Basics of Risk Management: Tips, Tools, and Techniques

Basics of Risk Management: Tips, Tools, and Techniques
Page content

The Risks of Projects Managed

This section on the basics of risk management clarifies what risk management is, how to identify the risks associated with any project or system, and how to minimize risk impacts. Minimizing risks also means better production; this means that following risk management basics also covers dealing with risks to increase productivity.

As per the International Standards Organization (ISO), risk relates to the uncertainty arising from any known or unknown sources. To understand risk management, one needs to understand how a system works. A system is said to be a set of tangible and intangible components working together to achieve a common goal. In business communication, the phrase “project” often replaces “system.” A project commences with creating a project plan to achieve a certain goal. The project managers then push different resources (“components” as in the definition of system) of the organization – people, different machinery, time, etc. – to achieve the project goal.

Natural as it is, managers include the resources at their disposal in the project plan. Similarly, project planners should also include risks associated with the different components of the project. To include risks, they should be able to identify and prioritize risks at different points of the project. Even the best managers cannot predict all risks. Still, once they get information about possible risks, they can prepare a checklist of those risks.

With the checklist of risks in place, project planners can come up with methods to tackle the known risks. Thus, with the project timeline and project phases, project managers should also keep a risk management plan. This plan is an effective tool for minimizing negative impacts of risk and helps in increasing the productivity of any project. You can better understand risk management plans with this example of a risk management plan. Risk management comes in different forms: avoiding the risks; minimizing the negative affects of any risk; accepting part of the risk effects (by increasing the amount of positive gains of overall project or the particular project phase where the risk is identified); or transferring the risk to some third party.

With this introduction to basics of risk management, let’s take a look at risks in detail to understand the techniques that help in minimizing their negative impacts.


Among the most basic of risk management methods is identification of risks at different levels of the project. Managers can identify risks by viewing past trends, talking to people at different levels/phases of projects, and by using brainstorming techniques when considering various aspects of the project. Brainstorming also helps in the treatment of risk during creation of the risk management plan.

The most common categories of risk are Finance, Human Resources, Machinery/Equipment, and Stakeholders. Managers use different types of risk analyses to identify and categorize risks. Some organizations employ the services of a risk officer to facilitate identification and management of risks. With a well-trained risk officer, identification of risks and their management as well as audits of the risk management plan become easier as project managers can focus on the other objectives of project instead of worrying about the risks.

Once the risks are identified, it is better to document them: Create a checklist of risks (using this downloadable guide) for better risk management. It is also important to assess the impact of risks. Risk analysis also helps in assessing the severity of risks and methods to tackle them. This means that risk analysis also helps in outlining most parts of risk treatment plans.

Evaluation and Treatment

Basics of Risk Management

After risk analysis, the next step is to create a risk management plan. This plan contains the risks and details of how to deal with them. The methods to deal with different risks are based on the evaluation of the risks. This step is also called risk assessment. The assessment of risk is done using a numerical scale and measuring the impact of different risks. This results in a chart where each risk carries a numerical strength against the constant number. Based on the numerical strength of a risk, managers decide how to treat the risk.

A risk treatment plan explains the action plan for each identified risk. Note that it is not possible to identify all the risks associated with any project. Some risks are unexpected and need to be managed based on the immediate assessment of the risk. For identified risks, there are four methods of treatment:

  • Avoidance - Avoid the risk partially or in whole
  • Reduction - Employing methods to reduce the negative impacts of risks
  • Sharing - Sharing/outsourcing the risk component to a third party that is better equipped to handle such risks
  • Retention - Acceptance of the risk, normally in cases where the gains from the risk component are far higher than the negative impacts of the risk


Creating and implementing the risk management plan is not sufficient. As with any system, it is necessary to keep on auditing the risk management plan to see that the goals of the system are not altered or compromised. Auditing of a risk management plan is similar to the auditing of a general project management plan. The goals of a risk management plan are to see that risk treatment is effective and is not adversely affecting the goal of an overall project.

A Five-Point Theory

Summarized, the basics of risk management offer you a five-point theory:

  • Identify – Risk identification and categorizing
  • Analyze – Assessment of risks, importance, what-if analysis to see the impact of risks
  • Evaluate – Prioritize the risks by applying a rating system to help in treating the risks
  • Treatment – Avoid, transfer, accept, or reduce the risk impacts
  • Monitor and Review – Auditing of risk management plan