Control Your Risks or They’ll Control You

Active risk management is an essential component of managing any project.

Karl Wiegers
6 min readMay 14


A photo of a line of dominoes falling over and a man’s hand interrupting the cascade so the remaining dominoes do not also fall over.
Image by Freepik

A company once engaged me to determine why a major multinational software development project had failed. As I studied the project records, I discovered that the team had maintained a list of project risks — a solid project management practice. However, their monthly status reports showed only the same two minor risks each time, with a minimal estimated threat from each of them. Since the project failed, some additional risks apparently sneaked up and attacked it when no one was looking.

The project managers failed to consider some common risks on complex, distributed projects: slow decision-making, communication issues, scope changes, requirements ambiguity, overly optimistic commitments, and so forth. The outcome was a multimillion-dollar lawsuit settlement.

We can take several messages from this experience.

  • If you’ve identified only two risks for a large project, you haven’t looked closely enough.
  • If you underestimate the potential threat a risk could pose, you might not pay enough attention to it.
  • If the same items remain on your list of top risks month after month, either you’re not actively managing them or your mitigation efforts aren’t working.

What Is Risk Management?

A risk is a condition or event that has the possibility of harming your project. It’s a potential problem that hasn’t happened yet. The goal of risk management is to ensure that the project will succeed despite its risks. Risk management is an essential component of effective project management. It has even been said that project management is risk management.

Risk management involves identifying scary conditions and events, assessing their possible impact on the project if they were to materialize into problems, prioritizing them, and trying to control them. Formal risk management focuses your energy on the greatest looming threats. There’s no point in worrying about something that wouldn’t do much harm even if it happened or a highly unlikely and uncontrollable occurrence. No one can predict the future, but you don’t want to be blindsided…



Karl Wiegers

Author of 14 books, mostly on software. PhD in organic chemistry. Guitars, wine, and military history fill the voids. and