Get Instant Access
to This Blueprint

Project Portfolio Management icon

Right-Size Your Project Risk Investment

Avoid malinvestment in your approach to project risk.

The same approach to risk is often taken for these very different situations:

  • It is obvious that we would misspend the time required for any further risk assessment because the sponsor owns all the risk.
  • There may be some risk to doing this project that may affect multiple business stakeholders.
  • There is definitely risk involved in this project that will likely affect much or most of the enterprise.

Our Advice

Critical Insight

  • Something is better than nothing. Avoid the all-or-nothing mindset – it’s not PMBOK or bust. Even modest investments in risk will provide a return.
  • Don’t re-invent the wheel. Learn from and record current and historical risk events so lessons learned can easily be embedded into future projects.
  • Get a curator. Assign someone to own the risk topic and make it their job to keep a relevant menu of risks.

Impact and Result

  • Since all projects are not created equal from a risk perspective, create a standard process during intake or initiation to triage the appropriate rigor of the risk approach.
  • There will be a lot of overlap between projects, so why reinvent the wheel? Build a structured menu of potential risk events to consider early in the project and maintain that menu over time so it remains relevant. Provide easy access to the menu through a tool or template for all project managers to use during the project planning phase.
  • Right-size the total approach. There’s a tendency in the IT culture to either do things by the book or not do them at all. It’s not all or nothing. Even small investments in project risk planning can play dividends by avoiding disasters.

Right-Size Your Project Risk Investment Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should right size your approach to project risk management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Assess Your Current Approach to Project Risk Management

Shed the "all-or-nothing" mentality. Gain a better understanding of why project risk matters, assess your current state, and determine an approach to risk for your organization.

2. Develop an Organized Approach to Project Risk

Lay the foundation of effective risk management.

3. Create a Standard Risk Approach for Your Projects

Finalize a project risk process and prepare your organization's culture for implementation.

Right-Size Your Project Risk Investment preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 10 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess Your Current Approach
  • Call 1: Scope your current risk maturity and risk needs.
  • Call 2: Discuss the pros and cons of each risk approach.
  • Call 3: Set a target risk approach.

Guided Implementation 2: Develop an Organized Approach to Project Risk
  • Call 1: Discuss your major risk categories and their implications.
  • Call 2: Define a categorized approach to risk.
  • Call 3: Build a structured risk menu.
  • Call 4: Discuss and review your risk standard operating procedure (SOP) and toolkit.

Guided Implementation 3: Create a Standard Risk Approach
  • Call 1: Discuss the implications of the new process.
  • Call 2: Create an impact and change management plan.
  • Call 3: Set an implementation timeline.


Matt Burton


  • 13 anonymous contributors
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019