Select Page
Your Perfect Assignment is Just a Click Away
We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!




Risk Analysis Techniques

The potential for serious risk can bring about a couple of reactions—you avoid the risk altogether, you take steps to minimize the risk, or you make plans to deal with the risk event in case it occurs. The potential that a risk will happen during the course of your project depends on the nature of the risk. If your project involves constructing a highway overpass in North Carolina, the probability of an earthquake is very low, so you wouldn’t even bother coming up with a plan to deal with this risk event. However, the probability of a hurricane is very high, so you may want to take this into consideration as a project risk.

Risk analysis takes into consideration the probability that the risk will occur and its impact if it does. The end result of this process is a prioritized list of risks that you can use to determine which risks need response plans.

One of the easiest ways to rank the risks is using the Nominal Group technique that I talked about in the previous section. After identifying the risks, ask the group to rank them in their order of importance. This technique will work for very small projects, but I recommend going a step further for all other projects and examining probability and impact.

Risk Probability and Impact

probability   The likelihood that an event will occur.

Probability is the likelihood a risk event will occur, and it can be assigned using a simple high-medium-low scale. For instance, the fictitious annual employee event project is scheduled to occur in November. There’s a high probability of snow in November, which could prevent employees from getting to the event or getting there on time. So, you would assign this risk event a high probability.

Examine the remaining risks on the risk register, and assign a probability to each. Table 7.2 shows an example of a risk probability chart. The risk number is used to track the risk throughout the project and to tie it to a response plan a little later in this process.

TABLE 7.2 Risk probability chart

Risk number

Risk event



Snow on the night of the event



Not all employees show up



Employees get food poisoning at the dinner



Banquet hall not set up properly for awards presentation


Risk 1 has a high probability rank, which means this risk should have a risk response plan developed to avoid the risk or reduce its impact if it occurs. Risks 2 and 4 probably need risk response plans as well. You may want to combine the probability score with an impact score to help you further determine the need for risk response plans for these two. I’ll cover impact scores shortly. Risk 3 doesn’t need any further attention, but it should remain on the risk register.

Probability can also be expressed as a value. The classic example is the coin flip. There is a 50 percent probability that you’ll get heads and a 50 percent probability that you’ll get tails on the flip. The probability that the event will occur plus the probability that the event will not occur always equals 100 percent, or 1.0. For example, if there is a 60 percent probability of snow on the evening of the event, there is a 40 percent chance it will not snow, and the total of both probabilities equals 1.0. The closer the probability of the event occurring is to 1.0, the higher the risk.

Assigning Risk Impacts

Impact values can be assigned to risk in the same way that the probability scores are assigned. You can use a high-medium-low value to indicate the impact the risk event has on the project if it should occur. For example, the snow risk event has a high probability of occurring, and the impact is also high should this event occur. Any risk event with a combination of high probability and high impact should have a risk response plan developed to deal with the risk should it occur.

You can also develop predefined measurements that will qualify the risk event and tell you what value to place on the impacts of the risk event. For example, you can rate the impact using a high-medium-low scale like the one shown next. Depending on where the risk impact falls on the scale, it’s assigned a value from .05 to .80. Table 7.3 lists the ranks and values.

TABLE 7.3 Risk impacts



Very Low








Very High


The snow event is assigned a rank of high, which means the impact’s value or weight is .60. You’ll want to assign a value to the probability of the risk event and to the impact of the risk event so that an overall risk score can be determined. The overall risk score, which I’ll show how to calculate next, will determine what type of risk response should be developed for the risk.

Probability Impact Matrix

Now you’ll put this altogether in a probability impact matrix. The idea here is to multiply the probability score by the impact value to come up with an overall risk score. The higher the overall risk score, the higher the risk to the project. Table 7.4 shows an example of a probability impact matrix.

TABLE 7.4 Sample probability impact matrix

Risk number




Risk score


Snow on the night of the event Probability impact matrix





Not all employees show up





Not enough food prepared for employees and guests at the dinner





Banquet hall not set up properly for awards presentation




The risk management policies that your organization has in place (or that you establish) may dictate that all risks with overall risk scores greater than or equal to .30 need risk response plans. This means that both the snow risk event and the banquet hall risk event need risk response plans. The risk response plans are documented in the risk management plan that I’ll discuss later in this chapter.

