Risk register, assessment matrix, mitigation planning, contingency allocation, opportunity tracking, and real-time risk monitoring.
Risk Management provides a structured approach to identify, assess, mitigate, and monitor project risks. Risks are scored using a probability × impact matrix (5×5) producing a risk rating (Low/Medium/High/Critical). Each risk gets an owner, mitigation plan, and contingency budget. Opportunities (positive risks) are also tracked. Monthly risk reviews update assessments and close resolved risks.
| Status | Description | Allowed Actions | Next States |
|---|---|---|---|
| Identified | Risk recognized and logged | Assess, Assign Owner | Assessed |
| Assessed | Probability and impact scored | Create Mitigation Plan | Mitigating |
| Mitigating | Active mitigation actions in progress | Monitor, Update | Monitoring |
| Monitoring | Risk under watch with residual score | Review, Close, Escalate | Closed, Escalated |
| Closed | Risk resolved or no longer applicable | Archive | — |
| Escalated | Risk exceeds project authority, escalated to PMO | PMO Decision | Mitigating, Closed |
risk_id — PK, unique risk entryproject_id — FK → project.projectrisk_code, risk_title — Identifier and short descriptioncategory — technical | financial | schedule | external | hseprobability, impact, risk_score — 5-point scales; score = P × Irisk_owner_id — FK → admin.userstatus — Lifecycle stateassessment_id — PKrisk_id — FK → risk.risk_registerassessment_date — Date of reviewprobability, impact, risk_score — Updated scoresresidual_probability, residual_impact — Post-mitigation scoresassessed_by — FK → admin.usermitigation_id — PKrisk_id — FK → risk.risk_registermitigation_strategy — avoid | transfer | mitigate | acceptaction_description, responsible_id — Specific action and assigneetarget_date, actual_date — Planning vs completioncost_estimate — Mitigation budgetcontingency_id — PKproject_id — FK → project.projectrisk_id — FK → risk.risk_register (optional)allocated_amount, utilized_amount — Budget set aside for risk eventsapproval_status — Draft → Approved → UtilizedProject team identifies risks using checklists, brainstorming, SWOT analysis, and lessons learned from similar projects. Each risk logged with category, description, and initial owner.
Score probability (1-5) and impact (1-5) for each risk. Risk score = P × I. Plot on 5×5 matrix. Scores 1-5 = Low (green), 6-12 = Medium (yellow), 15-20 = High (orange), 25 = Critical (red).
For Medium/High/Critical risks, create mitigation actions with strategy type (avoid, transfer, mitigate, accept), responsible person, target date, and cost estimate.
Allocate contingency budget for high-impact risks. Contingency draw-down requires Project Director approval. Utilized amounts tracked against original allocation.
Monthly risk review meetings update assessments, check mitigation progress, identify new risks, and close resolved items. Risk dashboard shows trend of open risks over time.
-- Risk distribution for heat map visualization SELECT r.probability, r.impact, COUNT(*) AS risk_count, STRING_AGG(r.risk_title, ', ') AS risk_titles FROM risk.risk_register r WHERE r.project_id = :project_id AND r.status NOT IN ('Closed') GROUP BY r.probability, r.impact ORDER BY r.probability DESC, r.impact DESC;