Project team members at various levels identify and handle risks in different flavors. However, this will be ineffective without a structured risk management framework, as this leads to:

• Incomplete impact evaluation, leading to loss of:
• Knowledge of the overall impact on the project objectives, like scope, time, cost, and quality
• Identification of secondary or new risks arising from the already identified risks
• Lack of transparency and a communication gap within and outside the team.

Thus, it is very important for any project organization to set up an effective risk management framework. Instituting such a practice as a project team culture ensures:

• Conscious and focused risk identification and management
• Project progress as desired, with the least amount of deviations or surprise, and in line with project and organizational objectives
• Early and effective communication of project issues to organization and project stakeholders
• An effective team building tool, as team buy-in and acceptance is assured.

Risk Management Plan. The organization-mandated risk management framework is reviewed and tailored to define the project risk management plan when the project is initiated. The risk management plan includes these definitions and guidelines:

• List of possible risk sources and categories
• Impact and probability matrix
• Risk reduction and action plan
• Contingency plan
• Risk threshold and metrics

Risk Identification. Risks are to be identified and dealt with as early as possible in the project. Risk identification is done throughout the project life cycle, with special emphasis during the key milestones. Risk identification is one of the key topics in the regular project status and reporting meetings. Some risks may be readily apparent to the project team—known risks; others will take more rigor to uncover, but are still predictable.

The medium for recording all identified risks throughout the project is the risk register, which is stored in the central project server. The following tools and guidelines are used to identify risks in a structured and disciplined way, which ensures that no significant potential risk is overlooked.