Risk management

Capability maturity checklist assessment for project risk managementRisk management should:

  • ensure that levels of overall risk within a project, programme or portfolio are compatible with organisational objectives;
  • ensure that individual risks and responses are identified;
  • minimise the impact of threats to objectives;
  • optimise opportunities within the scope of work.
Indicators Level 2 attributes


Risk management probably has the broadest range of techniques of all the delivery functions. It is not uncommon for risk management to be over-complicated in relation to the complexity of the work.

A key difference between level 2 and level 3 is that techniques are appropriately applied.

For example, at level 2 there may be over-zealous identification of minor risks that can reduce the effectiveness of the function even though the goals are achieved.

At level 3 better weighting and analysis ensures that response planning is proportionate.


There is identification of both threats and opportunities.


Risk events are assessed in terms of probability, impact and timing.

Plan responses

Risk responses are planned and response activities are adequately resourced.

Implement responses

Risk responses are implemented.

Indicators Level 3 attributes

A range of techniques is used to identify appropriate threats and opportunities. These are continually reviewed throughout the life cycle.


Risk assessment conducted from a number of perspectives, including strategic, operational, commercial and internal to the initiative.

A range of qualitative and quantitative techniques used as appropriate.

Overall risk is matched to the organisation’s risk appetite.

Plan responses

Risk responses are planned according to organisational policies that have been adapted as necessary. Plans are reviewed throughout the life cycle.

All appropriate response types are utilised and management team members with appropriate seniority are available and assigned to response activities.

Responses are developed in line with the organisation’s risk attitude.

Implement responses

Risk responses are implemented in accordance with the risk response plan.

Effectiveness is monitored and results fed back into revised plans.



Please consider allowing cookies to be able to share this page on social media sites.

Change cookie settings
No history has been recorded.
Back to top