Explaining Risk Breakdown Structure

All projects come with their fair share of risks and issues. Keeping track, monitoring, mitigating and resolving these ongoing risks is a critical part of ensuring project success. But constantly keeping an eye on a myriad of risks in an increasingly complex and fast-paced market is no easy task. That is exactly why tools like the Risk Breakdown Structure were developed to help project managers better navigate and overcome the challenges of risk management

Let’s dive deeper into Risk Breakdown Structure, the different benefits it brings organisations and how you can start tapping into this tool today.

What is a Risk Breakdown Structure

Risk breakdown structure (RBS) is a project management tool that organizes potential risk sources into a hierarchical framework. RBS typically organizes risks in terms of a risk scoring system that helps identify high-level risks and enables teams to prioritise addressing the right risks. It gives project managers greater clarity and visibility over both planned and unforeseen risks that may have a detrimental impact to project success. 

RBS is one of four other breakdown structure tools that enable project managers to better manage their projects. Some other breakdown tools you may tap into include:

  • Work breakdown structure: A framework that divides the project into smaller workable chunks.
  • Resource breakdown structure: A framework that helps teams divide resources such as people, equipment and materials across different projects within the organisation.
  • Organization breakdown structure: A framework that outlines the organisation’s structure and clarifies the relationships between different positions.

Benefits of a Risk Breakdown Structure

Here are some of the key benefits of a risk breakdown structure.

  • Provides complete visibility over project risks

Sometimes it can be hard to truly visualise the scale and severity of risks if they are not properly listed out, analysed and evaluated. The RBS encourages teams to take time to consider different planned and unplanned risks to then chart out how they can impact the success of the project.

  • Enables effective risk prioritisation and management

When you can see the problem, you are able to solve them more effectively. The RBS allows teams to properly prepare themselves by allowing them to prioritise risks and build the proper risk management strategies to mitigate the impacts or completely resolve the risks.

  • Allows for easy risk monitoring and reporting

A risk breakdown structure makes your ongoing monitoring and reporting activities much easier as you can easily upgrade or downgrade risk levels as the project progress. When paired with powerful project management software, you can take this to the next level with intuitive RAID logs and a real-time dashboard that ensures your teams are always on top of project risks at all times.

  • Pinpoints recurring risk themes

Sometimes the most pressing problems and risks can be those that hide right under our noses. RBS helps clearly identify and define risks that in turn enables teams to spot potential areas where risks are recurring and allow them to build proper strategies to mitigate or resolve these risks.

  • Defines overall  project risk exposure

One of the contributing factors to project failure is failing to understand the full scale of the risks involved with it. RBS helps teams get an early outlook of the project’s overall risk exposure to justify whether the project is worth starting in the first place.

How to use a risk breakdown structure in six easy steps

While there are no definite rules on how you should use a risk breakdown structure. Here are six general steps to help you get started on using a risk breakdown structure.

Step One: Identifying risk sources

Identifying the different risks is the first step to properly evaluating and then mitigating them. This requires project teams and managers to dive deep into both planned and unplanned risks by asking certain questions such as: 

  • What areas of the project are vulnerable or vague?
  • What risks have occurred in previous projects that could also occur here?

Several ways you can identify project risks is through brainstorming sessions, workshops, root-cause analysis activities, reviewing project documents, and SWOT analysis. A particularly handy tool during this process is to create a risk log or register that helps clearly list, document and define risks as well as clearly outline the different stakeholders and risk management measures involved with each risk.

Step Two: Categorizing risks

The risk breakdown structures do not only break down risks by their levels, but can also further define risks by their categories. Four common risk categories include:

  • External risks: risks that are outside the direct control of the team or organisation.
  • Internal risks: risks that are within the control of teams or the organisation.
  • Technical risks: risks that arise due to the ambiguities from technical requirements, scope or obsolete technology.
  • Project management risks: risks that can impact the everyday monitoring and managing of project activities.

However, do not feel limited to these categories alone. Depending on your project needs you may need to make additional categories that are relevant to your project and risk management needs.

Step Three: Analysing risk levels

The Project Management Institute recommends using two base factors to analyse risk levels: i) measuring the probability of the risk occurring and ii) evaluating the level of impact it has on overall project success.

  • Probability of risk occurring:
    • High probability (80% ≤ x ≤ 100%)
    • Medium-high probability (60% ≤ x
    • Medium-low probability (30% ≤ x
    • Low probability (0%
  • Level of risk impact:
    • High: catastrophic (rating A – 100)
    • Medium: critical (rating B – 50)
    • Low: marginal (rating C – 10)

Each risk is then evaluated and given a score rating by multiplying the risk of impact rating with the probability of the risk. This has been simplified through the matrix below:

Risk Level Assessment Matrix : Risk Management
Risk Level Assessment Matrix: Risk Management

Step Four: Reporting and monitoring risks

Consistently reporting and monitoring risk is a key function of project management. Communicating risk assessment outcomes to critical stakeholders is important to properly manage expectations, provide a deeper understanding of current project risks and help them make more informed decisions. 

It is important to note that risks reports are not the same as the project risk register and should only contain the most relevant or significant risks for key stakeholders to know. Additionally, risk reporting is best done consistently and periodically. 

Step Five: Conducting post-project reviews and comparisons

A risk management best practice is to conduct a post-project review of overall risk identification, analysis and mitigation activities. One of the key benefits of an RBS is that it provides clear documentation of risk management activities and escalation throughout the entire project process. This can be done by conducting post-project review sessions on workshops through which teams can gather and discuss their performance.

Additionally, teams can also pull from other projects to compare their RBS frameworks and risk management practices to further optimise their activities for the next round.

Step Six: Document lessons learned

Do not let any valuable experience and knowledge go to waste! Make sure to spend time properly documenting the lessons learned from your risk management and RBS related activities to help build a repository of data and knowledge that can help make your next risk breakdown structure more accurate and effective.

Start building your Risk Breakdown Structure today!

We don’t just want to talk about all the benefits of a risk breakdown structure. We want to help you tap into its benefits right now! That is why we have made a risk breakdown structure template just for you that you can customise and edit as you see fit. If still want to learn more about risk management and risk management tools, make sure to check out our amazing blog that dives deeper into risk management strategies, best practices and tips!

Daniel Stopher

Daniel Stopher

Dan is the Chief Customer Success Officer at pmo365. Helping clients globally achieve project portfolio success. Dan also loves surfing the eastern coast of Australia.

You may also like

8 Incident Management Best Practices
Project Management
Bill Allars

8 Incident Management Best Practices

No matter how well you plan your projects, manage your services and organise your teams, your organisation is bound to

Introduction to Incident Management
Project Management
Bill Allars

Introduction to Incident Management

No matter how well you plan and organise your teams, you are bound to encounter some form of unexpected disruption

What is an Issue Log? 
Project Management
Bill Allars

What is an Issue Log?

No matter how well you plan for your projects, there will always come a time when unexpected issues arise that

Get a Free Demo of pmo365