X

Research and Innovation Services

Completing the risk assessment

Menu

All research applications require you to complete a mandatory risk assessment questionnaire within Worktribe. Find guidance on completing a risk assessment for your project.

The risk assessment enables approvers of the research application to make an informed decision on any potential risk.

The Risk assessment consists of 12 ‘yes’/‘no’ questions designed to flag risk and capture key information relevant to the project.

A positive response to any of the below questions will generate a Worktribe warning (red or amber) on the project summary page to alert Departmental/Divisional approvers, and subsequently Award Services of potential risk or impact.

If your answer to any of the questions below is yes, please contact your Departmental Administrator, Research Facilitator, or Award Services as early as possible in the process, so that appropriate support can be provided.

Infrastructure needs

Will the project require either the acquisition of new space, the modification of existing space, the installation of equipment, the creation of new buildings, or any other capital investment?

Institutional commitment

Will the project require UCL to fund any kind of Institutional Commitment, in addition to any standard under-recovery of the full economic cost of the project?  Examples of Institutional Commitment requirements include the UCL providing matched funding for equipment or funding studentships.

Research computing and data storage

Will the project require the use of any High Performance or High Throughput Computing facilities, and/or is it likely to generate data in excess of 1TB in volume at any stage?

Conflict of interest

Could the project involve people who could be perceived as having a conflict of interest? An example of this would be an Investigator who is in receipt of an associated consultancy. Refer to the UCL  Declaration of Interest Policy  for comprehensive guidance.

Risk to environment or reputation

Is there any aspect of the project that might be perceived to breach social or cultural expectations of university research, or be considered otherwise environmentally or reputationally sensitive (including third party or funding relationships)?

  • Could the project involve or generate materials, methods or knowledge that have the potential to cause significant harm to the environment, animals or humans?
  • Could the project involve the use or generation of Dual-Use technology i.e. materials, software and /or technology that can be applied for civilian and military applications, and/or could contribute to the proliferation of Weapons of Mass Destruction?
  • Is there any intention or requirement for the export of sensitive technology or strategic goods (encompassing physical export, software and technical knowledge) which have or may have a military application?
  • Is there any risk that third parties involved in this project (including Funders, Collaborators, Suppliers etc.) could potentially be perceived to conflict with the aims, objectives and activities of UCL or risk reputational damage by association?

Overseas activity

Will any UCL-led research activity take place outside of the UK?

Human participants, tissue or data

Does the project involve human participants, their tissue and/or their data (including data provided by third parties such as HSCIC)?

Material Transfer

Will the project require materials to be exchanged between project partners or collaborators, and/or imported from third parties?

Translational Research

If your project aims to translate discoveries into health benefits then you should contact the  UCL Translational Research Office  at the earliest opportunity for support and guidance.

  • Contact Award Services
  • Contact Contract Services
  • Contact Compliance and Assurance
  • Contact Planning, Insight and Improvement
  • Find departmental contacts
  • Researchers Toolkit
  • Funder Portals
  • Funders Golden Rules
  • Institutional Information
  • Sponsored Research Criteria

System access

  • Worktribe Research Management Login
  • MyFinance Login
  • Axiom Login

research project risk assessment example

Project risk assessment: an example with a risk matrix template

“Begin with the end in mind” (Stephen Covey) is to say, “Think first what could go wrong.”

A project is a collection of interconnected tasks that are bound to specific timelines, resources, and deliverables. Any task could carry a certain uncertainty (risk) that, if it happens, could affect the project’s success. In this regard, project risk comprises two factors: the probability of happening and the consequences if it does.

While you cannot avoid risks entirely, with the help of risk management methods, such as the project risk assessment matrix, you can evaluate the potential damages caused by those risks. And consequently—increase the likelihood of successful project completion.

Today, you are going to learn about:

What is a project risk assessment?

What is a project risk matrix.

  • How to create a risk matrix template for your project.
  • How to visualize project risks on a risk matrix.
  • Types of risks in project management.

A project risk assessment is a process that aims to gain a deeper understanding of which project tasks, deliverables, or events could influence its success. Through the assessment process, you identify potential threats to your project and analyze consequences in case they occur.

Risk assessment takes on many forms. It could be a simple matrix or a database using sophisticated algorithms. In this article, we will focus on a risk assessment matrix.

A project risk matrix, also known as a Probability and Severity risk matrix, is a graphical risk analysis tool in the form of a table (matrix). It is typically square, but some risk matrices are rectangular or circular. A risk matrix gives you a quick view of project risks and their consequences’ severity (impact). You use it to allocate ratings for each risk based on two intersecting factors:

  • The  likelihood  (or probability) of a risk to occur (x-axis).
  • The  impact  (or severity) if a risk occurs (y-axis).

The higher a risk ranks for these two factors, the bigger threat it poses to your project.

The bottom-left corner of the matrix is where the likelihood and impact of a risk occurring are very low. On the opposite side, in the top-right corner, the likelihood and the impact are the highest. In short, when the likelihood increases, the risk moves to the right; if the impact increases, then the risk moves up.

Risk assessment matrix in color.

To denote the threat level, many risk maps feature a red-yellow-green color-coding that indicates whether risks are significant-, moderate- or low-level concerns respectively. (Hence why risk matrices are often called risk heatmaps.) You may also come across risk heatmaps that use different shades of one color instead of red-yellow-green.

Once you assess the likelihood and impact of each risk, you will be able to prioritize and prepare for them accordingly.

Risk matrix template: create a risk matrix for your project 

A risk matrix is a useful tool for project planning that you can create in just a few steps. In this article, we will create a risk assessment form and a respective 5×5 risk matrix template for a construction project.

Step 1. Identify project risks

Start by brainstorming and analyzing potential risks and opportunities related to your project scope. Leave no risk behind. Depending on your organization and project, your list of risks might include several types of risks, such as cost, environmental, and legal risks.

(You will find a comprehensive list of risk types at the end of this article).

Blank risk assessment form

Hint : If you are not a huge fan of lists and prefer visual methods, you can follow a  work breakdown structure  style to identify and categorize your risks. Or, in other words, you could create a sort of “risk breakdown structure” for your project. Take a look at the example below.

research project risk assessment example

Step 2: Determine the risk likelihood

In this step, you need to identify the likelihood of a given risk happening. ​​On a 5×5 matrix, you express the  likelihood scale  on 5 levels:

  • 1  – (Very unlikely): A very slim chance for this risk to occur.
  • 2  –  (Not likely): Low chances for this risk to occur.
  • 3  – (Possible): Fifty-fifty chances for this risk to occur.
  • 4  – (Probable): Good chances for this risk to occur.
  • 5  – (Very likely): You can bet this risk will occur at some point.

Risk assessment form in color - the likelihood column is filled with numbers.

Step 3. Define the impact scale

Next, you rank your risks based on the impact they would cause on your project if they occur. The  impact scale  also has 5 levels:

  • 1  – (Negligible): This risk will hardly impact your project.
  • 2  –  (Low): You can easily handle the consequences of this risk.
  • 3  – (Moderate): It will take some time and effort to mitigate the consequences of this risk.
  • 4  – (Significant): This risk could cause long-term consequences that will be hard to recover from.
  • 5  – (Catastrophic): The impact of this risk might wreck your project.

Risk assessment form in color - likelihood and impact columns are filled with numbers.

Step 4. Calculate the risk rating

Assign each risk a corresponding risk rating based on the likelihood and impact you have already identified. For example, a project risk that is very likely to happen and will cause major safety hazards will receive a higher risk rating than a risk that is unlikely to occur and will cause very minor harm.

The formula for the risk rating is as follows:

Likelihood x impact = Risk rating

e.g., Likelihood (4) x Impact (5) = Risk rating (20)

(A risk with such a high rating could threaten your project, therefore you should monitor it closely.)

research project risk assessment example

Since we work on a 5×5 matrix, the risk rating values will range from 1 to 25.

  • 1 – 6  (Low): Low-rating risks most likely will not happen. If they do, they will not be a threat to your project.
  • 7 – 12  (Medium): Some medium-rating risks might happen at some point. You do not need to prioritize them but you should not ignore them either.
  • 13 – 25  (High): High-rating risks are serious and very likely to happen threats. They can cause your project to go off the rails, so you should keep them in mind when planning your project.

Rsik assessment form in color - the likelihood, impact, and risk rating columns are filled with numbers.

Step 5. Draw your risk matrix

To draw a risk matrix, extract the data from the risk assessment form and plug it into the matrix accordingly. In our example, we identified risks for which 5 levels of likelihood and 5 levels of impact were sufficient. Therefore, we get the 5×5 matrix that looks like this:

The risk ratings in the lower-left quadrants are the lowest, therefore they have a green color; the ratings in the upper-right quadrants are the highest—hence the red color.

Project risk assessment heatmap/matrix in color.

Important notes on creating a risk matrix template

The 5×5 template we have created in the previous steps is only an example of how you approach creating your matrices. You can create a separate matrix for an entire organization, a specific program, or a project. In each case, it could be different. Therefore, there are a few important things about risk assessment matrices to note:

  • When defining your matrix, think about the number of intervals for the likelihood and impact. How many rows and columns will it have? For example, a 3×3 or 3×4 matrix could suit your project better. When you decide on your matrix size, place labels and values on its scales accordingly.
  • Likelihood and Impact scale intervals are numerical values (e.g., 1 – 5 or 0% – 100%). You place those values on your matrix but you can also use them to describe the likelihood and impact of certain risks. Depending on your project, it could be, e.g., safety, quality, cost, schedule risks, etc. (You will find several risk types at the end of this article.)

Let’s take a look at some examples.

Project risk assessment matrix - example wth alternative values.

As you can see from the above, the numerical value for the impact is the same. However, the description for each risk type is different. Therefore, you may need to define interval names for individual objectives and their respective impacts and probabilities.

  • Your scale will not always be linear. You may observe it with risks that carry high impact—those will often have larger intervals than low-impact risks. Take a look at the table above, and compare the interval for the “Low” impact (0-3%) and the “Catastrophic” impact (50-100%). The discrepancy is quite significant—the impact of a fatal injury will be much greater than that of a scratched finger.
  • Instead of risk rating values in your matrix, you can plug in the number of risks you identified in your project for each quadrant. For example:

Project risk assessment matrix - the number of risks in respective columns instead of risk rating.

(In fact, that is pretty much how the BigPicture Risk matrix report looks like. Read on to learn more about visualizing risks in the BigPicture app).

  • The labels in brackets on matrix scales are arbitrary. You can name your values however you want. For example, Impact (1) could have a label: “Insignificant.”
  • Your risk form and matrix are not the type of task that you complete and forget. You should manage your risks throughout the life of your project. A common mistake in project management is creating a fairly standard risk register during the project planning and not returning to it until something happens. Project managers should carry out regular risk assessments to be able to react to changes in the project environment on an ongoing basis.

Visualize project risks on a risk matrix

What might have struck you is that the matrix does not offer much room for putting risks directly on it. It could work for a few, but if you have dozens of them, it will become cluttered and a pain to use. Not to mention that over the course of your project, you might need to identify new risks and revise the existing ones for their likelihood and impact. This means you will need reliable software to visualize and work with project risks efficiently.

research project risk assessment example

The risk software we would like to introduce is  BigPicture which seamlessly integrates with Jira. It offers many key features that will help you assess and monitor your project risks.

research project risk assessment example

Not a BigPicture user yet? Start your free 30-day trial today. Or visit our demo page  to play with the app straight in your browser — no registration or installation needed.

View your risks on the risk matrix

The BigPicture  Risk module  enables you to generate a risk assessment matrix with a default size of 5×5. The matrix features two scales: the risk consequence and risk probability.

The risk consequence scale has the following values: Trivial, Low, Medium, High, and Severe. Whereas with the risk probability scale, you can assign the following values to a risk: Almost none, Low, Medium, High, and Very high. If you enable the heatmap mode, the app will color the risk cards based on their risk rate with four default colors: green, yellow, orange, and red.

Visualizing risks from the risk assessment example

Let’s return to our construction risk assessment form and see what the risks will look like on the BigPicture risk heatmap.

The electrical leakage has the highest probability (likelihood) and consequence (impact). That is why you will find it in the top right corner (the app colored a risk card of such a high-priority risk with red color). The app  automatically calculates the risk rating,  so you do not have to worry about manually updating the heat map.

If you want to  move any risk to a different quadrant  (because its impact or likelihood has changed) you can edit the risk or use a drag-and-drop feature. Of course, you can place several risk cards in a given quadrant. Our simple project has only 5 risks but yours might carry many more and BigPicture will visualize all of them for you. If you notice your risk map getting really busy, you can display risks in a  compact mode .

research project risk assessment example

Populate your risk matrix with risks and issues

You can add  any issue type  to the risk heat map as long as you select the Consequence and Probability fields and assign them respective values. (You will need your Jira admin to preconfigure the fields you will be able to add to your tasks.)

research project risk assessment example

So when you create a new task or edit the existing one, just add those two fields to make it pop up on your risk matrix.

In our risk assessment form, we did not add any issues, epics, or milestones—only risks. So how come those risks are on the heatmap? By clicking on any quadrant, you can  add new and existing tasks  and  tasks as risks  directly on the risk matrix.

research project risk assessment example

Click “Create new Jira issue” and provide details for your risk (remember about the Probability and Consequence fields).

Since you can add project tasks as risks, and risks directly to the matrix, you can use the BigPicture’s Risk board in  two ways .

Risks as tasks approach

The first approach is about directly adding the  tasks as risks  to the risk matrix. Those tasks will not result from the project plan (unlike typical project tasks that must be completed) and will serve as risks alone.

Let’s come back to the “Water leakage” risk as an example. Previously, we added it directly to the matrix as a typical risk that carries some probability and impact. Such a model will not readily show you which task(s) a given risk relates to. However, you could connect this risk to the actual tasks it has an impact on using Jira Issue Links. Also, by adding a task as a risk to the matrix, you can immediately read what this risk is about (e.g., the risk of “Water leakage”).

Project tasks at risk approach

(This approach is more popular among BigPicture users.) You can also add individual  project   tasks  to the risk matrix. Unlike in the previous model, you will not see details about the risk just by looking at the matrix. Because, in fact, you would be looking at the task, not a risk as such. But you will know the probability and the impact of the risk that this task is related to.

For example, let’s say you want to add a “Road building task” to the risk matrix. You situate this task on the matrix according to the risk’s probability and impact. You do not know that this task is at risk due to the potential “Water leakage” but you know the likelihood and impact of it. If you want to have a more detailed overview of a given task at risk, you can add the info about the risk to the issue (e.g., as a comment or a relevant attachment).