How to Assign the Ratings

Assessing the probability and risk impact and assigning values to each are accomplished using some of the same techniques you used to identify the risks. You can consult subject-matter experts, use interviewing techniques, or use the Delphi or Nominal Group technique to determine probability and impact values. Once you have the values, you can calculate the overall risk score as you did in the previous section. The risk score then tells you what you should do about the risk.

Your organization may have policies already established regarding how to rank risks and what actions need to be taken to plan for the risk events depending on their scores. Some organizations have specialized teams that are devoted to risk analysis and risk management. 

Risk Tolerance

risk tolerance   The amount of risk a person or organization is willing to tolerate in exchange for the perceived or actual benefits of partaking in the activity.

Risk tolerance is the comfort level that you have for particular risk events. For instance, driving to work every morning carries some level of risk. Your car may not function properly, you could have a fender bender at the corner stoplight, or road crews could have set up a detour on your regular route that adds significant drive time to your commute. None of these risks keeps you from coming into work, however. The benefits of going to work and generating revenue for the company, gaining satisfaction from a job well done, and earning a paycheck for yourself outweigh the risks of driving to work. That means you’re willing to take the risk of driving to work to get the benefits.

Organizations, like individuals, also have risk-tolerance levels. Some are more risk averse (that is, they avoid risk at all costs) than others. Stakeholders also have risk-tolerance levels that you should consider when planning for risks. One organization may think nothing of taking on a project that has a high likelihood of failure because of the information they’ll gain in the process, while another organization wouldn’t even allow the project to make it to the project selection committee’s attention.

risk attitude   The amount of risk the stakeholders or organization is willing to tolerate in exchange for the perceived or actual benefits of partaking in the activity.

Risk attitude is another way of looking at risk tolerance. Risk attitude consists of two elements, risk appetite and risk threshold.

risk appetite   The level of uncertainty the stakeholders are willing to accept in exchange for the potential positive impacts of the risk.

Risk Appetite Let’s look at an example of risk appetite. Your organization is a multinational manufacturing firm that is implementing a new inventory system. The end users are grumbling and have expressed their concerns about the new system. The old system does everything they want it to do, and they are not interested in this new technology. There is a potential for the represented employees to protest this new system, and such a reaction could impact production. Your stakeholders are willing to accept this risk even though they don’t know if, or to what extent, production may be impacted because the benefits of the new system far outweigh the potential unknown impacts of employees protesting.

risk threshold   The level of uncertainty or impact the organization is willing to operate within.

Risk Thresholds Risk thresholds are measures, levels of uncertainty, or impacts the organization is willing to operate within. For example, a monetary risk threshold might state if the risk poses a threat that could cost more than 5 percent of the total project budget, the risk should not be accepted. If it’s less than 5 percent, it may be accepted.

Risk threshold is that balance where stakeholders are comfortable taking on a risk because the known benefits to be gained outweigh what could be lost—or just the opposite. They will avoid taking a risk because the cost or impact is too great given the amount of benefit that can be derived. Here’s an example to describe risk threshold: Suppose you’re a 275-pound brute who’s surrounded by three bodyguards of equal proportion everywhere you go. Chances are, walking down a dark alley in the middle of the night doesn’t faze you in the least. That means your risk threshold for this activity is high. However, if you’re a petite 90-pounder without the benefit of bodyguards or karate lessons, performing this same activity might give you cause for concern. Your risk threshold is low, meaning you wouldn’t likely do this activity. The higher your threshold for risk, the more you’re willing to take on risk and its consequences.

Be certain you’re aware of the risk-tolerance levels of your organization and key stakeholders when you’re the one responsible for developing the risk management plan.

Planning for Risks

Planning for project risks is an activity that you should undertake for all projects. The better prepared you are going into the Executing processes, the more likely you’ll be able to respond to risk events with a cool, level head. In Chapter 2, “Developing Project Management Skills,” I talked about operating in fire-fighting mode. When you’re in fire-fighting mode, the object is to put the fire out—fast. That usually means you deal with things in the quickest, easiest way you can just to put the fire out. And putting the fire out doesn’t necessarily solve the problem in the long run. Planning for risks by identifying them, analyzing their impact, and preparing response plans where appropriate will help you avoid risks altogether in some cases, minimize their impact in others, and keep you out of fire-fighting mode.

