Risk assessment involves measuring the probability that a risk will become a reality. Impact analysis involves measuring the sensitivity of the project to each identified risk.

The key questions to consider here are:

  • What is the risk – how will I recognise it if it becomes a reality?
  • What is the probability of it happening – high, medium or low?
  • How serious a threat does it pose to the project – high, medium or low?
  • What are the signals or triggers that we should be looking out for?

A risk assessed as ‘highly likely’ to happen and as having a ‘high impact’ on the project will obviously need closer attention than a risk that is low in terms of both probability and impact.

Strategies for dealing with risks in project management include:

  • risk avoidance – for example, where costs outweigh benefits, you may decide to refuse a contract;
  • risk reduction – for example, regular reviews can reduce the likelihood of an end-product being unacceptable;
  • risk protection – for example, taking out insurance against particular eventualities;
  • risk management – for example, making use of written agreements in areas of potential disagreement;
  • risk transfer – passing the responsibility for a difficult task within a project to another organisation with more experience in that field.

A risk log should be started for the project at an early stage. This is a list of all the identified risks, together with an assessment of their probability and impact, and contingency plans for dealing with them should they become a reality.