Podcast Episode 5: Opportunity and risk management in project management

Don't feel like reading? Watch our first podcast episode on YouTube.

Opportunities and risks accompany us throughout our lives and, of course, do not stop at our projects. Both in our lives and in our projects, we want to hold the scepter in our hands and not let risks control us. That is why we need to be transparent about the potential deviations from the plan, both positive and negative, and manage them where possible.

In this podcast episode, I will therefore provide you with important methods and information that will help you to identify, analyze, evaluate and manage the risks in your project.

By the time you get to the end of the episode, you'll know

  • what risk management is,
  • how to successfully identify, analyze and evaluate opportunities and risks,
  • How you define and actively manage the necessary measures,
  • How to track your risk portfolio in its entirety
  • and what success factors are in risk management.


Every project manager should have had a few points of contact with risk management. At least under the terms project risk analysis or risk and opportunity analysis.

But what does the terms risk and risk management mean?

In short, a risk is the negative deviation from the plan. In a project, one always speaks of a risk when an event jeopardizes the success of the project - for example, due to delays in the project schedule, an overrun of the budget or another negative impact on the project result.

A risk is a negative deviation from the plan.

Risk management is the systematic process of identifying, analyzing, assessing, managing and monitoring risks to ensure that the objectives of a project, company or organization can be achieved within a defined framework.

All in all, it can be said that risk management helps to avoid, reduce or transfer project risks and thus supports the achievement of goals and presents them transparently.

Risk management follows the process


Identify risks


Analyze risks


Plan actions


Controlling measures

This process is not only carried out once at the beginning of the project, but is repeated several times over the entire duration of the project - at the latest at each milestone, this process should be repeated again in order to determine the status of the known risks and to identify and actively control new ones.

At this point, I would like to briefly mention that depending on the project management methodology, the rules for successful risk management can also differ slightly. We ourselves practice classic project management according to IPMA in most projects, which you may notice in the following expressions I use. However, the other project methodologies are just as correct and can of course be applied by you as well.

Risk analysis in projects is generally based on the results of the stakeholders or the environment analysis and forms the basis for defining the risk strategy and subsequent risk monitoring and management during project execution.

1. Identify risks

In order to successfully manage risks in the project, they must first be identified. The easiest way to identify these is to look at your internal and external environment.

Some risks are usually identified as part of the stakeholder or environment analysis. Often as part of a SWOT analysis. In any case, these can be adopted for the risk analysis. However, a SWOT analysis alone does not replace a dedicated risk analysis for the project.

To identify further risks, we recommend various creativity techniques (e.g. brainwriting, mind mapping, headstand method, FMEA). There are no limits to creativity.

In the first step, it is important to talk to all stakeholders and project team members and to ask each individual about all risks for his or her area of responsibility.

These are listed in a table in the first step.

Subsequently, the cause of each risk noted and a classification is made.


Ideally, the risks are formulated directly to include the cause.

For example: price increase due to inflation or price increase due to internal cost pressure. The risk in both cases is the price increase. In this way, however, it is much easier to derive the appropriate measure for each identified risk at a later date.


Here is an example of the categories into which risks can be classified:

  • Commercial risks

  • Resource Risks

  • Technical Risks

  • political risks

  • Schedule risks

2. Analyze risks

Once the risks have been identified, they are examined in more detail and analysed with regard to the probability of occurrence and the amount of damage. This analysis can be done either qualitatively or quantitatively.

In the qualitative analysis, it is said whether the probability of occurrence and the amount of damage, e.g.

  • very low,

  • low

  • high or

  • is very high.

Quantitative analysis, on the other hand, defines a concrete percentage value for the probability of occurrence. For example, 90% instead of "very high".

And the amount of damage is defined in terms of a monetary value, e.g. 2,000 EUR damage instead of "low".

In the company, it is always advisable to carry out a quantitative analysis and make the effort to concretely determine the probability of occurrence and the damage. In this way, the risk score can also be determined, which is an indicator for the prioritization of risks.


The risk score is made up of the probability of occurrence multiplied by the amount of damage. Here's an example:


Probability of occurrence 40 % (0.4)

Amount of damage: 10,000 EUR

The risk value is 4,000 EUR



Probability of occurrence 60 % (0.6)

Damage amount 6,000 EUR

The risk value is 3,600 EUR


This means that my number 1 risk should be prioritised higher than risk number 2.


After the risks have been analysed and assessed, it is important to develop appropriate countermeasures for each risk and to supplement them in the risk table.

In the first step, these risks are listed in a table.

The cause is then noted for each risk and a classification is made.

There are various strategies for this. Risks can be avoided, reduced, limited, transferred or accepted.

As a preventive measure, you can avoid taking the risk in the first place (strategy: avoid risks) or reduce the probability of occurrence through technical, organizational or personnel measures (strategy: reduce risks).

