Module 1. Introduction to risk assessment and quality project management

Learning Outcomes

  • Contextualise what risk assessment and risk management encompass.
  • Analyse the process of risk management.
  • Determine the importance of quality management for a project.

This introduction to project risk assessment and quality project management is aligned with the PMI Global Standard for project management, namely the PMBOK Guide, 7th edition.

According to The guide to the project management body of knowledge (PMBOK@ Guide), a risk is an uncertain event that, if it occurred, has an effect on at least one of the project objectives.


Conducting a risk assessment is not uncommon. But please note that this is a step that needs to take place prior to the project manager engaging in the process of managing the risk. Risk assessment and risk management differs; however, it is clear that these are integrated. Risk assessment in project management is the systematic process of detecting hazards, uncertainties and barriers and analysing any related risks, followed by implementing appropriate control measures to eliminate or mitigate them. These control measures directly reflect the management process for the risk.

The project risk management strategy addresses the risk assessment process and creates a blueprint for the project manager and the project team that allows them to identify, classify, prioritise, and mitigate risks. Overall, the technique known as risk management includes an assessment of the risks involved; therefore, it becomes critical for the project manager to understand and master this process in the early stages of the project life cycle. If the risk assessment process – the beginning of a health and safety management approach – is not conducted effectively or at all, it is doubtful that the required preventive actions will be identified or implemented. Consequently, the project outcomes become compromised.

With the risk assessment procedure, the project manager examines the project activities to:

  • identify procedures and circumstances that have the potential to create harm, and especially impact the success of the project completion
  • determine the likelihood of each risk occurring and the severity of its potential repercussions
  • determine what measures can be adopted to prevent the occurrence of or to mitigate these risks.

It is essential to distinguish between uncertainties, hazards and risks. A hazard is anything that has the potential to cause harm, such as workplace accidents, emergency situations, poisonous chemical substances, employee disputes, stress and so on. In contrast, a risk is the likelihood that a danger may produce harm. Uncertainties are considered triggers to potential risks and/or hazards. As part of the risk assessment plan, the project manager will identify the various uncertainties that can impact the activities of the project, identify hazards, and then quantify the probability or risk of their occurrence.

Depending on the project field, the objective of a risk assessment strategy is to assist businesses to prepare for and minimise risks. Other objectives include:

  • provide an evaluation of potential project variation
  • prevent variation of project specifications
  • meet legal obligations
  • develop a precise listing of accessible assets
  • justify the expenses of risk management
  • determine the budget for risk mitigation
  • understand the return on investment of applying a risk management strategy.

Before introducing new processes or activities, businesses should conduct a risk assessment.

It is important for risk assessments to be adapted to each individual organisation and project field. Although there is no policy that ‘fits all’, there are certain fundamental concepts that we may follow to establish appropriate risk assessment methods and develop a robust risk management approach. The following modules in this book will discuss some of these processes in details.

Why is risk management important in project management?

An unmanaged risk can make it difficult for a project to meet its goals and may even make it impossible for the project to be successful. Risk management is essential during the start, planning, and execution phases of a project; when risks are well managed, the probability of a successful project considerably increases.

Project managers can determine the strengths, weaknesses, opportunities, and hazards that are associated with the project by using effective risk management methods. As a project manager, you might be better prepared to deal with uncertainties if plans are made for these and the project team is guided to mitigate them as well. It is important to define how as project managers we can deal with any risks to ensure the successful completion of our projects. This will enable us to recognise, minimise or eliminate problems as they arise. Successful project managers are therefore aware of the significance of risk management. This is because the success of a project depends on factors such as planning, preparation, outcomes, and assessment, all of which contribute to accomplishing strategic goals.

Putting together a plan for success

Establishing a list of both internal and external risks is one of the ways in which risk management strategies help with project success. This strategy will normally include the risks that have been identified, along with their associated probabilities, potential impacts, and recommended countermeasures. Events with a low risk typically have a minimal or no effect on the budget, the schedule, or the performance. A moderate amount of risk might result in a small but noticeable increase in costs, a disturbance of the schedule, or a decline in performance. Events with a high probability of occurring are very likely to result in a substantial increase in the budget, a disruption of the schedule, or performance issues. Regardless, it is the responsibility of the project manager to establish a plan for the project success and managing risks can be the start of this journey.

Effective project managers also communicate their strategy to the project sponsors, stakeholders, and team members to guarantee that projects are carried out without a hitch. Stakeholders who supply financial support and whose lives are influenced by the results will have expectations as a result of this. Therefore, engaging stakeholders early in the project guarantees that the project is carried out efficiently so that the transition from one phase to the next is uninterrupted. By establishing clear and transparent communications it can be guaranteed that the whole project team will be able to respond successfully to issues that arise and call for action by recognising possible risks in advance, taking steps to minimise them, and dealing with those that do arise.

Proactivity vs reactivity

If the project host organisation has a risk management strategy in place, as a project manager you won’t have to spend time continually putting out fires since you’ll be able to be proactive and take measures to limit any damages before they even occur. The team working on the project will have the ability to turn the risks that have been identified into practical activities that will lower the possibility of these occurring. These actions are then recast as backup plans, which ideally won’t need to be implemented. In the case that a risk event takes place, the contingency plan may be developed quickly, which will reduce the amount of time that a project is potentially delayed.

