Pin Me

How to Perform a Risk Assessment Analysis

written by: Tara Duggan • edited by: Michele McDonough • updated: 9/29/2010

Performing a risk assessment analysis involves identifying problems that might occur during the course of a project. Security risks include fraud, theft and unintentional mistakes. Other risks involve cost increases, supplier delays, accidents and natural disasters.

  • slide 1 of 6



    Performing a risk assessment analysis includes identifying potential threats. Project managers decide how likely it is that these problems will occur and then develop strategies to prevent or minimize any impact on the project. An initial risk analysis occurs at the beginning of the project and the team should monitor any potential vulnerability throughout each phase to avoid problems that might affect the project’s schedule, costs or quality output.

  • slide 2 of 6

    Step One: Gather Information

    The project manager must first obtain all documentation related to the policies, procedures and standards that will be used during the project. He should have a thorough understanding of the operational tasks required in the business environment. Details about personnel assigned to the project, vendor or supplier contracts and other pertinent information need to be scrutinized too. If available, metrics and output from risk assessment analysis from previous projects of a similar type and scope should be located. A risk assessment analysis should identify all facets of the project that need to be protected.

  • slide 3 of 6

    Step Two: Analyze Data

    Once the project manager has assembled all the relevant information and identified potential risks, he needs to classify and rank these events based on how likely they are to occur. Classifying the problems allows the manager to focus his efforts on controlling problems in consistent manner. Additionally, if problems arise that haven’t been previously identified, by classifying the new problem as similar to a known issue can streamline the time it takes to respond with a mitigating action. The team should analyze the potential damage a risk might have during different phases of the project. For example, the costs associated with fixing problems increases as the project progresses, resulting in lost productivity, financial losses and missed deadlines. Using quantitative methods to identify the numbers associated with any threat and qualitative methods such as industry information, the project team determines the potential severity and loss.

  • slide 4 of 6

    Step Three: Create a Plan to Monitor and Control Risk

    Project managers control and manage risk by establishing preventive, detective or corrective actions. They also define technical and administrative responses to problems that might occur. By monitoring the project, the manager can ensure policies and procedures are followed. If vulnerabilities get exploited, the team can respond quickly and effectively to handle the problem before it impacts the milestones. Risks rated with a “high" level of probability typically need to be monitored daily. Project managers tend to monitor potential problems rated as “medium" or “low" on a less frequent basis.

  • slide 5 of 6


    Evaluating risks requires involvement of the entire project team. Utilizing their skills, knowledge and experience, they can identify threats, rank the likelihood of occurrence and control problems should they arise. Performing a risk assessment analysis helps coordinate a systematic response, ensure standardization and maximize project performance.

  • slide 6 of 6

    References and Image Credit

    • Image Credit: Risk Dice Example (
    • Peltier, Thomas R.. Risk Management for Business and Security. Chicago: Auerbach, 2008.
    • "InfoSec - Information Security Risk Assessment." FFIEC Home Page. N.p., n.d. Web. 28 Sept. 2010. <>,
    • "The types of risk your business faces | Business Link ." Business support, information and advice | Business Link . N.p., n.d. Web. 28 Sept. 2010. <>.

Popular Pages

More Info