Give Your Boss Confidence With a Risk Management Plan

Boost Your Confidence in Your Project With Risk Management

Hiker using ropes to scale a risky peak.

Ascent XMedia / The Image Bank / Getty Images

The best project managers have the full confidence of their line manager and project sponsor. The execs behind their projects believe them when they say they need extra funding, more resources, or help resolving a problem.

When you're working in risky situations, you need the right kit. Like a hiker with a backpack of rope and crampons, you need the tools to deal with project risk too.

You can boost your manager’s confidence in your project with a risk management plan. A simple five-step process can hugely transform how your boss sees your project (and you). 

What Is Risk Management in Project Management?

Risk management in project management is the process of identifying, assessing, and responding to project risks.

Project risks are things that might affect the project (positively or negatively, but generally people interpret risk as events that would have a negative impact on the project).

Whether your project is big or small, it will have risks associated with it. These risks could be anything from the risk of your school parade being rained off to the risk of a price increase to a critical component of your new circuit board.

Project risk, if not managed correctly, can make it harder to deliver your project successfully. Unchecked risks can add time to your schedule, work to your time, and money to your budget. Managers get nervous about this sort of thing. All of that can be avoided with a risk management plan.

Risk Management Planning

A risk management plan is a great way to increase your own confidence in the ability of your project team to deliver – and that spills over into increasing your manager’s confidence too. You want them to believe that you can do it, and you want them to be aware of what might stop you from delivering the project successfully. A risk management plan is a perfect tool to do that.

And guess what? It’s really easy to get started.

Project risk management is a simple five-step process. Let’s not make it more complicated than it needs to be. This is something you can get started on today, prepare to discuss it at your next meeting and have it finished as someone is typing up the minutes.

A 5-Step Risk Management Process

As with so many parts of project management, risk management is a process. The five steps are:

  1. Initiate
  2. Identify
  3. Assess
  4. Plan Responses
  5. Implement

If those terms don’t mean much to you right now, please stick with it – I’m going to explain it all.

Step 1: Initiate

First, you want to set the context for your risk management in your project management environment.

There probably isn’t an awful lot of work to do here because someone in your company will have already prepared a corporate risk policy and all you need to do is track it down. This will explain the company’s approach to risk and might even mandate the templates you need. Templates always save you a job, so look out for those too!

Even if you don’t have a corporate risk policy, someone else who manages projects alongside you may have a project risk management plan that you can copy. Why reinvent the wheel? Reusing documents is a must if you want to save time and get more done.

Use what you have found out to produce a risk management plan for your project. This is part of your overall project management plan and talks about how you are going to approach managing risk on your project.

If you don’t know what to put in it, read on! The next steps will give you a better idea of what to talk about in your risk management plan.

This improves confidence by: Showing your manager that you have an approach to dealing with uncertainty on your project and that you are actively going to manage risk.

Step 2: Identify

Once you’ve got an approach outlined, you can then start to work with it.

Now you identify the risks that are going to affect your project. This is only ever a snapshot in time and your risk register is something that you’ll want to come back to time and time again to ensure anything new is put on there as well.

You can identify risks by using a checklist of common risks, interviewing stakeholders on the project (especially the difficult stakeholders as they generally have a lot to say on what might go wrong), brainstorming sessions, and using your common sense.

You are looking for things that might cause problems if they ever happened. (Remember, risks haven’t happened yet. Project issues are things that have already happened.)

However you go about doing it, you should definitely involve other people. Alone, you won’t have the whole picture and you’ll end up missing things.

Risks can and should be identified by anyone. As a project manager, your job is to encourage your colleagues to raise risks with you so that as a team you can do something about them.

All the risks identified should be recorded in the risk register. If you have a project coordinator on the team or a project support person then they can do this. Otherwise, it is part of the administrative tasks for you to do.

This improves confidence by: Demonstrating that you are aware of the key risks that might affect your project and that you have a means in place to continually stay aware of new risks.

Step 3: Assess

Risks are then assessed for probability and impact. When you're assessing a risk, think about how likely it is to occur, how much it would cost to handle, and how much time it would likely add to your project timeline.

As a further measure, you can also assess proximity, which means how close in time is the risk likely to happen. A risk with high proximity would be potentially happening soon. A risk with low proximity might happen at some point in the distant future. This can give you another factor for prioritizing your time and energy when it comes to dealing with the risks.

This improves confidence by: Ensuring your manager that everyone on the team has a clear idea of what would happen should any of these risks actually materialize.

Step 4: Plan Responses

Now we come to the meaty part of your risk management plan. In this step, you work out how to manage the risk by identifying an appropriate response.

We do this because up until now all you’ve got is a list of what might happen to throw your project off course in the future and how big a deal that would be. What your manager will want to know next is: What are you going to do about it?

Generally, there are four things that you can do to address and manage a project risk. They are:

  • Avoid: Take steps to prevent this outcome from occurring.
  • Transfer: Shift responsibility onto another party, such as with an insurance policy.
  • Mitigate: Take action to reduce the problem's impact if it does occur.
  • Accept: Understand that the risky outcome may occur, and with the consent of your team take no action to prevent it.

Some of your risks might have a positive outcome. For example, there’s a risk that you sell so much of the new product that you crash the phone lines. That would be a nice problem to have, but it’s still a risk that you should plan for.

There are a number of ways that you can prepare for a positive risk happening including:

  • Exploit: Do your best to make sure this outcome occurs so you can reap the rewards.
  • Share: Work with another colleague or company to make a positive risk more likely.
  • Enhance: Influence the factors that might contribute to a positive outcome and try to get even more benefit.
  • Accept: Acknowledge the possibility of a positive risk and do nothing.

You’ll need to work out which response strategy is the best one for every risk on your register. For example, you might decide that the risk of the factory roof collapsing is something you’ll simply accept as it isn’t likely to happen. However, the risk that food poisoning takes out half your workforce is something you are actively going to mitigate by retraining all your catering staff. If it has happened before and is actually quite likely unless you do something about it, you will want to mitigate the risk.

Once the response is identified and agreed upon, risk owners can be appointed to carry out the risk management action plan. In other words, you need someone to be accountable for seeing through the tasks you agree on in your plan.

This improves confidence by: Showing your manager that you have considered what to do about the things that might cause problems for your project and that you are putting plans in place to reduce uncertainty and risk on the project.

Step 5: Implement

Your risk management plan should by now include who is going to be responsible for doing the risk mitigation activities for each risk. They should now work through those tasks so that you are actively managing the open risks.

This improves confidence by: Demonstrating that you and your project team can follow through on what you said you would do. By reporting on what you have achieved and the risks you have mitigated, it shows your management team that you are serious about delivering and doing what it takes to future-proof your project against problems.

Once a risk has passed – when it is no longer relevant because it either has happened or can no longer happen – you can close it from your risk register.

Putting this project risk management plan in place can set you apart from other managers. Your own boss will have the evidence that you can think strategically and creatively about what might cause your project to come unstuck, and – most importantly – do something about it. You’ll be the person actively managing problems before they happen, sweeping away roadblocks and being prepared for anything!

Being seen to be good at managing project risk is a surefire way to be seen as a safe pair of hands by management. You don’t need loads of experience or certificates to start managing project risk successfully (although formal qualifications in risk management do exist). This easy five-step process will soon mean that project risk management is embedded in your project plans.