Skip to main content
Get a FREE
BVOP® Certified Project Manager mock exam
Join the modern BVOP® Agile teaching $ 0.00 mock exam fee. Free self-study Get a FREE Trial
Get Certified

Project risk management

Project risk management, analysis and mitigation in Agile projects

Share on Linkedin Facebook
Project risk management, analysis and mitigation in Agile projects

The following article is part of the self-preparation for the modern BVOP® Project Management Certification program.

Project risk management requires awareness and involvement of key roles from management offices, development teams, implementations, support departments and all parties interested in the project.

  1. Collecting risk items
  2. Evaluating the risk (analysis)
  3. Risks items attributes
    1. Category
    2. Management
    3. Users
    4. Requirements
    5. Technology
    6. Team
    7. Organization
    8. Supply
    9. Description
    10. Impact
    11. Probability
    12. Symptom
    13. Loss size
    14. Action plan
    15. Owner
    16. Proximity
  4. Risk prioritization
  5. Observing the risk
  6. Discussing risk
  7. Avoiding the risk
  8. Updating the risk items
  9. Sharing the risk
  10. Willingness to share and participate

Project risk management is a major activity with high importance in the context of the BVOP. 

The Business Value-Oriented Project Management (BVOPM) office needs to stand by the following ideas:

  • A risk may be obvious or hidden.
  • An unrealized and unmanaged risk may cost a lot of time and resources.
  • An unmanaged risk may be a reason for the failure of a project.

The obvious risk relates to topics, which are expected, known, and previously experienced by individuals involved in a project.

The hidden risk is related to topics and events for which project participants and stakeholders have no awareness or knowledge.

Project risk management may include the following activities:

  • Collecting risk items
  • Evaluating the risk (analysis)
  • Risk prioritization
  • Observing the risk
  • Discussing the risk
  • Avoiding the risk
  • Updating the risk items
  • Sharing the risk
  • Willingness to share and participate

Collecting risk items

Risk items are risk topics that can be defined and described separately. They are usually collected in a common list that contains an indefinite and unlimited amount of risk items.

The collecting of risk topics includes the naming and description of all possible events and factors that may negatively affect the project in any way.

Extensive knowledge about risk items is required in the process of their collection. Pointing out the possible realistic situations of their occurrence is also needed. All offices, departments, and key roles involved in the project contribute to the risk collection through their knowledge and experience.

Evaluating the risk (analysis)

Each risk item needs evaluation and detailing for easier general risk management.

Risks items attributes

The risks items may have multiple attributes like:

  • Category
  • Description
  • Impact
  • Probability
  • Symptom
  • Loss size
  • Action plan
  • Owner
  • Proximity


The categorization of the risk items helps with their organization into general groups. Categorization may include areas like:

  • Management
  • Users
  • Requirements
  • Technology
  • Team
  • Organization
  • Documentation
  • Supply


Risk items in this category usually include issues that may arise from the organization's senior and middle management. Issues may be related to the low engagement of senior management, lack of communication, unrealistic budgets, and more.


This category may include risks that are closely related to product users. That may include negative opinions, lack of commitment, low user satisfaction, and more.


These risks may be related to:

  • Constantly changing requirements

  • Changing requirements at late stages

  • Unclear requirements

  • Misunderstanding the requirements


Technological risk can lead to significant time-to-market if teams use unfamiliar technologies. This risk usually affects time, costs, and pre-planned events.

Technical debt is another risky topic that needs focus. Massive technical debt can lead to eventual product re-work and negative development direction.

A technical risk may cause a negative impact on external teams, which can lead to difficulties with using parts of the product. Support and integration may be difficult.


A team risk is associated with people who develop or maintain the product. Possible risks are inadequate experiences, not enough personnel, team conflicts, low motivation, and other aspects of human behavior and interactions.


An organizational risk may be related to the organization's inability to manage the entire product, staff, supplies, support, events, resources, policies, and legal aspects, etc.

The culture and maturity of the organization, unstable environment, resources, and restructuring can also be major risk issues.


