Manage risk

The purpose of this competency is to achieve the goals of risk management, i.e. to:

  • ensure that levels of overall risk within a project, programme or portfolio are compatible with organisational objectives;
  • ensure that individual risks and responses are identified;
  • minimise the impact of threats to objectives;
  • optimise opportunities within the scope of work.

Performance criteria

You must be able to:

  1. plan and initiate risk management
  2. identify risk events
  3. assess the probability and impact of risk events
  4. plan responses to risk events
  5. implement responses to risk events and maintain acceptable levels of overall risk
  6. maintain risk management documentation
  7. monitor and control risk management
  8. assure the quality of risk management

The approach that an organisation takes to managing risk is dependent upon its risk context.

The competency will have to be adjusted to meet different appetites and attitudes in different aspects of the work.

For example, a small entrepreneurial company working in leading edge technology projects has a very different risk profile to a charity delivering an aid programme in a war torn country and this needs to be reflected in the competency of its staff.

Knowledge and understanding

You need to know and understand:

  1. the principles and goals of risk management
  2. responsibilities for risk management
  3. the context of the work and its impact on risk management
  4. a procedure for risk management
  5. the purpose and content of risk management documentation
  6. methods for identifying risk and appropriate sources of information
  7. techniques for assessing threats and opportunities
  8. types, and appropriate use, of risk response actions
  9. risk attitude and risk appetite
  10. how risk events and overall risk may change during the life cycle
  11. how assurance applies to risk management


8th June 2015Error in numeration of Knowledge criteria corrected 

Manage risk

Back to top