Identifying and Mitigating Project Risks in Proposals

Risk management is a topic that appears in nearly every grant application and helps grant reviewers assess an applicant’s level of project readiness.

Although grant funders are generally less inclined to support high-risk projects, claiming “there are no risks” is an ineffective approach. Every project carries risks, even with the most carefully prepared plans. Grant reviewers want to know that you understand the risks and have a viable plan to address them.

A compelling project plan will convey how you have considered and accounted for appropriate risks, increasing your chances of successfully implementing the project and demonstrating your expertise.

 

Identifying Risks

A comprehensive risk management plan will consider risks in the following areas but may include additional categories. Gather input from each department participating in the project to evaluate the full scope of risks and develop effective mitigation strategies.

• Financial/Economic

• Legal compliance

• Permitting/Environmental

• Risks to the surrounding community

• Timeline

• Supply chain

• Access to labor

• Operations

• Procurement

• Engineering

• Construction

• Weather/Climate

• Marketing/Commercial Deployment

 

Tracking and Managing Risks 

1. Risk Registers

Create a risk register to organize and track project risks. Use a format and a platform that makes the most sense for your organization’s purposes, such as Excel or an existing project management system. Risk registers vary in style and level of detail. Start with a simple format, like the example in the table below, and consider the following information:

• Risk category: Identify the type of risk at a high level.

• Description: Briefly describe the risk and its cause.

• Impact or consequence: How will the risk impact your project, if it is not avoided?

• Probability: How likely is it that this risk will occur? Start by ranking risks as high, medium, or low. Define the criteria for each level to help rank the probability consistently.

• Mitigation: Identify the strategy for responding to the risk in order to avoid or reduce it.

2. Risk Matrix

To analyze risks in greater detail, the next step is to create a matrix. A risk matrix can help you prioritize mitigation efforts by further assessing a risk’s likelihood and overall impact on the project.

Defining Likelihood: To define a risk’s likelihood, develop a list of criteria and assign each item with numerical value, like in the example below:

Defining Impact: You can use a similar method to define and assess a risk’s level of impact on a project. Develop a list of categories that make sense to your project and define the criteria for each category.

Prioritizing Risks: Utilize the likelihood and impact assessments to rank each risk as high, medium, or low and create your risk matrix. An example risk matrix is included in the table below.

Updating the Risk Register: After incorporating the risk matrix into the register, an updated register might appear as follows:

Discussing Risk Management in a Proposal

Almost all grant applications ask applicants to discuss their risk management strategy. While a risk register or matrix can help set you up for success, you don’t necessarily have to present those in a proposal. It’s most important to keep the following points in mind:

• Identify a list of risks and the mitigation strategies: You will likely not have enough space to include an entire risk register in a proposal. You can present a summarized version in a table format, such as the examples in this blog, or create a simple list. Review the proposal criteria to help inform your answer's level of detail and narrow down categories. At a minimum, describe each risk and an associated mitigation plan.

• Discuss risk management from a project management perspective: Discuss how your team is actively tracking, assessing, and monitoring risks. What tools or systems do you utilize to help with risk management? What practices or procedures are in place? Describe the risk register if your team has one. Also, discuss how often your team reviews and updates the risks on the register to retire outdated risks or to add and monitor new risks.