Customize your risk matrix

If the default look of the BigPicture risk matrix is not optimal for your project, you can  customize it .

  • Transpose the whole matrix and/or invert individual scales (one or both simultaneously).
  • Change the scale names (e.g., from “Consequence” to “Impact”).
  • Add and delete Probability and Consequence individual values. For example, let’s say you want to see only the risks with the highest ratings on your map. In such a case, you delete low and medium values.

research project risk assessment example

  • Configure the risk matrix to have  SAFe® ROAM-based quadrants .
  • Use the  card view creator  to see more details on your risk cards.

Risk matrix report

The  Risk matrix report  gives you a quick overview of your existing risks in each matrix quadrant. You can use this report for risks present in your program, project, or iterations on a lower hierarchy level (on the ART level, the report will also display risks from the PI iterations and the PI sprints).

When you hover over a given quadrant, you will see a list of risks with their corresponding statuses.

research project risk assessment example

You can rename the report, invert the risk scales, or transpose the whole risk report matrix.

9 Types of risks in project management

Arguably, the biggest indicator of the risk likely occurring is whenever your project has something “new” in it. For example, a “new supplier” for safety goggles; “new processes” according to which employees will carry out their work; “new technologies” that the higher-ups want to introduce; a “new software developer” the company wants to hire for the current project.

Of course, there are many types of risks to consider when assessing your project. These could be:

Schedule risks

Performance risks, operational risks, market risks, governance risks, strategic risks, legal risks, environmental risks.

They indicate there is a possibility that the project’s cost will exceed the budget. Cost risk might occur due to poor budget planning, inaccurate cost estimating, and scope creep. This type of project risk can cause other risks to emerge, such as schedule risk and performance risk.

Example : “The cost of steel might increase over the next quarter.”

This risk occurs when activities take longer than expected, typically due to poor planning. Schedule risk can impact cost risk because any delay in a schedule could increase the costs of a project.

Example : “Hiring a new foreman might take longer than anticipated.”

Performance risk is the risk of a project failing to produce the expected results. It is a complex risk that can result from the activities of several parties, so it can be hard to pinpoint the exact reason behind it.

Example : “The level of noise might increase after the office redesign.”

This type of risk results from poor implementation and process problems such as distribution, procurement, and production. And since any of these could cause the project to produce results differing from project specifications, operational risk is a type of performance risk.

Example : “Insufficient funds to pay for the next batch of goods.”y

Market risk could be, among others, competition, commodity markets, and foreign exchange. Because these types of risks are highly unpredictable, planning for them is difficult without sound expertise.

Example : “Foreign exchange fluctuations due to…”

This risk concerns the company’s top management and other important stakeholders with regard to their ethics and company reputation. This risk can be fairly easy to mitigate because it largely depends on the stakeholder’s behavior.

Those risks are another type of performance risk. Strategic risks stem from erroneous strategic decisions concerning the selection of people for the job, the tools, as well as the technology that does not help with the work as expected.

Example : “The application might not be compatible with systems already in use.”

Legal risk is the consequence of legal obligations, such as law of the land, local laws, and statutory requirements. This type of project risk is also about the contractual obligations, as well as avoiding and handling any lawsuits against the company.

Example : “Export license might not be granted.”

Those risks pertain to external hazards that one cannot fully avoid or even foresee. For example, storms, floods, earthquakes, force majeure, pandemics, terrorism, labor strikes, etc.

Example : “Severe weather conditions might delay the maintenance works.”

Related posts

Getting things done: managing complex projects in jira.

Today, we would like to share a few tips for managing complex projects. You will learn about common factors …

Jira Issue Links and dependencies management

Dependencies indicate the relationship of one task to another in a logical sequence. They help to visualize the order …

Jira cross-project dependencies: best practices and management

Dependencies in project management do not need to be your bane. Yes, they require proper product planning to reduce the …

What’s hiding behind the idea of Agile boards?

An agile board shows a board that is divided into columns, to show the progress of each task by …

What kind of demo would you like to get?

Watch the demo.

" * " indicates required fields

Enterprise demo

Finding the right management system for a large-scale organization is quite a challenge.

We are here to help! As BigPicture is one of the most flexible PPM tools on the market, we would be thrilled to demo the system with your unique business case and requirements in mind. Let us better understand your needs by filling out the form:

Register for a live demo webinar

Congratulations, get started.

BigPicture

Enterprise Program & Portfolio Management right in monday.com

Try it out now

Request offer

Questionnaire, contact us.

  • Vice-Chancellor
  • Leadership and Governance
  • Education Quality
  • Sustainability
  • Staff Directory
  • Staff Profiles
  • Staff Online
  • Office of Human Resources
  • Important Dates
  • Accept and Enrol
  • Student Forms
  • Jobs for Students
  • Future Students
  • Scholarships
  • Class Registration
  • Online Courses
  • Password Management
  • Western Wifi - Wireless
  • Accommodation
  • The College
  • Whitlam Institute
  • Ask Western
  • Staff Email
  • WesternNow Staff Portal
  • ResearchMaster
  • Citrix Access
  • Student Management System
  • Exam Timetable
  • Oracle Financials
  • Casual Room Bookings
  • Staff Profile Editor
  • Vehicle Bookings
  • Form Centre
  • WSU SharePoint Portal
  • Learning Guide Management System (LGMS)
  • Student Email
  • My Student Records (MySR)
  • WesternLife
  • WesternNow Student Portal
  • My Exam Timetable
  • Student Forms (eForms)
  • Accept My Offer

Western Sydney University

Study with Us

  • International
  • Research Portal
  • ResearchDirect
  • Research Theme Program
  • Researcher Development
  • Funding Opportunities
  • Preparing a Grant Application
  • Research Ethics & Integrity
  • Research Project Risk & Compliance
  • Foreign Arrangements Scheme
  • Managing Your Research Project

Research Data Management

  • Business Services
  • Research Infrastructure
  • Office of the DVC REI
  • Research Services Update
  • Contact Research Services
  • Master of Research
  • Research Degrees
  • Find a Supervisor
  • Graduate Research School
  • Apply for a Research Degree
  • Candidate Support and Resources
  • HDR Knowledge Directory
  • Research Ethics
  • HDR Workshops
  • Forms, Policies and Guidelines
  • Giving to Western
  • Bushfire and Natural Hazards
  • Digital Health
  • Future Food Systems
  • RoZetta Institute
  • Hawkesbury Institute for the Environment
  • Ingham Institute
  • Institute for Australian and Chinese Arts and Culture
  • Institute for Culture and Society
  • NICM Health Research Institute
  • The MARCS Institute
  • Translational Health Research Institute
  • Australia India Water Centre
  • Centre for Educational Research
  • Centre for Infrastructure Engineering
  • Centre for Research in Mathematics and Data Science
  • Centre for Smart Modern Construction (c4SMC)
  • Centre for Western Sydney
  • Chinese Medicine Centre
  • Global Centre for Land-Based Innovation
  • International Centre for Neuromorphic Systems
  • National Vegetable Protected Cropping Centre
  • Transforming early Education And Child Health Research Centre (TeEACH)
  • Urban Transformations Research Centre
  • Writing and Society Research Centre
  • Young and Resilient Research Centre
  • Digital Humanities Research Group
  • Humanitarian and Development Research Initiative (HADRI)
  • Nanoscale Organisation and Dynamics Research Group
  • Research at Western
  • Research Impact
  • - Research Portal
  • - ResearchDirect
  • - Researcher Development
  • - Funding Opportunities
  • - Preparing a Grant Application
  • - Research Project Risk and Compliance
  • - Foreign Arrangements Scheme
  • - Managing Your Project
  • - Research Data Management
  • Research Ethics and Integrity
  • Research Management Solution (RMS)
  • Research Participation Opportunities

Research Project Risk and Compliance

This guide has been designed to assist researchers at Western Sydney University to maintain compliance with policies and procedures and to conduct research with integrity.

All those involved in research should be aware of and abide by the principles of research integrity and the policies and procedures set out by the University, funders, regulators, professional associations, and the law. This (non-exhaustive) list seeks to encourage a broader dialogue between supervisors, researchers, and students about good research practice. It is intended to be a guide only.

Note: Copies of any required documentation should be kept on file with your research project paperwork.

Research Code of Practice

The Research Code of Practice sets out the principles and processes to support the responsible conduct of research in accordance with the Australian Code for the Responsible Conduct of Research (ACRCR) 2018 (opens in a new window) and applies to all research activity carried out by, at or on behalf of the University, and to all individuals who carry out research at or on behalf of the University.

  • Read and understand the code, noting that all researchers are expected to undertake their research with integrity.

All research project data should be managed and curated effectively throughout its lifecycle in accordance with the University’s Research Data Management Policy .

Researchers must create a shareable Research Data Management Plan (RDMP) which complies with the University’s Research Data Management Policy. This should be updated as and when data management practices change. A Research Data Management Plan must be developed at the beginning of every research project .

  • Prior to commencing your research, submit a RDMP via ResearchDirect . This is an online template that asks all the necessary questions to get you thinking about how data will be managed on your research project. Download and save a copy once created.
  • Attend the Introduction to Research Data Management training if required.
  • See the Library for more information about Data Management Planning .
  • If you need further assistance, the Support for research data management form is available in WesternNow for both staff researchers and HDR candidates .

Funder expectations

Researchers should be aware of codes of conduct or guidelines developed by individual funders. Compliance with such codes is often a requirement of funding. Consideration should be given to the confidentiality requirements of the funding bodies (such as partner requirements around media releases and publishing embargoed information).

It is important that CIs are fully aware of the terms and conditions of an award and their obligations under the award. This information can usually be found in the body of the Funding Agreement or Conditions of Award. In some cases, invoicing and reporting milestones may be in the Schedule to an Agreement.

  • Australian Research Council (ARC) (opens in a new window)
  • National Health and Medical Research Council (NHMRC) (opens in a new window)

Risk Management

As per the University's Research Code of Practice and Risk Management Policy , in conducting research activities, researchers have responsibilities to assess and manage the risk of their research activities by identifying and familiarising themselves with risks associated with their projects.

Risk Assessments

The appropriate risk assessments (also known as risk registers) must be undertaken before research starts and reviewed regularly throughout the project.

ALL Research Projects must complete a Research Project General Risk Assessment (XLSX, 201.3 KB) (opens in a new window). This highlights the administrative, project management and financial risks you may incur across your project. Send a copy of this to your Supervisor for approval and save this with your project documentation. Note: This DOES NOT need to go to the WHS team.

If your project involves travel, please complete the relevant Travel Risk Assessment via the TEMS process. If your project involves international travel, please complete the relevant Travel Risk Assessment via the WesternNow Travel Procurement process when you are making travel arrangements.

If your research project involves any of the following safety related risks, you MUST complete a WHS Risk Assessment using the University approved WHS template (DOCX, 52.1 KB) (opens in a new window) in addition to a general risk assessment.

  • Hazardous substances
  • Working with equipment
  • Clinical trials
  • Working with animals, humans, biological organisms or substances derived from biological organisms
  • Defence related projects
  • Projects identified as creating ‘Critical Infrastructure’ to Australia’s National Defence
  • Any other environment, health or safety risk.

If you require any support or guidance in completing a WHS risk assessment, please contact the WHS team on [email protected] . Send a copy of your Risk Assessment to your Supervisor for approval and save this with your project documentation.

While ethics applications identify risk, they are not considered a full risk assessment. Please complete a full risk assessment to be compliant with the Risk Management Policy .

Using Digital Services

As per the Digital Services Implementation Policy , all acquisitions of digital services (free, purchased or downloaded) for research projects are required to complete a Risk and Compliance Determination (RCD) (login to IT portal required) form prior to its installation and access. This allows the IT team to evaluate IT risks and compliance issues associated with the software and develop recommendations on how any identified risks can be addressed.

See the IT Portal (login required) for more information or contact [email protected] if you have any questions.

Ethics requirements

Research involving human participants, human data or tissue, the use of animals, microorganisms or agents (classified as Risk Group 2 and above), genetically modified organisms, biological toxins, Security Sensitive Biological Agents (SSBA), quarantine material, ionising radiation sources, radioactive materials and equipment, and lasers above class 2, will necessitate compliance with particular ethical and legal requirements .

Authorship provides credit for an individual’s contributions to a study and carries accountability.

It is important that researchers are aware of the authorship practices within their own disciplines and any guidelines set by the journals in which they hope to publish.

It is recommended that arrangements and responsibilities for the publication of results should be considered when planning a research project and reviewed at appropriate points during the lifecycle of the study.

  • Understand the University’s guidelines on authorship .
  • Discuss any discipline specific requirements and guidance for authorship and publication relevant to the area of research.

Conflict of Interest

Researchers should declare and manage any real or potential conflicts of interest (COI) on the COI Register as per the Conflict of Interest Policy .

Licences, permissions and agreements

Some projects will require licences, permissions, or agreements before they can commence. This might include, for example:

  • Import licences for materials
  • Foreign arrangements
  • Licences to use certain materials
  • Material Transfer Agreements
  • Permissions from communities or government agencies
  • Export control licences

The Defence Trade Controls Act 2012 (DTCA) (opens in a new window) regulates the intangible supply, publication and brokering of goods and technology listed in the Defence and Strategic Goods List (DSGL) and strengthens existing regulations on tangible exports under the Customs Act 1901. Supplying, brokering or publishing items, technologies and information outside of Australia that are considered by government as 'controlled' may require a permit.

In December 2020, the Australian Government implemented the Foreign Arrangements Scheme; established under Australia’s Foreign Relations (State and Territory Arrangements) Act 2020. If you are intending to enter into an arrangement with an international partner, whether it's an institution, government, corporate, or individual, please use the foreign arrangements form to let the Foreign Arrangements team know of your intent. Alternatively they can be contacted at [email protected] or [email protected] . This submission form allows us to evaluate whether or not we need to notify the Department of Foreign Affairs and Trade regarding a new partnership. Notifying the University means that we can follow appropriate policy and processes around developing partnerships and ensure that staff rights are protected from potential external threats.

Intellectual Property

It is important that researchers consider whether Intellectual Property may be generated by their project and that they are aware of the University policy on Intellectual Property Rights.

  • Discuss whether it is likely that intellectual property will be generated by the project. Understand the University’s guidance on Intellectual Property . Discuss any third-party agreements in place that will govern arrangements for IP generated during the project.
  • The Intellectual Property Disclosure Form (DOCX, 59.4 KB) (opens in a new window) is available for University researchers and other staff to formally disclose their Intellectual Property for assessment by Business Services .