In the case of risks whose probability of occurrence cannot be reduced in advance, it is advisable to develop corrective measures. In other words, measures that at least minimise the amount of damage when it occurs (strategy: limit risks).

Another corrective measure would be to transfer the risk to a third party, for example by taking out insurance (strategy: shifting risks).

In certain cases, it may also be the case that management accepts a risk and does not need to define a measure for it. However, this should only be done in the case of risks that have a low probability of occurrence and a low level of damage.

Depending on the chosen measure, the probability of occurrence is reduced (preventive)

or the amount of damage (corrective). In the best case, both preventive and corrective measures can be developed for a risk.

The extent to which the probability of occurrence or the amount of damage is reduced can be easily determined. For this purpose, taking into account the measures developed, the probability of occurrence and the amount of damage are again estimated. With the help of these two pieces of information, the risk value can be calculated again.

If you compare the previous risk score with the new risk score, you can see how useful the measures identified are.

An indication of which of the planned measures should be implemented is also that the sum of RWneu and the costs of the measure should be smaller than the old risk value.

4. Controlling measures

After the measures have been planned and initiated, it is important to monitor and control them regularly during the course of the project. Risk monitoring should therefore be an integral part of project controlling. In the course of this, each project manager should check to what extent the risks are still current or whether new ones have been added, and review the assessment of the probability of occurrence and the amount of damage and adjust them if necessary. The results of risk monitoring can have an impact on all project plans (e.g. resource planning, cost planning, process and scheduling) and make it necessary to adapt them. Important: Risk management is not a one-time affair, but an ongoing part of project management.

The current risk situation is also part of the regular project status report.

Now let's move on to the factors that contribute to successful risk management.

Because in the course of the project, there are many challenges in terms of risk management that you should tackle skillfully.

  • Be persistent in the risk survey of the stakeholders/project participants – usually nothing comes at first and then suddenly they all literally bubble away.

  • Document all the risks and measures mentioned and be sure to coordinate them again afterwards - even if it is time-consuming. The respective project participants must stand behind the evaluation.

  • Make opportunities and risks transparent and document and communicate them - again and again!

  • Be proactive!

  • Creates awareness of the risks and their consequences throughout the team.


Transparent and effective communication about risks is crucial for the success of risk management and the project. Here are some recommendations for you out there as a project manager:

  • Create an open and trusting atmosphere within the team that allows members to communicate risks without fear of negative consequences.

  • Hold regular team and stakeholder meetings to discuss the current state of risk. Encourage the team and stakeholders to actively provide feedback and share their perspectives on the risk landscape. This fosters collaboration and enables a holistic view of potential risks.

  • Define clear communication channels and means for risk reporting within the team and to stakeholders. This ensures that relevant information is shared quickly and efficiently. Don't cancel the meetings, even if there are no significant changes in the risks. Continuous communication builds trust.

  • Focus the communication on the material risks to enable a clear focus.

  • In addition to communicating the existence of risks, explain the potential impact on the project and what actions will be taken to manage the risks.


Successful projects are often characterized by a proactive approach to identifying, assessing, and managing risks, while failures are often due to inadequate risk management or failure to adapt to changing circumstances.

Risk management at the Øresund Bridge, which connects Denmark and Sweden, is considered to be particularly successful.

The project team carried out a thorough analysis of the potential risks, both technical and non-technical. This included financial, political and environmental aspects. Based on the risk analysis, the team developed proactive risk management plans. Not only did they identify risks, but they also planned how they would deal with them if they occurred. Risk management also included long-term considerations, particularly with regard to the life of the bridge. This included maintenance, environmental impact and future developments. In addition, the cooperation between the various parties, including engineers, planners and policy makers, was well coordinated.

The combination of these factors contributed to the fact that the Øresund Bridge was not only successfully completed, but can also be operated effectively in the long term.

As a counter-example, the Eurotunnel project, which was supposed to link the English Channel between France and the UK through a tunnel, experienced significant difficulties due to deficiencies in risk management. One of the main problems was a significant miscalculation of costs. The initial estimates were unrealistically low, and the actual costs

rose rapidly. This led to significant financial difficulties for the project. In this case, there was a lack of adequate risk hedging. The project team struggled to protect themselves from the financial impact of delays, cost overruns, and other unforeseen issues. Lack of transparency.

Tobias Wisst präsentiert Snacksize Projektmanagement

I hope I was able to give you an easy-to-understand understanding of what risk management entails, why it is so important and how to best proceed in your project.

If you enjoyed this episode, feel free to leave us a "like" and follow us on Facebook, Instagram and LinkedIn.

In a few weeks, you can expect the next episode, in which I would like to share my personal views with you on what you need to document as a project manager and what you don't. So that you can manage your project effectively and efficiently.

So don't forget to check back soon. I look forward to seeing you.


Go back