5 June, 2025

Think You Know Risk? Top 15 Risk Management Myths Busted


If you’re like me, you’ll be tired of hearing some of the common misconceptions about risk. But if you are newer to project management, or just starting to focus your attention on risk, you may come across some of the common risk management myths and not know how to respond.

Here, then, are my top 15 risk management myths and fallacies.

This video is safe for viewing in the workplace.

This is learning, so, sit back and enjoy

Risk Management Myths

1. Risk management is a waste of time

This myth assumes that risk management doesn’t add value and only slows projects down. In reality, effective risk management improves decision-making, reduces costly surprises, and increases project resilience. When done well, it helps teams focus on what truly matters, ensuring resources are spent wisely rather than firefighting problems later.

2. Risk management is just admin or just a compliance task – JFDI

Many see risk management as a bureaucratic exercise—filling out forms and ticking boxes. This is a misunderstanding. Risk management is about actively identifying and responding to uncertainties that can impact objectives. A proactive approach integrates risk into decision-making, making it a strategic enabler rather than a procedural burden.

3. All risk is bad

This myth stems from a misunderstanding of risk as purely negative. In reality, risk includes both threats and opportunities. Managing risk effectively means identifying positive risks (opportunities) and maximizing their potential while mitigating negative risks. A project without any risk is either stagnant or failing to seize potential advantages.

4. We should avoid risk

Avoidance is not always the best strategy, and in many cases, it’s not even possible. Avoiding all risk can mean missing out on opportunities for innovation, efficiency, and growth. The right approach is to assess risks, understand them, and take calculated risks where the potential benefits outweigh the downsides.

5. Risk management means not taking risks

This myth portrays risk management as excessively cautious, leading to inaction. In truth, risk management is about making informed choices—not avoiding risks altogether. The goal is to take risks intelligently by understanding potential impacts, planning responses, and ensuring risks are aligned with business objectives.

6. Risk management is a buzz-kill

Some believe risk management stifles creativity and innovation. However, well-managed risk actually enables innovation by allowing organizations to take smart risks with confidence. Rather than saying “no” to every idea, risk management helps refine and execute bold initiatives while reducing the chance of failure.

7. Risk management is complicated

While risk management can be complex in certain contexts, it doesn’t have to be overly complicated. The fundamental principles—identifying, assessing, and responding to risks—are straightforward. A simple, structured approach tailored to the project’s needs is often more effective than over-engineered risk processes.

8. Linear scales work for impact and likelihood

Using simple 1-to-5 scales for impact and likelihood assumes that risk behaves in a linear way, which is rarely true. Many risks follow non-linear patterns, meaning small changes in likelihood or impact can have outsized consequences. More sophisticated approaches, such as logarithmic scales or scenario analysis, provide a better picture of risk severity.

9. Probability estimates are reliable

Risk probability is often treated as a precise figure, but in reality, it’s an estimate based on incomplete information. Human biases, lack of data, and unexpected variables make probability estimates inherently uncertain. A better approach is to use probability ranges and sensitivity analysis rather than relying on single-point estimates.

10. The risk matrix gives a quantitative measure of risk

Risk matrices are widely used but often misleading. They provide a visual representation of risk but lack true quantitative precision. A “high” or “medium” risk rating is subjective and depends on how categories are defined. Quantitative risk analysis, where possible, offers a more accurate understanding of risk exposure.

11. Impact and likelihood are all that matter

Focusing only on impact and likelihood ignores other crucial factors, such as risk velocity (how quickly a risk materializes), interdependencies, and the organization’s risk appetite. Some low-probability risks can have extreme consequences and require attention even if their likelihood is low. A more holistic view of risk is necessary.

12. Objective estimates are possible

Many assume risk assessments can be purely objective, but all risk estimates involve some level of subjectivity. Even with data, assumptions and judgment calls are required. The best approach is to combine data-driven insights with expert opinions while acknowledging uncertainties and biases.

13. The risk register is everything

A risk register is a useful tool, but it’s not a substitute for active risk management. Listing risks is not enough—what matters is how they are analyzed, communicated, and acted upon. Risk management should be an ongoing, dynamic process rather than a static document exercise.

14. A risk transferred is a risk removed

Transferring risk, such as through insurance or contracts, does not eliminate it. The risk still exists; it’s just assigned to another party. Moreover, poorly designed risk transfers can introduce new risks, such as legal disputes or reputational damage. Effective risk transfer requires careful planning and oversight.

15. Let’s ignore risks we cannot control

Just because a risk is beyond direct control doesn’t mean it should be ignored. External risks (e.g., economic shifts, regulatory changes) can be monitored, mitigated, or prepared for through contingency planning. Ignoring them increases vulnerability, whereas proactive strategies—like scenario planning—help organizations stay agile.


What Kit does a Project Manager Need?

I asked Project Managers in a couple of forums what material things you need to have, to do your job as a Project Manager. They responded magnificently. I compiled their answers into a Kit list. I added my own. 

Check out the Kit a Project Manager needs

Note that the links are affiliated.

Learn Still More

For more great Project Management videos, please subscribe to the OnlinePMCourses YouTube channel.

If you want basic Management Courses – free training hosted on YouTube, with 2 new management lessons a week, check out our sister channel, Management Courses.

For more of our Project Management videos in themed collections, join our Free Academy of Project Management.

For more of our videos in themed collections, join our Free Academy of Project Management

Never miss an article or video!

Get notified of every new article or video we publish, when we publish it.

Mike Clayton

About the Author...

Dr Mike Clayton is one of the most successful and in-demand project management trainers in the UK. He is author of 14 best-selling books, including four about project management. He is also a prolific blogger and contributor to ProjectManager.com and Project, the journal of the Association for Project Management. Between 1990 and 2002, Mike was a successful project manager, leading large project teams and delivering complex projects. In 2016, Mike launched OnlinePMCourses.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Never miss an article or video!

 Get notified of every new article or video we publish, when we publish it.

>