Explore answers, insights and our mission to serve communities in need.
Project risks
No project is risk-free. Anyone who claims otherwise has either not thought things through thoroughly enough – or is concealing something. Risks are an integral part of project work, and the crucial difference between a well-run and a poorly run organisation lies not in whether risks arise, but in how they are managed. Those who identify and assess risks at an early stage and address them with a clear plan not only protect the project itself – they also protect the people for whom it is intended. Particularly in humanitarian work, where delays or mistakes can have a direct impact on vulnerable groups, well-thought-out risk management is not a mere formality, but a matter of responsibility.
What risk management means in day-to-day project work
Risk management does not mean avoiding all risks – that would be neither possible nor sensible. It is about gaining a clear overview of potential hazards, assessing their likelihood and potential impact, and developing targeted measures to address them. This process does not begin only once a problem has arisen, but long before that – during the planning phase of a project.
Good risk management is not a one-off exercise. It accompanies a project from start to finish and is regularly updated. This is because the risk landscape can change significantly over the course of a project: new stakeholders may join, political conditions may shift, and unforeseen events may occur. Anyone who draws up their risk profile just once at the outset and then fails to update it has only done half the job.
Structured risk management is particularly important for organisations working in unstable regions or those that rely on external funding. It safeguards the continuity of their work and ensures that they remain able to operate even in the event of a crisis – for the benefit of all those who depend on their support.
The main types of risk in project work
Risks can be divided into different categories. This categorisation helps to maintain an overview and ensure that no key area is overlooked.
Operational and organisational risks
Operational risks arise directly from the implementation of the project. These include the absence of key staff members, delays in the delivery of materials, technical problems or communication difficulties between partners. These risks are often easily foreseeable and can be mitigated by relatively simple measures – such as clear arrangements for cover, buffer periods in the project schedule or written agreements with partner organisations.
Organisational risks relate to the internal structure of an organisation: unclear lines of responsibility, a lack of communication between departments, or staff lacking the necessary skills. They are often more difficult to identify because they develop gradually and only become apparent once damage has already been done. Regular internal reviews and a culture of open feedback help to bring such risks to light at an early stage.
External and contextual risks
External risks lie outside an organisation’s direct sphere of influence but can have a significant impact on a project. Natural disasters, political instability, economic crises or sudden changes in the funding landscape are examples of this. Anyone working in regions regularly affected by typhoons, floods or other natural disasters must factor these risks in from the outset – with appropriate contingency plans and sufficient reserves.
Social and cultural factors can also pose risks. Measures that are not culturally acceptable or that offend local sensibilities can cause even well-planned projects to fail. A careful analysis of the local context and the close involvement of local partners are the most effective ways of countering these risks.
Assessing and prioritising risks
Not all risks are equally serious. A structured assessment is therefore necessary, one that takes two factors into account: the likelihood of a risk occurring and the severity of the consequences should it occur. This combination results in a list of priorities that identifies which risks deserve particular attention.
The following steps will help you to systematically identify and assess risks:
- Document all relevant risks in a risk register, which is updated regularly
- Assess the probability and potential impact of each risk – for example, on a scale of one to five
- Appoint persons responsible for monitoring and managing specific risks
- Set out specific measures to be taken should such an event occur – and communicate these in advance
- Regular review of the risk register, at least quarterly or following significant changes to the project
When risk becomes reality
Even the best risk management cannot prevent things from going wrong. What matters then is how an organisation responds. Speed, clarity and communication are the most important resources in crisis situations. Those who have defined in advance who is authorised to make which decisions in which situations will act far more efficiently in an emergency than those who only start looking for lines of authority once the crisis is underway.
External communication is just as important. Funding bodies, partners and supporters should be kept informed promptly and honestly if a project runs into difficulties. Anyone who conceals problems risks a far greater loss of trust than someone who communicates openly whilst demonstrating that they have the situation under control.
Ultimately, managing risks means taking responsibility – for the project, for the resources deployed, and for the people who are to benefit from the work. This is no easy task. But it is inextricably linked to the commitment to doing a truly good job.