Risk Assessment

Location:  PMKI > PM Knowledge Areas > Risk Assessment. 
The PMKI Library

PMKI Index
the PMKI

This subject covers the techniques and tools used to calculate and assess the risk exposure of a project or program.

Topics included in Risk Assessment:

- Risk Assessment Overview
- Risk Assessment Techniques
- Probability, Standard Deviation & Statistics
- PERT and Monte Carlo
- Contingencies, Reserves & Averages

Other related sections of the PMKI:

- Risk Management
- Schedule Risk Assessment

Risk Assessment Overview


The objective of risk assessment is to identify the risks that need to be mitigated, or removed, to adjust the overall risk exposure of a project to a level that is acceptable to the project stakeholders. This involves:

  • Removing unacceptable risks, or reducing their potential impact to an acceptable level
  • Reducing the overall level of uncertainty to an acceptable level
  • Calculating appropriate time and cost contingencies to offset the likely effect of the accepted risks.

Applying management effort and the necessary resources to achieve an acceptable level of risk involves the expenditure of both time and money.  The objective of risk assessment is to provide the information needed by management to direct their efforts efficiently. There is no point in spending $10,000 to reduce the impact of an identified risk that has an impact of $5000 and only a 5% chance of occurring.

Risk assessment typically involves several stages:

  1. Identifying the unacceptable risks that have to be eliminated (eg, high impact safety risks)
  2. Quantifying the overall risk exposure once the unacceptable risks are removed
  3. Identifying risks that can be managed cost effectively and advising management
  4. Reassessing the overall exposure after management action (repeat steps 3 and 4 until an acceptable level of risk exposure is achieved)
  5. Calculating the contingencies needed to offset the accepted risks
  6. Monitoring the risk situation throughout the life of the project applying steps 1 to 5 as needed.

The resources on this page focus on practical risk assessment and the calculation used to assess the risk exposure and determine appropriate contingencies. The use of this information to manage project risk is discussed on the Risk Management page.


Risk Assessment Techniques

To manage risk effectively you need to deal with the uncertainties that matters by following a structured process that takes into account the people aspects (eg, risk tolerance).

WP: Risk Assessment. Risks always involve uncertainty, and matter because they have the potential to affect objectives. This means that each risk must be linked to at least one objective and its potential impact assessed objectively.

WP: Types of Risk. Risks fall into four broad categories and are created by a variety of factors outlined in this paper.

Art: Risk Reassessment - the role of ‘sentinels’. An element in most risk processes is identifying ‘risk triggers’ or early warning indicators that tell management a risk event is likely to occur before the main impact hits.

WP: Root cause analysis. Some valuable techniques for understanding the root cause of a problem or an issue in complex situations.

Blg: Black Swan Risks. The key definition of a ‘black swan’ proposed by N.N. Taleb is that the ‘black swan’ was unpredicted and unpredictable, but in hindsight it appears that it should have been foreseeable.

Risk Assessment using Mosaic's Risk Register:

Risk Register.

A practical Excel template for identifying and prioritizing the risks associated with a project or program.

For each risk you can:
- Define the risk category and allocate a short name.
- Describe the risk using an effective 'risk meta language'. All you have to do is 'fill in the gaps'.
- Prioritize the risk using a powerful qualitative assessment process developed for a US1 billion oil
- Determine the optimum response.

The qualitative risk assessment in the tool is based on the team's assessment of the probability and impact of an event:

Risk Assessment
This is shown in the overall risk register:
Risk Assessment

The spreadsheet compiles the risk data for transfer into the risk management plan. The spreadsheet contains a comprehensive 'help' page focused on implementing effective risk management (included in the Sample). This is a very robust, easy to use tool that ensures that all of the identified risks are effectively managed (maximum number of risks per spreadsheet = 200).

Download a free sample: Download Sample Spreadsheet

Buy the full version. Spreadsheet price: Australian $20.00


Probability, Standard Deviation & Statistics

Standard DeviationWP: Probability. Modern risk management practices have developed analytical methodologies to determine the probability of events occurring (or not occurring) that allows contingencies to be calculated based on mathematics, but there is still a low probability the calculations yield an incorrect answer.

Art: Probability -v- luck - Should we give up our day-job?  Good processes help build success but you should not confuse luck with skill. Persistence will generate more opportunities for you to be lucky, and skill or capability will shift the odds in your favour but randomness rules!

Art: Standard Deviation for Project Managers. The concepts behind Standard Deviation and how it is used.

Blg: What’s the Probability??  A quick look at probability and its affect on schedule completion.



PERT and Monte Carlo

Art: Predicting Future Project Outcomes - The power of uncertainty. Understanding the way Monte Carlo, Latin hypercube and Sampling work to inform risk management decisions.

PP: Scheduling in the Age of Complexity. This paper suggests that a radically different approach is needed to make scheduling relevant and useful in the 21st Century.

Blg: CPM Anomalies Invalidate Monte Carlo. Logical anomalies in a CPM schedule can cause major errors in a Monte Carlo assessment. This post highlights the issue.  

WP: Understanding PERT. PERT is the oldest and arguable the least effective / least accurate way to model the uncertainty associated with every estimate used in a schedule.See why!

Art: Sensitivity Analysis. The application of sensitivity analysis to schedule activities.

Prs: Baked In Optimism – Why so many projects fail. This presentation looks at two processes that are ‘baked into’ standard project management estimating and control to show how recommended good practices are still optimistically biased. When preparing an estimate good practice recommends using Monte Carlo to determine an appropriate contingency and the level of risk to accept, but the typical range distributions used are biased – they ignore the ‘long tail’. When reporting progress, the estimating bias should be identified and rectified to offer a realistic projection of a project outcome. Standard cost and schedule processes typically fail to adequately deal with this challenge meaning the final time and cost overruns are not predicted until late in the project. This presentation highlights some of the causes for these problems.

Download the PDF with links to references embedded, or watch the webinar:

Click through to see more on schedule risk analysis.


Contingencies, Reserves & Averages

The Flaw of AveragesArt: Contingencies are not a soft option! Calculating an appropriate level of contingency and management reserve for a project is difficult. Persuading management to accept the need for contingencies and reserves is even more challenging.

Art: Distributed -v- Consolidated Contingencies - The power of Portfolios. The effect of combining uncertainties into a ‘portfolio’ of risks is to reduce the overall level of uncertainty in the portfolio.

Blg: Averaging the Power of Portfolios. The interaction between dependent risk and independent risk is interesting and will significantly change the overall probability of success or failure of an endeavour or organization.

Blg: The reference case for management reserves. This post looks at reference class forecasting a technique that enhances the accuracy of the budget estimates by basing forecasts on actual performance in a reference class of completed, comparable projects.

Art: Risks don't add up. Understanding that there difference between an individual project risks, the overall risk of a project and the risks associated with a portfolio of projects is complicated but essential for effective risk management.

Blg: The flaw of averages. The flaw of averages defined in a book of the same name states that any plan based on average assumptions is wrong on average!

Blg: A Long Tail. The difference between 'bounded' and 'unbounded' populations in determining the reliability of an 'average'.

Communication Plan

Risk Register

Risk Management Plan

Work Performance Management

Easy EVM

Easy CPM

Risk Register

Stakeholder Work Sheet

Stakeholder Work Sheet

Work Performance Management

Work Performance Management