How to Create a Project Management Risk Matrix


Project Management Risk MatrixAll projects have potential risks. Be ready for them by creating a project management risk matrix. You’ll be like a project ninja – nimble and ready for all those potential threats to your well-laid plans. 


I don’t talk about what a worrier I am much here on my blog. It comes out occasionally, like this post titled My Project Planning Cheat Sheet, where I share a list of questions I ask when planning projects, just to ensure I don’t miss anything. This is because even though I’m very optimistic and upbeat by nature, I’m also prone to conjure up images of worst-case-scenarios.

For example, even when my family went to Disney World, the Happiest Place on Earth, I imagined us losing our child in the throngs of people there. So we came up with our risk management plans:  we taught our daughter how to approach the right people who could help her, we found out where parents should go, and we even wrote our cell phone numbers in Sharpie on her leg. As a result, I was able to relax a bit more and enjoy the experience.

Regardless, as unpleasant as my doomsday thoughts sound, I think my worrying serves me as a project manager. I hate the bad kinds of surprises so much that I want to be ready in case things don’t go as planned.


Planning for Project Risk

In an effort to ensure your projects run as smoothly as possible, it’s good to think about project risk as early as you can.

The approach you take in executing your project can in itself present risks. How management and the team plan to structure and carry out the effort can be problematic if it’s done on too grand a scale. If your project is extremely large and complex, it may be difficult to manage all the components. Breaking the project down into smaller projects could be a safer approach.

In their 2011 article Why Your IT Project May Be Riskier Than You Think , Bent Flyvbjerg and Alexander Budzier discuss their study of 1,471 IT projects in which they identified massive project schedule and cost overruns that resulted in huge losses.

Flyvbjerg and Alexander state that “…smart managers…break big projects down into ones of limited size, complexity, and duration; recognize and make contingency plans to deal with unavoidable risks…”

For this reason, proactively considering project risk, and planning for it up-front can increase the chances of success for your project. You can do this by creating a formal plan to address risk through the life of your project. Consider potential cost overruns, delays and reduced return on investment, and sleep easier at night knowing you’ve planned for what might otherwise be ugly surprises.

Some potential project risks

There are many different types of risks that could befall your well-planned project. I’ve listed a few just to get you started thinking about all those things that could go wrong:

  • Delayed Vendor deliverables or materials
  • Resource constraints
  • Inaccurate cost estimates
  • Low stakeholder support
  • End user availability / involvement
  • Highly customized systems
  • Incomplete requirements gathering
  • System crashes
  • Integrated systems will not be available for testing

Additionally, I found this long list of schedule risks at You might find it helpful as you work through potential risks to your project.

Some risks might not be as obvious. Once I had a coworker who’s project encountered significant delays and cost overruns due to vultures roosting on a cell phone tower he had to install equipment on.  He didn’t think it was funny (I thought it was hilarious), but he did indulge my regular questions on the latest crazy stories he had about it.

I once had a coworker who’s project encountered significant delays and cost overruns due to vultures roosting on a cell phone tower.

What is a Project Management Risk Matrix

The Project Management Risk Matrix is a tool that will allow your team to identify and manage  potential project risks.  You pull together important information and use this as a guide to actively manage risk through the life of your project.


How to Create the Project Management Risk Matrix

Creating a project management risk matrix is NOT something you do alone at your desk, cleverly coming up with a list and calling it done.

On the contrary, this is a team effort. Pull together your team to gather information on all types of potential problems you might encounter. Managers and customers can provide insight and help to identify potential risks that other team members might not think of.

  • Get the team together for a brainstorming session, in which everyone identifies potential risks. Your team can help you compile a list of risks might come up during your project.
  • Conduct interviews with various people associated with the project. There may be others not as heavily involved in the work, but who can also provide valuable insight. Talk with people on teams that are impacted or have interfacing systems. Talk with others who have worked on similar projects.
  • Review the risk tables and documentation from other projects to see if there’s something you had not thought of.


Furthermore, you’ll not only rely on your team to help identify the potential risks, but also the potential ways of dealing with these risks.

This does several things for your team:

  • gets them thinking about potential problems that could come up
  • gets them thinking creatively about ways to address or deal with these risks
  • helps them take ownership in addressing risks


How To Compose the Project Management Risk Matrix

Your Risk Matrix will contain information that will be helpful to not only identify the risks but make other determinations about them. It might include the following information:

  • Risk ID – A unique identifier for tracking purposes.
  • Identified Risk / Description – what the risk occurrence is and how it might negatively impact the project.
  • Likelihood of Occurrence – the likelihood that the event will occur.
  • Potential Consequence / Impact – How risk might affect the project if it occurs. For example, if a shipment of servers arrives late, it could impact the software installations. If another project with shared resources runs longer than planned, it could impact the start date of a component of your project.
  • Risk Category – If desired, you can categorize your risks into similar groups. Examples might be cost, schedule, resources, regulatory, or any others that are relevant to your project.
  • Impact – the degree to which the event will affect the project. You could state this in terms such as Low, Medium, High, or in a numerical range from 1 – 5.
  • Risk Trigger – Events that indicate a need to implement a contingency plan. For example, a shipment of servers needed for your project doesn’t ship on the planned date due to inclement weather.
  • Who is Responsible – The person who will be responsible for tracking the risk and following up on / carrying out the mitigation plan if the risk occurs (if appropriate).
  • Mitigation Plan – The steps the team will take to reduce or eliminate the risk. For example, if the servers don’t ship on time, then the team might use servers provided for Project X instead.

Once the project is underway, manage these risks by adding “Action” and “Status” columns to your matrix:

  • Action – Any actions that have been carried out as a result of the identified risk
  • Status – Status of the risk


Pull it All Together

In order to create your document, you can pull it all together using Microsft Excel or a similar tool.  Or you can download a template that I’ve prepared.



Manchester Metropolitan University has a nice Project Risk Analysis Toolkit available online that I want to point out. It’s clearly laid out and may also be helpful.

Additionally, the Project / Portfolio Management tooling your company uses might also have a risk management component within it. It’s worth checking if it makes tracking and sharing this information easier.


Quantitative Risk Analysis

I’m going to limit the scope of this post to creating a simpler risk matrix. However, there are sophisticated forms of risk analysis techniques your team might be interested in.  I’ll list a few in case any of you have an interest in digging deeper elsewhere for more information. Several of these methods are as follows:

  • FMEA – Failure Modes and Effects Analysis – According to the American Society for Quality (ASQ), “Failure modes and effects analysis (FMEA) is a step-by-step approach for identifying all possible failures in a design, a manufacturing or assembly process, or a product or service.” Find out more HERE.
  • Probabilistic Analysis – NASA has a tutorial by HERE
  • Monte Carlo simulation – RiskAmp has a good walkthrough HERE
  • Decision Tree – MindTools has a great explanation HERE


As promised, here’s the Project Management Risk Matrix I’ve prepared – feel free to download and use it for your next project.


Once you’ve put your Risk Matrix together, and your project is underway, read my post on How to Manage Project Risk While Running Your Project

One Response

  1. Malcolm West December 9, 2016
  2. Pingback: Project Management Overview - Project Bliss October 22, 2016

Leave a Reply