These are the Basics of Monitoring Risk

Risk management is not a one-time event. Risk must be assessed and monitored throughout the life of the projectYou’ve created your Risk Management Plan. You’ve identified the initial risks. You’ve performed a qualitative risk analysis, maybe a quantitative one as well. You’ve planned risk responses, and even implemented some.

Monitoring risk is one of those nagging project activities that Project Managers should never take their eyes off.

Yet they do.

Projects by their very nature immerse the entire team into a frenzy of activity day after day. It is easy to push those activities that do not have a direct effect on advancing the project into the background – monitoring risk being one of them.

“We’ll get to that as soon as <insert your favorite reason/excuse here>.” And soon the lack of risk monitoring transforms into a reactive scramble. Issues that could have been prevented had the rigor of risk monitoring been maintained are now negatively impacting the project.

I find it interesting that the PMBOK® Guide uses the more passive title: “Monitor Risks” (Project Management Institute, 2017, pp.453-458). Other sections in the Monitoring and Controlling Process Group are named: “Control Scope,” “Control Schedule,” “Control Costs,” “Control Quality,” “Control Resources,” and “Control Procurements.” (I also noted this with monitoring communications.)

This makes sense, however, given that risk, by definition, is the result of uncertainty. Project Managers can prepare to handle risk. They can identify risks, assess and analyze them, and act upon them if and when they do occur. But they cannot control them – at least not entirely.

Risks constantly change over the lifecycle of a project. Therefore, continuously monitoring them is a must.

Monitoring risk really begins early in the project with the Risk Management Plan (refer to “This is Why a Risk Management Plan is Important”) and the planning of risk responses (see “How to Plan Risk Responses”). It continues with evaluating the effectiveness of the risk responses and the conditions that triggered them. These are reviewed against the plan. Risk responses are modified as necessary and monitored continuously.

As the project progresses, the potential impact to the project of risk events is constantly updated. Some risks become irrelevant and can be closed. Some become more probable. The Project Manager must determine whether action is warranted and, if so, what it should be.

For example, the risk of a supplier not delivering equipment timely may be downgraded when a letter from the supplier assures the Project Manager that the manufacturing of the equipment has been fast-tracked. Conversely, the risk of the loss of a key team member may suddenly increase with several unexplained absences.

Monitoring of risk events allows the Project Manager to implement appropriate mitigation actions as soon as:

  • new information is known or
  • triggering events occur.

One distinct advantage of continuous risk monitoring is that new risks are often identified as the project progresses. These are then subjected to analysis. Risk responses are planned per the Risk Management Plan. Risk events can occur at any time (e.g., changes in project team members, stakeholder changes, new regulations, new or changed functional requirements, vendor failures). They must be handled expeditiously before they create further issues.

Having said all that, Project Managers must also strike a balance. Too little monitoring and challenges can quickly arise. Too much monitoring and the cost of risk management can outweigh its cost effectiveness. Prioritizing the monitoring of all risks equally will result in wasted effort, additional cost, and ineffective information on which to make decisions. Project Managers must use expert judgment to determine which risks must be monitored closely and which require less attention.

How often should the Project Manager monitor risk?

My standard consulting answer: it depends.

For example, if managing a long-term maintenance contract which requires few enhancements, it may be sufficient to monitor risk once a month or once a quarter. Again, expert judgment plays into the decision. Some risks materialize very slowly and do not require frequent monitoring. Others may have marginal impact on the project objectives should they occur and can therefore be monitored intermittently.

On a project with a definite deadline and budget, my personal preference is to monitor risk weekly. On the projects on which I worked, risk review was a standard agenda item for the weekly status meeting with the client. While this topic was typically placed near the end of the agenda, the meeting time was carefully facilitated to ensure that the risks were carefully reviewed. They were not to be kicked down the road to the next meeting.

During the review, it was understood that not every risk required the same scrutiny. Some individual risks could be skipped entirely. However, risks with a high probability of occurring were evaluated in detail. If needed, risk management actions were invoked immediately.

An added benefit of this regular monitoring during the status review was that risk owners were always prepared to report on the status of the risks for which they were responsible. This ensured that risks were monitored closely.

You will not find “Monitor Risk” as an activity on the project schedule (if it is, it should be one of long duration). However, it is an ongoing project activity that must occur and can have immense payoff. Continuous monitoring provides for a higher probability of project success as risks are managed more quickly and with less impact to the project. Overall project execution is more effective with fewer and less severe interruptions from risk events.

A project team executing with less risk and more efficiency is a team motivated to achieve the project objectives. Monitoring risk may be a necessary process, but its effects regarding the people aspects of project management are far reaching.


Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Newton Square, PA: PMI Publications, 2017, Print.

Get Your Free Guidebook

Subscribe and receive your free guidebook,
5 Ways to Master the Art of Managing People, Projects and Profits.