Risk Management: The What and the How

Updated: January 25, 2023| Published: August 18, 2021| SlideUpLift Blog
Risk Management: The What and the How

Whenever starting a new venture, or embarking on a new project, the risk is an inherent part of the process. A seemingly gentle tread into unknown waters, can be fraught with uncertainties and often contains probabilities of unforeseen situations and events taking place- aka risks.

So, it becomes the job of project managers to exercise due diligence, build on the wisdom they carry or rely on others to analyze the risks involved with any project. They are accountable to come up with ways to mitigate risks or have action plans should some of these fructify.

A project manager should always start their risk management planning process with the question – What can go wrong in this project?

Megacorporations or small-entrepreneurs, all work with risks in their projects. Therefore, risk management is a key area of focus within any organization. To work towards planning for an unknown risk variable, every business needs to have a comprehensive risk management strategy.

In this blog, you will learn 

What is Risk?

In simple terms, Risk is anything that has a possibility of having a negative impact on a project, a process, a program, an individual, or an organization. The implications of risk having negative consequences is usually quantifiable but can also be in terms of intangibles.

In a project context, risk often refers to business and financial risk. It can arise from a number of underlying dynamics

  1. Change in tastes and preferences of consumers
  2. Team/organization disenchantment
  3. Increased competition
  4. Unexpected Policy/regulatory changes 
  5. Obsolescence 
  6. Product failures etc.

Therefore, Business Risk stems from the idea that there is no way of ascertaining the gains and losses incurred in a business due to the existence of unforeseeable circumstances and possible issues in the workflows. ISO 31000 defines risk as “an effect of uncertainty on objectives”, i.e. the effects of risks in business can be both positive or negative, depending on how they affect the outcome or the set objectives of an organization. This uncertainty, however, propels the requirement for a comprehensive risk management strategy, one that can analyze, mitigate or deal with both the positive and negative outcomes of risks within a project or larger business.

What is Risk Management?

Risk management is the identification, evaluation, and prioritization of risks in a project or business, followed by a response to risks cropping up in the process, to keep the project on track and moving towards its objectives. 

However, risk management does not involve merely reacting to instances of risks as they crop up in the process. Effective risk management works at the level of planning and mitigation, to predict some of the foreseeable risks, as well as have contingency plans for risks that are hard to predict.

4 Risk Management Responses

Within Risk Management, there tend to be four major risk responses in which the identified risk is dealt with. Once you understand these responses, a risk management plan can be created for your projects and businesses.

Risk Avoidance

Finding ways to avoid the risk entirely. These work best in terms of predictable risks based on prior experience and industry-associated risks. These effectively eliminate or allow a project manager to withdraw from certain risky ventures.

Risk Reduction

Finding a method to mitigate risks. This involves using technology, probability tools, and controls to reduce the chances of a foreseeable risk occurring, or having mitigatory measures in place should the risk happen in any case. This allows for the optimization of risk reduction within a project.

Risk Sharing

Outsourcing or insuring against potential risks. In essence, letting someone else bear the cost of the risks involved by taking out insurance against known risks or outsourcing the risky parts of the project to an outsider better equipped to deal with it. These measures work for high risks that are unavoidable.

Risk Retention

Accepting and accounting for risks that are unmitigable or too small to have a significant impact. Every project comes with its own challenges and risks, and many of these risks are too small to warrant a lot of attention. Or, they can be accounted for and worked through. As such, retaining the risk and budgeting for them can be a strategy in dealing with low-impact risks. 

How to Create a Risk Management Plan?

According to ISO 31000, there are three broad categories of creating and implementing a risk management plan. Under each category is a systematic elaboration on the process of creating a risk management plan that is effective and comprehensive.

Context Establishment

In many situations, project managers jump straight into the identification of risks, without articulating their own specific contexts within which they function. Context and background make a huge difference in the overall creation of your risk management plan, as it is then tailored to the actual project and not just an amalgamation of popular and standardized risk management strategies within an industry.

Establishing the context involves – 

  1. The enterprise scope of risk management
  2. Identity and objectives of stakeholders
  3. Basis and constraints on the evaluation of risks
  4. Defining a framework for the process and identification of the larger agenda
  5. Developing an analysis of risks
  6. Mitigation or solutions for the risks involved based on existing technology or risk mitigation measures.

Identification of Risks

The next step in the process of creating a risk management plan is to identify the risks involved in the project. Risk identification usually functions at two levels – source or problem. 

  1. Source analysis – These are the sources of risk, which may arise from internal or external systems in the project. These can usually work with risk mitigation, as internal and external sources of risk are analyzed and worked with.
  2. Problem analysis – These are the risks associated with identified problems and threats. These threats can function at the level of capital, policy, and shareholders. 

