Risk management

Created: July 24, 2013 at 11:07 AM | Updated: August 6, 2020 | By Community Resource Kit

A risk is a future factor or event that could negatively affect the project, service or programme you are planning.

Risks have two main aspects:

  1. Probability: the likelihood of a particular risk happening.
  2. Impact: the likely consequences of the event if it did happen.

In all aspects of life there is some risk, so we have to be willing to work with it. The purpose of risk management isn't about totally avoiding risk but rather identifying and understanding the risks so we can better plan to deal with them.

Identifying risks

The best way is to get together as a group and brainstorm the question: what could possibly go wrong? Look at all areas of your operation that could be affected, such as your objectives, the people inside and outside your group, your financial and other resources, your reputation. Write down a list of the potential risks.

Rate the risks

Once you have identified the risks, they need to be assessed or measured in terms of the chance (likelihood) they will occur and the impact which might result if they occurred. Each risk can be rated using a Risk Scoring Matrix.

Risk Scoring Matrix























  1. Take each risk and rate it on a scale of 1-3 of how likely it is (unlikely, possible or probable) and the impact if the risk happened (minor, moderate or severe).
  2. Place each risk on the matrix.
  3. The likelihood x the impact = the score.
  4. To manage risks, concentrate on reducing the risks that fall in the 7-9 band, and then look at how you can manage or reduce the risks in the middle 4-6 band. Don't waste time on the low risks in the 1-3 band.
  5. From there, you can enter each risk in a Risk Register.

Risk Register

Risk No.

Date Logged

Risk Description

Risk score

Management Strategy


(i.e. open/ closed)

Risk management update












































Some ways of dealing with the risk are:

  • Risk management planning
  • Avoidance: look at ways of arranging things differently to avoid the risk.
  • Transfer: can someone else take on the responsibility? (This option is usually quite limited.)
  • Mitigation: if you can't avoid the risk, think of ways it could be minimised. For example, if the risk relates to staffing, a mitigation strategy might be to make sure there is back-up staff available.
  • Acceptance: some risks will not go away so you will have to live with them. These are the ones to keep a close watch on. You might look at a fall-back plan for these risks.

Monitoring and reviewing

Keep the risk register up-to-date and review it at each project management meeting. Things will change over time and if your risk management strategies are good, some risks should be reduced.


Risks are about uncertain events in the future. Over time the risk will either become a reality in which case you deal with it or it won't. Either way, the risk will have passed. Apart from reviewing your risk management, you do not need to spend any more time on it.


Next page: Monitoring and evaluation

Previous page: Feasibility studies

Contents of the Community Resource Kit