This process rates each identified risk on probability and impact — and other factors like urgency and manageability — to prioritize them, typically with a probability-and-impact matrix. It is fast and subjective, designed to separate the vital few risks from the trivial many.
The output is a prioritized risk register and an updated risk report. Consistent, agreed scales from the risk management plan keep ratings comparable, and risk categorization reveals concentrations of risk in particular areas.
Common pitfalls. Inconsistent probability and impact scales across people; anchoring on first impressions; ignoring non-probability factors like urgency; and prioritizing risks but never acting on the priorities.
Inputs, Tools & Techniques, and Outputs
Inputs
- Project management plan
- Project documents
- Enterprise environmental factors
- Organizational process assets
Tools & Techniques
- Expert judgment
- Data gathering
- Data analysis
- Interpersonal and team skills
- Risk categorization
- Data representation
- Meetings
Outputs
- Project documents updates