Establish and maintain the strategy to be used for risk management.


A comprehensive risk management strategy addresses items such as the following:

  • The scope of the risk management effort
  • Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication
  • Project specific sources of risks
  • How risks are to be organized, categorized, compared, and consolidated
  • Parameters used for taking action on identified risks, including likelihood, consequence, and thresholds
  • Risk mitigation techniques to be used, such as prototyping, piloting, simulation, alternative designs, or evolutionary development
  • The definition of risk measures used to monitor the status of risks
  • Time intervals for risk monitoring or reassessment

The risk management strategy should be guided by a common vision of success that describes desired future project outcomes in terms of the product delivered, its cost, and its fitness for the task. The risk management strategy is often documented in a risk management plan for the organization or project. This strategy is reviewed with relevant stakeholders to promote commitment and understanding.

A risk management strategy should be developed early in the project, so that relevant risks are identified and managed proactively. Early identification and assessment of critical risks allows the project to formulate risk handling approaches and adjust project definition and allocation of resources based on critical risks.

Example Work Products

  1. Project risk management strategy