What is risk management?


Risk analysis and risk management is a process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities and outcomes. 

Definition from APM Body of Knowledge 7th edition  📖

Risk management

Risk management is focused on anticipating what might not go to plan and putting in place actions to reduce uncertainty to a tolerable level.

Risk can be perceived either positively (upside opportunities) or negatively (downside threats). A risk is the potential of a situation or event to impact on the achievement of specific objectives

Working with the risk owner, the project professional ensures that risks are clearly identified before moving on to the risk analysis step of the risk management process.

The project risk management process reflects the dynamic nature of project­work, capturing and managing emerging risks and reflecting new knowledge in existing risk analyses.

A risk register is used to document risks, analysis and responses, and to assign clear ownership of actions.

(Illustration from Project Risk Analysis and Management Guide 2nd edition)

This video is hosted by a third party (YouTube.com), you cannot view this video content unless you accept marketing cookies to be able to view this content. If the popup doesn't appear, please clear your browser cache and refresh the page.

What is risk analysis?

Risk analysis provides guidance on where the greatest vulnerabilities lie. Because risk analysis is fundamentally perception based, it is important for the project professional to engage stakeholders early to identify risks.

To make sense of differing perceptions, it is important to describe risk events clearly, separating causes (facts now), from risk events (situations that may occur), from effects (that have an impact on one or more of the project measures). This enables subsequent analysis and management of risks.


Effective risk analysis and contingency planning will see planned time and/or contingency used. Unused contingency is most likely caused by overestimation, luck or the efficient management of risk. Insufficient contingency is most likely caused by optimistic estimation, bad luck or inefficient management of risk.

Outputs from risk analysis help the project professional to:

  • Understand the probability of achieving out­turn dates, costs or
  • Inform and influence decision-making about the chances of achieving the business case and
  • Agree the level of contingency to provide the required level of confidence.

Related reading

Risk management is fun    BLOG  
Admittedly the title is a considerable stretch, but it doesn't have to be excruciatingly boring... read more

Successful quality management requires expert risk management    BLOG   
“Risk management should be an ongoing part of the quality management process; a mechanism to review or monitor events should be implemented.” ... read more

How to minimise cost risks in projects    BLOG   
Studies show most projects fail due to poor management of known risks which includes cost. Cost problems are often due to insufficient budget, poor budget control and poor planning ... read more

How to plan for the 'unplannable': human error    BLOG   
The traditional approach to risk management does not take into account human error. This, in itself, is a mistake ... read more

Dealing with project risks effectively    BLOG  
How to identify risks on a project and how to ensure the risks were specific to the project and not general business-as-usual risks... read more

Exploring the emerging trends in risk management    BLOG  
A presentation on the emerging trends in the marketplace against a setting where risk management is now seen as a significant enabler of decisions and no longer just about ‘tick-box’ compliance... read more

Top 10 myths of risk   BLOG  
Since the dawn of time, mankind has used myths to make sense of the uncertainty that surrounds us... read more

What do black swans have to do with risk?    BLOG  
Occasionally during risk workshops, someone (normally arms folded and wearing a smug expression) brings up the subject of black swans... read more

APM Body of Knowledge 7th edition

You can read more about risk management in chapter four of the APM Body of Knowledge 7th edition.

The APM Body of Knowledge 7th edition is a foundational resource providing the concepts, functions and activities that make up professional project management. It reflects the developing profession, recognising project-based working at all levels, and across all sectors for influencers, decision makers, project professionals and their teams.

The seventh edition continues in the spirit of previous editions, collaborating with the project community to create a foundation for the successful delivery of projects, programmes and portfolios. 

APM Body of Knowledge

Prioritising Project Risks

Prioritising Project Risks

View in bookshop

Interfacing Risk and Earned Value Management

Interfacing Risk and 
Earned Value Management

View in bookshop

Project Risk Analysis and Management Guide

Project Risk Analysis and 
Management Guide

View in bookshop

Project Risk Analysis and 
Management Mini Guide

Find out more


The APM Risk SIG (Specific Interest Group) provides a forum in which to share knowledge and ideas, develop expertise and understanding and actively promote the adoption of project risk management. 


Could you be a project manager?

A good place to start is to visit our careers section; this provides you with the tools and resources to begin your project management journey.

APM Careers

Join APM

Sign up to the APM Newsletter.