Development Cooperation Handbook/Designing and Executing Projects/Project Execution and Control/Monitor and Control Risks

Project Risk Monitoring and Control

Project Execution and Control

Risk is is one of the 9 topic areas of project management knowledge.

Risk Monitoring and Control is the section of Project execution where the Project Manager and Project Team put in practise what decided in the earlier phase of project risk planning and apply adequate responses in case of the occurrence of risks.

Risks are potential future events that can adversely affect a project’s Cost, Schedule, Scope or Quality (CSSQ). In prior phases, the Project Manager defined these events as accurately as possible, determined when they would impact the project, and developed a Risk Management Plan.

In Project Execution and control however, impact dates draw closer, and risks become much more tangible. The Project Manager must continually look for new risks, reassess old ones, and re-evaluate risk mitigation plans. The Project Manager should involve the whole Project Team in this endeavour, as various team members have their particular expertise and can bring a unique perspective to risk identification. As the Risk Management Worksheet is integrated into the status reporting process, this review and re-evaluation should take place automatically, with the preparation of each new status report.

Because the Risk Management Worksheet places risks in order according to their priority level, it is important to update all quantifiable fields to portray an accurate risk landscape. The risk probabilities may have changed; the expected level of impact may be different, or the date of impact may be sooner or later than originally anticipated – all of these variables determine which risks the Project Team will concentrate on first. Likewise, the Risk Management Plan needs to be constantly re-evaluated. Make sure the right people are still assigned to mitigation actions and that the actions still make sense in the context of the latest project developments. Another consideration is whether a specific risk’s probability level is high enough to warrant incorporating the Risk Management Plan in the Project Schedule via the change control process. If so, the risk should be removed from the worksheet. Finally, the Project Manager must be constantly on the lookout for additional risks. Reviewing the risks as part of regular status reporting should involve the whole Project Team via bidirectional communications.

Sooner or later, one of the events expected in project risk planning and listed on the Risk Management Worksheet – or an entirely new and unexpected risk – will actually occur. The Project Manager and Project Team members must evaluate the risk event and invoke the Risk Management Plan.

There are generally three possible response scenarios:

  • If the risk occurred as expected, the existing Risk Management Plan may be adequate for dealing with it. Example: the project is being required to provide additional documentation to prove compliance with state regulations. However, that risk has been anticipated, and the Risk Management Plan details where and how to get the appropriate materials.
  • If the risk occurred in a different manner, or other circumstances have come to bear, the Risk Management Plan may have to be modified. Example: a consumer group brought pressure to examine the environmental impact of the product of the project more closely. As a result, the project is being required to obtain subject matter expert statements. Since the need was not anticipated, the original contingency plan needs to be modified to comply with the new requirements.
  • If the risk event was unexpected and unanticipated, a whole new Risk Management Plan must be created to address it. Example: The Federal Government issued a mandate that challenges the project from a whole different perspective. The Project Manager needs to understand what the issue is, what response is required, and how to obtain the desired result. Regardless of the scenario, however, as soon as the risk event occurs it ceases to be a risk (future, possible event) and becomes an issue (current, definite condition). As a result, it should transition from the Risk Management Worksheet and onto the list of current project issues, with the Risk Management Plan becoming the issue’s Action Plan.

During the entire risk management process, the Project Manager should be especially vigilant regarding the effect on the project’s Cost, Scope, Schedule and Quality (CSSQ). With the proper risk management processes in place, many risk events may come to pass without affecting (either positively or negatively) the project’s defining parameters. However, when a risk event occurs that threatens the project’s scope, quality standards, schedule or budget, the Project Manager must determine the proper course of action to protect the integrity of the project. Until CSSQ impact is certain, the Project Manager must, at a minimum, introduce the event to the list of current project issues. The issue’s Action Plan must reflect all the tasks required to accurately determine what impact (if any) the event will have on CSSQ. Once the impact is certain and quantifiable, the Project Manager should transition the issue to the Change Control Process.

An easy way to reduce risk is to have less ambitious goals. After evaluating risks, one can choose a path of risk avoidance or risk mitigation and management. If we understand the risks on a project, we can decide which risks are acceptable and take actions to mitigate or forestall those risks. If our project risk assessment determines risks are excessive, we may want to consider restructuring the project to within acceptable levels of risk.

Any area over which the project manager does not have control can be project risks. Anything that is not well understood, anything that is not well documented, and anything that can change, these all create project risks. Things that haven’t been tested are always at risk.

An organizational culture that has previously had problems executing projects will be likely to repeat the same mistakes. These problem areas should be understood and managed as significant project risks. They must be counteracted by mitigating management initiatives or repeated failures are guaranteed.



Project Risk Log Template Risk Action Plan Table Risk Treatment Schedule and Plan Updated Risk Register Updated Project Risk Analysis Template updated Risk consequence Matrix updated Risk Likelihood Matrix Updated Risk Register updated Risk Management Worksheet – a record of risk variables, impact, probability, date of impact, level of priority and risk response actions which is continuously monitored and updated, and its Risk Management Plans applied as part of Project Execution and Control.

Requested changes: Project Change Request Report in Interim Project Status Report Template