Training and professional development

Training is an important part of ensuring that researchers are able to understand and adopt best practice as quickly as possible. The University offers many training courses at the local and School/Institute level as well as centrally.

Mandatory Training allocated to you is accessible via Staff Online in the MyCareerOnline tab. It is important to complete all mandatory training allocated to you by the due date .

With a keen focus on our Values and Principles, Western Sydney University provides an array of career development opportunities ensuring our researchers are equipped to meet real global research challenges.

Subject-specific policies, procedures and guidelines

Individual University departments and faculties have subject-specific policies and guidelines that they expect their members to abide by.

Additionally, there are a wide range of codes and guidelines developed by professional or subject-specific groups that researchers should be aware of.

Become familiar with all relevant policies as required by your role.

For any feedback or enquiries relating to this page, please contact Research Services at [email protected]

Research Project General Risk Assessment (XLSX, 201.3 KB) (opens in a new window)

Research Project Risk and Compliance Checklist (DOCX, 53.25 KB) (opens in a new window)

Mobile options:

  • Return to standard site
  • Back to Top

University student

International Students

Launch your career at UWS

  • University Life
  • Our Campuses
  • Business and Community
  • Undergraduate
  • Postgraduate
  • HDR Research
  • Student Life
  • Why Western
  • The Academy
  • Western Sydney University Online
  • Misconduct Rule
  • Study with Integrity
  • Student Completions
  • Student Support
  • Services and Facilities
  • Working with us
  • Career Development
  • Salary and Benefits
  • Manager/Supervisor Toolkit
  • Future Staff
  • Staff Services
  • Researchers
  • Current Students
  • Community and Industry
  • Alumni Awards
  • Alumni Spotlight
  • Alumni Benefits
  • Alumni Affinity Groups
  • Alumni Publications
  • Alumni Giving

Western Sydney University

Western Sydney University

  • Emergency Help
  • Right to Information
  • Complaints Unit
  • Accessibility
  • Website Feedback
  • Compliance Program
  • Admissions Transparency

research project risk assessment example

stakeholdermap.com logo

Risk Management, Risk Analysis, Templates and Advice

  • #1 Mind Mapping Tool
  • Collaborate Anywhere
  • Stunning Presentations
  • Simple Project Management
  • Innovative Project Planning
  • Creative Problem Solving

Mind Maps

20 Common Project Risks - Example Risk Register

Want to a kick start to your Risk Management ? Want to make sure you have identified key project risks ? Not sure what actions you can take to reduce the likelihood of key project risks? Look no further!
  • The 20 common project risks
  • View the register
  • Download the risk register in Excel

Video - How to edit the risk register

  • Bonus mindmap of the common risks

Risk register showing common project risks

20 Common Project Risks

1. project purpose and need is not well-defined..

  • Mitigating Actions : Complete a business case if not already provided and ensure the project purpose is well defined in a Project Charter and PID . 
  • Contingency Plan : Escalate to the Project Board with an assessment of the risk of runaway costs/never-ending project.
  • Example status : Business case re-written with clear deliverables and submitted to the Project Board for approval. 

2. Project design and deliverable definition is incomplete.

  • Mitigating Actions : Define the scope in detail via design workshops with input from subject matter experts . 
  • Contingency Plan : Document assumptions made and associated risks. Request high risk items that are ill-defined are removed from scope . 
  • Example status : Design workshops scheduled.

3. Project schedule is not clearly defined or understood.

  • Mitigating Actions : Hold scheduling workshops with the project team so they understand the plan and likelihood of missed tasks is reduced.  Share the schedule and go through upcoming tasks at each weekly project progress meeting. 
  • Contingency Plan : Revisit the schedule with the project team . 'Relaunch' the project schedule .
  • Example status : Workshops scheduled.

4. No control over staff priorities.

  • Mitigating Actions : The Project Sponsor will brief team managers on the importance of the project. Soft book resources as early as possible and then communicate final booking dates asap after the scheduling workshops. Identify back ups for each human resource on the project.
  • Contingency Plan : Escalate to the Project Sponsor and bring in back up resource.
  • Example status : Project Sponsor has agreed to hold briefing. Now making arrangements for a meeting room.

5. Consultant or contractor delays.

  • Mitigating Actions : Include late penalties in contracts. Build in and protect lead time in the schedule. Communicate schedule early. Check in with suppliers regularly. Query '90% done'. Ask again and again if they need anything else.
  • Contingency Plan : Escalate to Project Sponsor and Contracts Manager. Implement late clauses.
  • Example status : Lead time from each contractor built into the project schedule . Late penalties agreed to and contracts signed. 

6. Estimating and/or scheduling errors.

  • Mitigating Actions : Break this two risks 'cost estimating' and 'scheduling errors'. Use two methods of cost estimation, and carefully track costs and forecast cost at completion making adjustments as necessary. Build in 10% contingency on cost and scheduling. Track schedules daily and include schedule review as an agenda item in every project team meeting. Flag forecast errors and/or delays to the Project Board early.
  • Contingency Plan : Escalate to project sponsor and Project Board . Raise a change request for changes to budget or schedule. Pull down contingency. 
  • Example status : Contingency agreed by Project Board .

7. Unplanned work that must be accommodated.

  • Mitigating Actions : Attend project scheduling workshops. Check previous projects, for actual work and costs. Check all plans and quantity surveys. Document all assumptions made in planning and communicate to the project manager before project kick off.
  • Contingency Plan : Escalate to the Project Manager with plan of action, including impact on time, cost and quality.
  • Example status : Team managers attending scheduling workshops.

8. Lack of communication, causing lack of clarity and confusion.

  • Mitigating Actions : Write a communication plan which includes: the frequency, goal, and audience of each communication. Identify stakeholders early and make sure they are considered in the communication plan. Use most appropriate channel of communication for audience e.g. don't send 3 paragraph email to Developers, have a call instead.
  • Contingency Plan : Correct misunderstandings immediately. Clarify areas that are not clear swiftly using assistance from Project Sponsor if needed.
  • Example status : Communication plan in progress.

9. Pressure to arbitrarily reduce task durations and or run tasks in parallel which would increase risk of errors.

  • Mitigating Actions : Share the schedule with key stakeholders to reduce the risk of this happening. Patiently explain that schedule was built using the expertise of subject matter experts . Explain the risks of the changes. Share the Dennis Lock quote at Why you should never arbitrarily reduce task durations . 
  • Contingency Plan : Escalate to Project Board with assessment of risk and impact of the change. Hold emergency risk management call with decision makers & source of pressure and lay out risk and impact.
  • Example status : Awaiting completion of the schedule.

10. Scope Creep.

  • Mitigating Actions : Document the project scope in a Project Initiation Document or Project Charter and get it authorised by the Project Board . Refer to it throughout the project and assess all changes against it also ensuring alignment of any changes with the Business Case .
  • Contingency Plan : Document each and every example of scope creep NO MATTER HOW SMALL in a change request and get authorisation from the Project Board BEFORE STARTING WORK. This includes ZERO COST changes.
  • Example status : Scope clearly defined in the PID .

11. Unresolved project conflicts not resolved in a timely manner.

  • Mitigating Actions : Hold regular project team meetings and look out for conflicts. Review the project plan and stakeholder engagement plan for potential areas of conflict.
  • Contingency Plan : When aware immediately escalate to Project Board and gain assistance from Project Sponsor to resolve the conflict.
  • Example status : Project team meetings scheduled.

12. Business Case becomes obsolete or is undermined by external or internal changes.

  • Mitigating Actions : No ability to reduce likelihood, but make sure early warning is given by reviewing business case on regular basis with the Project Board .
  • Contingency Plan : Initiate escalation and project close down procedure.
  • Example status : Project close down procedure confirmed with Project Board .

13. Delay in earlier project phases jeopardizes ability to meet fixed date. For example delivery of just in time materials, for conference or launch date.

  • Mitigating Actions : Ensure the project plan is as accurate as possible using scheduling workshops and work breakdown structure . Use Tracking Gantt and Baseline to identify schedule slippage early.
  • Contingency Plan : Consider insurance to cover costs and alternative supplier as a back up.

14. Added workload or time requirements because of new direction, policy, or statute.

  • Mitigating Actions : No ability to reduce likelihood.
  • Contingency Plan : Consider insurance and use Project Board to get advance notice if possible.
  • Example status : Project Board reviewing insurance options.

15. Inadequate customer testing leads to large post go live defect list.

  • Mitigating Actions : Ensure customer prepares test cases/quality checks and protect testing/quality assurance window.
  • Contingency Plan : Raise risk immediately and raise issue if it is clear testing inadequate. Customer could extend testing & bring in additional resource.
  • Example status : Customer preparing test cases.

16. Legal action delays or pauses project .

  • Mitigating Actions : Ensure all contracts signed before starting the project. Follow all regulatory requirements and complete stakeholder management plan.
  • Contingency Plan : Escalate to Project Board who will notify legal department. Follow instructions from legal.
  • Example status : Contracts issued.

17. Customer refuses to approve deliverables / milestones or delays approval, putting pressure on project manager to 'work at risk'.

  • Mitigating Actions : Ensure customer decision maker with budgetary authority is identified before project start and is part of the Project Board . Communicate dates for sign-off points up front.
  • Contingency Plan : Escalate to Project Board and recommend action e.g. to stop the project.
  • Example status : Customer project manager is confirming their sponsor / senior supplier.

18. Theft of materials, intellectual property or equipment.

  • Mitigating Actions : Follow security procedures, ensure Non-Disclosure Agreements , & compliance certificates are in place. Verify all physical security measures in place. Secure insurance.
  • Contingency Plan : Notify appropriate authorities e.g. police, Project Board and initiate internal investigations.
  • Example status : NDAs issued. Security certificates confirmed for contractors.

19. Acts of God for example, extreme weather, leads to loss of resources , materials, premises etc.

  • Mitigating Actions : Check insurance is in place. Familiarise project team with emergency procedures. When cost effective put back up systems in place e.g. generators.
  • Contingency Plan : Notify appropriate authorities. Follow health and safety procedures. Notify stakeholders and Project Board .
  • Example status : Public Liability Insurance confirmed along with additional premises insurance at site B.

20. Stakeholder action delays the project . For more on the damage stakeholders can do see our case studies of real world projects that faced costs running into millions, because of stakeholder actions.

  • Mitigating Actions : Identify stakeholders , analyze power and influence and create a Stakeholder Engagement Plan . Project Board to authorise the plan. Revisit the plan at regular intervals to check all Stakeholders are managed. Consider getting insurance.
  • Contingency Plan : Notify appropriate authorities and follow internal procedures e.g. for activist demonstrations.
  • Example status : Stakeholder Analysis in progress.

Download the Risk Register of common Project Risks

Excel 1997 - 2003 download (.xls) - free risk register of common risks, excel download (.xlsx) - free risk register of common risks, mindmap download - free mindmap of common project risks, more on risk management, the top 50 business risks and how to manage them, checklist of 30 construction risks, download a risk register template, overall project risk assessment template, simple risk register template, resources used in this article.

Beginner’s Guide to Project Risk Identification Complete with Workshop Toolkit

By Kate Eby | October 10, 2022

  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Link copied

Every project comes with risks, from external threats to sudden opportunities. We’ve compiled best practices, tools, techniques, and expert tips that will guide you through the project risk identification process.

Included on this page, you’ll find best practices for project risk identification , a toolkit for hosting an effective risk identification workshop , and a guide to the six phases of the project risk identification lifecycle .

What Is Project Risk Identification?

Project risk identification is the first step in the risk management process. During this step, managers identify events that might influence a project. Identifying risks helps teams prepare for any outcome. Risks can be either positive or negative.

Mary Beth Imbarrato

Mary Beth Imbarrato, Owner of MBI Consulting , shares how risk arises in projects: “Projects introduce change. Change can introduce risks, surprises and unknown issues or challenges. Risk identification is not a static activity.”.

Identifying project risks early and often is the key to minimizing their impact. In order to identify as many risks as possible, project managers need to learn about the various types of risk and where to look for them.

Why Is Risk Identification Important in Projects?

Risk identification is important because it increases the chances of project success. Many projects fail because managers do not identify important risks. Early risk identification helps the project team respond to risks quickly and effectively.

Amy Black

“By definition, risk management is the process of identifying, tracking, and managing potential risks that can impact your scope,” shares Amy Black , Director of Security, Privacy, and Risk at RSM US LLP. “Risk identification is no different. Without proper tracking, the risk can delay or be a significant failure point for the success of your end deliverables. This will impact cost, schedule, and performance.”

The benefits of early project risk identification include the following:

  • Fewer Delays: Stay on schedule by identifying risks that could cause delays. 
  • Better Adaptability: Minimize the impact of negative risks, and maximize the impact of the negative risks by identifying them early on.
  • Fewer Surprise Expenses: By helping you avoid delays and resource shortages, project risk identification decreases the number of surprise expenses or penalties.  
  • Increased Chance of Success: Decrease the chances of project failure caused by unforeseen risks. 

Alexis Nicole Whit

“It is not an ‘if’ but ‘when’ something goes wrong in your project,” says Alexis Nicole White , a Project Management Professional (PMP)®, Scrum master, and project delivery consultant with North Highland. “It is important to identify all those things that can go wrong within your project or program as early as possible and associate an impact to each item. Failure to identify risks will result in costly delays. Subsequently, it can impact other project areas such as your budget, resources, and key success metrics.”

When Should Risks Be Identified in a Project?

Risk identification is an iterative process. Teams should first identify risks during project planning. Then, it is best practice to continue identification throughout the entire project. The project manager, project team, and all relevant stakeholders should participate.

Project managers will prepare a process and cadence for identifying and evaluating risks. The earlier a project manager identifies a risk, the better the team can mitigate its effects and proceed without losing time. “Risks should be captured during all facets of the project. Proactively identifying potential risks during the planning and initiation of a project will save you time and money down the road,” states Black.

research project risk assessment example

Alan Zucker, Founding Principal at  Project Management Essentials , confirms the need to identify risks throughout the lifecycle of a project. “The business case and project charter should identify the project’s opportunities — why are we undertaking this effort — and the threats that could derail it. We should continue identifying risks until the project is formally closed. New risks will materialize from internal projects or external sources,” he says.  

Although risk identification is a continuous process, it should begin before project risk assessment and project risk analysis, and before you finalize your project risk management plan.

How to Identify Project Risks

In order to identify project risks, project managers first need a clear definition of risk. Next, they should use techniques such as brainstorming sessions to determine all possible risk events. Finally, they should document these risks for later reference.

