• Basics
  • Risk in projects
  • Risk procedure
  • Risk responses
  • Documents
  • Relation with processes

You must know and understand:

  • How to manage risk in a project
  • Risk Management Strategy and Risk Register
  • Risk responses
  • Steps in the risk procedure
The purpose of the Risk theme is to identify, assess and control uncertainty and, as a result, improve the ability of the project to succeed.

Risk: An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives.

Opportunity: positive effect

Threat: negative effect

Risk appetite: the organisations attitude towards risk taking

Risk tolerance: the levels of exposure that, when exceeded, will trigger an Exception Report to bring the situation to the attention of the Project Board.

Risk management

  • Identify potential risks;
  • Evaluate the probability and impact of potential risks;
  • Control by defining possible actions, appoint risk owners, carry out risk actions and monitor their effect.

Risk's are inextricably linked to projects, because, by definition, projects undertake something new with inherent unknowns.

Risks arise through:

In a number of areas events can occur that have an impact on the project. A non-exhaustive list of these areas (risk categories) would be:

  • Economy/Finance;
  • Politics;
  • Legal;
  • Organisation/People;
  • Technical;
  • Natural enviroment.
Risk Management Strategy

Every project should prepare a Risk Management Strategy, in line with corporate or programme practices. In this document the project outlines it's approach to the management of risk. The Risk Management Strategy becomes a part of the Project Initiation Document (PID).

Also the attitude of the organisation to risk taking (risk appetite) should be documented in the Risk Management Strategy. For the Project Board it is important to have a threshold for the escalation of risks. This Risk Tolerance is the aggregate level of risk that will trigger an exception when threatened to be exceeded.

Risk Register

To have one single repository for all risk related information PRINCE2 advises to use a Risk Register, where all information on the various project risks is collated. The Project Manager is responsible for maintaining the Risk Register.

Risk profile

A risk profile is a suitable way to present risks and summarize them.

In this example the identified risks (1-7) have been placed depending on their estimates for probability and impact. The red line represents the risk tolerance for the project: all risks that are placed above this, must be escalated to the Project Board.

Risk management procedure

Risk management in a project is not a one-off activity. At any moment new information could become available making it necessary to review the risks. Four steps are taken in managing risks:

  1. Indentify:
    List alle potential events that can impact the project's goals.
  2. Assess:
    Determine the probability and impact of each possible event.
  3. Plan:
    Indentify suitable measures for every Threat and Opportunity.
  4. Implement:
    See to it that actions are incoporated in plans, and oversee their execution.toewijzen.

Voor kansen en bedreigingen kunnen de volgende maatregelen genomen worden:



Make sure that the risk can no longer happen, or if it happens that it will have no impact.
Make sure the event will happen and that the impact will be realized.

Also known as "mitigate". See to it that the probability and/or the impact are lowered.

Actions that will take place when the risk materializes.

Take care that the financial impact will be softened.

Take measures that will increase the probability of a favourable event.
Setbacks and windfalls will be shared between customer and supplier.
A conscious decision to take a risk in a project, without taking any of the measures described above.
A conscious decision not to enhance or exploit of possible favourable event.

These documents are relevant for the Risk theme:

With Starting up a Project (SU)

  • In the Business Case major risks are recorded;
  • When considering alternative project approaches the risks for each approach are taken into account.

With Directing a Project (DP)

  • Risk is a major area of concern for the Project Board.

Met Initiating a Project (IP)

  • The Risk Register is opened;
  • The Risk Mangement Strategy is drafted.

With Controlling a Stage (CS)

  • Risks are recorded and examined in the activity "Capture and examine risks and issues";
  • Risk may threaten stage tolerance and thus lead to an exception;
  • Lessons regarding risks are noted in the Lessons Log.

With Managing Product Delivery(MP)

  • Risks associated with the work to be performed are recorded in the Work Packages;
  • The Team Manager reports on risk status in Checkpoint Reports.

With Managing a Stage Boundary (SB)

  • Risk analysis is part of the planning for a new stage;
  • In the End Stage Report the project's risk status is summarized.

With Closing a Project (CP)

  • In the Lessons Report details of risks that have actually occurred may be analysed, and the effectiveness of the Risk Management Strategy is evaulated.

Met Starting up a Project (SU)

  • In SU worden de Kwaliteitsverwachting van de klant en de Acceptatiecriteria vastgelegd.
  • De kwaliteitseisen kunnen ook van invloed zijn op de keuze van suppliers.

With Directing a Project (DP)

  • In alle beslissingen van de Project Board is Kwaliteit één van de overwegingen (naast benefits, scope, tijd, kosten en risico).

Met Initiating a Project (IP)

  • In IP worden de Product Descriptions opgesteld.
  • Het Quality Register wordt geopend.
  • De Quality Management Strategy wordt opgesteld.
  • De Project Product Description, met daarin de Kwaliteitsverwachting van de klant en de Acceptatiecriteria wordt afgerond.

Met Controlling a Stage (CS)

  • In Workpackages worden de Product Descriptions (met daarin de Kwaliteitscriteria) opgenomen.
  • Wanneer het nodig is worden aanvullende afspraken over kwaliteitswerk gemaakt.
Met Managing Product Delivery(MP)
  • In Workpackages worden de Product Descriptions (met daarin de Kwaliteitscriteria) opgenomen.
  • In de activiteit "Work Package uitvoeren" worden de testen uitgevoerd die voor de producten zijn beschreven.
  • Het testwerk wordt bijgehouden in dhet Quality Register.
With Managing a Stage Boundary (SB)
  • Bij de planning van een nieuwe fase wordt het Quality Register bijgewerkt met de testen en reviews die voor die fase zijn gepland.
  • Voor nieuwe producten worden de Product Descriptions opgesteld. Voor al eerder gedefinieerde producten kan het nodig zijn de Product Descriptions bij te werken.
  • In de activiteit "Fase afsluiting rapporteren" wordt vastgesteld welke producten in deze fase zijn afgerond. Hiervoor wordt een Product Status Account opgesteld
Met Closing a Project (CP)
  • Bij het afsluiten van een project moet voor alle producten duidelijk zijn dat er acceptatie heeft plaatsgevonden. Hiervoor wordt een Product Status Account opgesteld.