Risks in Project! Importance of Risk Management!!–PART 2



After we have found the Risks in our Project, next step is to estimate the Risk Exposure for every risk. We must have “Probability and Impact Matrix”. Here is an example:




  • 1 = (5 – 10%)
  • 2 = (10 – 20%)
  • 3 = (20 – 40%)
  • 4 = (40 – 80%)
  • 5 = (>80%)

Impact Description:

  • 1 very low (insignificant time and cost overrun)
  • 2 low (up to 10% time and cost overrun)
  • 3 medium (10% – 20% time and cost overrun)
  • 4 high (over 20% time and cost overrun)
  • 5 the highest (PROJECT FAILURE)

Risk exposure or risk score = Probability x Impact

Very often different team members estimate different Probability and Impact for the same Risk. In such a case you should find out WHY someone thinks that probability is, for example 3, and some other person thinks that probability is, for example 1. Maybe one person is too optimistic, and the other is too pessimistic, or one person has more information then the other. However, after that procedure you should have only one estimation of probability and impact for each risk.

Another important thing is, that if you have risk with very high probability (for instance, more than 90%), you should consider that issue as a FACT, NOT AS A RISK. I will give you example. Suppose that you are working on a project which is: “BUILDING A HIGHWAY”. 15 kilometers (or miles, whichever you like) of that Highway will be built in the mountain which is at 3500 meters height above sea level. In the winter time there is a huge snow at that mountain. But, once in a century there is a winter without the snow. You have the risk that you will not be able to build this section of your highway in a winter, and a probability is 99%. What will you do? Will you start with your work in the mountain in October, and then, IF THE RISK OCCUR, you will stop with the work and start with saving your equipment, and spend a lot of money for that? NO, OF COURSE YOU WILL NOT. You will consider that risk as a fact, and you will make your project plan in a way that you will build this “Mountain section” only during Spring and Summer.

OK, we have probability,  Impact, and Risk Exposure for every Risk in our Project. No, we have to found the PROJECT RISK EXPOSURE. Here is an example:

  • RISK 1     Probability = 3, Impact = 2, Risk Exposure = 3X2 = 6
  • RISK 2     Probability = 4, Impact = 3, Risk Exposure = 4X3 = 12
  • RISK 1     Probability = 5, Impact = 4, Risk Exposure = 5X4 = 20
  • RISK 1     Probability = 1, Impact = 5, Risk Exposure = 1X5 = 5
  • RISK 1     Probability = 3, Impact = 4, Risk Exposure = 3X4 = 12

The Sum of risk exposures is: 6 + 12 + 20 + 5 + 12 = 55. We have 5 Risks. So, THE PROJECT RISK EXPOSURE IS 55 / 5 = 11.

In your company you should know THE TRESHOLD of the Project Risk Exposure. If it is, for example 15, than all Projects with Project Risk Exposure larger than 15 are not acceptable, and you will not work on them.  When you find PROJECT RISK EXPOSURE you are in the so called “GO / NO GO DECISION”

If you will continue to work on your Project you should put all the risks with a lower Risk exposure, to the “watch list”. For example, if Risk has a Risk exposure below 12 it will be on the watch list. DO NOT EVER DELETE RISK FROM RISK REGISTER OR WATCHLIST!!! Why? Because, during the Project lifecycle probability and/or impact can change! So, if you delete the risk, because it has got very small Risk Exposure (for example 1), and after one month the probability raises from 1 to 5, you will probably FORGET the deleted risk, and you will be very surprised if it happens!

Now, we have our Risk Register with Probabilities, Impacts, and Risk exposures, and they are sorted form biggest Risk Exposure to  the smallest. We, also have a Watch list. The best tool for the Risk register is the Microsoft Excel. (I hope that someone from Microsoft will read this post, and give me some money for this advertisement! Smile with tongue out I AM KIDDING, of course).

Next step in the Risk Management is RIKS RESPONSE PLANNING. What is that? That is something about you will read in my next Blog Post.

Until then,

Best Regards


About Nenad Trajkovski

Location: Zagreb, Croatia Occupation: Project Manager Interests: Project Management and MS PROJECT He was born in Zagreb, Croatia at 1963. After completing his college he started working on projects in different business areas (banking, manufacturing, automotive industry, distribution, oil companies, etc.) developing and implementing ERP systems into different companies. He has got a lot of experience working with people in different business processes and also possesses great knowledge in information technologies and financial services. Today he works as a business consultant, adn Project Manager in PERPETUUM MOBILE d.o.o. Zagreb. He is a regular lecturer for Project Management in MS Innovation Center in Varaždin, Logosoft Sarajevo in Bosnia and Herzegovina and SEAVUS GROUP in Skopje Macedonia. He was named the best lecturer of WINDAYS 2008 while his lecture was also voted as the best. In addition, he was in TOP 10 lecturers at the MS SINERGY 2009 and MS VISIA 2009, 2010. Shares first place as the best lecturer of KulenDays 2009 and 2010 and PMI Conference 2009 in Zagreb. He is also a regular lecturer in the MS Community. He is a Certified Accountant and a PMP (Project Manager Professional) and a PMI-RMP (Risk Manager Professional), MCP, MCT, and Microsoft Certified Technical Specialist - Microsoft Project 2010. From 01.01.2012 awarded with MVP (Microsoft Most Valuable Proffesional - Microsoft Project)!
This entry was posted in MICROSOFT PROJECT, Microsoft PRoject 2010, MS PROJECT 2010, PMI, PRoject Management and tagged , , . Bookmark the permalink.

1 Response to Risks in Project! Importance of Risk Management!!–PART 2

  1. Gavin Lawrence says:

    I cannot recommend strongly enough that anyone who has to produce a Probability Impact Matrix, whether qualitative or quantitative, should read:-

    1. Louis Anthony (Tony) Cox, Jr., What’s Wrong with Risk Matrices? Risk Analysis, Vol. 28, No. 2, 2008.

    (This is a bit heavy going check out this review for a simplified summary:- http://eight2late.wordpress.com/2009/07/01/cox%e2%80%99s-risk-matrix-theorem-and-its-implications-for-project-risk-management/ )

    2. Douglas Hubbard, The Failure of Risk Management. Chp 7. Worse than Useless The most popular risk assessment method and Why it doesn’t work.Wiley & Sons. 2009

    3. Stephen Cresswell. ‘Qualitative Risk & Probability Impact Graphs: Time for a rethink? http://www.intorisk.co.uk/insights.htm

    4. Chris Chapman & Stephen Ward. How to manage Project Opportunity and Risk. Chp 2. The Probability-impact grid – a tool that needs scrapping. Pp 49-51. 3rd Ed. Wiley. 2011

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s