Risk identification is not static. Risks can and will change throughout a project’s lifecycle. “Some risks may be applicable at the start of a project (e.g., resource allocation) and can be closed later in the project lifecycle,” says Imbarrato. “Risks can arise at any stage of a project effort: initiation, planning, execution, or closing. The risk response plan will need to be part of all regularly scheduled meetings with the project team. The timing of those meetings will depend on the complexity, the criticality, and the length of the project.”

Six Phases of the Project Risk Identification Lifecycle

Six phases comprise the project risk identification lifecycle. These include creating a statement template, conducting a SWOT analysis, researching risks, reviewing internal and external risks, cross-checking risks, and creating a final risk statement.

In the Guide to the Project Management Book of Knowledge (PMBOK® Guide), the risk identification lifecycle indicates that the risk management plan should provide a statement for “a fully specified risk statement.”   This includes the cause, event, time window, impact, and effect on the project’s objective for each risk. 

These are the six phases of the project risk identification lifecycle: 

  • Create a Statement Template: A statement template allows you to capture the same key pieces of information for each risk. A risk statement template might look like this: Because of <cause>, <event> could occur during <time window>, which could lead to <impact> with an <effect on a project objective>.
  • Conduct a SWOT Analysis: Basic identification begins with analyzing the strengths, weaknesses, opportunities, and threats (SWOT) associated with the project. For example, a threat may be that market competitors have more brand recognition than you do.
  • Research Risks: Project managers can identify risks while conducting interviews, reviewing assumptions, brainstorming with their teams, and researching similar projects. 
  • Review External Risks: Many risks will come from within the project team or company. However, everyone should be on the lookout for external risks that can impact the outcome of a project. It’s essential to gather knowledge from as many outside sources as possible. For example, you might interview a market specialist familiar with competitors to evaluate the actual market share of your company or project and that of your competitors.
  • Cross-Check Risks: It’s important that all risks are relevant to the project scope and work breakdown structure (WBS) . The project manager will ensure each risk corresponds to an element in the WBS. 
  • Create a Final Risk Statement: The project manager will create a risk statement for each risk in the list. A final risk statement might look like this: Because competitors have more brand recognition, the customer may choose another product before evaluating our product, which could lead to fewer opportunities and have a profound effect on expected product sales and revenue.

Once you complete these steps, you can begin your project risk mitigation efforts.

Project Risk Identification Steps

The steps of identifying project risks align with the phases of the risk lifecycle. The first step is to build the risk statement template. After the internal team and stakeholders identify relevant risks, finalize each risk statement using the template.

Risk Identification Inputs

Project risks can come from anywhere. Review all inputs to better understand potential risks. Common inputs include your project management plan, project documents, enterprise environmental factors (EEFs), and organizational process assets (OPAs). 

For each input, review every element to ensure that you identify every major risk to your project.

Here are the main risk identification inputs:

  • Project Management Plan: A project management plan includes cost management, scheduling, quality control, human resources, scope, schedule, and budget. For example, it is not uncommon to identify risk within the budget, especially if it is too low to cover all project expenses.
  • Project Documents: Project documents include the project charter, stakeholder register, costs, duration, performance reports, resource requirements, and procurement documents. For example, insufficient resources to complete the project pose an enormous risk.
  • Enterprise Environmental Factors (EEFs): EEFs include industry information, important benchmarks, research and studies, and attitudes toward risk. For example, industry competitors can pose a risk to a project. 
  • Organizational Process Assets (OPAs): OPAs include risk registers from previous projects and lessons from the project manager, experts, and the project team. For example, if a subject matter expert reviews your project, they will likely find additional risks.

Risk Identification Tools and Techniques 

Each project manager will have their preferred tools and techniques for identifying risks. Gathering data through brainstorming sessions, consulting experts, and conducting a SWOT analysis are all common methods for identifying risks. 

These are some helpful risk identification tools and techniques to try:

  • Expert Judgment: Experience and subject matter expertise might be enough to identify some project risks. Consult experts to ensure that you haven’t missed key risks.
  • Data Gathering: Project managers might host brainstorming sessions with the project team and external stakeholders to dive into potential risks. Checklists, questionnaires, and interviews can help you discover important risks.
  • Root Cause Analysis: Root cause analysis means identifying the actual risk as opposed to the symptoms of the risk. Conducting a SWOT analysis and critically reviewing project requirements and assumptions will likely bring hidden risks to the forefront. 
  • Collaboration: Group or individual meetings, workshops, and brainstorming sessions are all great ways to unearth new risks and eliminate risks that are outside the project's scope.
  • Hybrid Approach: Most project managers combine two or more techniques to uncover risks throughout the project.

Project Risk Identification Framework

The project risk identification framework is a tool that standardizes risk identification. Knowing the current and potential risks helps improve the likelihood of project success. Keep everyone on the same page about risks by establishing a common framework.

Each business will create or adopt its own unique framework. In the The Journal of International Technology and Information Management, Jack T. Marchewka puts forth this framework for identifying project risks. Marchewka’s framework is a helpful example of how to standardize risk identification. 

In Marchewka’s model, project value is at the core of the risk identification framework. Just outside the center are project elements, such as quality and budget, that significantly impact project success. The next tier includes internal and external risks, which may be outside a project manager’s control. The next layer contains known, unknown-known, and unknown-unknown risks. 

Known risks are entirely certain. Unknown-known risks are certain, but some details might be unclear. For example, you might know that you have to hire an engineer for your project, but you don’t know the exact negotiated salary. Unknown-unknown risks are those that the project manager cannot predict. For example, a recession or sudden bankruptcy are unknown-unknowns. The outermost layer of Marchewka’s framework contains the project lifecycle phases because risk identification may occur at any point during the project.

Project Risk Identification Example

Follow along with the risk identification steps to start risk management in any project. After you create your statement template, move through each phase of risk identification to ensure that you identify as many risks as possible.

Here is how to apply these risk identification steps to a CRM software project:

  • Conduct a SWOT Analysis: The SWOT analysis for the CRM software project will help the team analyze the projects’ strengths and weaknesses, as well as identify opportunities and threats. Threats may include the lack of end-user involvement in requirements, CRM competitors, or no brand recognition in the CRM market. 
  • Research Risks: While performing research, you might come across a previous software project that is similar to your current project. If the earlier project team encountered unexpected problems with conflicting priorities or late-stage requirement changes from leaders, add these to your risk register. These are important risks to note as they reflect historical behaviors of the company.
  • Review External Risks: As you meet with external resources, you might find that the CRM market is saturated with competitors. The risk is that there will be less demand for your product. You might have to consider how to differentiate your product or brand to avoid the immense competitive pressures of an already saturated market.  
  • Cross-Check Risks: Ensure each risk is within the project scope and corresponds to the work deliverables. It is possible that a risk you have identified is out of scope for the project and doesn’t need to be addressed in your risk mitigation plan.  
  • Because competitors have more brand recognition, the customer might choose another product before evaluating our product, which could lead to fewer opportunities and have a profound effect on expected product sales and revenue.
  • Because end-users are not involved in requirement development, the software might not meet their needs once the software is available, which could lead to additional development costs and have an impact on product suitability, product sales, and revenue.

Project Risk Identification Workshop Toolkit

This project risk identification workshop toolkit will help you conduct a successful risk identification workshop. The toolkit includes all the information you will need to run your own workshop, from brainstorming questions to communication guidelines.  

The guide includes questions that will help the team think about, discuss, and prioritize potential risks. Following the risk identification workshop, you will document and track all risks in the risk register. 

Project Risk Identification Getting Started Guide

Download a Project Risk Identification Workshop Toolkit for Microsoft Word | Google Docs

For more useful templates and resources, see our comprehensive list of project risk management templates .

Project Risk Identification Best Practices

Planning for project threats and opportunities is essential to project success. Following project risk identification best practices will help prevent surprises that could derail your project. For example, identify risks early and often throughout the project lifecycle.

Successful project risk identification shares many of the benefits of general project risk management . These are some best practices to help you optimize your project risk identification: 

  • Detect Risks Early: Project risk identification should happen in the earliest stages of project planning. “Early detection is key. If we can identify risks early enough, we can avoid delays in our overall project timeline and schedule,” shares Black.
  • Collect Stakeholder Input: Stakeholders will have important insights into potential risks, so you should always consult them when identifying risks. “Communication is key to capturing as many risks as possible. While you may not perceive something as a risk, another stakeholder or project contributor may experience a significant impact,” says Black. “Bringing risks up during project status meetings or status read-outs is imperative.”
  • Review Risks Often: Risks change over the lifecycle of a project. “New risks can arise as the project unfolds. It is critical for project managers to understand that risks are not something they can document and then store. Risk identification and response will never be in a final state until the project ends,” states Imbarrato. 
  • Analyze Risk Impact: Part of identifying risks is understanding how impactful each risk event will be. White suggests conducting a risk analysis: “Analyze how risk can impact your project and evaluate the outcome of the risks.”
  • Learn Lessons from Past Projects: Always review similar past projects as part of your risk identification process. “Many risks from prior projects will manifest in future ones, so old risk registers can be a good starting point for review,” suggests Zucker. “Also, use checklists from other projects in your organization,” says Zucker. “Many people execute similar projects and encounter the same risks. A checklist reduces the effort and ensures we do not forget a common risk.”
  • Review Industry Data: Project managers don’t need to start from scratch when identifying risks. “Many industries have standard prompt lists, benchmarks, and common risks that can be a starting point and help us look beyond our current horizon,” says Zucker.
  • Interview All Relevant Personnel: The more people you consult about risk identification, the less likely you are to run into surprises during project execution. “Brainstorm possible risks with the project team and key stakeholders,” says Zucker. “Also, interview subject matter experts who can provide insight into potential risks.”

Take Control of Project Risks with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

  • Contact sales

Start free trial

Project Risk Analysis: Tools, Templates & Techniques

ProjectManager

There are many project risks that can affect your project and, as a project manager, you’re responsible for the risk analysis process. Risk analysis, or risk assessment is essential because it allows project managers to classify project risks and determine which of them should be tracked closely.

What Is Project Risk Analysis?

Risk analysis consists of using tools and techniques to determine the likelihood and impact of project risks that have been previously identified. Therefore, risk analysis helps project managers decipher the uncertainty of potential risks and how they would impact the project in terms of schedule, quality and costs if, in fact, they were to show up. Risk analysis isn’t exclusive to project management and it’s used in other disciplines such as business administration, construction or manufacturing.

No matter what industry you’re in, you’ll always have projects and so, you should use project management software for risk analysis. ProjectManager , for instance, has risk management tools that let you track risks in real time. Keep track of individual risk events and mark their impact, likelihood and overall risk level with a risk matrix. Then assign that risk to a team member and use project dashboards to monitor. Get started with ProjectManager today for free.

risk management in ProjectManager

How to Analyze Project Risks

At a basic level, there are three things you should consider when assessing project risks : risk probability, risk impact and risk exposure. These three things can be estimated through qualitative and quantitative risk analysis.

Risk Probability

All risks have a certain probability of occurrence, which means they might or might not happen. Estimating risk probability isn’t an exact science, but there are several techniques you can use, such as examining data from past projects. By analyzing similar projects from the past, you can better determine whether there’s a high or low chance of project risk.

Risk Impact

Consider the type of risk and its potential impact on the project. Some risks will bring financial stress, while others might involve resource management issues or delays to the project schedule. To make things simple, you can simply assign levels of impact for your project risks, such as low, medium or high depending on how critical they are.

Risk Exposure

Risk exposure combines risk probability and risk impact in one formula that’s used by businesses to determine whether they’re ready to assume a potential risk or not. This technique can only be used when you can measure the potential losses associated with risk. The risk exposure formula is:

Risk Exposure = Risk impact * Risk probability

So, if a given risk had an impact of $1 million and the probability of that risk was 50%, your risk exposure would equal $500,000.

What Is Qualitative Risk Analysis?

Qualitative risk analysis refers to the risk analysis tools and techniques that rely on expert subject matter opinions, subjective and non-statistical means to assess the likelihood and impact of project risks. A risk matrix is a typical example of a qualitative risk analysis tool.

What Is Quantitative Risk Analysis?

By contrast, quantitative risk analysis is a statistical analysis of project risks. While it takes longer than qualitative analysis, quantitative risk analysis tends to be more accurate as it relies on data. Some examples of quantitative risk analysis tools are linear regression models or the Monte Carlo simulation, both statistical techniques that simulate scenarios and their different outcomes so that managers can better understand how risk can affect their business or project. Let’s take a closer look at some risk analysis tools and techniques you can use.

8 Project Risk Analysis Tools & Techniques

There are several risk analysis methods and tools that help managers through the analysis and decision-making process. Some of these involve the use of risk analysis tools such as project management charts and documents. Let’s dive into these risk analysis methods and how they can help you.

1. Team Brainstorming Sessions

Estimating risk probability and impact is a huge part of risk analysis. As stated, this can be done subjectively, which might lead to error, especially if you do it by yourself as the project manager. To avoid this, you can involve all the team members you consider relevant to get their input on risk likelihood and potential negative consequences.

2. Delphi Technique

The Delphi technique involves a panel of experts on topics that are critical to your project risk. It could be financial experts, lawyers, project management consultants or any other type of professional. This risk analysis method consists of promoting a debate among these experts who ultimately need to reach a consensus on a particular topic, such as estimating the business impact of a risk.

3. SWOT Analysis

SWOT analysis allows managers to understand the current situation of their business or project by looking at its strengths, weaknesses, opportunities and threats. As a risk analysis tool, it lets you note which of your weaknesses might be exploited by others and which external threats might affect your projects, such as economic conditions or the threat of new competitors.

SWOT analysis template screenshot

4. Risk Analysis Matrix

The risk analysis matrix assesses the likelihood and the severity of risks, classifying them by order of importance. It’s main purpose is to help managers prioritize risks and create a risk management plan that has the right resources and strategies to properly mitigate risks. Risk likelihood is measured on a relative scale, not a statistical one, which makes it a qualitative risk analysis tool. This tool is also called the probability/consequence matrix by some project managers.

Risk analysis matrix template

5. Risk Register

A risk register is a crucial project management tool to document project risks. It’s a document that lists all the potential risks that could occur during the project execution phase, as well as critical information about them. It’s meant to be used as input for the risk management plan, which describes who’s responsible for those risks, the risk mitigation strategies and the resources needed. Creating a risk register usually involves several reliable information sources such as the project team, subject matter experts and historical data.

risk register template screenshot

6. Decision Tree Analysis

A decision tree analysis consists of mapping out the potential outcomes that might occur after a decision is made. This is a great method to analyze risks in new projects. Create decision trees as you go through your project planning process so you can identify potential risks and their probability and impact along the way.

