Risk management is focused on anticipating what might not go to plan and putting in place actions to reduce uncertainty to a tolerable level.Risk can be perceived either positively (upside opportunities) or negatively (downside threats). A risk is the potential of a situation or event to impact on the achievement of specific objectives Working with the risk owner, the project professional ensures that risks are clearly identified before moving on to the risk analysis step of the risk management process. The project risk management process reflects the dynamic nature of project­work, capturing and managing emerging risks and reflecting new knowledge in existing risk analyses.A risk register is used to document risks, analysis and responses, and to assign clear ownership of actions.

What is risk analysis?

Risk analysis provides guidance on where the greatest vulnerabilities lie. Because risk analysis is fundamentally perception based, it is important for the project professional to engage stakeholders early to identify risks.To make sense of differing perceptions, it is important to describe risk events clearly, separating causes (facts now), from risk events (situations that may occur), from effects (that have an impact on one or more of the project measures). This enables subsequent analysis and management of risks.

Effective risk analysis and contingency planning will see planned time and/or contingency used. Unused contingency is most likely caused by overestimation, luck or the efficient management of risk. Insufficient contingency is most likely caused by optimistic estimation, bad luck or inefficient management of risk.Outputs from risk analysis help the project professional to: