DoIT Project Management Advisor
Execute & Control
Close Project
Glossary   Skip to Main Content
Stage 2: Initiate the Project


What it is How to Templates/
How to: Develop a Risk Management Strategy

Recommended actions and strategies


What to do

How to do it


Determine general areas of risk for the project

Check to see if an assessment of project risks was addressed in the Conceptualize Stage. If not available, you may need to work with the project sponsor or other project stakeholders to get this information.
Assess, list and describe at a high level the most significant areas of risk that could contribute to deviations from planned outcomes for the project. For example:

  • Project resources – availability of staff with relevant experience
  • Technology – robustness and maturity
  • Visibility of project – i.e., importance to the organization
  • Project requirements – thoroughness of understanding and definition
  • Project complexity –project size, interrelationship to existing systems
  • Stakeholder commitment – degree of collaboration expected


Assess stakeholder tolerance for accepting each area of risk identified for the project

Risk tolerance is a qualitative expression of the degree of aversion to a project risk; risk threshold is its quantitative expression. (For example, a stakeholder may have a very low tolerance for risk to his or her reputation. A stakeholder may specify a two-week threshold for the risk of late delivery.)

Survey stakeholders to identify those areas of risk for which there is a particularly low tolerance or threshold for risk. Note them in the risk management strategy and in the change management strategy statement of project constraints.


Determine risk management objectives

Based on findings in the preceding steps, identify the overall objectives to be attained with regard to risk management. Answer the following questions, for example:

  • Are any of the known areas of risk significant to the success of this project?
  • Are any risks unacceptable?
  • How aggressively will risk be managed for this project?
  • Might any realized risks result in project cancellation?


Identify risk management decision makers

Determine roles for assuring risk management objectives are met throughout the project life cycle. Consider, for example, responsibilities for determining answers to the following questions, which will be thoroughly specified in the Plan Stage:

  • Who will approve the Risk Management Plan?
  • Who will determine whether to use a qualitative, quantitative, or combined risk analysis approach in the Plan Stage?
  • Who will determine risk response strategies in the Plan Stage?
  • At what frequency should the project monitor for realized risks?
  • At what frequency should the Risk Management Plan be reviewed and updated?


<< Return to top

Updated March 1, 2007 - v2.1