Skip to main content Skip to footer
Project management

The ultimate guide to risk assessment 12 min read
Get started

It’s risky to jump into a wingsuit and glide over the Grand Canyon no matter what — but just how risky?

If you’ve been skydiving before, perhaps that risk decreases. If you’ve prepared with multiple previous wingsuit jumps, you’re even less at risk.

Just like wingsuit flyers — okay, maybe there are some differences — project managers need to know the likelihood that they’ll be successful in completing projects, and be able to anticipate obstacles and possible pitfalls before they start.

This guide covers risk assessment in all its terrifying glory — what it is, when you should do it, types of assessments, and a step-by-step solution for getting one done automatically.

What is risk assessment?

Risk assessment is the identification of potential risks. The process helps you identify and assess the potential impact and probability that risks will occur, so you can then figure out how you want to deal with them.

Risk assessment is a part of risk management, which is a continuous process. The terms risk management, risk assessment and risk analysis are often used interchangeably, but in fact describe different processes.

Here’s the breakdown:

  • Risk management: the continuous process of identifying, analyzing, evaluating, and treating/monitoring risks to mitigate potential loss.
  • Risk assessment: a process or technology that identifies, evaluates, and reports on risk-related concerns.
  • Risk analysis: the evaluation of a broader risk assessment to determine the significance of the identified risks.

These practices come from the manufacturing industry, where the risks calculated have to do with potential human harm. They can be used in other settings too, like calculating employees at risk for COVID-19, or assessing the likelihood of shipping delays.

Risk assessments are widely used by project managers across all types of organizations.

In fact, when asked how often they’re used, 27% of project managers reported always using them, 35% responded sometimes, and only 3% said never.

But just knowing the risks isn’t enough — you need to monitor and build potential risks into your project plan.’s project risk register is basically a risk log. This simple and effective tool records risks you know will come up, their probability, and mitigation options.

Get started with

screenshot of project risk register

With this template, you can assign owners to track and flag risks and put a contingency plan in place.

What is the goal of a risk assessment?

The goal of a risk assessment is to uncover anything that might cause your project to fail or — if you’re working in a setting like manufacturing — cause harm to team members.

Ultimately, you want to come up with a plan that removes the risk altogether or reduces it’s impact.

These 4 questions are a good place to start:

  1. What could possibly happen and under what circumstances would it happen?
  2. What are the consequences that could result from the occurrence?
  3. How likely are the consequences of that occurrence?
  4. Are we already doing what we can to make sure the risk is small, or do we need to do more?

When should a risk assessment be done?

You’ll need to perform a risk assessment when:

  • You’re embarking on something you’ve never done before.
  • You’ve recently experienced a potential hazard in a current process.
  • Throughout a project to ensure that no new risks get missed.

For example, when COVID-19 emerged, new risks formed at every corner of business. Events were cancelled, priorities realigned, and projects shifted.’s COVID-19 risk assessment template tracked revenue impact to understand the risks involved with this massive change. This included timelines and project owners of initiatives affected by new work environments.

covid-19 risk assessment template and plans for mitigation.

What are the types of risk assessment?

These are several types of risk assessments. With each, the assessor — or project manager — should have experience in the type of work they are assessing so they can accurately perform hazard identification.

Here are 3 popular types of risk assessment:

  • Generic: used to cover common hazards, like the duplication of efforts or proverbial paperwork. This type of risk assessment will consider hazards for a single activity, where that activity may be carried out across different areas of the workplace or different sites.
  • Site-specific: an assessment used to calculate the risk of work at a specific location. This type of assessment is completed for a specific project and takes into account site-location, environment, and the people doing the work.
  • Dynamic: occurs when you need to assess an on the spot situation. It’s used to cope with unknown immediate risks. Common use cases are emergency services and care workers, as they’re in environments that need to be continually assessed.

Once a risk assessment is complete, 2 types of risk analysis can be performed:

  • Qualitative: where the assessor uses personal judgment based on their experience and consultations with other team members to ensure they’re following best practices. This is the most basic type of assessment.
  • Quantitative: used to measure risk by assigning a numerical value. It’s often used when analyzing major hazards like plane design, complex chemicals, or nuclear plants to find hazards from chemicals or faulty machinery.

Assessors often assign numbers to different levels of risk using a risk matrix. Columns indicate the severity of the risk where rows indicate the likelihood that it will happen. This helps them rank and prioritize risks based on a standard grading scale from acceptable to intolerable.

risk quantitative assessment example table

(Image Source)

What are the principles of a risk assessment?

The principles of a risk assessment identify the foundation for your chain of reasoning. They’re part of a wider set of principles that make up the foundation for the entire risk management process.

The principles of risk assessment include:

  • Identify the hazards: you have to do the legwork to discover all the potential risks — no matter how small. Failure to do so could result in surprises. When it comes to project management, no one likes surprises.
  • Evaluate the risks and decide who will be harmed: if you’re working in a physical environment and we’re talking about human harm, you need to know which people are at the highest risk and why. If you’re not in a physical environment or you’re just discussing harm to the project, you need to identify the relevant stakeholders where the risk is most pertinent.

