DoIT Project Management Advisor
Execute & Control
Close Project
Glossary   Skip to Main Content
Stage 2: Initiate the Project

Note: Make sure you have "print background colors and images" enabled in your browser. Specific browser details

What it is: Develop a Risk Management Strategy


A risk management strategy defines a high-level plan for how project risks will be managed during the course of the project. Risks are possible events that may cause deviations from the planned outcomes of a project. Deviations can be positive (opportunities) or negative. Risk management is an iterative process that begins immediately and continues throughout the life of a project.

A general risk management strategy is all that is needed in the Initiate Stage. The more detailed risk management plan is completed in the Plan Stage and includes the details of how to manage risk.

A good risk management strategy addresses the following:

  • Risk management objectives
  • A preliminary, high-level assessment of the general areas of risk associated with the project
  • Risk areas with low tolerances or thresholds
  • A high-level process to manage risk
  • Risk management decision makers


Risk management starts early in a project. Developing your risk management strategy ensures risk is managed efficiently and effectively throughout the project.

Sound risk management aligns a project’s responses to realized risks with the organization’s goals and so increases the likelihood that, in the face of deviation, the project will nevertheless produce satisfactory results from the organization’s point of view. The project’s risk management strategy sets the project on a course for managing risk throughout the life of the project.

Who is involved

Project Manager
Project Team
Project Sponsor
Project Stakeholders


The results of developing a risk management strategy are included in a separate section of your project charter often referred to as:

  • Risk Management Strategy

If applicable, you may also update the following sections of your project charter:

  • High-level Roles
  • Change Management Strategy


How to: Develop a Risk Management Strategy

Recommended actions and strategies


What to do

How to do it


Determine general areas of risk for the project

Check to see if an assessment of project risks was addressed in the Conceptualize Stage. If not available, you may need to work with the project sponsor or other project stakeholders to get this information.
Assess, list and describe at a high level the most significant areas of risk that could contribute to deviations from planned outcomes for the project. For example:

  • Project resources – availability of staff with relevant experience
  • Technology – robustness and maturity
  • Visibility of project – i.e., importance to the organization
  • Project requirements – thoroughness of understanding and definition
  • Project complexity –project size, interrelationship to existing systems
  • Stakeholder commitment – degree of collaboration expected


Assess stakeholder tolerance for accepting each area of risk identified for the project

Risk tolerance is a qualitative expression of the degree of aversion to a project risk; risk threshold is its quantitative expression. (For example, a stakeholder may have a very low tolerance for risk to his or her reputation. A stakeholder may specify a two-week threshold for the risk of late delivery.)

Survey stakeholders to identify those areas of risk for which there is a particularly low tolerance or threshold for risk. Note them in the risk management strategy and in the change management strategy statement of project constraints.


Determine risk management objectives

Based on findings in the preceding steps, identify the overall objectives to be attained with regard to risk management. Answer the following questions, for example:

  • Are any of the known areas of risk significant to the success of this project?
  • Are any risks unacceptable?
  • How aggressively will risk be managed for this project?
  • Might any realized risks result in project cancellation?


Identify risk management decision makers

Determine roles for assuring risk management objectives are met throughout the project life cycle. Consider, for example, responsibilities for determining answers to the following questions, which will be thoroughly specified in the Plan Stage:

  • Who will approve the Risk Management Plan?
  • Who will determine whether to use a qualitative, quantitative, or combined risk analysis approach in the Plan Stage?
  • Who will determine risk response strategies in the Plan Stage?
  • At what frequency should the project monitor for realized risks?
  • At what frequency should the Risk Management Plan be reviewed and updated?

Additional resources

Annotated bibliography to come.  [We need to decide where to display this in PMA.]


Templates/Examples: Develop a Risk Management Strategy

The table below provides templates and examples for a risk management strategy.



Risk Management Strategy

Risk Management Strategy





<< Return to top

Updated March 1, 2007 - v2.1