Project managers can potentially increase the likelihood of the organisation’s success by reducing and removing the risks prior to these eventuating. Project success can more likely be achieved by proactively minimising or eliminating risks so that projects can effectively be completed on time, under budget and meet the required specifications. In other words, by acting proactively and not reactively, projects managers can efficiently and effectively deliver projects. When an organisation doesn’t have specific techniques for risk management, proactive initiatives don’t exist, leaving the organisation exposed to challenges and becoming reactive and susceptible to failure. Organisations can maximise earnings while minimising costs associated with operations that don’t yield a return on investment because of effective risk management tactics. Effective project managers use extensive proactive analysis to determine whether current effort should take priority depending on the results achieved, regardless of the uncertainties or challenges faced.

Overall, risk management is essentially a technique in which we investigate, identify, and assess the risks that might influence our projects and then take measures to reduce those risks. The successful completion of our project depends on our ability to effectively identify, assess and manage the associated risks, which makes risk management an essential component of project management. A plan of action comprised of several stages that are carried out to guarantee that the risk is removed is what is known as risk management. As project managers we proactively respond to risks. However, if we are dealing with risks that are beyond our ability to manage, one option is to devise a plan of action that can lessen the impact of the risk, given that it is impossible to eliminate the risk entirely and given that it is unprofessional to react to the risk rather than to plan an effective response.

The role of project managers

Project managers with a good knowledge of risk assessment and management are those who are fully aware of all that is needed around risk management processes, regardless of the organisation type or project field, and aware of the many strategies to reduce them. There is no doubt that project managers are responsible for managing risks. As we are now living in the age of uncertainties and multitasking, different organisations demand project managers to also be risk managers in addition to their other responsibilities. In fact, a significant number of organisations specialising in project management now provide project managers with training in risk management.

In the field of project management, risk management is of critical importance. It enhances the organisation’s chances of becoming successful in every project endeavour. When working on a project of any kind, planning and putting into action an effective risk management strategy is beneficial in a number of ways. As project managers you will:

  • assist in avoiding any major risk effects
  • provide the project team with the right tools to attain project management satisfaction
  • ensure the timely and profitable completion of the project
  • evaluate new opportunities on an ongoing basis.

How to manage project risks

The right risk management approach helps enhance the chances of project success and keeps the project schedule and cost deviation near to zero. But how to manage the process? There is a lot of literature describing various processes of risk management. In this module we will provide you with an overview of the steps involved in applying such systems. However, in later modules we will address each component in detail and provide you with various methods and application techniques.

Figure 1 shows the entire flow of the process, along with relationships and dependencies among each of the highlighted steps. The process starts with developing the risk management plan, followed by a risk assessment, identifying specific risks to the project, performing a qualitative analysis, performing a quantitative analysis if required, and planning the risk response.

Figure 1. Example responsibility matrix, by Carmen Reaiche, Samantha Papavasiliou and Frank Anglani, licensed under CC BY (Attribution) 4.0

responsibility matrix diagram showing the flow of the process along with relationships and dependencies among each of the highlighted steps. The process starts with developing the risk management plan, followed by a risk assessment, identifying specific risks to the project, performing a qualitative analysis, performing a quantitative analysis if required, and planning the risk response.

Overall, the process of risk management plays an essential part in the effective management and successful completion of a project. It is of critical importance in this process to conduct a risk analysis when establishing the scope of the project and planning accurate estimates, all of which contribute to effective project planning. Information on the feasibility of the project and information to enhance project planning are both made available through the process of identifying and analysing project risks. As discussed earlier, one of the main goals of project risk management is to identify probable risk events and circumstances and to keep all stakeholders fully informed about these. The most important result of effective project risk management is increasing the chance that the project’s value will be optimally realised and that the project will have a successful end.

A failure to undertake project risk management to an acceptable level might have unfavourable consequences. It is possible to arrive at the erroneous conclusion that all potential risks have been eliminated and that there are no additional issues to be concerned about. It is also possible that it could lead to the project being terminated unnecessarily, which would result in the loss of the opportunity to take advantage of any potentially beneficial risks. The organisation and the project manager must also be well aware that risk management does not come for free; in most cases, it adds major expenses and time to the completion of the project. Therefore, appropriate funding needs to be allocated to this process if an effective outcome is expected. Only then can the organisation see the value of investing in the process and hope to prevent long-term impacts and project failure.

Quality project management

It is impossible to stress how essential quality is to successful project management. The project team will be able to reliably offer high-quality goods and services if the project manager is also able to implement an effective project quality management strategy. Therefore, we have decided to combine both risk and quality management processes in this book. So, let’s now talk about what quality project management encompasses.

The methods and actions that are used to determine and attain the quality of the deliverables produced by a project are included in the scope of what is known as ‘project quality management’. However, quality is often difficult to pin down. How can one define quality? When it comes to project management, quality refers to the client’s or other key stakeholders’ requirements for the deliverables of the project.

