Risk & Governance
Every project faces uncertainty. Learn how to identify, assess, and manage risk — and build the governance structures that keep your project accountable, transparent, and on track.
⬇ Download Risk RegisterGovernance Aligned
Charities Code 2020Foundations
What is Risk Management?
Risk management is the systematic process of identifying, assessing, and responding to uncertainties that could affect a project's objectives. According to ISO 31000 (2018), risk is defined as the effect of uncertainty on objectives — and that uncertainty can be both negative (threats) and positive (opportunities). Effective risk management does not eliminate risk — it ensures that risks are understood, monitored, and responded to in a planned and proportionate way.
The PMI PMBOK Guide 7th Edition (2021) identifies risk management as one of the eight performance domains critical to project success. Research by the Association for Project Management (2022) found that projects with formal risk management processes are three times more likely to be delivered on time and within budget than those without.
For Irish small businesses and charities, the consequences of unmanaged risk are particularly acute. A missed funding deadline, a key volunteer departure, a regulatory compliance failure, or an unexpected cost overrun can threaten the viability of an entire programme. Risk management is not optional — it is a core governance responsibility.
- Has not happened yet
- Can be planned for in advance
- Probability & impact can be estimated
- Is happening right now
- Requires immediate response action
- Must be logged and escalated promptly
The Process
Five Steps to Managing Risk Effectively.
The ISO 31000 risk management framework provides a universal five-step process that applies to every project regardless of size, sector, or complexity.
Step 1 — Identify
- Use brainstorming, checklists, interviews, and lessons learned from previous projects
- Consider all risk categories: financial, operational, regulatory, reputational, and resource risks
- In Irish charities, always consider funding dependency risk and volunteer availability risk
Step 2 — Assess
- Score each risk on probability (1–5) and impact (1–5) to create a risk score (probability × impact)
- Plot risks on the risk matrix to visualise your overall risk profile across all risk categories
- Prioritise the highest scoring risks for immediate response planning and owner assignment
Step 3 — Plan Response
- Avoid: change the project plan to eliminate the risk entirely where possible
- Transfer: shift the risk to a third party through insurance, contract, or warranty
- Mitigate: take action to reduce the probability or impact; Accept: prepare a contingency plan
Step 4 — Implement
- Assign a named risk owner responsible for monitoring and responding to each risk
- Implement agreed mitigation actions within the project schedule and track completion
- Ensure contingency budgets and contingency plans are in place before risks occur
Step 5 — Monitor
- Review the risk register at every team meeting and include risks in every status report
- Update probability and impact scores as the project progresses through its lifecycle
- Close risks that have passed their trigger date and add new risks as they are identified
This five-step process, aligned with ISO 31000 (2018) and the PMI PMBOK Guide (2021), provides Irish organisations with a systematic and proportionate approach to risk management that scales from a small community event to a complex multi-year programme.
Risk Assessment Tool
The Risk Matrix.
The risk matrix is the most widely used tool for visualising and prioritising project risks. Click any cell to explore what that risk level means and how to respond.
Governance
What is Project Governance?
Project governance is the framework of rules, responsibilities, and processes that guide how project decisions are made, who makes them, and how accountability is maintained throughout the project lifecycle. According to the APM Body of Knowledge (2019), effective governance is one of the most significant determinants of project success — yet it is consistently underinvested in by small organisations.
A governance framework defines: who has decision-making authority at each level; how changes to scope, budget, or timeline are approved; how progress is reported and to whom; and what happens when things go wrong. Without this structure, even well-planned projects can drift, conflict, and fail.
For Irish charities, governance is not just good practice — it is a legal requirement. The Charities Regulator Governance Code (2020) sets out five principles that all registered charities must adhere to. Project management governance must be designed in alignment with these principles from the outset.
Project Board / Steering Group
Strategic authority and ultimate accountability
Project Manager
Day-to-day delivery decisions
Risk Owner
Risk monitoring and response
Project Team
Delivery execution
Finance Lead
Budget oversight
Comms Lead
Stakeholder reporting
Irish Governance Code
The Charities Regulator Governance Code 2020.
All registered Irish charities are required to comply with the Charities Regulator Governance Code. Here are the five core principles every charity project manager must understand.
Leading the Charity
The board provides strategic leadership, sets direction, and ensures the charity operates in accordance with its mission and legal obligations.
Exercising Control
The board maintains proper oversight of finances, risk, and performance — ensuring resources are used effectively and accountability is maintained at all levels.
Being Transparent and Accountable
The charity openly reports on its activities, finances, and impact to funders, beneficiaries, and the public — building trust and credibility.
Working Effectively
The board and staff work together with clear roles, good information, sound processes, and a commitment to continuous improvement.
Behaving with Integrity
The charity operates with honesty, fairness, and respect — managing conflicts of interest and upholding the highest ethical standards.
All Irish charities with income over €250,000 must comply with the full Governance Code. Smaller charities are encouraged to adopt it as best practice.
Data and Insights
Risk and Governance by the Numbers.
Research consistently shows that formal risk and governance practices dramatically improve project outcomes for organisations of all sizes.
How Irish Projects Encounter Risk
Free Templates
Download Your Risk Management Templates.
Two free, professionally designed templates to help you implement risk management on your next project.
Watch and Learn
Understanding Risk Management in Practice.
Watch this professional explainer on project risk management — practical, accessible, and directly applicable to Irish organisations.
For further reading on risk management standards visit iso.org for ISO 31000 and pmi.org for the full PMBOK risk management performance domain.
Further Reading and Resources
Go Deeper.
ISO 31000:2018 Risk Management Guidelines
The international standard for risk management — the definitive reference for any project risk management framework.
Visit iso.orgCharities Regulator Governance Code
Essential reading for every Irish charity — the full Governance Code with practical implementation guidance.
Visit charitiesregulator.ieRisk Register and Governance Checklist
Two free professionally designed templates for implementing risk and governance on your next Irish project.
⬇ Download Free PDF