Skip to content

You’re accessing archived content

This is archived content from the UIT website. Information may be outdated, and links may no longer function. Please contact stratcomm@it.utah.edu if you have any questions about archived content.

PMO Corner: 3.5 Steps to Effective Risk Management

Note: This column is part of a new monthly feature “PMO Corner,” which highlights current events in UIT's Project Management Office.

Jayci Minjares, IT Project Manager

In project meetings we unknowingly discuss risk, in the context of “what-ifs?” The project team may not realize these risk factors, so risks are not assessed or managed until the risk occurs. There are also many different types of risks that can affect a project, such as schedule, cost, scope, environment, new or old technology, executive support, and security. Risk is one of many reasons why a project manager can help your projects be successful. 

3.5 steps to effective risk management

Risk Management is the identification, assessment, and prioritization of risks. The Project Management Institute (PMI) outlines the risk management processes as:

  • Plan Risk Management
  • Identify Risks
  • Qualitative Risk Analysis
  • Quantitative Risk Analysis
  • Plan Risk Response
  • Control Risk

Step 0.5: Ask questions

Before starting the risk management process, meet with the project sponsor and other stakeholders to ask a few questions, such as "Is time or cost the key driver on this project?" and, "If an event occurs where the timing of the project could be saved by going over budget, would that be acceptable?" These types of questions ensure the next three steps will focus on what exactly is critical to key stakeholders (rather than what is assumed to be important).

Step 1: Identify what could go wrong

The goal of step 1 is to identify possible threats to a project. Risk identification techniques include: researching publicly available risk registers; meeting with subject matter experts to ask what they're most concerned about; reviewing past projects; and brainstorming (Nominal Group Technique).

Step 2: Prioritize

Step 2 involves prioritizing your list of risks, such as high/low, or most likely, likely, not likely, never.

Step 3: Take proactive action

Address the prioritized risks using these four methods (to easily remember this strategy, use the mnemonic "A-CAT")

  • Avoid risk: change plans to circumvent the problem
  • Control/mitigate risk: reduces impact or likelihood (or both) through intermediate steps
  • Accept risk: take the change of negative impact (or auto-insurance), eventually budget the cost (e.g. via contingency budget plan)
  • Transfer risk: outsource risk (or a portion of the risk) to a third party or parties that can manage the outcome

Risk management then continues through the project lifecycle, meaning the previous 3.5 steps discussed are revisited until the project is complete.

For more useful tips and articles related to risk management, visit projectmanagement.com or pmi.org.


Did you know?

There are positive risk opportunities that need to be identified, too. Both positive and negative risks should be tracked in your project’s risk management plan. Per the PMBOK Guide 5th edition, the following are used to manage positive risks:

  • Enhance – Increase the chance of a risk happening in order to realize the benefit
  • Exploit – Do not try to realize the opportunity; work hard to ensure that the opportunity does not go unrealized
  • Accept – Don’t take any action to realize the opportunity
  • Share – When you aren't capable of realizing this opportunity on your own, team up with another company and work together to realize the opportunity

Examples of positive risks include reducing your workload, growing your business, and completing a project early.


References:

Bruce Garrod, 3.5 Steps to Effective Risk Management

Project Management Institute

Share this article:

 

Node 4

Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.

Subscribe

Categories

Featured Posts

Last Updated: 5/9/25