The risk of an unsuccessful outcome or an incomplete project is more likely during the early phases of a project. Risks are more likely to occur early on during the project because many aspects of the project itself are still unknown and much of the project work is not yet complete. As the work of the project progresses, more information is known, and the likelihood of a risk occurring lessens. However, the later you are in the project life cycle, the greater the impact a risk will have if it does occur. That’s one of the reasons it’s important to identify, plan for, monitor, track, and reevaluate risk throughout the life of the project.

Risks are often ignored and the risk-identification and analysis process is often skipped because of a lack of understanding of the risk management process. Risks aren’t something to fear. Risks should be identified and documented, and their impacts should be examined to determine opportunities that may spring from the risk events or to develop risk response plans. Sometimes the process of risk identification itself will minimize risk impacts and allow you to come up with plans to avoid the risk altogether.

Risk response plans involve detailed actions of how the organization will deal with the risk should it occur. They include descriptions of the risk events and where or when in the project the risk events could occur. They should also include a description of the causes of risk and how the risks impact the project objectives or deliverables.

In the example project, I identified the possibility of a snowstorm on the day of the employee event as a risk that needs a risk response plan. The plan should include what’s described in the previous paragraph, and it should also include the alternatives available to deal with the risk event. Perhaps you can avoid the risk altogether by holding the event at a hotel in town instead of the mountain resort; the company could consider hiring drivers with four-wheel-drive vehicles to transport people to the event; and so on. There are some specific responses you should consider when writing your risk response plan that I’ll cover in the next section.

Responding to Risks

The amount of effort you’ll put into the development of risk response plans depends on the nature of the risk. Some risks require extensive plans, some may need only to be noted and accounted for in an overall plan, and others need only to be listed on the risk register.

Risk response planning is a matter of deciding what steps to take should the risk event occur or look like it’s about to occur. It also includes assigning individuals (or departments) the responsibility of carrying out the risk response plan if the risk event occurs. Be sure to note the individuals or department that’s responsible for enacting the response plan in the plan documentation.

As I discussed in the previous sections, the organization’s risk management policies contain the guidelines you should follow for determining which risks need response plans. Generally speaking, those risks with a high probability of occurring that also have a medium-to-high impact should have a plan.

You can use several recognized strategies to reduce or control negative risks: Escalate, accept, avoid, transfer, and mitigate. It’s important to use the right strategy for each risk so that each risk impact is dealt with adequately and in the most efficient way possible. It’s not a bad idea to designate a secondary strategy for the highest impact risks. Let’s look at each of the strategies in more depth.


Risks that require escalation are generally outside the boundaries of the project, or the risk response plan is beyond the authority of the project manager to implement and resolve. However, the project manager is responsible for notifying the appropriate person or business unit that there is a threat or opportunity they need to address.

risk owner   The person responsible for monitoring and managing risks and implementing the risk response plan.

Escalated risks are not managed at a project level. They are generally managed at a program or portfolio level. When a risk is escalated, it involves alerting the risk owner and handing off the management of the risk to them. The risk owner is responsible for monitoring for the risk event, alerting the team if it occurs, and implementing the risk response plan. Once a risk is escalated, it is no longer the responsibility of the project manager or project team and should be monitored and managed by the risk owner.

Risk Management Plan

The primary goal of the risk management process is to identify risks, document their impacts, and develop plans to reduce negative impacts or take advantage of the opportunities presented. The process you’ll use to go about performing these functions is documented in the risk management plan.

The following list is a recap of the steps you’ll take to assemble the risk management plan. The risk management plan encompasses all the elements of risk identification, analysis, and response planning that I’ve talked about in this chapter. You can use this as a checklist or reminder of how to complete the risk management process for your next project:

1. Identify the risks.

2. Analyze risks to determine the probability of the event occurring.

3. Analyze risks to determine the impact on the project if a risk event occurs.

4. Calculate an overall risk score and determine which risk events need detailed response plans.

5. Create detailed response plans and assign resources to carry out the plan in the event a risk occurs.

6. Create a contingency plan.

7. Document everything in the risk register and keep this in the project repository.

You may want to consider creating a risk register in a spreadsheet or other document, similar to the one shown in Table 7.5. This register lists the risk by number and name, indicates whether a plan exists for the risk, shows where the risk plan can be found (references to a link to the project repository), and tells who the responsible party is for carrying out the risk response plan. Use Table 7.5 as a template for your risk register, and make this one of the first pages in the risk management section.