7. Bow Tie Analysis

This qualitative risk analysis method is used to identify causes and consequences for all potential project risks. The project management team must first identify risks that might affect the project and then think about causes, consequences and more importantly, a risk mitigation strategy for them. It’s a versatile method that can be used in any industry.

8. SWIFT Analysis

SWIFT stands for Structured What If Technique. It’s a risk analysis method that focuses on identifying potential risks associated with changes made to a project plan. As its name suggests, team members have to come up with any “what if” questions they can to find out all the potential risks that could arise.

What Is Risk Analysis?

Risk analysis is the process that determines how likely it is that risk will arise in a project. It studies the uncertainty of potential risks and how they would impact the project in terms of schedule, quality and costs if, in fact, they were to show up. Two ways to analyze risk are quantitative and qualitative. But it’s important to know that risk analysis is not an exact science, so it’s important to track risks throughout the project life cycle.

research project risk assessment example

Get your free

Risk Management Plan Template

Use this free Risk Management Plan Template for Word to manage your projects better.

Types of Risk Analysis

There are two main types of risk analysis: qualitative and quantitative risk analysis. Let’s learn about these two approaches.

Qualitative Risk Analysis

The qualitative risk analysis is a risk assessment done by experts on the project teams  who use data from past projects and their expertise to estimate the impact and probability value for each risk on a scale or a risk matrix.

The scale used is commonly ranked from zero to one. That is, if the likelihood of the risk happening in your project is .5, then there is a 50 percent chance it’ll occur. There is also an impact scale, which is measured from one to fine, with five being the most impact on the project. The risk will then be categorized as either source- or effect-based.

Once risks are identified and analyzed, a project team member is designated as a risk owner for each risk. They’re responsible for planning a risk response and implementing it.

Qualitative risk analysis is the base for quantitative risk analysis and reduces project uncertainty while focusing on high-impact risks. This allows you to assign a risk owner and plan out an appropriate risk response. Get started with qualitative risk analysis with our free risk assessment template.

Quantitative Risk Analysis

By contrast, quantitative risk analysis is a statistical analysis of the effect of those identified risks on the overall project. This helps project managers and team leaders to make decisions with reduced uncertainty and supports the process of controlling risks.

Quantitative risk analysis counts the possible outcomes for the project and figures out the probability of still meeting project objectives . This helps with decision-making, especially when there is uncertainty during the project planning phase. It helps project managers create cost, schedule or scope targets that are realistic.

The Monte Carlo simulation is an example of a quantitative risk analysis tool. It’s a probability technique that uses a computerized method to estimate the likelihood of a risk. It’s used as input for project management decision-making.

Risk Analysis Methods

There are several risk analysis methods that are meant to help managers through the analysis and decision-making process. Some of these involve the use of risk analysis tools such as charts and documents. Let’s dive into these risk analysis methods and how they can help you.

Bow Tie Analysis

This qualitative risk analysis method is used to identify causes and consequences for all potential project risks. The project management team must first identify risks that might affect the project and then think about causes, consequences and more importantly, a risk mitigation strategy for them. It’s a very versatile method that can be used in any industry.

Risk Analysis Matrix

The risk analysis matrix assesses the likelihood and the severity of risks, classifying them by order of importance. It’s main purpose is to help managers prioritize risks and create a risk management plan that has the right resources and strategies to properly mitigate risks. Risk likelihood is measured on a relative scale, not a statistical one, which makes it a qualitative risk analysis tool.

Related: Free Risk Analysis Matrix Template

Risk Register

A risk register is a crucial project management tool to document project risks. It’s a document that lists all the potential risks that could occur during the project execution phase, as well as critical information about them.

It’s meant to be used as input for the risk management plan, which describes who’s responsible for those risks, the risk mitigation strategies and the resources needed. Creating a risk register usually involves several, reliable information sources such as the project team, subject matter experts and historical data.

SWIFT Analysis

SWIFT stands for Structured What If Technique. It’s a risk analysis method that focuses on identifying potential risks associated with changes made to a project plan. As its name suggests, team members have to come up with any “what if” questions they can to find out all the potential risks that could arise.

Benefits of Risk Analysis

There are many benefits to using risk analysis in your projects. Here are some of the most common ones.

  • Avoid potential litigation
  • Address regulatory issues
  • Comply with new legislation
  • Reduce exposure
  • Minimize impact

Risk analysis is an important input for decision-making during all the stages of the project life cycle . Project managers who have some experience with risk management are a great resource. We culled some advice from them, such as:

  • There’s no lack of information on risk
  • Much of that information is complex
  • Most industries have best practices
  • Many companies have risk management framework

Project Risk Analysis Templates

There are several quantitative and qualitative risk analysis methods. There are several tools that can be used for different purposes. To help, we’ve prepared some free risk analysis templates to help you through the risk analysis process.

Risk Register Template

This risk register template has everything you need to keep track of the potential risks that might affect your project as well as their probability, impact, status and more.

Risk Analysis Matrix Template

This risk matrix template lets you visualize your project risks in one color-coded graph to classify them by likelihood and severity. This allows you to better understand the most critical risks for your project.

Risk Analysis In Project Management

Risk analysis is a fundamental step in the project risk management process, which consists of four main stages.

  • Risk identification: First, identify your potential project risks and list them using a risk register.
  • Risk analysis: Now, estimate the impact, likelihood and exposure for each risk and assign a priority level based on this information. The higher the priority level, the more resources are allocated to mitigate the risk.
  • Create a risk management plan: Create risk mitigation strategies, or contingency plans to alleviate the impact of each project risk you’ve previously analyzed. These details are usually included in a risk management plan.
  • Track risks until project completion: Implementing your risk management plan is as important as creating one. Set up project controls to keep track of risk at all times.

Risk Analysis Video

If we’ve caught your attention when it comes to discussing risk analysis on a project, don’t worry. Watch project management guru Jennifer Bridges, PMP, as she helps visualize how to analyze risks on your project.

what is risk analysis and how to analyze risk on projects

Thanks for watching!

How ProjectManager Helps Your Risk Analysis

ProjectManager is online work and project management software that allows you to manage risks alongside your project. Activate the Risk View to create a running list of all of your project risks. Then add descriptions, mark likelihood, impact and level with an embedded risk matrix. Work towards resolutions with your team and add comments along the way.

risk management features by ProjectManager

Project Tracking You Can Trust

It’s hard to recognize risk without a proper project tracking system in place. Across all of ProjectManager’s views, you can monitor progress and communicate with your team as you work together. But, to take it even further, leverage our built-in dashboards and project reports to stay on top of all aspects of your projects, so you’re ready to identify risks as soon as they appear.

ProjectManager dashboard for tracking

Analyzing and resolving risk is a team effort and our software is collaborative to the core. Teams can comment, share files and get updates from email notifications and in-app alerts. There’s one source of truth and you’re always getting real-time data so everyone is on the same page. Get started with ProjectManager today for free.

Click here to browse ProjectManager's free templates

Deliver your projects on time and under budget

Start planning your projects.

  • SOFTWARE CATEGORIES
  • FOR REMOTE WORK
  • Project Management Software

Project Risk Assessment in 2024: Guide With Templates & Examples

Why FO is free

You are organizing a product rollout, the premier milestone of your company this year. You have invited a thousand guests, expecting to witness a big gala event. Everything seems to be perfect before the event begins until you get two phone calls.

Your keynote speaker didn’t make it to her flight, and your caterer won’t be arriving due to some kitchen situation.

What do you do?

Just like life, your projects often throw some unexpected crises at you. These are what we call risks. And you should never allow yourself to ask what to do when risks happen because, by then, it’s too late and the damage will be significant. What you can and should do is to conduct a project risk assessment to anticipate such scenarios. 

Don’t worry, even if you lack formal training in project management, risk assessment is quite straightforward. In this article, we’ll show you how with a few project risk assessment templates to help you follow the process.

project risk assessment

Project Risk Assessment Guide Table of Contents

  • Identify Risks
  • Analyze Risks
  • Determine Risk Response
  • Document Risks
  • Factors to consider when creating project risk assessment

As the Project Management Institute (PMI) defines it, risk is an unexpected event that can have an effect on your project, including its stakeholders, processes, and resources. Risk can affect your project positively or negatively. Take note that risk assessment is just one aspect of your life as the project leader. But it is a critical part of your strategy whatever project management methodology you’re using.

research project risk assessment example

As a manager, you have your fair share of exposure to risks at varying levels. 

Sometimes, risks are mistaken as issues, but there is a significant difference. Issues are events or problems that are already currently happening. Examples of issues include lack of manpower to work on a project, insufficient funding, and an immensely tight timeline.

Meanwhile, risks are problems that may happen in the future. The last-minute no-show of the performers and the caterer in the scenario above is an example of risk. We can also consider the immediate mass resignation of significant staff members a risk. Here are more examples of risks vs. issues in project management .

The purpose of preparing for project risk assessment is to acquire an awareness of the kinds of risks your project may encounter and the degree of damage they may bring. The following tips below will walk you through the important parts of this endeavor, including properly framing the project risk assessment definition.

To help you make a more accurate risk assessment and streamline its tedious process, you can turn to project management software with risk management; for example, what you’ll find in monday.com features .

An award given to products our B2B experts find especially valuable for companies

Try out monday.com with their free trial

Project Risk Assesment Guide

1. identify risks.

Identifying of risk should be done as early as possible in the project and carried out throughout the project timeline, as risks affect significant project milestones. Throughout the years, you or your predecessors might have created a catalog of risks in the company server that the business have encountered in completed projects.

However, risks can also be identified during brainstorming with seasoned project members and other stakeholders. You can use the Crawford Slip method, where during a meeting, an attendee writes one suggestion per each piece of paper. This is a very simple yet effective way of gathering and collating suggestions and ideas. Just a note, you’ll need the cooperation of teams from other departments to get the best ideas. If you’re getting less-than-ideal attention from them, a shrug of the shoulder here and there, that’s one of the signs you need project management software or upgrade to a better one to optimize collaboration across the board.

In identifying risks, a risk category document is very useful in determining areas that are prone to risks. Risks may fall under the following categories:

  • Organizational
  • Project management.

Your project risk assessment checklist should include the relevant stakeholder accountable to action for each.

Here’s a sample risk category checklist:

research project risk assessment example

Credits: northam.wa.gov.au

2. Analyze risks

This step entails examining the probability of a risk, how a risk event may impact project objectives and outcomes, and the appropriate steps that can be taken to mitigate the negative effects of risk. Here are the two things to consider at this stage:

  • Likelihood. How probable will a certain risk occur in your project? PMI identifies the likelihood of risk occurrence as high, medium-high, medium-low, and low.  Knowing the likelihood a certain risk will occur will help your team to prepare for it. For example, it is more probable for the bank to reject your loan application for funding than for that same bank to be set on fire by a lightning.
  • Impact. An effective project planning will have a project risk assessment matrix of the various levels of impacts of a risk (categorized as catastrophic, critical, and marginal) on cost, schedule, scope, and quality of outcome. This will allow your team to identify which area of the project will bear the brunt of the risk with the biggest impact. This, in turn, will enable you to allocate manpower, budget, or technology for prevention or solution. An example of a catastrophic risk is the last-minute cancellation of a venue, which will greatly affect the whole event.

A project risk assessment matrix helps you analyze each risk based on the two factors above. You can vary the model, but essentially here’s how this template looks like (pay most attention to the red boxes):

research project risk assessment example

Credits: The Program Manager

3. Determine risk response

Project risk assessment planning tools offered by some project management sites, such as monday.com, target to achieve the following results:  eliminate the risk, reduce the probability of the occurrence of risk, and weaken the impact of the risk on the project. However, while it is best to develop a workflow to avoid the risk, it is still a rational move to set up a risk response guide for every project. This may mean factoring the risk in the project plan and schedule, increasing the funding or budget, and adding manpower and resources to the project, among other things.

It is simply not possible to completely eliminate all of the risk in a project. Some risks will persist at lower levels with weaker effects. These are called residual risks. Despite the diminished impact, residual risks need to be identified and assessed as you do the big-impact risks.

Here’s a project risk assessment example with an action plan, illustrating clearly what to do per risk occurrence:

research project risk assessment example

4. Document risks

It is not enough, that you as project manager are able to identify, plan for, and solve risks events. A project folder or file needs to be created at the end of each project to provide transparency and awareness of the project’s timeline, workflow, and risks. This document sums up the reports above, plus adds insights on and citation of best practices on how the risks were handled. It will help other managers get a glimpse of the ins and outs of a project similar to yours. Having a cloud-based project management software like monday.com helps you to collate these details in one place for future reference.

Factors to consider when creating a project risk assessment

Being a project manager is not all about fighting and putting out fires. Here are more tips to get your project moving despite the hiccups.

  • Make risk assessment the mainstay of your projects. It is ignorance to assume that projects will never encounter risks.  An effective project risk assessment and management is essential in the success of any project. Although this will incur an additional step on your part, the benefit you will reap from embedding risk assessment and management can never be underestimated.
  • Inform stakeholders about risks. In the “Attack by Stratagem” chapter of the Art of War, one of the best books for project managers , Sun Tzu declared that the source of an army’s strength is in unity, not size.  Risk managers can learn a nugget of wisdom here. Sometimes, upper management is unaware of the details of failed projects. And there are instances where the instrument to solve the problem is already available but wasn’t used because the team has not been informed of its availability nor existence. Remember to include communicating risks and mitigation plans to other stakeholders in your project. You can do this during project update meetings as a default part of the agenda. This way, you clearly communicate that risks are vital parts of the project and should be given sufficient attention.
  • Clarify ownership. Most projects involve different departments and stakeholders. It is important that stakeholders are clear with their ownership of the project or phase of the project. And this should be done at the beginning of the project or before a risk occurs. This way, each stakeholder will carry out tasks to decrease occurrences of risks on their part and will not be surprised by any additional expenses incurred.

Get the right tool for project risk assessment

While some managers have a wealth of experiences under their belt that help them to instinctively carry out steps and processes in analyzing and managing risks in their projects, it does not hurt for new managers to do some research as well as to adopt and utilize project risk assessment tools, checklists, and templates from websites. An example is monday.com.

monday.com is an online project management software that empowers managers to drive projects and teams effectively. It offers project risk assessment tools and templates that will save you time on the paperwork and give you more time to keep your team focused on achieving project success.

