15 49.0138 8.38624 1 0 4000 1 http://blog.zilicus.com 800 true

Back2Basics – Project Risk Management: Project Risk Evaluation

Project Risk Evaluation

In the second part of the series ‘Back To Basics’ of Risk Management, we looked at what is risk management, lifecycle of risk in risk management process and what is risk analysis. In this part, we will explore – details of Risk Evaluation or Risk Assessment.

Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.

What is Project Risk Evaluation | Risk Assessment?

Project Management Guide - Project Risk Evaluation

There are primarily two aspects of project risk assessment:

  • Probability of a risk: How much likely that the risk will happen?
  • Consequence of a risk: How severely will it affect us?

These two factors determine what is called as : Risk Exposure

Project risk evaluation is subjective to greater extent but with properly established policies, guidelines and practices it can be standardized to greater degree. Based on above two aspects, the rating for a given risk can be determined.

  • Determine likelihood of occurrence of a risk

This field gives the probability of occurrence of a given risk. Project planner/manager along with team members can determine probability (Rare, unlikely, Possible, Likely and Almost Certain)



Likelihood of Occurrence



Risk occurrence is highly unlikely.Exceptionally it may occur,

but most likely it will never occur



The risk occurrence is not expected. But in slight probability,

it may occur



This risk may occur some times as organization has

observed historical trace of such risks



This risk has strong possibility of occurrence as organization

has frequently observed trace of such risks


Almost Certain

This risk is most likely to occur. The instance/incidence

is expected to occur in speculated timeframe as

organization has observed trace of regular occurrence

of such type of risks

Table 1: Probability of Risk

  • Determine Consequence of occurrence or a risk

The severity of the potential loss, if risk occurs is the second parameter of risk evaluation. Again, this parameter is highly contextual. When team members register a risk, he/she may not have the complete idea of the situation. Hence project planner or manager is expected to take the context into consideration and determine the consequence of the risk if occur in future. Based on the learning from previous risks/history, organization may create a reference or guideline to determine severity of the risk. Project planner/manager refers such guideline and uses his/her judgment to determine the consequence of the risk in consideration.



Example to illustrate



Minimal project delay| loss; Less than a week| < few hundred $



Minor project delay | loss; more than 3 weeks| $100k< x <$10k



Moderate project
delay| loss; more than 12 weeks | $1M<x<$100k



Major project delay| loss; More than 2 month | $1M<x<$100k



Intolerable project delay| loss; More than 6 month | $x >$5M

Table 2: Consequence of risk

  • Determine the rating of risk

Based on probability of occurrence of risk and potential severity that it may cause, project managers can derive the rating the risk. Organizations with good project risk management practice have escalation guidelines based on the project risk rating. Which specifies what escalation matrix should be used depending on the rating of the risk.

The table below gives indicating ‘Required Action’ based on the rating of a risk. Your organization will have different required action or escalation matrix based on your industry/organization’s practices.


Required Action


Acceptable: Not mandated to deploy additional resources; Such risk is expected to be managed through normal routine.

Action:Track and review


Acceptable:Such risk is not expected to cause much damage or jeopardize the overall objective or effectiveness of project

Action: Project Manager to create a response plan.
Track and Respond.


Not Acceptable to larger extent: Such a risk is highly likely to cause considerable damage or jeopardies overall project objective or effectiveness.


Action: Project Manager to bring-to-notice of Senior management, mentioning expected support.Response plan to be created & reported to Director/ CxO

Not Acceptable at all:Such a risk is extremely likely to pose as a threat to the continuation/functioning of a project/ organization.

Action: Project Manager to bring-to-notice of Senior management for immediate action.Response plan to be created, managed by Director/ CxO.

Table 3: Risk Rating

As mentioned earlier, the organization as a whole need to assess these parameters, significance of each parameter and required action i.e. a meaningful guideline to state which risk can be assessed as ‘Major’ severity with what probability as ‘Likely’. Though ‘Likely’, ‘Extreme’, ‘Moderate’, ‘Catastrophic’ are generic terms, the resource who will work with reference to these terms need to understand clearly, what they need to do with it.

Let me know how you find this post. I would love to hear your feedback.

About Zilicus

Zilicus offers the best project portfolio management tool ZilicusPM, with robust project management tools capabilities and easy ways to track project management KPI,

Know more about project portfolio managementGantt chartbest project management toolproject management office, project management tips, project planning guideproject risk managementproject scope management, effective project management, project manager guides and know more about Project Portfolio Management Software, Project Management Software Guide.

Back to Basics– Project Risk Management: Project Risk Analysis
Back2Basics – Project Risk Management- Risk Assessment and Risk Response

I am a co-founder of Zilicus Solution and I write about project management, collaboration, productivity, project management software, cloud computing, requirement management and business empowerment.