TABLE 7.5 Risk register

Risk number

Risk name

Risk plan created

Plan location

Risk owner


Snow on the night of the event


Risk management section pgs. 12–14

Noelle Butler


Not all employees show up.


See contingency plan.


Employees get food poisoning.



Banquet hall not set up properly


Risk management section pg. 15

Kate Newman

As the project manager, it’s your responsibility to make certain that risk events are monitored throughout the life of the project and that the risk response plans are carried out when necessary. Always be on the lookout for risk events ready to occur.

risk triggers   Signs that a risk event is about to occur.

One way to do that is to pay attention to risk triggers. Risk triggers warn you that the risk event is getting ready to happen. If dark-gray, snow-laden clouds start gathering over the mountains the morning of the meeting, it’s likely that the snow is going to fly. This risk trigger signals you that the risk event is about to occur. You could add information to your risk register and/or risk response plan that describes the risk triggers to watch for.

Risks exist on all projects. Don’t skip the risk management process, because not taking the time to identify and document the risks could end up killing the project, not to mention your reputation as a project manager.

How it Works

  1. Clіck оn the “Place оrder tab at the tоp menu оr “Order Nоw” іcоn at the bоttоm, and a new page wіll appear wіth an оrder fоrm tо be fіlled.
  2. Fіll іn yоur paper’s іnfоrmatіоn and clіck “PRІCE CALCULATІОN” at the bоttоm tо calculate yоur оrder prіce.
  3. Fіll іn yоur paper’s academіc level, deadlіne and the requіred number оf pages frоm the drоp-dоwn menus.
  4. Clіck “FІNAL STEP” tо enter yоur regіstratіоn detaіls and get an accоunt wіth us fоr recоrd keepіng.
  5. Clіck оn “PRОCEED TО CHECKОUT” at the bоttоm оf the page.
  6. Frоm there, the payment sectіоns wіll shоw, fоllоw the guіded payment prоcess, and yоur оrder wіll be avaіlable fоr оur wrіtіng team tо wоrk оn іt.

Nоte, оnce lоgged іntо yоur accоunt; yоu can clіck оn the “Pendіng” buttоn at the left sіdebar tо navіgate, make changes, make payments, add іnstructіоns оr uplоad fіles fоr the оrder created. e.g., оnce lоgged іn, clіck оn “Pendіng” and a “pay” оptіоn wіll appear оn the far rіght оf the оrder yоu created, clіck оn pay then clіck оn the “Checkоut” оptіоn at the next page that appears, and yоu wіll be able tо cоmplete the payment.

Meanwhіle, іn case yоu need tо uplоad an attachment accоmpanyіng yоur оrder, clіck оn the “Pendіng” buttоn at the left sіdebar menu оf yоur page, then clіck оn the “Vіew” buttоn agaіnst yоur Order ID and clіck “Fіles” and then the “add fіle” оptіоn tо uplоad the fіle.

Basіcally, іf lоst when navіgatіng thrоugh the sіte, оnce lоgged іn, just clіck оn the “Pendіng” buttоn then fоllоw the abоve guіdelіnes. оtherwіse, cоntact suppоrt thrоugh оur chat at the bоttоm rіght cоrner


Payment Prоcess

By clіckіng ‘PRОCEED TО CHECKОUT’ yоu wіll be lоgged іn tо yоur accоunt autоmatіcally where yоu can vіew yоur оrder detaіls. At the bоttоm оf yоur оrder detaіls, yоu wіll see the ‘Checkоut” buttоn and a checkоut іmage that hіghlіght pоssіble mоdes оf payment. Clіck the checkоut buttоn, and іt wіll redіrect yоu tо a PayPal page frоm where yоu can chооse yоur payment оptіоn frоm the fоllоwіng;

  1. Pay wіth my PayPal accоunt‘– select thіs оptіоn іf yоu have a PayPal accоunt.
  2. Pay wіth a debіt оr credіt card’ or ‘Guest Checkout’ – select thіs оptіоn tо pay usіng yоur debіt оr credіt card іf yоu dоn’t have a PayPal accоunt.
  3. Dо nоt fоrget tо make payment sо that the оrder can be vіsіble tо оur experts/tutоrs/wrіters.


Custоmer Suppоrt

Order Solution Now