top of page


Managing Risk well is vitally important to the success of your project. Every project has unknowns so you want to identify as many of them as possible. Then you want to

Rank them so you know which ones to give more attention to. Finally you want to plan how you will respond to each high ranking risk, whether immediately, or waiting to see if it comes along.


You may find yourself managing a very complicated and/or very risky project. Fortunately there are Risk Management Tools  available to help you. The tools presented here will serve you well in any project. However, you do not need to use every Tool for every project. Instead, select the one or 2 Tools from each process that will work best for your project!

As always, CLICK on the buttons or underlined words for more information.


We will look at Risk Management Tools for the processes of:

  • Indentify Risks

  • Qualify Risks

  • Quantify Risks

  • Plan Risk Responses



Tools used to Identify Risks are:

  • Data Gathering, such as:      

               1. Brainstorming                    Brainstorming  

               2. Checklist Analysis      Checklist  

               3. Interviewing experienced Stakeholders and Subject Matter Experts (SME)

  • Data Analysis Techniques, such as:

              1. Cause & Effect Diagrams      Cause & Effect  

              2. Analysis of Assumptions & Constraints

              3. SWOT Analysis         S W O T    

              4. Risk Breakdown Structure               RBS          

  • Expert Judgement. Engage other people to help you.


  • Risk Data Quality Assessment: asks, "How reliable is your Risk data?"

  • Risk Probability and Impact Assessment: (P x I = Rank)

  • Risk Categorization: refer (above) to RBS and SWOT categories; and C&E Root Causes

  • Risk Urgency Assessment: (P x I x U = Severity)

  • Expert Judgement: engage Experts whenever possible


  • Data Gathering by:

                                       a) Brainstorming              Brainstorming  

                                       b) Interviewing experienced Stakeholders and SME

                                       c) Focus Groups          Focus Groups  

                                       d) Questionnaires & Surveys: written, quick, large groups

                                       e) Benchmarking against other organizations

  • Data Analysis, including:

                                              a) Simulation, not often used

                                              b) Sensitivity Analysis   (Tornado)  

                                              c) Decision Tree (Expected Monetary Value)

                                              d) Influence Diagrams        Influence  

  • Expert Judgement: engage Experts whenever possible


Every Risk Response will fall into one of 4 Response types. Depending upon whether the Risk is a Threat or an Opportunity, the appropriate Response type will be either:

  • Avoid or Exploit

  • Mitigate or Enhance

  • Transfer or Share

  • Accept

          - passive or 

          - active


"Which one should I choose?"  Fortunately there are only 4 steps to follow, and some tools available to help you select your Risk Response:

Step 1: Identify Potential Responses

A number of creativity tools can be used to discover all the potential Responses. These include:

  • Brainstorming

  • Work done so far in Risk Management.

By the time you get to Planning Risk Responses, the work already done to Identify Risks, Qualify Risks, and Quantify Risks has likely uncovered some good potential Risk Responses.


Step 2: Select Most Appropriate Responses

Usually more than one Response is available to address each Risk. Which one should I choose? You will want to evaluate the likely outcome of enacting each potential Risk Response to select the most appropriate one. Questions to ask include:


  • Is a Secondary Risk generated by enacting this Response.

  • Is there a Residual Risk after enacting this Response?

  • Does this Response go far enough in addressing the Risk?

  • Is there sufficient certainty that this Response will adequately perform?

  • Is there an acceptable Cost/Benefit ratio to this response?

A number of decision support tools can be used to select the most appropriate Responses, including:

  1. Delphi Technique

  2. Influence Diagrams for decisions     Influence  

  3. Force Field for decision to proceed or not proceed          Force Field  

  4. Simulation, not often used

  5. Sensitivity Analysis   (Tornado)  

  6. Decision Tree (Expected Monetary Value)

  7. Multi-Criteria Decision Analysis       MCDA  

Step 3: Plan the Action

The risk Responses should be planned just like a mini-project. Determine Scope, Time, Cost and other important features of the Responses. Set up measureables so you can evaluate the effectiveness of the Risk Response, if enacted. You then integrate these Response Plans into your overall Project Management Plan.

Step 4: Ownership and Responsibility


Every Risk needs an owner. In this step we assign ownership and ensure the owner  knows his/her responsibilities. The Risk Owner's responsibilities include:

  • Watch for Triggers to occur. Make a "Watch List" of Risks and Triggers and check it often.

  • Enact the selected Risk Response in a timely manner

  • Measure and assess the effectiveness of the Response

  • Decide if further actions are required

  • Report the Risk and Response status

Identify Risks: Tools
Quantify Risks
Qualify Risks
Risk Responses
bottom of page