The addition of the following 3 principles make up the rest of the risk management process:

  • Decide on a control measure: this is essentially a simple way of saying that you need to work on how you’ll prevent these risks or accept them into your project plan. Just knowing of various risks isn’t enough, you need to have a plan for how you’re going to avoid, mitigate, share, or accept them.
  • Record your findings and implement them: get your risks down on paper and let your team know how you plan to deal with them, down to the actionable steps. is a great platform for recording risks as well as assigning owners to monitor those risks and ensure the right actions happen at the right time.
  • Review your assessment and update if necessary: as a project progresses, track your progress, assess how well your plan for managing risk is working, and adjust if needed.

Risk management framework

So, how do you perform a risk assessment? The framework walks through how to identify certain risks, analyze them, record them and build a plan of action so they’re no longer a concern.

  • Risk management plan: even before you dive into finding the risks themselves, you need a plan for how to identify them, how often you’ll need to look for new risks, and analyzing whether or not your current plan is efficient.

This template for the Project Management Institute illustrates how this step is ongoing and should surface during every phase of a project:

Risk management plan template example

(Image Source)

Your plan should include:

    • Possible source of risk
    • Their probability of occurring
    • An action plan to reduce those risks
    • Contingency plan
    • Risk threshold and metrics
  • Risk analysis: this is when you determine how objectives might change if risks occur (like whether or not you’ll successfully produce a product).

At this stage, you’ll identify the potential impact of the risk on the project so that appropriate steps can be taken to mitigate them.

This guideline from the Project Management Institute outlines how to calculate risk impact:

This guideline from the Project Management Institute outlines how to calculate risk impact

(Image Source)

  • Risk response planning: the stage where you determine whether you’ll avoid, embrace, or manage the risk, and how you’ll do so. Some risks will need to be managed over longer periods where others can be mitigated quickly. When you’re planning to respond to potential risks, build action plans that include:
    • A description of every risk.
    • A description of how you will reduce or manage that risk.
    • An identified owner of the risk and response plan.
    • A due date for each action to be completed.
  • Risk monitoring and control: this is the day-to-day process of making sure risks haven’t occurred, checking for new risks, and monitoring changes in risks and action plans. As your project progresses, you should be:
    • Keeping an eye out for new risks and planning for them as they are identified.
    • Making sure risks you’ve already identified are indeed not happening and that your plans to ensure that’s the case are working.
    • Monitoring your risks. The likelihood that they will happen should ideally be reduced over time. If not, you may need to reassess.
    • Reporting. Stakeholders and Sr. Management should be kept aware of risks at all times.
  • Risk efficiency measures: as each project closes, this is the process where you analyze how well you mitigated and managed risks. Use these lessons to plan better next time if needed. Your risk analysis should include:
    • How many risks occurred or were identified.
    • The accuracy of how those risks impacted the project.
    • Which risks occurred more than once.
    • Whether or not the risks you planned for are the same as the risks that actually occurred.’s program risk register logs risks from multiple team’s boards so you can learn from the risks of others.

risk efficiency measures risk assessment template example

Get started

How to use for risk assessment provides a suite of tools for project managers and risk assessors to analyze risks in a myriad of environments. It’s way more than just a simple risk assessment tool. is a fully optimized Work OS.

Here’s how to use to perform a risk assessment.

Sketch your workflow

Include an issue log, your plans for mitigating risk, a change log to record changes as they happen, and a board that records the lessons you’ve learned.

All of these boards should be automatically connected to your risk log, so all of the relevant information lives in 1 place.

Here’s an illustration of that workflow:

risk assessment workflow example

Set up your risk log

This is where you’ll record risks as you find them and decide how each risk will affect your project. You’ll also use this board to monitor every threat as your project progresses.

Here’s an example of what they would look like in

risk log template example

The information from this board could also come from your issue log, as long as your issue log identifies risks and describes them accurately.

Set up a board for assessment and response

This is where you would use a security risk assessment or safety assessment to determine how risks would impact a project and how likely each risk is to occur.

This should include:

  • Time impact
  • Cost impact
  • Quality impact
  • Likelihood
  • Risk Level

assessment and response board example

Set up a board where you record and monitor your action plan

This stems from the risk log, but it is where you identify owners and specific tasks that will ultimately mitigate risks altogether.

monitor and review ris assessment template example

Connect them all

All of your boards should be connected to ultimately display results in a dedicated dashboard. This dashboard will surface types of risks, their category, how many are active, and much more.

risk assessment dashboard example template

One of the main benefits of is taking information from multiple places — like a risk log, project plan, or record of issues, and displaying all of that data meaningfully in 1 place.

When it comes to doing a risk assessment for a new or current project, all of the data and information could be easily automated, saving your team a lot of time and money.


The risk in each project — no matter the type — is palpable.

If your teammates themselves are at risk for harm, it’s obvious as to why risk assessments are very necessary. The fate of the project being at risk is also enough to induce stress on any project manager.

If you’re looking for a Work OS that transcends the risk assessment and can be used in every corner of project management in every industry, check out Get started today.

Get started

Get started