Identifying risks based on the nature of the project, how the project is currently planned, and other risk factors outside of the project scope. For example, if your project involves using newly released software, you might want to consider the risk of the software not properly integrating with your existing systems.

After a list of risks has been compiled, evaluate the likelihood or probability of each risk actually happening, and then evaluate its potential impact. Probability and impact can be measured in many ways, so it is important for the project team to set a standard for quantifying them.

Based on the risk assessment, you will then prioritize for which risks you will define a risk response. Practically speaking, you will not have enough resources to address every risk you have identified—you will need to define your risk tolerance. For example, you may determine that you will only define risk response strategies for risks having at least 60% probability and a project impact of medium or higher.

When specifying risk responses, you must define the action items required to mitigate the risk, as well as which individuals will be responsible either for addressing the risk, eradicating the risk, minimizing its likelihood of occurring, or minimizing ...