Project Risk Management
2 Days | 1.4 CEUs


The workshop follows the project risk management principles and practices adopted by the Project Management Institute (PMBoK), ISO 31000, along with examples of public and private risk management frameworks such as those of the U.S. Navy, FAA, IBM, etc. The workshop explains the tools and techniques that will aid participants in the implementation of project risk management frameworks, principles, practices and tools. Participants will be given opportunities to apply the project tools and techniques learned to actual project risk examples. The goal for participants is to be able to minimize risks and maximize opportunities during a project’s life cycle.

The objective of this workshop is to provide an understanding of specific project risk management frameworks and their successful application. The workshop provides participants with principles, techniques and tools that will help them to address and mitigate project risks they may encounter.

Upon completion, participants will be able to lead and/or actively participate in project teams and evaluate risks in operational and supply chain projects. Participants will learn and apply project risk management frameworks, processes, techniques and tools. Participants will learn how to develop risk registers, project heat maps, project risk control templates, project risk strategies, etc.

What You Will Learn:

  • Learn and develop a detailed risk management plan to guide project risk management activities
  • Learn how to identify risk tolerance for project scope, schedule, cost and quality risks
  • Learn how to develop a risk register that is complete and accurate
  • Learn how to quantify project risks
  • Learn how to apply cost, schedule, scope and quality project controls
  • Learn how to prepare risk response (treatment) strategies to mitigate risks, control risks and maximize opportunities
  • Develop a ‘Next Steps Strategy’ to implement project risk management 

Course Content

Introduction to risk and risk management

  • Understanding risk
  • Risk management approaches
  • Risk management definitions
  • Risk appetite and tolerance
  • Generic risk management process
  • Types of risk
  • Exercise: Risk assess current projects that have failed recently
  • Case study: Similarities and differences between project risk management standards

PMBoK project risk framework

  • Risk inputs
  • Risk tools and techniques
  • Risk outputs
  • PMBoK risk controls
  • Change management approaches
  • Exercise: Review of PMBoK project risk approach
  • Case study: Critical infrastructure protection (CIP) management

Triple project constraints (plus quality)

  • Cost control
  • Scope control
  • Schedule control
  • Quality control
  • Exercise: Use variance and risk controls to manage project risks
  • Case study: Typical project variance-based risk approach based on Q+E risk management projects

ISO 31000 framework

  • Discussion of ISO framework approach
  • Principles and guidelines on implementation
  • PDCA (Plan-Do-Check-Act) cycle 
  • ISO families of risk-based standards: ISO 28000, ISO 14000, ISO 27000, etc.
  • Exercise: Review the ISO framework and learn how risk management is the basis for ANSI, ISO, NIST and other standards
  • Case study:  ISO 27000 IT risk standards

ISO 31000 Framework: Establish the context

  • Understanding the project environment and project objectives
  • How to plan for risk management processes
  • Risk management planning process
  • Components of risk management plan
  • How to focus on project objective
  • Exercise: Develop a risk management plan

  • Case study: ISO 28000 supply chain security risk specification
  • Case study: U.S. Navy operational risk management

ISO 31000 Framework: Identify the risk

  • What is risk identification
  • Approaches to risk identification
  • Risk identification process
  • Risk statement and developing a risk register
  • Types of risk and risk categories
  • Practical issues related to risk identification
  • Exercise: Develop a set of risk event profiles
  • Case study: RAMCAP CIP risk standard

ISO 31000 framework: Analyze the risk

  • Introduction to qualitative risk analysis
  • Goal of qualitative risk analysis
  • Tools for risk analysis
  • Likelihood and impact analysis of identified risks
  • Producing heat map (risk matrix)
  • Comparison between the qualitative and quantitative approaches
  • Exercise: Analyze risks and develop a heat map for project risks
  • Case study: IT project risk management

ISO 31000 Framework: Treat the risk

  • Treatment alternatives
  • Definitions
  • Steps for developing risk response
  • Information/documentation required to prepare for risk response planning
  • Tools for generating risk response options
  • Strategies for risk response planning
  • Risk response options evaluation
  • Risk response planning deliverables
  • Exercise: Develop strategies and tactics to mitigate risks

ISO 31000 Framework: Communicate and consult

  • Risk control and treatment communications
  • Risk documentation
  • Risk communications
  • Risk deliverables
  • Exercise: Develop strategies to communicate risk strategies
  • Case study:  NERC risk auditing (yellow book)

ISO 31000 framework: Monitor and review

  • Closing the PDCA cycle
  • Requirements of monitoring reviewing
  • Risk auditing (Value Added Auditing®)
  • Exercise: Develop forms for auditing and monitoring project risks


Your next steps

  • Develop plan for implementing project risk management
  • Exercise: Discuss and evaluate project risk plans


IIE reserves the right to cancel a class up to 15 business days prior to the scheduled start date


registration fee

Member: $795
Non-Member: $1,145

course schedule

No courses scheduled, contact Larry Aft for availability