PM Interview series: Risk Management Q&A

Intuity Consulting
Risk Management

Risk Management is a vital skill for any project manager, as all projects have many risks. The PM will need to understand how to identify, evaluate and implement actions to prevent or mitigate risks.

PMs are responsible for managing multiple risks; however, the Sponsor and Stakeholders are usually the risks owners and are accountable for their impacts. Risk Management is not simply generating a list of risks/sharing them at governance meetings.

When hiring a project manager (either contract or permanent) it is essential to assess their ability to actively manage risk across the life of the project. Below are three interview questions and the responses that you are looking for that will help you determine their skill level.


Let’s start with a simple one, but very inexperienced PM’s do get wrong:

  • Q. Explain the difference between a RISK versus an ISSUE
  • A. A Risk is an event or situation that has not yet happened but could (future-focused). The event could be positive or negative that, if it is realised (occurs), would impact the project. An Issue is something that has happened and is impacting the project now. Most of the time, it’s negative, but there can also be positive impacts.



  • Q. How do you gather/identify risks?
  • A. Firstly, there are some general risks that all projects will have, and most PMs will automatically add these like costs exceeding budget, schedule extending over the original date, and access to critical resources. Another way is a brainstorming session, which should include, sponsor/stakeholders/SMEs and other project team resources. Finally, the PM can hold individual interviews to identify the risks and possible mitigating actions.



  • Q. What are some of the components you would capture within a risk? (See how many they reel off)
  • A. There can be many components in a highly mature Risk Management environment; here are most of them:
    • Risk Owner – Who owns the Risk
    • Date raised – Date when the Risk was identified.
    • Risk Description – Description of the Risk itself and its impact if realised.
    • Timeframe – Near(now to 1 month), Mid(2 to 6 months), Far(6+ months).
    • Probability – Can be on a scale of 1-x or Almost Certain, Likely, Possible, Unlikely, Rare.
    • Impact – Can be on a scale of 1-x, Catastrophic, Major, Moderate, Minor, Insignificant.
    • Risk Rating – Based on the above Probability & Impact and calculated to be Critical, Significant, Moderate or Low.
    • Trigger – Identifies the symptom or warning signs that Risk has occurred or is about to happen.
    • Mitigation/Control Plan – Actions or decisions required to manage the Risk. There are four main ways to manage a Risk, and these are: Avoidance, Acceptance or sharing/defer, Mitigation or Transfer.
    • Residual Rating – Based on the mitigation/control plan being in place/active, what is the rating now.
    • Status – Can be Open, Closed, on Hold or Realised (became an Issue).
    • Progress updates – Updates on actions to mitigate the Risk or to describe contingency plans etc



There are many other aspects to Risks and Risk management; our team at Intuity would be happy to chat further on any Risk or Project Management needs.

Contact Intuity, to discuss your needs.

June 2022

By Mark Dunham, Intuity Consulting

[email protected]

0414 700 464