We can summarise quality as:

the degree to which a collection of intrinsic features fulfills standards.

To be able to expand the definition of quality, it is necessary to understand the following terms.

Validation: confirmation that the service/product satisfies the agreed scope requirements.

Verification: conformity with specifications.

Precision: the exact outcome to the agreed scope requirements.

Accuracy: the proximity to the agreed scope requirements.

Tolerance: acceptable range of outcome variation.

In the late 1980s, project management incorporated quality management. No one can dispute the fact that project management is now quality-driven. Everyone chooses ‘quality’ project delivery above mere project completion (Rever, 2007) . A project quality management strategy is implemented under the direction of project managers, but the exact definition is given by the degree of flexibility in the project outcome requirements. Again, the primary objective is to produce a product or service according to the customer’s or stakeholder’s standards. This requires good knowledge and understanding of quality management concepts. There are 3 main concepts:

1. Satisfaction of customers

Without client satisfaction, quality cannot exist. Even if a delivery satisfies all of the customer’s or stakeholder’s requirements, if the process itself was not satisfying, there is still an issue. Obviously, the deliverable must fulfill these standards, otherwise, the project has failed since neither the project’s outcome, nor its management, has met the customer’s or stakeholder’s expectations. The project must deliver what was promised in order to fulfill the customer’s requirements. The project team must identify the clients, comprehend their explicit and implicit requirements and then transform their requirements into practical solutions. The PMBOK defines it as ‘conformance with requirements’ and ‘usability’.

Implementing quality control therefore requires controlling both procedures and people. Meeting regularly with the project customer(s) or key stakeholder to provide updates is a great quality management approach.

2. Prevention

The quality of a project is planned, not examined. It is always less expensive to avoid errors than to repair them. The Cost of Quality (COQ) is the amount of money paid during and after a project ends to address issues and correct errors. Minimising COQ is the number one priority for the project manager. COQ is divided into two categories: conformance and nonconformance costs. We will discuss these in more detail in later modules; however, Table 1 provides a brief example of each.

Table 1. Cost of Quality (COQ) examples

Conformance costs: considered preventative costs Nonconformance costs: considered as internal failure costs
Documentation procedure Process/task/objective discard
Training Process/task/objective revision – rework
Equipment needed Warranty work
Testing time evaluations Organisation losses
Product/service inspections Liability

3. Continuous improvement

The concept of excellent project management entails an ongoing commitment to improve outputs throughout the duration of the project. Whether these improvements are done on a small scale, as gradual changes or massive ones, the chance to recognise and respond to change needs to be present in the day-to-day activities of the project work breakdown structure and the project manager’s daily management approach.

The concept of continuous improvement needs ongoing monitoring and adequate forms of documentation of any issues faced, so that the lessons learnt may be applied to the management of future initiatives and serve as the basis of quality management.  However, for this to work, the project host organisation must be dedicated to developing and implementing well-defined processes as well as allocating resources to have the right continuous improvement system in place.

Prior to planning for quality, a project manager must understand the quality expectations. What are the quality standards of the organisation executing the project, and which quality standards apply to the specific nature of the project? As part of the planning process, the project manager and project team must establish the needs, determine how a stakeholder’s requirements may be fulfilled, and identify the expenses and time needed to satisfy those requirements. We will discuss these fundamental processes in later modules.

Overall, it is valid to state that the key stakeholders in a project define the quality attributes. The most prevalent quality attributes are performance, usability, appropriateness, dependability, and consistency, among others. The quality levels of these phrases are measured in accordance with project and organisational criteria and overall strategy. From project start to project completion, quality standards should be applied at each step and phase of the project life cycle. Thus, quality management should be implemented from the beginning to the finish of a project.

Now let’s review our knowledge:

Key Takeaways

  • The project risk management strategy addresses the risk assessment process and creates a blueprint for the project manager and the project team that allows them to identify, classify, prioritise, and mitigate risks.
  • When you begin the process of preparing for a project, one of the first things you need to think about is what may possibly go wrong with the endeavour.
  • In order to get started with risk management, it is essential to begin with a crystal clear and specific explanation of the project’s expected final outcome.
  • Project quality management is the practise of managing and maintaining quality throughout a project.
  • The immediate result of paying insufficient attention to quality is more rework and faults.
  • Any modifications made to the parameters of the project should also result in a quality check being performed by the project manager and their team.
  • The project manager should devise a strategy to ensure that procedures are continuously improved and put into action.


Rever H (2007) ‘Quality in project management: a practical look at chapter 8 of the PMBOK® guide’, paper presented at PMI® Global Congress 2007, Latin America, Cancún, Mexico, Project Management Institute, Newtown Square.

Project Management Institute (2021) A guide to the project management body of knowledge (PMBOK Guide), 7th edn, Project Management Institute Inc, Pennsylvania.


Icon for the Creative Commons Attribution 4.0 International License

Risk Assessment and Quality Project Management by Carmen Reaiche, Samantha Papavasiliou and Frank Anglani is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.