Supply may include providing materials, resources, external and internal needs, content, data, tools, environments. Not supplying any of these may be considered as a project risk.


Description of the actual expected risk item. Items are described briefly in a comprehensible language.


The impact is the potential damage caused by each risk item. It describes shortly what eventually may happen if the risk occurs.


The likelihood of the risk occurring. It may be a numerable value from 1 to 10, other quantitative units, or a term item like “Unlikely”, “Likely to occur”, “Certain to occur,” etc. 


Any potential risk may have a documented symptom of occurrence. Depending on previous experience and skills of the teams and parties involved in the project, the symptoms can be predicted and described clearly.

Symptoms should be clear to all involved in and developing the project.

Loss size

Loss size is a relative unit that represents possible material losses such as hours, days, or money.

If a risk item has a Loss size of 10, this may mean a 10-day delay in the project. If the result is multiplied by the total money consumption per day, this may indicate the number of total losses caused by this risk.

The entire project risk collection has a Total Loss Size number, which is the sum of all loss size values of all risk items.

If the project risk collection contains 100 risks items with an average loss size value of 10 for each item, then the Total Loss size for the entire project will be 1000. If the Loss size unit represents days, and if the entire risk described in the collection occurs, the entire project will be delayed by 1000 days. If one business day costs $ 1000 for the organization, including fees, wages, and any expenses, the total loss for the organization will be $ 1, 000, 000.

The BVOP focuses on project risk management and Loss size for each risk item as an important topic that is associated with serious damage to organizations.

The visualization of possible losses may help raise the level of responsibility and commitment of all key roles in the project.

Action plan

Defining and collecting risk items is not enough to adequately manage risks. An action plan is needed. If a risk factor or event arises, the management offices, development teams, and all key project roles and stakeholders must be prepared and aware of possible response actions.

The BVOP suggests that all offices inside an organization and all teams and individuals should do their best to avoid all potential risks.


The owner is an individual, team, or an entire office responsible for risk avoidance. The owner is always known, defined, and needs to be competent in the risk category. The owner is proactive and acts independently to prevent the risk. Proper guidance and support from other offices, teams, or individuals are recommended if this would increase the chances of risk avoidance.


Proximity is an estimate of the most likely time for a risk to occur. Owners can concentrate their efforts and observations within a reasonable time before the risk emerges if the proximity is realistic.

Proximity types may be upcoming, within a stage, within the project, beyond the project.

The risk items may also have other attributes like ID, Name, Date, Status, or any other that provides convenience for general risk management.

Risk prioritization

Prioritization of all the risk items is a helpful practice that ensures focus on highly important possible issues and optimizes the effort needed for risk management. A popular practice in the classical project management is the risk items to be prioritized by their risk probability or by values of several multiplied attributes.

The BVOP suggests that prioritizing by one attribute or result of attributes is not enough, and the project risk needs more attention and focus. The risk may be hidden and unexpected. Project risk management requires the collaboration of all offices, departments, and individuals. The project risk is dynamic at different stages of the project, therefore the prioritization should also be dynamic.

Each office or department can filter the risk items to their needs by using the available categories, owners, and attributes of the items. Filtering can provide focus and easier monitoring and risk management.

For example, the design department can track the risk items from the Design category and prioritize and focus on the risks associated with the entire design department. Management offices can filter the risk collection according to Management category or Loss Size to focus on potential management issues or to calculate total potential losses.

Observing the risk

Observing the risk has a crucial role in risk management. All risk owners need constant awareness of the risk items assigned to them and proactively track symptoms and statuses, observe situations, behaviors, and occurrences that may cause a certain negative event to implode. 

Discussing risk

Offices, departments, or teams need to discuss the project risk at the early stages of the risk definition, as well as at the regularly held discussion sessions throughout the entire project.

During the sessions, each department can define new risks and provide other departments with information (status, updates, issues, needs) about the risks already identified.

Conclusions and information from the sessions held are shared with all the offices and departments interested in the project.