Once risks have been identified and categorized between the two potential levels of existence, the next step is to further break down the process of identification through specific and pointed lenses of evaluation, especially in terms of their impact on the project as a whole. As such, there are five categories within which risks can be identified.

a. Objectives-based risk identification

Any event or threat that does not allow an organization or project to reach its objectives is identified within this category.

b. Scenario-based risk identification

Different scenarios are often created at the beginning of the planning stage, outlining the various ways in which the objectives of a project can be achieved. This includes analyzing all the potential forces which will interact within that project. If in any scenario, there is a threat to the fulfillment of the objectives of the project, that scenario is categorized as a risk under this category.

c. Taxonomy-based risk identification

This is a breakdown of all potential sources of risk. As such, taxonomy and knowledge of best practices are used to identify risks associated with the business’ entities of interest. 

d. Common-risk checking

Most industries come with their own set of risks that have been clearly articulated and collected in a common working document for any organization within it. As such, checking for these industry-specific common risks and their identification comes under this category.

e. Risk charting

This process involves the use of a matrix to chart all the above-given categories with respect to their resources at risk, threats to those resources, and modifying factors that can increase or decrease risks. 

Risk Assessment

Risk assessment is the combined effort of two larger ideas and methods of analysis- 

  1. Identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e. hazard analysis).
  2. Making judgments “on the tolerability of the risk-based on a risk analysis” while considering influencing factors (i.e. risk evaluation).

What this means is that, once risks have been identified they need to be measured for their severity of impact on the functioning of a project and its trajectory towards fulfillment. Prioritization becomes key in the implementation of a risk management plan, as the sequence of events and educated responses to risks is the best way to handle negative or positive outcomes associated with risks in a project.

Raid Project Management

Raid Project Management

Source: Raid Project Management by SlideUpLift

Risk Management Dashboard

Risk Management Dashboard

Source: Risk Assessment Dashboard by SlideUpLift

Risk Assessment PowerPoint

Risk Assessment PowerPoint

Source: Risk Assessment PowerPoint by SlideUpLift

Using project management software, risk analysis methodologies, and statistical information, the assessment, and analysis of risks can be undertaken by a project manager. However, no method is perfect, and it is best to be flexible and be ready to improvise should an unforeseen situation occur that needs an immediate response.

Risk Mitigation

Once risks have been assessed, appropriate controls and measures need to be adopted to mitigate each risk identified. Risk mitigation often involves multiple levels of authority, dispensing on the type of risk. For instance, a known computer virus risk needs to be mitigated with the approval and authority of the IT department.

Risk Mitigation Plan Template

Risk Mitigation Plan Template

Source: Risk Mitigation Plan Template by SlideUpLift

Risk Mitigation Template

Risk Mitigation Template

Source: Risk Mitigation Template by SlideUpLift

Crisis Change Management Template

Crisis Change Management Template

Source: Crisis Change Management Template by SlideUpLift

A method adopted by strategists to mitigate risks is called the Risk Treatment Plan. It becomes a working document consisting of each identified risk, selection of security controls, and the standards that define those controls. It effectively outlines how each risk is to be managed and mitigated, using specific and focused directives. Also, learn the best framework for handling crisis management

SlideUpLift Presentation Templates for Presenting Risk Management Strategy

Presentation templates are pre-made and expertly crafted PowerPoint slides that contain all the formats and headings needed to present your own Risk Management Strategy. Each template is visually engaging and comprehensive to make the process of creating and presenting your strategy easier, smoother, and better. You can browse through SlideUpLift’s vast collection of fully editable and creative presentation templates that can save you a lot of time in order to create slides that are professional, clean, and can effectively communicate your ideas.

Heat Maps Template

Heat Maps Template

Source: Heat Maps Template by SlideUpLift

Context Setting For Risk Management

Context Setting For Risk Management

Source: Context Setting For Risk Management by SlideUpLift

Bowtie Template

Bowtie Template

Source: Bowtie Template by SlideUpLift

Free Mitigation Plan Template

Free Mitigation Plan Template

Source: Free Mitigation Plan Template by SlideUpLift

COVID has been the biggest risk in recent times which has forced us to rethink our entire risk planning. Check out how to showcase the impact, risk, and next steps as a response to COVID risk.

COVID-19 Business Impact Presentation

COVID-19 Business Impact Presentation

Source: COVID-19 Business Impact Presentation by SlideUpLift


Every project, whether it’s big or small, needs to engage in the process of risk management. And risks do not come in the same shape or form each time. And so, having knowledge of the various ways in which risk management strategies can be created and implemented is essential for the smooth functioning of your project, all the while minimizing negative effects and benefiting from the positive outcomes of risks. So, go ahead and take risks. After all, no successes were ever gained without a little bit of risk involved.

Now you don’t have to scour the web to find out the right templates. Download our PowerPoint Templates from within PowerPoint. See how?

Categories: blog, Business Presentation Tips