Risk is something we all encounter in our lives. Virtually every serious decision we make is based on a consideration of the risks involved in taking one course of action over another. Some people are more risk averse than others, but at some point we will be forced to take a risk of some sort. Pursuing a course of action without assessing the risks associated with it is, more often than not, a recipe for disaster but a calculated risk is often well worth taking. After all, little would be achieved in any walk of life if nobody ever took risks. The key to mitigating any risk factor and ensuring that it does not come back to make you regret your decision is to understand the likelihood of it becoming a hindrance and the threat it could pose if it does become an issue. Accounting for this will make the management of any risk significantly easier.

The principle of risk management in business is no different. All projects will encounter risks during their lifecycle, many of them caused by external factors. A fundamental task of any project manager is to recognise project risks and implement strategies that will minimise the impact they will have on project delivery. The implications of poor risk management for a project can be catastrophic. In fact it is arguably the most common reason for project failure. Successful project teams will have effective risk management strategies in place that allow them to deliver their projects on time, on budget and to the standards that their project sponsor demands. Another benefit is that it will improve team morale because they will be able to get on with their jobs instead of having to focus on damage limitation, caused by failures that better risk management could have prevented.

There will be risks that are common to any project regardless of industry, just as there will be types of risks that apply to one sector but not another. But the need to manage them effectively remains constant and there are a series of rules that are widely agreed within the industry as being essential for applying risk management successfully on any project.

Rule 1: Make risk management part of your project

This is unanimously agreed as being fundamental to the success of project risk management. It stands to reason that unless you incorporate risk management into your project strategy, you cannot reap the benefits of this approach. Some projects are still complacent at best and shambolic at worst when it comes to risk management. Projects that are delivered successfully make it part of their daily operations and include it in project meetings and the training of staff.

Risk 2: Identify risks early in your project

The identification of risks relevant to your project is the first step in project risk management. To do this requires an analysis of present but also future scenarios that may or may not occur. The major resources available to you for identifying risk are your team and your project paper trail. The former can bring specific expertise and a different perspective that may flag certain risks or indeed opportunities that you might not have thought of. The latter will contain clues as to what the project risks will be. They may not always be easy to find but they are there.

It is unlikely that you are able to identify all project risks before they occur but if you use all the identification methods at your disposal you will greatly increase your chances of finding the majority of them. Dealing with these properly can give you more time for the unexpected risks that take place.

Rule 3: Communicate about risks

Poor communication remains a common failure in a lot of projects. In some instances, project managers are unaware of the risk that is hurtling towards the project. In other cases, project members have foreseen a risk but, for whatever reason, the manager was not informed of its existence.

To avoid this happening, including risk communication as a matter of course in your daily tasks and those of your team is essential. The lines of communication between the project manager and sponsor are equally important. Keeping them informed on the big risks will ensure that there are no unpleasant surprises for them down the line. As far as decision making on the top risks is concerned, these are the domain of the sponsor so be sure to check that they are not being left to you.

Rule 4: Consider both threats and opportunities

Modern risk approaches should focus on positive risks, as well as negative risks. These are the uncertain events that can represent opportunities for your project rather than obstructions.

Due to workload, it is a common occurrence for positive risks to be overlooked at the expense of focusing purely on the negative risks. Time should be taken to consider project opportunities though, especially as some may result in a sizeable reward but require only a limited investment in time and resources.

Rule 5: Clarify ownership issues

Identifying risk does not constitute the beginning and end of your consideration of them. Accountability for specific risks is necessary to ensure they are dealt with properly. The effects of assigning a risk to an owner are positive because over time they will work to mitigate the threats that their specific risk poses and enhance any opportunities that may exist.

Financial accountability is also key and should be addressed before risks occur so that it is clear who is going to fit the bill in the event of a risk impacting negatively on the project.

Rule 6: Prioritise risks

Treating all risks equally may be an admirable idea but it won't deliver the best project results. Some risks inevitably have a bigger impact than others, so it is important to allocate most of your time attending to the risks that can cause the biggest losses and gains. Potential project breakers that have the ability to stop it in its tracks must be treated as your number one priority, with other less important risks assembled in an order of priority based on gut feeling or, ideally, criteria that measures the effects of a risk and the chances of it occurring.

Rule 7: Analyse risks

Understanding what a risk is about is necessary in order to make a good response to it. But the analysis of risk occurs at a number of different levels. On a granular level, the effects of individual risks should be considered as should the causes that can make them happen. Another angle focuses on the events that precede a risk occurrence, the risk causes. These should be listed, together with the circumstances that decrease or increase the likelihood of them happening.

Analysis of a project as a whole needs to account for the factors that are ultimately going to determine whether the project is delivered on time and within budget. At whichever level you analyse risk, the information you gather will provide valuable insight into project health and direction and help you identify actionable responses to optimise them.

Rule 8: Plan and implement risk responses

Risk responses are what add value to your project. The execution of them helps you to prevent a threat or minimise the negative effects.

Dealing with risks takes the form of either risk avoidance, risk minimisation or risk acceptance. Avoiding risk means you adopt measures that result in your project no longer facing a specific risk, such as changing supplier, or in extreme cases, terminating a project if the risk is deemed to be fatal to its success. Risk minimisation is the most widely used response and revolves around trying to prevent a risk occurring by influencing the identified causes or decreasing the negative effects if it were to occur. Risk acceptance is an option that remains beneficial in situations where a risk's effects on a project are minimal or it is difficult and uneconomical to try and influence it.

Responses for risk opportunities differ from responses to risk threats in that they actively seek risks, either maximising or ignoring them.

Rule 9: Register project risks

Creating and maintaining a risk log enables you to keep a complete record of all risks and track the progress of each one.

An effective risk log contains risk descriptions, stipulates ownership and allows you to perform high level analyses regarding causes and effects. The importance of a risk audit trail cannot be overestimated because even if a risk proves terminal for a project, it will be provide irrefutable evidence that risks were accounted for and that effective responses were executed.

Rule 10: Track Risks and Associated Tasks

Incorporating risk tasks into your daily task tracking routine is essential as it is these that will enable you to identify and analyse risks or to formulate, choose and execute responses.

The tracking of risks differs from tracking tasks though. Its focus is on the current risk situation that the project faces. Responding to the questions that the tracking of risks poses will help in your efforts to prioritise them accordingly.