Discussion sessions are quick and focused on essential topics and productivity.

Avoiding the risk

Avoiding the risk is the main subject and activity of all parties involved in the project. It requires collaboration and proactivity.

Avoiding the risk may include actual work to be done at the early stages or during the project. It may be scheduled as regular tasks for internal or external teams as a part of the entire product or project development or delivery.

Updating the risk items

Updating risk items takes place over the entire project cycle and may be a method of revealing hidden risks. 

Risk items updates are based on the newly provided information, discussions, resolutions, or new issues.

Sharing the risk

Risk-sharing involves providing the entire risk collection to all offices, teams, key roles, and stakeholders. It is a way to prevent potential risks and to improve their collection.

Willingness to share and participate

The BVOP suggests the participation of as many key roles as possible in risk management. Some departments and individuals may avoid participating in this process intentionally. The unwillingness to participate in risk management and avoidance may have different roots. Still, key role participation in the entire project risk management process is a worthwhile activity that can prevent many risky events and factors.

The BVOPM office spreads a culture of cooperation and points out and highlights the benefits of involving key roles in risk management.

The following issues related to chapter "Project risk management" are included in the certification exam. The sequence of questions is presented in the table.
The data is current as of June 12, 2024, 5:47 pm

ID Issue Time Category
0 Updating the risk items 60 sec PM, PDM
1 Avoiding the risk 60 sec PM, PDM
2 Users 60 sec PM, PDM
3 Owner 60 sec PM, PDM
4 Risks items attributes 60 sec PM, PDM
5 Evaluating the risk (analysis) 60 sec PM, PDM
6 Symptom 60 sec PM, PDM
7 Impact 60 sec PM, PDM
8 Probability 60 sec PM, PDM
9 Supply 60 sec PM, PDM
10 Category 60 sec PM, PDM
11 Organization 60 sec PM, PDM
12 Risk prioritization 60 sec PM, PDM
13 Collecting risk items 60 sec PM, PDM
14 Management 60 sec PM, PDM
15 Loss size 60 sec PM, PDM
16 Technology 60 sec PM, PDM
17 Team 60 sec PM, PDM
18 Observing the risk 60 sec PM, PDM
19 Willingness to share and participate 60 sec PM, PDM
20 Description 60 sec PM, PDM
21 Action plan 60 sec PM, PDM
22 Sharing the risk 60 sec PM, PDM
23 Requirements 60 sec PM, PDM
24 Proximity 60 sec PM, PDM
25 Discussing risk 60 sec PM, PDM

Comments from the BVOP™ community on “Project risk management”


Project risk management needs participation from management, development teams, support departments, and all interested parties.

Project risk management is crucial in BVOP. Risks can be obvious or hidden and if not managed, can cause delays and waste resources leading to project failure. Obvious risks are expected while hidden risks are unknown. Risk management activities include collecting, evaluating, prioritizing, observing, discussing, avoiding, updating, and sharing risks. It is important for project participants to be willing to share and participate in risk management.

Categorization of risks

Evaluate risks by detailing their attributes such as category, description, impact, probability, symptom, loss size, action plan, owner, and proximity. Categorization of risks can be done based on areas like management, users, requirements, technology, team, organization, documentation, and supply. Management-related risks may arise from senior and middle management's low engagement, lack of communication, unrealistic budgets, etc.

Product development involves various risks that may arise from different categories such as users, requirements, technology, team, organization, and supply. Risks related to users may include negative opinions, low satisfaction, and lack of commitment. Changing requirements, unclear or misunderstood requirements, and technical debt are examples of risks related to requirements and technology. Team risks may arise from inadequate experience, insufficient personnel, conflicts, and low motivation.

Organizational risks

Organizational risks can stem from the inability to manage resources, policies, and legal aspects. Failure to supply materials, resources, or external/internal needs can also be considered as a project risk. Each risk item has a description, potential impact, probability of occurrence, and documented symptoms. It is crucial that all parties involved in the project understand the symptoms clearly.