Stephanie Seymour

By Stephanie Seymour

Stephanie Seymour is a senior business analyst and one of the crucial members of the FinancesOnline research team. She is a leading expert in the field of business intelligence and data science. She specializes in visual data discovery, cloud-based BI solutions, and big data analytics. She’s fascinated by how companies dealing with big data are increasingly embracing cloud business intelligence. In her software reviews, she always focuses on the aspects that let users share analytics and enhance findings with context.

Top Project Management Software of 2024

Related posts

Efficient Project Management Approach in 2024: A Guide with Techniques, Examples & Templates

Efficient Project Management Approach in 2024: A Guide with Techniques, Examples & Templates

Best Appointment Scheduling Software in 2024

Best Appointment Scheduling Software in 2024

15 Best Free Shopping Cart for Websites in 2024

15 Best Free Shopping Cart for Websites in 2024

What Are Freelance Platforms? Analysis of Features, Benefits and Pricing in 2024

What Are Freelance Platforms? Analysis of Features, Benefits and Pricing in 2024

20 Best Product Information Management Software of 2024

20 Best Product Information Management Software of 2024

20 Best Hotel Management Systems for 2024

20 Best Hotel Management Systems for 2024

20 Best Dedicated Server Hosting Solutions of 2024

20 Best Dedicated Server Hosting Solutions of 2024

What Is Website Builder Software: Analysis of Features, Benefits and Pricing

What Is Website Builder Software: Analysis of Features, Benefits and Pricing

Rippling Pricing Packages in 2024: What’s Included in the Quote-Based Plan?

Rippling Pricing Packages in 2024: What’s Included in the Quote-Based Plan?

20 Best Virtual Collaboration Tools for Remote Teams in 2024

20 Best Virtual Collaboration Tools for Remote Teams in 2024

Is monday.com the Best Project Management Tool?

Is monday.com the Best Project Management Tool?

Pros and Cons of Vend: A Leading POS Software in 2024

Pros and Cons of Vend: A Leading POS Software in 2024

Best Online Project Management Resources: A List of 100 Useful Tools

Best Online Project Management Resources: A List of 100 Useful Tools

20 Best Appointment Scheduling Apps in 2024

20 Best Appointment Scheduling Apps in 2024

Katana MRP Pros and Cons: Analysis of a Leading Inventory Management Software

Katana MRP Pros and Cons: Analysis of a Leading Inventory Management Software

Comparison of Stripe Fees vs Paypal Fees vs Adyen Fees in 2024

Comparison of Stripe Fees vs Paypal Fees vs Adyen Fees in 2024

15 Best Employee Scheduling Software of 2024: Comparison of Leading Solutions

15 Best Employee Scheduling Software of 2024: Comparison of Leading Solutions

17 Best Website Performance KPIs You Should Track in 2024

17 Best Website Performance KPIs You Should Track in 2024

10 Best Event Management Software: Comparison of Popular Tools

10 Best Event Management Software: Comparison of Popular Tools

What is Big Data Analytics and How It Helps You Understand Your Customers?

What is Big Data Analytics and How It Helps You Understand Your Customers?

Leave a comment!

Add your comment below.

Be nice. Keep it clean. Stay on topic. No spam.

Why is FinancesOnline free?

FinancesOnline is available for free for all business professionals interested in an efficient way to find top-notch SaaS solutions. We are able to keep our service free of charge thanks to cooperation with some of the vendors, who are willing to pay us for traffic and sales opportunities provided by our website. Please note, that FinancesOnline lists all vendors, we’re not limited only to the ones that pay us, and all software providers have an equal opportunity to get featured in our rankings and comparisons, win awards, gather user reviews, all in our effort to give you reliable advice that will enable you to make well-informed purchase decisions.

No time for detailed research?

Get the best project management software solution!

Award

EU Office: Grojecka 70/13 Warsaw, 02-359 Poland

US Office: 120 St James Ave Floor 6, Boston, MA 02116

  • Add Your Product
  • Research Center
  • Research Team
  • Terms of Use
  • Privacy Policy
  • Cookies Policy
  • Scoring Methodology
  • Do not sell my personal information
  • Write For Us
  • For Small Business
  • Top Software
  • Software reviews
  • Software comparisons
  • Software alternatives

Copyright © 2024 FinancesOnline. All B2B Directory Rights Reserved.

Filter by Keywords

10 Free Risk Assessment Templates and Examples (Excel and ClickUp)

ClickUp Contributor

February 13, 2024

Risk assessment tools save project managers time and resources by clarifying potential risks before the team gets to work.

Research shows more than 60% of projects are often beyond budget, late, or fail to deliver according to specifications. By using effective risk assessment strategies, you are more prepared to prioritize threats and interruptions to your project. And as a result, the overall success rate of the project will improve.

We’ve put together a list of 10 free risk assessment templates and use case examples to fit your project or program requirements. Whether you need to address the safety hazards of potential equipment or share a risk rating document with teams and stakeholders—we got you covered!

research project risk assessment example

What is a Risk Assessment Template?

1. clickup value risk matrix template, 2. clickup assumption grid decision matrix template, 3. clickup risk register template, 4. clickup pi planning risk template, 5. clickup job safety analysis template, 6. excelhub risk assessment excel template, 7. excel accounting risk assessment form template, 8. projectmanager excel risk matrix template, 9. projectmanager excel it risk assessment template, 10. excel analysis & risk management plan template, what makes a good risk assessment template.

A risk assessment template is a resource to assess risks early and develop an actionable response plan. Depending on your industry type, a general risk assessment includes:

Risk identification

  • Impact area
  • Probability
  • Level of impact
  • Mitigation plans

This type of assessment template breaks risks down into varying stages, often using spaced tables for you to document identified threats and which parties are at risk. Risk templates also include a tool for assessing the likelihood and severity of risks.

10 Free Risk Assessment Templates to Try

Assess risks and create risk ratings with ClickUp's List view

A technical and effective way to understand what to prioritize in your business model and new idea list is by understanding the worth of these features and the degree of risk linked to the implementation.

ClickUp’s Value Risk Matrix Template helps you go through the risk matrix for each possible risk that may occur. It’s a great way to practice proactive risk management . And since it’s a simple template, you can easily walk through the process and fill the value risk matrix quickly.

Here’s how you can use this risk assessment template:

  • Create a task for each idea
  • Input or select the person responsible for the idea or the plan execution
  • Attach the file that contains all the information (i.e. research, cost analysis, etc.) about the idea/new feature
  • Classify whether the idea/new feature is for your customers, admin, employees, or for the business in general

Brainstorm ideas on a ClickUp Whiteboard to identify hazards

An assumption grid helps you identify various assumptions from your business model. The grid plots these assumptions on two separate axes:

  • Low-impact assumptions with little information available
  • High-impact assumptions with little information available

Visualizing these assumptions helps you mitigate risks, make judgment calls, and overcome uncertainties. The ClickUp Assumption Grid Template is similarly a type of decision-making tool.

You can easily determine what the big boxes represent by checking the Legend. Each box has a corresponding color with added meaning.

  • Yellow = Certain, High Risk
  • Red = Uncertain, High Risk
  • Green = Certain, Low Risk
  • Grey = Uncertain, Low Risk

View risk assessment form responses by priority in ClickUp's Board view

One of the most crucial parts of managing risks is to operate strategically to address any potential issues that may happen when managing a specific project.

With this template, you can document risks and response actions to manage each risk. It also helps you track potential risks and implement preventative measures before the risks happen. The ClickUp Risk Register Template is essential to successfully manage risks identified and logged on the register with actions to be taken to respond to the risk.

Responses should be regularly reviewed to monitor the progress. This risk assessment template offers several benefits, including:

  • Collecting potential risks and preparing proper actions for them
  • Assigning direct team members to monitor and prioritize tasks
  • Categorizing risks by type ( Risks Response , Risks Status , and Risks by Level )

Customize your own risk assessment template from a ClickUp Whiteboard

ClickUp’s Pi Planning Template helps you get a perfect overview of your PI Planning process with step-by-step frames that guide you through the entire risk assessment process.

The template gives you a clear picture of your team members’ backlog, including capacity, workload, and risks. Note that the number of sticky notes containing identified risks may shrink or grow as your team decides on mitigation approaches during the planning process.

The PI Planning Template is divided into four main boards to organize your PI Planning event:

  • Teams Board : Includes iterations, tasks, and objectives for each specific team
  • Program Board : Includes features, dependencies, and milestones
  • Agenda Board : Includes schedule, agenda, and presenter
  • ROAM Board : Includes program risks and obstacles

Create an actionable plan to minimize health and safety hazards in ClickUp

A job safety analysis should be conducted in workplaces to identify potential hazards that could cause major or serious injury such as hazard exposure, hazardous substances, and procedure changes.

The ClickUp Job Safety Analysis Template organizes key information all employees can access in a single view, including:

  • Site location address
  • Possible risks/hazard
  • Countermeasures/Department
  • Protective equipment
  • Additional notes
  • PDF Files demonstrating the proper steps

SafetyRisk Risk Assessment Excel Template

This is a basic risk assessment template in Excel designed to help you take the initial steps to standardize your processes. You can easily determine the data that should be collected from your business areas, outline suggested response selections, and define key terms.

Regardless of the risk events, configuration and assessment parameters, the risk assessment template in Excel can help you manage risks before they occur.

WPS Accounting Assessment Form Excel Template

Accurate finance and accounting risk assessment is essential and can make or break your personal or business finances. This professionally built risk Excel risk assessment template gives you valuable insights into your accounting risk level.

It also helps you provide all the necessary details about your business product requirements . In addition, accurate costing of purchased products is crucial to ensure your business does not suffer unnecessary losses.

ProjectManager Risk Matrix Template Example

The free risk matrix template from Excel takes any potential threat and determines the impact and extent it could have on a particular project. This template helps you create a risk management process to highlight and correct issues before they become serious problems.

It also serves as a communication tool to let the team members know the risks that might arise during a project. This allows everyone to alert others if an issue becomes known and where it falls on the prioritization scale.

Bonus: RAID templates for risk management!

ProjectManager IT Risk Assessment Template

The number of risks to an IT landscape is enormous, including software or hardware failure, viruses, malware, scams, pace, and phishing.

Human errors, as well as malignant threats from fraud, hackers, security breaches, and denial-of-service attacks also exist. Natural disasters like fire and floods also damage an IT system carrying valuable data.

With the Excel IT Risk Assessment template from ProjectManager, you can take into account the following:

  • The number of equipment and personnel needed to continue operating
  • How long it takes to restore the data or system functionality 
  • System and data needs

ExcelHub Risk Analysis and Management Plan Excel Template

Identifying risks is just a single step of the risk assessment process. The subsequent steps include other activities such as risk strategy, monitoring, and funding.

The Excel Management template helps you determine the likelihood of risk occurrence and the potential impact through risk analysis. It also helps understand the project’s performance and quality. As a result, you can easily implement adequate response and risk mitigation.

A good risk assessment template is easy to update, creates consistency for future work, and simplifies the creation process. If your company has specific criteria for assessing risks, using a template will ensure everyone has the same information to take the correct risk and control measures. Here are four key processes a risk assessment template will include:

This process needs dedication and creativity as it focuses on highlighting potential risks that might occur and impact project metrics. There are several methods for identifying potential threats in your organization. Your project team can brainstorm possible hazards and transform the findings into a risk checklist.

Risk analysis

This goes beyond identifying risks and determines the criticality of the risk. This is where you assign both qualitative and quantitative values to possible risks and analyze the potential and strategies to minimize them. Risk analysis helps you understand the risks’ likelihood of occurrence and potential impact. This way, you can implement the proper mitigation and response.

Risk response and mitigation

Risk mitigation helps design and implement strategies to reduce the occurrence and the impact of the risks. The primary objective is to minimize the likelihood of risk incidence as much as possible.

Risk control

Risk monitoring and control are also part of your assessment template. It helps ensure that the plans are carried out properly. As a result, your template should use the risk monitoring and controlling function to guarantee that your assessment and risk mitigation strategies are effective.

Developing a Powerful Risk Assessment Plan With ClickUp

Without performing a risk assessment at the initial stages of your project, you won’t have the advanced preparation needed to prioritize safety controls.

Empower your team stays ahead of potential hazards with the best risk assessment tools and a productivity platform like ClickUp.

ClickUp makes it easy to plan, manage, and report on projects from anywhere. Get real-time project visibility and report on key metrics with automated workflows and Dashboards to keep your team informed and connected!

Questions? Comments? Visit our Help Center for support.

Receive the latest WriteClick Newsletter updates.

Thanks for subscribing to our blog!

Please enter a valid email

  • Free training & 24-hour support
  • Serious about security & privacy
  • 99.99% uptime the last 12 months

Introduction to Risk Assessment in Project Management

Project Management Institute’s (PMI) inclusion of risk management skills in multiple PMI certifications indicates the importance of risk across industries and in all projects. The risk management process includes risk identification and risk assessment. During an assessment, the project manager uses standard risk tools and quality data to help the team better avert later problems, manage the project cost, and keep project work on schedule. Risk assessment is the process by which the identified risks are systematically analyzed to determine their probability of occurrence and the potential impact of that occurrence.

On this page:

What is a risk assessment?

What are risk assessment pmp and risk reassessment pmp, when is a risk assessment needed, why is a risk assessment important, example use of risk assessment: hurricane impacting town, what inputs are needed for a risk assessment, what is a risk data quality assessment pmp, what outputs does a risk assessment generate, how to create a risk assessment, risk assessment matrix, risk assessment best practices, risk assessment pmp and risk reassessment pmp.

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.

Project teams use risk assessment, a qualitative measure using risk data and the parameters of probability and impact, to identify, categorize, prioritize, and manage risks before they happen.

A “risk reassessment” is the work done to update the original risk assessment due to changes in the project or overall risk management efforts.

For the original and subsequent assessments, the quality of data used to determine the impact directly correlates to the accuracy of the risk assessment and resulting decisions.

Project Management Professional (PMP)® credential holders have shown their knowledge of a risk assessment and their understanding of the high cost of a failure to do a risk assessment. For the PMP certification exam, students need to know the importance of a risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk.

Within the PMP exam context, “risk assessment PMP” and “risk reassessment PMP” are informal terms referring to taking identified risks and assessing them using qualitative data, such as the probability of occurrence, to determine the potential impact. From that, project managers determine the risk score, which is an input to subsequent risk response activities.

