Managing risk as a project manager – simple Excel model

Risks can’t be avoided as a project manager, so the way to manage a project is to understand all risks involved in your project. Wikipedia says risk management is the identification, assessment, and prioritization of risks and in ISO 31000 defines risks as the effect of uncertainty on objectives.

There are different methods to manage risk and the main characteristics of these methods is that they all identify the risk, determine expected likelihood and consequences and prioritize risk measures. To make this easy, no matter which method you choose to manage your risks, a simple excel model comes in handy and that’s what I’m going to focus on in this article.Start by making a long list of all risks you can think of that impact in one way or another on your project. Where possible define counter measures and responsible persons. Include both risks specific to your project and more general risks like for example user knowledge, team skills and experience, complexity of requirements and resistance to change.

When your risks have been identified and assessed you can categorize your risks into four major categories showing how to handle the risks as described by Dorfman[1]:

  • Avoidance (eliminate, withdraw from or not become involved)
  • Reduction (optimize – mitigate)
  • Sharing (transfer – outsource or insure)
  • Retention (accept and budget)

Once you’ve defined all types of risks it’s time to rate the risk. Using the formula Probability x Severety = Importance, or sometimes also described as Likelyhood x Impact = Risk[2], you get a number/value on your risk so you can rank and sort your risks. By giving each risk a value from 1-5 for Probability/Likelyhood depending on how likely this risk may happen in your project, and doing the same thing for Severety/Impact you get a value from 1 to 25 for each of your risks where 25 is a very high priority risk.

The number of high priority versus low priority risks can be visible using a chart (bubble chart), where you get a bigger bubble the more priority a risk needs. In the example chart both the orange and the blue bubble represents high priority risks that needs attention, closely followed by the yellow bubble.

The bigger bubble the bigger risk for the project, the more bubbles in the upper right corner the more risky project.

The bigger bubble the bigger risk for the project, the more bubbles in the upper right corner the more risky project.

In the above example the blue bubble got a score of 16 (4 x 4), the orange bubble a score of 15 (5 x 3) and the yellow bubble a score of 10 (2 x 10).

Download the excel file here.

  1. Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.). Englewood Cliffs, N.J: Prentice Hall. ISBN 0-13-224227-3.
  2. “Risk is a combination of the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health that can be caused by the event or exposure(s)” (OHSAS 18001:2007).

Spread the word. Share this post!

About the author

High tech IT controller with experience in Excel, Access, SQL, and various BI solutions like IBM Cognos, QlikView and PowerPivot.