Project risks and Loss size

Loss size is a measure of potential material losses in terms of time or money. For example, a Loss size of 10 may result in a 10-day delay in the project, and if multiplied by the daily cost, it may indicate the total losses caused by the risk. The project's Total Loss Size is the sum of all loss size values for all risks. BVOP emphasizes the importance of managing project risks and Loss size for each risk item to prevent serious damage to organizations. Visualizing potential losses can increase accountability and commitment among project stakeholders.

Action plan

To manage risks effectively, it's not enough to just identify and collect them. An action plan is necessary, and all stakeholders must be aware of possible response actions. The BVOP recommends avoiding potential risks altogether. The owner is responsible for risk avoidance and should be competent in the risk category. Proximity estimates the most likely time for a risk to occur, and owners should concentrate their efforts accordingly. Risk items may have other attributes like ID, Name, Date, and Status.

Prioritizing risks is important to focus on the most critical issues and optimize risk management efforts. In classical project management, risks are often prioritized based on probability or multiplied attributes. However, the BVOP recommends a more dynamic approach that involves collaboration from all departments and individuals. Filtering risks based on categories, owners, and attributes can provide focus and easier monitoring. For instance, the design department can prioritize risks associated with the entire design category, while management offices can focus on potential losses or management issues.

Effective risk management

Observing and discussing risks is crucial for effective risk management. Risk owners must be aware of their assigned risks and proactively monitor potential negative events. Teams should discuss project risks early on and throughout the project, sharing updates and identifying new risks. Conclusions and information from these discussions should be shared with all relevant departments. These sessions should be quick and productive, focusing on essential topics.

Avoiding risk is crucial in any project and requires collaboration and proactivity. This can involve work at various stages of the project and may be scheduled as regular tasks. Updating risk items throughout the project cycle can reveal hidden risks based on new information, discussions, resolutions, or issues. Risk-sharing involves providing the entire risk collection to all parties involved to prevent potential risks and improve their management.


Encouraging participation is important in risk management according to BVOP. However, some departments and individuals may avoid participating intentionally. This can lead to risky events and factors. BVOPM promotes a culture of cooperation and highlights the benefits of involving key roles in risk management.

Comments on “Project risk management, analysis and mitigation in Agile projects”

  1. Benjamin Tremblay

    How do you manage technology risk in real projects? Years ago, I was working on a project. Team leaders changed, and everyone decided to switch programming platforms. We did the same job for 3 years. The project was not progressing. In the end, the company went bankrupt. Reading this article makes me think that I have been on a project that lacked risk management.

Web site
Your Comment

The BVOP Certificates

Certified Chief Executive

The BVOP Chief Executive is the core driver of the Business Value-Oriented Principles and the most advanced figure who has the organization’s best interest.

Get Certificate $1290   $270

Certified Program Director

The BVOP Program Director manages the entire Program Management Office and possesses exceptional expertise and applies strategies.

Get Certificate $720   $190

Certified Agile Director

The BVOP Director is the most advanced and important role inside Agile products and services-based organizations. Take it to the next level.

Get Certificate $440   $180

Certified Project Manager

The BVOP Project Manager is an advanced and competent business, product, and technical role and a key factor for the success of the projects.

Get Certificate $280   $130

Certified Product Manager

With the advancing design, development, technical, and business knowledge, the BVOP Product Manager is a master role and decision-maker for the products.

Get Certificate $280   $130

Certified Product Owner

Responsible and skilled BVOP Product Owners balance both business and technical needs using Agile approaches and provide business value for products.

Get Certificate $180   $90

Senior Scrum Master Certification

The BVOP Scrum Master role combines skills, Agile thinking, and project management practices to enchant processes, teams, and stakeholders.

Get Certificate $140   $70

Certified Human Resources Manager

People are the greatest assets of any organization. It is important to find a balance between people and organization’s needs. Start the change today.

Get Certificate $140   $70
Become a Certified Project Manager
$280   $130
FREE Online Mock Exam