Risk identification should happen early in the project , closely followed by the risk assessment. Project teams should conduct risk reassessment throughout the life of a project. Updating the risk register is a good reminder to update the corresponding risk assessment. The project’s scope and risk management plan will inform how frequently the reassessment should be conducted (projects of bigger scope should have more reassessments; similarly, smaller scope requires fewer reassessments).

Performing a risk assessment is critical to ensuring the success of a project because it puts the project team in a state of preparedness. When done with verified tools and quality inputs, risk assessment may take time but can prevent problems from negative risks and enable opportunities from positive risks. As shared in the PMI conference paper Risk Assessments—developing the right assessment for your organization , “The best project organizations are those who realize that a risk assessment template is a valuable asset in managing the organization’s bottom line.” Risk assessment connects to managing cost, timelines, and quality.

For an example of how a risk assessment can be used, we use the example of a small municipality located on the east coast of North Carolina. The coastal town has been impacted by natural disasters in the form of hurricanes several times in the past fifty years. A hurricane is a storm that starts in the ocean and moves inland, causing all levels of flooding, electrical storms, and damaging winds. The National Weather Service provides annual forecasts of which geographic regions are predicted to have hurricanes, as well as the number of occurrences and strength of hurricanes.

The town manager (“project manager”) and the town administration (“project team”) know a hurricane will happen but not when or how strong it may be. In the risk category of weather events, the project manager and project team identify the risk type of hurricane storm. Then the project team identifies specific potential risks, such as flooding that may cause building damage. The team assesses each risk in terms of probability (or how likely it is to occur), the impact if it occurs, and the probability-impact score (weighing the significance of the risk on the project). The information is captured in a risk assessment matrix as part of the project management and risk management documentation.

For example, they do a risk assessment after the project manager and team identify the risk of water damage to downtown buildings due to hurricane-induced flooding. The team uses standard tools to determine the probability of that specific risk (flooding) and the impact if it occurs (water damage to buildings). The project team uses verified data, like National Weather Service hurricane projections, for probability estimates. For the potential impact, the project team uses cost and quality data like town records to determine what could happen to town property. The data and risk scoring are organized in the project risk assessment matrix and communicated to stakeholders.

Continuing our example of the identified risk of water damage to ground floors, if the assessment indicates the risk is highly likely to occur with a high impact of damage, it will have a higher risk score. That can mean more time invested in risk response planning (such as securing funding to buy and store sandbag materials during flooding to reduce the impact of water damage on buildings). The risk response plan would likely include purchasing sandbag materials before a hurricane, storing them in an accessible space, and training the town staff to set up the sandbags to protect critical buildings when a hurricane is imminent. The cost of buying and storing sandbag materials to protect the buildings is much lower than the cost of fully repairing water-damaged buildings.

In this risk example, the project team:

  • determined the appropriate risk categories (natural disasters)
  • determined the types within the category (hurricane storms)
  • identified a risk event (hurricane bringing flooding to downtown buildings),
  • assessed the impact of that risk (flooding damages ground floors),
  • assessed the probability of the impact (flooding may be higher or lower but always occurs with hurricanes),
  • documented the risk information, including risk scores in the risk assessment matrix,
  • communicated the risk assessment results to the team and stakeholders, and then
  • used the risk assessment matrix as an input for risk response planning (making sandbag materials available when needed and training people to set them up).

With this example, you should see the risk assessment allows the project team to identify, categorize, prioritize, and mitigate/avoid/exploit risks prior to their occurrence. A risk assessment is a proactive approach in which the risk is identified and assessed to manage cost, reduce negative impact, and protect the project (in this example, town buildings).

A risk assessment should be customized to fit the project context. Standard risk assessment inputs include:

  • Project management plan
  • Risk management plan
  • Risk assessment methodology
  • Risk parameter definitions
  • Risk tolerance levels
  • Risk probability and impact matrix template
  • Risk assessment scale (what criteria are used to determine if the risk score is high, mid, or low)
  • Risk assessment matrix template

Project managers and project management students use what is informally referred to as the “assessment of other risk parameters PMP” to tailor their risk assessment to a specific project. While probability and impact values are used in all risk assessments, additional parameters, like cost or schedule, can be standalone matrices.

Risk assessment is a qualitative assessment. Therefore, risk data quality (sometimes referred to as “risk data quality assessment PMP”) always impacts the risk assessment quality. A risk data audit helps ensure the quality of data used in the risk assessment. Project managers may use experts or previous project documentation as part of the risk data quality assessment to ensure the accuracy of the overall risk assessment.

The risk assessment outputs are part of the overall project and risk management documentation. A risk assessment can generate the following:

  • Project Management Plan updates
  • Project document updates
  • Risk Management Plan updates
  • Risk Register updates
  • Risk Response Plan updates

Risk assessment should occur throughout the project. With each iteration, known as a risk reassessment, the risk documentation should be updated accordingly.

For the PMP exam, students need to know the importance of a risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk. Project Managers and PMP credential holders should know the seven steps to risk assessment.

1.      Identify applicable risk types and organize them

You cannot assess risk if you have not identified it. Begin your risk assessment with risk identification. With your project team, identify potential scenarios that could harm your project. Risks can be of any size and with internal or external triggers. Your team may identify risks that include computer viruses, manufacturing defects, natural disasters, or shipping delays. Each risk is identified and documented in the risk register. The risk may be organized by different factors (internal or external triggers, for example) or by categories (environmental, regulatory, technology, or staffing, for example).

2.      Determine how these risks will be qualified and quantified

With risks identified and organized, the project manager should conduct a risk assessment. Each risk must be qualified and quantified. The project manager will use a probability and impact matrix to document the probability of each risk and the impact if it does happen. Remember, the quality of the data used in the assessment impacts its accuracy.

3.      Determine your organization’s risk tolerance

Every organization has a risk tolerance level, with variances due to the type of risk, the specific stakeholders of a project, and the scope of the project. Additionally, there are industries with negligible risk tolerance (such as health care) and others with an acceptance of some level of risk (like software development). While every organization has a risk tolerance level, so the project manager should get stakeholder input to determine risk tolerance for each project.

4.      Determine the final output format of the risk assessment

Within the risk management activities, determine during the risk planning process how the risk assessment output should be documented and communicated. Spreadsheet programs are often used for the ease of organizing large data sets. However, a company may have risk assessment output requirements, such as storing it on a secure server or capturing it in a shareable file, determining the output format. How the risk assessment output is documented is important because it determines how the information is made available to the project team and stakeholders.

5.      Create a plan to maximize the risk assessments applicability to every project

Within a risk assessment and the resulting risk response plan, project managers have a wealth of knowledge that can protect the active project and future projects.

Project managers should have a plan to document the risk assessment, the result of risk responses applied to risks that occur, and the risk assessment matrices with the appropriate risk parameters. Maintaining a consistent and detailed project documentation archive helps ensure a project’s lessons learned are available to other project managers with similar projects, which can reduce the impact of negative risks. The plan should include documentation format requirements, how assessment documentation will be accessed, and how the assessment (and reassessments) will be communicated to the project team and stakeholders.

6.      Create a final risk assessment that is flexible and scalable

Knowing the project manager and team will be doing reassessments throughout the project as part of risk reassessment, the process must be flexible and scalable. You may have to add risks throughout the project or incorporate other criteria to ensure the accuracy of the probability and impact scores. Additionally, the risk assessment should work for projects of different scopes. The risk assessment should be flexible enough to remain aligned with project changes and scalable enough to be used in multiple projects.

7.      Determine the process to update the risk assessment

PMP credential holders know the importance of risk assessment and reassessment in managing the project cost. Without a process to update risk assessments, the project is vulnerable when risks occur. Changes are inevitable, and a risk assessment that is not current is not effective. Project managers should have a consistent risk assessment update process within their overall risk management activities.

Risk management documentation, such as the risk assessment matrix, is part of the overall project management documentation. The risk matrix documents at least four core areas for each identified risk: (1) risk name, (2) probability, (3) impact, and (4) risk level/ranking. The risk assessment also includes the calculated overall Project Risk score (the project’s probability-impact, or PI, score). The risk assessment matrix is an output of the Risk Assessment process and an input to the Risk Response process.

In a risk assessment matrix, each identified risk is listed along with its corresponding information.:

RISK CATEGORY

  • Risk category : from a standardized list of risk categories (e.g., technology, natural disaster, regulations, transportation, etc.), the ones that most closely align with the project are used; not all projects have risks in all categories; therefore, each project will have a different combination of risk categories in its matrix

PROBABILITY

  • Probability criteria : used to assign the probability values for a risk category; criteria should come from a standardized list but customized for each project
  • Probability (“P”) score : a value given to each risk driven by the probability criteria; the matrix’s score scale will state the parameters for the minimum and maximum value of a P score; the project manager and project team use data and criteria to assign the P score to each risk
  • Impact criteria : used to assign the impact values for a risk category; criteria should come from a standardized list but customized for each project
  • Impact (“I”) score : a value given to each risk driven by the impact criteria; the matrix’s score scale will state the parameters for the minimum and maximum value of an I score; the project manager and project team use data and criteria to assign the I score to each risk

PROBABILITY AND IMPACT VALUES

  • Probability-to-Impact (“PI”) score : the Probability score multiplied by the Impact score results in the PI score; the PI score is the overall risk assessment score; the PI score is used to rank all project risks by lowest probability and impact to highest, so resources are assigned accordingly
  • Total Project Risk : all PI scores are added, and then that sum is divided by the quantity (total number of risks) of risks to determine the average; the project’s PI average value of PI scores is the Total Project Risk value.

Probability and impact are integral data points for risk assessment. Project risk tailoring occurs within the specifics of the risk categories, probability criteria, and impact criteria.

Risk Assessment Matrix Example

Project Manager Kestel’s PMI conference paper “ Risk assessments—developing the risk assessment for your organization ” includes an example risk assessment matrix:

From the completed risk assessment matrix, the project manager communicates the total Project Risk score to the team and stakeholders. Communication is part of risk assessment and helps ensure commonly understood terms are used for standardized risk assessment processes.

The risk matrix template ensures key data is consistently defined and included in the project documentation. For a risk matrix , project managers work with the project team and stakeholders to determine the specific risk criteria and refine the criteria for probability and impact. The format of the risk matrix should be determined early in the project and use company standards for project tools when available. The risk matrix should be stored with other project documentation, along with all risk reassessments for a project.

Project managers should complete the risk assessment as part of their risk management activities for all projects. Best practices for risk assessment include:

  • Risk assessments should use quality data.
  • Risk assessments incorporate expertise and knowledge from the project team and stakeholders.
  • Risk data should undergo an audit to determine quality.
  • Risk reassessment is conducted frequently throughout the life of a project.
  • Risk assessments should use tailored and scalable tools.
  • Risk assessment results, including the overall project risk score, are communicated to the team and stakeholders.

Project Managers should:

  • lead the risk assessment efforts using standard tools
  • customize the risk assessment matrix to the specific needs of the project,
  • document the probability and impact of each risk,
  • use standard data and terms for risk audit efforts, and
  • communicate risk assessment progress and results to the project team and stakeholders.

Project managers should customize the risk assessment criteria to the project type. For example, you would not assess the risk of a particular weather event occurring using the criteria for the probability of manufacturing defects.

Additionally, project managers should use organizational templates and project management office (PMO) standards when available in their company. Customization of a project’s risk assessment should be balanced against the need for standards to contribute to knowledge sharing. No single tool will ensure quality assessment for all projects, but there are standards shared by all projects.

To prepare for the PMP exam, students need to know the importance of risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk. Students should understand that a risk assessment is a tool to help manage the project’s cost by closely monitoring highly probable and high (negative or positive) impact risks.

American billionaire fund manager and philanthropist Bruce Kovner is credited with saying, “Risk management is the most important thing to be well understood.” A project manager with the PMP credential has demonstrated knowledge of risk assessment and the role it serves within risk management. Remember these components of creating a risk assessment:

  • identify applicable risk types and organize them
  • determine how risks will be qualified and quantified
  • determine your organization’s risk tolerance
  • determine the final output format of the risk assessment
  • create a plan to maximize the risk assessment’s applicability to every project
  • create a final risk assessment that is flexible and scalable
  • determine a process to update the risk assessment

Project Managers managing risk using a scalable risk assessment template and standard processes consistently have successful projects. In addition to earning PMI’s Project Management Professional (PMP) certification, you may continue your certification journey by pursuing the PMI Risk Management Professional (PMP-RMP)® certification to advance your risk project management skills further.

  • Megan Bell #molongui-disabled-link What is a Project Schedule Network Diagram?
  • Megan Bell #molongui-disabled-link Scheduling Methodology: Build & Control Your Project Schedule
  • Megan Bell #molongui-disabled-link Schedule Baseline: How to Create, Use, and Optimize
  • Megan Bell #molongui-disabled-link How to Use Agile in Project Management as a PMP® Credential Holder

Popular Courses

PMP Exam Preparation

PMI-ACP Exam Preparation

Lean Six Sigma Green Belt Training

CBAP Exam Preparation

Corporate Training

Project Management Training

Agile Training

Read Our Blog

Press Release

Connect With Us

PMI, PMBOK, PMP, CAPM, PMI-ACP, PMI-RMP, PMI-SP, PMI-PBA, The PMI TALENT TRIANGLE and the PMI Talent Triangle logo, and the PMI Authorized Training Partner logo are registered marks of the Project Management Institute, Inc. | PMI ATP Provider ID #3348 | ITIL ® is a registered trademark of AXELOS Limited. The Swirl logo™ is a trademark of AXELOS Limited | IIBA ® , BABOK ® Guide and Business Analysis Body of Knowledge ® are registered trademarks owned by International Institute of Business Analysis. CBAP ® , CCBA ® , IIBA ® -AAC, IIBA ® -CBDA, and ECBA™ are registered certification marks owned by International Institute of Business Analysis. | BRMP ® is a registered trademark of Business Relationship Management Institute.

research project risk assessment example

The Essex website uses cookies. By continuing to browse the site you are consenting to their use. Please visit our cookie policy to find out which cookies we use and why. View cookie policy.

Research risk assessment

It's the responsibility of the principal investigators (PI) and researchers to identify reasonably foreseeable risks associated with their research and control the risks so far as is reasonably practicable.

All participants and research assistants have the right to expect protection from physical, psychological, social, legal and economic harm at all times during an investigation. Certain research may also present reputational, legal and / or economic risks to the University.

As part of the ethical approval process for research involving human participants you are required to identify potential risks associated with your research and the action you will take to mitigate risk. You may be asked to submit your risk assessment.

The risk assessment process is a careful examination of what could cause harm, who/what could be harmed and how. It will help you to determine what risk control measures are needed and whether you are doing enough. 

