Workflow of project risk assessment

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of Project Risk Assessment

    The workflow of project risk assessment integrates Project Portfolio Management with Governance, Risk, and Compliance capabilities. It involves a systematic series of steps where project risks are identified, assessed, and potentially elevated to enterprise risks, which can significantly impact business operations and reputation.

    Show full answer Show less

    Key Features

    • Risk Identification: Project managers identify and add risks using either manual entry or a risk library.
    • Risk Assessment Initiation: After adding risks, project managers initiate assessments, defining assessors and approvers in the Project Integration Configuration form, who then receive email notifications.
    • Assessment Process: Risk assessors, notified via email, can assess risks through provided links or by navigating to the Risk Assessment Tasks section.
    • Risk Elevation: If deemed impactful to the enterprise, project risks can be elevated to enterprise risks, triggering additional assessments from enterprise risk managers.
    • Risk Management Tools: Project managers can convert risks into issues when necessary and utilize a heatmap in the Risk Overview section to visualize and prioritize high-impact or high-likelihood risks.
    • Aggregated Risk Score: Assessed risks contribute to an aggregated risk score that is reportable to stakeholders.

    Key Outcomes

    Implementing this workflow allows project managers to effectively manage project risks, monitor risk posture through dashboards, and take informed actions when risks materialize. Continuous reassessment ensures that any changes in risk scores are communicated to enterprise risk assessors, maintaining an up-to-date understanding of both project and enterprise risk landscapes.

    To understand the integration of Project Portfolio Management and Governance, Risk, and Compliance risk management capabilities, it is important to understand the workflow of project risk assessment.

    Project risk assessment follows a sequence of steps. Sometimes, a risk is elevated to an enterprise risk after the risk is assessed. An enterprise risk is a risk that can cause monetary or reputational losses. It can jeopardize your ability to stay in business.

    The workflow of project risk assessment is as follows:
    1. A project manager identifies risks and adds those risks to a project. The manager can either create risks or add them from a library. The project manager has the it_project_manager and sn_grc.business_user roles. For more information, see Add risks for a project.
    2. The project manager then initiates risk assessment for the newly added risks. In the Project Integration Configuration form, the assessors and approvers are defined for the assessment. They get an email notification to assess the risks.
      Note:
      You can only assess the risks that are in the Pending, Open, or Work in Progress state.
    3. If the Project Integration Configuration form has stakeholders selected as assessors, then the project manager must manually assign the risks to the relevant stakeholder.
    4. As a risk specialist, the risk assessor is notified about the new risks for assessment.

      The risk assessor can use the link in the email notification to start the assessment. Alternatively, the risk assessor can navigate to Advanced Risk Assessment > Risk Assessment Tasks > My Tasks to perform advanced risk assessment. See Advanced Risk Assessment.

    5. In the project risk form, the project manager reviews the Risk Assessment Summary section to view the risk assessment scores.
    6. If the project manager determines that the project risk has an impact on the enterprise, then the project manager can elevate the risk to an enterprise risk.
      Note:
      When a project risk is elevated to an enterprise risk, the project risk is copied from the project risk register to the enterprise risk register.
    7. If a risk is elevated to an enterprise risk, the enterprise risk manager is requested to assess the risk.
    8. The project manager views the enterprise inherent risk score and the enterprise residual risk score in the Risk Assessment Summary.
    9. As part of the Project Portfolio Management workflow, if a risk materializes and an action must be taken for this risk, then the project manager can convert the risk into an issue. For more information, see RIDAC (Risk, Issue, Decision, Action, and Request Changes) record entries for a project.
    10. The project manager can also view the project risk posture through the heatmap in the Risk Overview section on the project form. The heatmap displays high impact risks and high likelihood risks. With the heatmap, you can prioritize the risks that need immediate attention. The risks that are assessed contribute to the aggregated risk score. The aggregated risk score is a single score that can be reported to all the stakeholders. For more information, see Create a project.
    11. View the Project Risk Overview dashboard to understand the overall risk posture of project risks and of enterprise risks. For more information, see Project Risk Overview dashboard.
    Note:
    The assessor and the approver must have risk business user role (sn_grc.business_user) to perform the required tasks. If the project risks are reassessed for any reason and the scores change, then the enterprise risk assessor gets an email notification with the option to reassess the enterprise risk.
    The key users and the user journey are shown in the following figures.
    Figure 1. Key users of Project Portfolio Management and Risk Integration
    Key personas who use the PPM and Risk integration feature
    Figure 2. User journey of Project Portfolio Management and risk integration
    PPM and Advanced Risk Assessment integration user journey