifications.   Email Gary: or contact him through LinkedIn.


Jeff Hodgkinson is a 32+ year veteran of Intel Corporation, where he continues on a progressive career as a senior program/project manager.  Jeff is an IT@Intel SME and blogs on Intel’s Community for IT Professionals for Program/Project Management subjects and interests.  He is also the Intel IT PMO PMI Credential Mentor supporting colleagues in pursuit of a new credential. Jeff received the 2010 PMI (Project Management Institute) Distinguished Contribution Award for his support of the Project Management profession from the Project Management Institute. Jeff was the 2nd place finalist for the 2011 Kerzner Award and was also the 2nd place finalist for the 2009 Kerzner International Project Manager of the Year Award TM. He also received the 2011 GPM™ Sustainability Award.  He lives in Mesa, Arizona, USA and is a member of Phoenix PMI Chapter. Because of his contributions to helping people achieve their goals, he is the third (3rd) most recommended person on LinkedIn with 590+ recommendations, and is ranked 72nd most networked LinkedIn person. He gladly accepts all connection invite requests from PM practitioners at: Jeff holds numerous certifications and credentials in program and project management, which are as follows: CAPM®, CCS, CDT, CPC™, CIPM™, CPPM–Level 10, CDRP, CSM™, CSQE, GPM™, IPMA-B®, ITIL-F, MPM™, PME™, PMOC, PMP®, PgMP®, PMI-RMP®, PMI-SP®, PMW, and SSGB.   Jeff is an expert at program and project management principles and best practices.  He enjoys sharing his experiences with audiences around the globe as a keynote speaker at various PM events.  Email Jeff:



Read 6736 times Last modified on Thursday, 14 June 2012 19:07

Jeff Hodgkinson is a 30+ year veteran of Intel Corporation, where he continues on a progressive career as a program/project manager. Jeff received the 2010 PMI Distinguished Contribution Award for his support of the Project Management profession from the Project Management Institute. Jeff was also the 2nd place finalist for the 2009 Kerzner International Project Manager of the Year Award TM. He lives in Mesa, Arizona, USA and volunteers as the Associate Vice President for Credentials & Certifications for the Phoenix PMI Chapter. Because of his contributions to helping people achieve their goals, he is the third (3rd) most recommended person on LinkedIn, and is in the Top 100 (81st) most networked. Jeff holds numerous certifications and credentials in program and project management, which are as follows: CCS, CDT, CPC‚ CIPM‚ CPPM-Level 10, CDRP, CSQE, IPMA-B , ITIL-F, MPM‚ PME‚ PMOC, PMP , PgMP , PMI-RMP , PMW, and SSGB (Six Sigma Green Belt). He is an expert at program and project management principles and best practices and enjoys sharing his experiences with audiences around the globe.

Login to post comments

News and Promotions

Keep up to date with the latest happenings by signing up for our newsletter. Subscribe below.

Twitter Update

Parse error: syntax error, unexpected end of file in /home/spektmedia/public_html/wp-content/plugins/ccode.php on line 82

Who's Online

We have 1360 guests and no members online

Got something to say?