Risk assessment responsibility

The PI and researchers need to take responsibility for all assessments associated with their projects. Occasionally you may need research workers or students to risk assess an aspect of the work and you will need to check the assessments are adequate and sign them off.

Risk assessors need to be competent and you’ll need to ensure they have adequate training and resource to do the assessments. There is risk assessment training available and help and advice help and advice help and advice from your Health and Safety Advisory Service link advisor and safety specialists (for health and safety risks), or the REO Research Governance team for other risks. In some cases, the hazards are so unique to the research that the PI and their team might be the only people who know the work well enough to make valid judgements about the risk and justify their conclusions.

Risk assessment process

The risk assessment process is a careful examination of what could cause harm, who/what could be harmed and how. It will help you to determine what risk control measures are needed and whether you are doing enough.

To simplify the process you can use the health and safety risk assessment templates, risk estimation tool and guidance for all risks associated with your research project. Please refer to the research risk estimation guidance under how to carry out a risk assessment below to assist you. 

Research risks

Typical risks that need to be considered as part of research ethics are:

  • Social risks: disclosures that could affect participants standing in the community, in their family, and their job.
  • Legal risks: activities that could result in the participant, researchers and / or University committing an offence; activities that might lead to a participant disclosing criminal activity to a researcher which would necessitate reporting to enforcement authorities; activities that could result in a civil claim for compensation.
  • Economic harm: financial harm to participant, researcher and / or University through disclosure or other event.
  • Reputational risk: damage to public perception of University or the University/researchers’ reputation in the eyes of funders, the research community and / or the general public. 
  • Safeguarding risks:   Risk to young people, vulnerable adults and / or researcher from improper behaviour, abuse or exploitation. Risk to researcher of being in a comprising situation, in which there might be accusations of improper behaviour.
  • Health and safety risks: risks of harm to health, physical injury or psychological harm to participants or the researcher. Further information on health and safety risks is given below.

Health and safety risks

The potential hazards and risks in research can be many and varied. You will need to be competent and familiar with the work or know where to obtain expert advice to ensure you have identified reasonably foreseeable risks. Here are some common research hazards and risks:

  • Location hazards Location hazards Location hazards and risks are associated with where the research is carried out. For example: fire; visiting or working in participant’s homes; working in remote locations and in high crime areas; overseas travel; hot, cold or extreme weather conditions; working on or by water. Also hazardous work locations, such as construction sites, confined spaces, roofs or laboratories. For overseas travel, you will need to check country / city specific information, travel health requirements and consider emergency arrangements as part of your research planning, by following the University’s overseas travel  health and safety standard .  
  • Activity hazards Activity hazards Activity hazards and risks associated with the tasks carried out. For example: potentially mentally harmful activities; distressing and stressful work and content; driving; tripping, or slipping; falling from height; physically demanding work; lifting, carrying, pushing and pulling loads; night time and weekend working.
  • Machinery and equipment Machinery and equipment Machinery and equipment . For example: ergonomic hazards, including computer workstations and equipment; contact with electricity; contact with moving, rotating, ejecting or cutting parts in machinery and instruments; accidental release of energy from machines and instruments.
  • Chemicals and other hazardous substances . The use, production, storage, waste, transportation and accidental release of chemicals and hazardous substances; flammable, dangerous and explosive substances; asphyxiating gases; allergens; biological agents, blood and blood products. You’ll need to gather information about the amount, frequency and duration of exposure and carry out a COSHH or DSEAR assessment which will inform whether you may need health surveillance for yourself and / or your research participants.
  • Physical agents Physical agents Physical agents . For example: excessive noise exposure, hand-arm vibration and whole body vibration; ionising radiation; lasers; artificial optical radiation and electromagnetic fields. You’ll need to gather information about the amount, frequency and duration of exposure inform whether you may need health surveillance for yourself and / or your research participants.

When to carry out a risk assessment

Carrying out initial risk assessments as part of the planning process will help you identify whether existing resources and facilities are adequate to ensure risk control, or if the project needs to be altered accordingly. It will also help you to identify potential costs that need to be considered as part of the funding bid.

Once the project is approved, research specific risk assessments need to be carried out before work starts.

The research may need ethical approval if there is significant risk to participants, researchers or the University.

How to carry out a risk assessment

The University standard on risk assessments provides guidance, tips on getting it right, as well as resources and the forms to help you produce suitable and sufficient risk assessments and must be used.

  • Risk assessment template (.dotx)
  • Flow chart to research risk assessment (.pdf)
  • Research risk assessment: Risk estimation tool (.pdf)
  • Example of a Social Science research risk assessment (.pdf)

Refer to carrying out a risk assessment carrying out a risk assessment carrying out a risk assessment for step by step guidance.

Risk assessments must relate to the actual work and must be monitored by the PI. If there are significant changes to the activities, locations, equipment or substances used, the risk assessment will need to reviewed, updated and the old version archived. Risk assessments should also consider the end of projects, arrangements for waste disposal, equipment, controlled area decommission and emergencies. 

Things to consider:

  • The risks may be specialist in nature or general. Information can found from legislation, sector guidance, safety data sheets, manufacturers equipment information, research documents, forums and health and safety professionals.
  • Practical research might involve less well-known hazards. Do you or your team have the expertise to assess the risk adequately? Do you know who to go to for expert advice?
  • The capabilities, training, knowledge, skills and experience of the project team members. Are they competent or are there gaps?
  • In fast changing research environments, is there a need to carry out dynamic risk assessments? Are they understood and recorded?
  • The right personal protective equipment for the hazards identified and training in how to use it.
  • Specific Occupational Health vaccinations, health surveillance and screening requirements identified and undertaken. With physical agents and substances you’ll need to make an informed decision about the amount, frequency and duration of exposure. If you need help with this contact HSAS.
  • Associated activities: storage, transport/travel, cleaning, maintenance, foreseeable emergencies (eg spillages), decommissioning and disposal.
  • The safe design, testing and maintenance of the facilities and equipment.
  • Planned and preventative maintenance of general plant and specialist equipment.

These risk assessments relate to the actual work and must be monitored by the PI. If there are significant changes to the activities, locations, equipment or substances used, the risk assessment will need to reviewed, updated and the old version archived. Risk assessments should also consider the end of projects, arrangements for waste disposal, equipment and controlled area decommission and emergencies.

Training 

If you would like training on risk assessment, please book onto one of our courses:

  • Research Risk Assessment (for research staff and students in Humanities and Social Sciences)
  • Research Risk Assessment (for research staff and students in Faculty of Science of Health only)
  • Carrying out a risk assessment Carrying out a risk assessment Carrying out a risk assessment
  • People especially at risk People especially at risk People especially at risk
  • IOSH/USHA/UCEA guidance on managing health and safety in research (.pdf) 
  • Research governance: Ethical approval

Arrow symbol

  • University of Essex
  • Wivenhoe Park
  • Colchester CO4 3SQ
  • Accessibility
  • Privacy and Cookie Policy

IMAGES

  1. FREE 9+ Sample Project Risk Assessment Templates in PDF

    research project risk assessment example

  2. Project Risk Assessment: Guide With Templates & Examples

    research project risk assessment example

  3. Project Risk Assessment Template from PMIS Consulting

    research project risk assessment example

  4. Project Risk Assessment Template

    research project risk assessment example

  5. Project risk assessment: example with a risk matrix template

    research project risk assessment example

  6. A Complete Guide to the Risk Assessment Process

    research project risk assessment example

VIDEO

  1. 58 Risk Analysis Process Summary

  2. Project Risk Management -lecture 1

  3. Overall and Individual Project Risk

  4. Why WORK AT HEIGHT is STILL a problem! 🪜⚠️

  5. 11.3 Perform Qualitative Risk Analysis

  6. 18 6 Risk Analysis

COMMENTS

  1. Research risk assessment

    For example: fire; visiting or working in participant's homes; working in remote locations and in high crime areas; overseas travel; hot, cold or extreme weather conditions; working on or by water. Also hazardous work locations, such as construction sites, confined spaces, roofs or laboratories.

  2. Essential Guide to Project Risk Assessments

    Try Smartsheet for Free By Kate Eby | September 19, 2022 Performing risk assessments is vital to a project's success. We've gathered tips from experts on doing effective risk assessments and compiled a free, downloadable risk assessment starter kit.

  3. PDF Conducting a Risk Assessment

    Example risk statement for 'Research Integrity' If research is falsified, plagiarized, fabricated, or seriously deviates from commonly accepted practices, then failure to achieve Harvard's mission, reputational harm and financial losses may result. 1 Harvard Institutional Risk Management Conducting a Risk Assessment

  4. How to Assess Risk in Research: A Simple Framework and Tips

    1 Define your research objectives Be the first to add your personal experience 2 Identify the sources of risk Be the first to add your personal experience 3 Analyze the impact and likelihood of...

  5. Completing the risk assessment

    First steps Completing the risk assessment Completing the risk assessment All research applications require you to complete a mandatory risk assessment questionnaire within Worktribe. Find guidance on completing a risk assessment for your project.

  6. Risk Assessment and Analysis Methods: Qualitative and Quantitative

    "… [M]aking judgments about managing and tolerating risk on the basis of a risk analysis while considering influencing factors (i.e., risk evaluation)" Relationships between assets, processes, threats, vulnerabilities and other factors are analyzed in the risk assessment approach.

  7. PDF University Research Ethics Committee RESEARCH ETHICS RISK ASSESSMENT

    RESEARCH ETHICS RISK ASSESSMENT AND MANAGEMENT - EXAMPLE This form should be used to support the assessment of risks associated with your research project and their mitigation. This must be completed and submitted where relevant (see questions 43.2 and 44.1 on the Application Form for Research Ethics Approval).

  8. Project risk assessment: example with a risk matrix template

    Project risk assessment: an example with a risk matrix template Project Management Risk Management Agnieszka Sienkiewicz "Begin with the end in mind" (Stephen Covey) is to say, "Think first what could go wrong." A project is a collection of interconnected tasks that are bound to specific timelines, resources, and deliverables.

  9. PDF Risk Assessment Guide

    E. Examples of Research Studies with Suggested IRB Decisions . F. Additional Resources . A. Introduction to Risk Assessment and Reduction and the Role of the IRB. Risk Assessment involves the consideration of physical and psychological risks along with the protection of privacy. The student researcher, adult sponsor and qualified scientist must ...

  10. PDF Risk Management for Research and Development Projects

    This approach is based on the analysis of Knowledge gaps i.e. the gap between what we should know in order to succeed in the project and what we really know in the following two phases: Phase 1 - Risk identification and assessment; and Phase 2 -Risk mitigation. I. INTRODUCTION Risk can be sensitivity to stochastic variables.

  11. Research Project Risk and Compliance

    This is an online template that asks all the necessary questions to get you thinking about how data will be managed on your research project. Download and save a copy once created. ... ALL Research Projects must complete a Research Project General Risk Assessment (XLSX, 201.3 KB) (opens in a new window). This highlights the administrative ...

  12. PDF Research Risk Assessment Guidelines

    Research Risk Assessment Guidelines. Research projects that meet the Tri-Council definition of minimal risk are eligible for delegated review. Delegated reviews are to be conducted by one Associate Member and the Chair of the Research Ethics Board (REB). To help determine whether your research project meets the standard for delegated review ...

  13. PDF Appendix 2: Risk assessment matrix

    For example, an ethics review of a research proposal would be remiss if clear risks to researchers might be anticipated, or seen as potentially arising, and the REC made no observations or comment about it.

  14. The Essential Guide to Project Risk Analysis

    Project risk analysis is the process by which a project team assesses possible risks to a project. During this process, teams analyze the impact of each risk and begin planning to prevent or mitigate large risks. Project risk analysis is synonymous with project risk assessment. Both terms describe a process in which the team works to understand and deal with possible risks.

  15. 20 Common Project Risks

    20 Common Project Risks - example Risk Register Risk Management, Risk Analysis, Templates and Advice Mind Mapping Collaborative Online Mind Mapping: #1 Mind Mapping Tool Collaborate Anywhere Stunning Presentations Simple Project Management Innovative Project Planning Creative Problem Solving Home Risk Management Templates 20 Common Project Risks

  16. Project Risk Identification Guide & Workshop Toolkit

    Project Risk Identification Example. Project Risk Identification Workshop Toolkit; ... Although risk identification is a continuous process, it should begin before project risk assessment and project risk analysis, and before you finalize your project risk management plan. ... Research Risks: While performing research, you might come across a ...

  17. Risk Analysis: Definition, Examples and Methods

    Try it free How to Analyze Project Risks At a basic level, there are three things you should consider when assessing project risks: risk probability, risk impact and risk exposure. These three things can be estimated through qualitative and quantitative risk analysis. Risk Probability

  18. Risk assessment and risk management: Review of recent ...

    Under a Creative Commons. The paper reviews recent advances on the foundation of risk assessment and management. The paper points to areas where further developments of the risk field are needed. Examples of integrative risk research are highlighted. Risk assessment and management was established as a scientific field some 30-40 years ago.

  19. Project Risk Assessment in 2024: Guide With Templates & Examples

    Project Risk Assessment in 2024: Guide With Templates & Examples How to do effective project risk assessment? To do a project risk assessment you have to perform its four key elements: identifying risks, analyzing risks, determining risk response and documenting risks.

  20. 10 Free Risk Assessment Templates and Examples

    1. ClickUp Value Risk Matrix Template Assess risks and create risk ratings with ClickUp's List view A technical and effective way to understand what to prioritize in your business model and new idea list is by understanding the worth of these features and the degree of risk linked to the implementation.

  21. Experimental Risk Assessment

    Research personnel must complete the Process Risk Assessment form using the above matrix to determine the initial risk level. Medium and high risk levels must be re-evaluated to reduce the risk to an acceptable level. The form must be approved by the PI or Supervisor of the laboratory and sent to the EH&S for final approval. The experiment cannot be initiated until final approval is provided.

  22. Introduction to Risk Assessment in Project Management

    On this page: What is a risk assessment? What are Risk Assessment PMP and Risk Reassessment PMP? When is a Risk Assessment needed? Why is a Risk Assessment important? Example use of Risk Assessment: hurricane impacting town What inputs are needed for a Risk Assessment? What is a Risk Data Quality Assessment PMP?

  23. Research risk assessment

    The University standard on risk assessments provides guidance, tips on getting it right, as well as resources and the forms to help you produce suitable and sufficient risk assessments and must be used. Risk assessment template (.dotx) Flow chart to research risk assessment (.pdf) Research risk assessment: Risk estimation tool (.pdf)