The 1950’s marked the beginning of the modern project management era. Companies and organizations began to widely apply specialized management techniques to complex engineering projects. The forerunners to many project management staples such as Work Breakdown Structure and Resource Allocation were implemented, evaluated and improved.
From the Critical Path Method to Extreme Project Management, there are wide variations in practices, techniques and results. There are also common threads, one of which is risk. Managing risk successfully has been, and continues to be critical to successful project completion.
“(Risk is) an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.”
– Project Management Institute (PMI)
There are many sources of risk in a project, such as change in scope, resource constraints, material constraints, incorrect estimates, misalignment of expectations, etc. The ability to manage those risks is one of the ten mandatory competencies every project manager must have according to PMI.
There are five primary activities involved in managing risks (these same activities may be characterized as more or less than five activities depending on the preferences of the individual or organization). Those are: Identify, Understand (or Assess), Evaluate (Rank), Mitigate and Monitor.
Identify
This is clearly noting the actual cause of the risk. The more detailed and specific the identification, the better the remainder of the process will work. A risk can be identified simply as a potential late delivery of a specific part or material, or the likelihood of getting paid by a customer.
Understand
The first part of this step involves clarifying the ‘range’ of the risk and the resulting consequences. Is that critical part delayed in transit and will arrive three days later than expected? Or is it backordered from a plant on strike and delivery is likely months late? The consequences of those options also need to be understood. Is three days late delivery a minor inconvenience, but months late catastrophic? The second part of this step is estimating the likelihood of the possible event occurring. A risk categorized as very possible needs to be treated much differently than one that is highly unlikely.
Evaluate
This involves ranking risks by the seriousness of their impact and recording them. This is often done using a Risk Matrix and Risk Register. The seriousness of a risk’s impact is often described as its Expected Risk Value, which is a product of its likelihood of occurrence and the consequence of that occurrence. The following chart is an example of a Risk Matrix.
Most organizations establish a Risk Acceptability Line, and the Expected Risk Value must be below that line before a project or activity can proceed.
Risks are documented in the Risk Register and ranked according to the seriousness of the Expected Risk Value. The Risk Register should include actions to bring the risk below the acceptability line, the person responsible for those actions, the person for continuing to evaluate the risk and the status of the risk (open, monitored or closed).
Mitigate
What steps can be taken to move that Expected Risk Value to below the Risk Acceptability Line?
Avoidance: Can we avoid parts of our project that are causing the most serious risk? We can ask ourselves if there is another way to do something, another supplier to use, a way to use existing systems instead of new development. If we can take project tasks and replace them with other tasks that have a lower Expected Risk Value, we have avoided risk.
Reduce (or Eliminate): We may not be able to avoid parts of our project with potential serious risk, so we seek to reduce that risk. Supply risk can be reduced by maintaining inventories of difficult to get parts. Incorrect Estimate risks can be reduced by using more resources at the beginning of the project to get ahead of the schedule.
Transfer: Risks can be transferred to other willing parties. Companies often contract out work that does not fit into their core competency areas. Purchasing insurance is a common example of transferring risk in exchange for a specific payment.
Acceptance: Accepting certain risks is also a common strategy. Sometimes the cost of risk reduction or transference is greater than the potential cost of the risk itself; just be wary of risks with potential serious or severe costs, even if the likelihood is very low.
Monitor
We monitor our risks and risk mitigation strategies for three reasons. First, if our risk mitigation strategy is contingent on certain events, we want to know if those events are occurring. If some tasks are taking longer than expected to complete, should we be allocating more resources to those tasks in future. Secondly, are our risk mitigation strategies working? This is important for the current project, but also with respect to what strategies we select for future projects. Finally, have any of our risk factors changed? Has the likelihood or consequences changed materially? If so, the risk, and associated mitigation strategies, need to be reassessed.
Experience-Driven Testing Supports Safety
At ATA, our long history of designing and building custom modular test platforms informs the way we approach risk, safety, and reliability in our test services today. The same principles that guided us in creating flexible, proven systems now shape how we execute every testing program.
We apply established methods and validated tools to minimize uncertainty and ensure dependable results. By clearly defining test objectives and capabilities up front, we reduce the chance of misaligned expectations and deliver outcomes that are both accurate and actionable. Using high-quality equipment and components from trusted suppliers further ensures that every test is performed with consistency, safety, and confidence.
Conclusion
ATA’s most powerful risk mitigation strategy is customer communication. We openly share risks and challenges with our customers, along with our solutions through regular status meetings. Our customers are always welcome in our facilities to see and understand how we are going to meet their needs.
By engineering the right test setups and delivering high-fidelity data, we help teams validate technologies, improve performance, and build confidence in critical components and systems—well before they reach the field.
