26 May, 2025

Turn Risk into Strength: How to Build a Better Project Risk Culture


A robust risk culture goes beyond having a strong basic risk management process. But the rewards for the extra work you’ll put in to build that culture are huge. This is particularly so when you have to deliver large, complex, or strategically important projects.

Some of my readers may hope to influence the risk culture of their whole organization. But, for many, I suspect this may be too great an ambition. For you, the right aspiration is to build a positive risk culture within your project. As a Project Manager, that’s entirely within your scope.

But these ideas do scale. And the process for creating a robust risk management culture within your project can apply equally if you get a chance to influence your wider organization.

Turn Risk into Strength: How to Build a Better Project Risk Culture

What we will cover

In this article, I will cover everything you need to know:

We start, of course, with the absolute basic question…

What is Risk Culture?

Risk culture is a shared set of processes, knowledge, attitudes, beliefs, and values about how to deal with risk. If your team has a common purpose and approaches risk in a consistent way that reflects that purpose, that will protect your project and make it more secure.

So, what does ‘good’ look like?

For your risk culture to work well, three things need to come into alignment:

  1. Attitudes and Ethics
    You, your Project Sponsor, and your Project Board need to set the right tone from the top of your project organization. And that needs to be reflected by a sense of personal responsibility for risk throughout your project. Team members need to be constantly aware of risk and share a common attitude to it. You also need to cultivate a consistent attitude to project risks among your stakeholders.
  2. Behaviors and Practices
    You and your team need to act on, as well as think about, risk. To make this work, you need a solid set of risk awareness and management processes. These need to work smoothly and be an integral part of how your project does things, rather than just an add-on to other processes. Information about risks needs to flow, and people need to deal with it quickly and consistently.
  3. Rewards and Recognition
    You need to back up attitudes and processes with recognition and reward for people who do things right. Accountability is vital, but people will only accept it if they know that, by doing so, they will gain endorsement for their behavior. This is especially so if you set out to build a ‘whistle-blower’ procedure to bring to the surface any poor practices or failings. Whistle-blowers must enjoy protection and support. A good risk culture will be a ‘no-blame’ culture, where calling out and owning up to mistakes feels completely safe.

With these components in place, your project can be confident in making informed decisions and in understanding the risks it takes.

What are the Benefits of a Robust Risk Culture?

A project is a temporary endeavor. So why would you go to the extra trouble of creating an infrastructure?

Every project will have a culture, whether you craft it or not. Part of the project leadership role is to decide what culture will serve your project best, and to work at creating it. It isn’t extra work to create a culture: it’s extra work to create a worthwhile one.

And there are plenty of benefits you can gain by embedding risk management into your day-to-day project practices. These work together to have an increasing effect on the overall health and performance of your project.

Systems and Procedures

When you build risk management into your culture, you will reduce the overhead of imposing risk management at each step. Your team will apply a consistent set of processes, with standard tools and templates, automatically. And, for a longer project, you’ll be able to optimize these over time, to work more and more efficiently. Ideally, if you can also provide your team with training, you will see greater consistency in how they apply your processes.

Records and History

One of the challenges of identifying and analyzing risk is to learn from the past. By placing risk management at the heart of your project culture, you can build an archive of knowledge to carry forward to future projects. You may or may not be able to begin embedding this culture more widely in your organization. But you have a career ahead of you, and you can carry this knowledge with you from project to project.

Patterns and trends may start to emerge that you can use to optimize your risk planning and processes, and inform benchmarks and metrics. This will help you improve your budget and schedule estimates, and therefore reduce cost and schedule over-runs.

Attitudes and Values

Prudent behavior is an obvious outcome of a more risk-aware culture. But prudence is just a filter applied to your decisions. The more powerful outcome will be better quality decision-making.

You get better decisions when they can draw upon more data, and gain a deeper understanding of the nature of risk and uncertainty. You will start to see more consistency in how your team evaluates scenarios, seeing risk as a core business and strategic issue, rather than a stand-alone project-only concern.

Probity and Control

Your biggest wins will come from better governance, with little or no extra cost and time overhead. Taking an evidence-based approach to planning, strategy development, and policy-making will lead to more robust decisions, with conscious choices around risk profile. And when you apply risk methodologies in a consistent way, they will contribute to improved oversight and transparency around high-risk decisions.

How to Create a Robust Risk Culture in Your Project

As a Project Manager, you will almost certainly be thinking:

Okay, I buy it. I want a robust risk culture… What’s the plan?’

So let me give you a workplan, in the form of an outline Work Breakdown Structure.

Phase 1: Getting Started

Set up the right conditions from the outset.

  1. Sponsorship
    1. Engage your project sponsor
      The process must start with you, but without the support of your project sponsor, you run the risk of team members wondering how important risk management really is.
    2. Win top-tier commitment
      Your sponsor must win support across the top of your project’s governance structure, and among other senior people who need to be a part of your project process.
    3. Access resources and budget
      Commitment must be conspicuous to everyone, and backed up by funding and resources. Include your risk culture in your project budget from the start.
  2. Communication
    1. Communicate the imperative
      Start communicating the imperative for solid risk management and your intent to build a robust culture, from early on.
    2. Stakeholder engagement
      As you would with any project, identify and analyze stakeholders in your plan to create a risk culture, and build a thorough communications plan. Be sure to consult and inform appropriately.
    3. Reporting
      Create a reporting process to ensure your sponsor and project board can monitor and guide progress.

Phase 2: Build Your Assets

Give people the knowledge, tools, and processes they need.

  1. Team
    1. Team Enrolment
      When you bring on new people to work on the project, ideally find people who share your attitude to a strong risk culture. But, as a necessity, share your expectations with new team members as they join.
    2. Brief your team
      You want to create a common understanding of the culture you are creating, and the processes and behaviors that go with it. If necessary, provide training or other development opportunities
    3. Build depth of understanding
      Keep people up-to-date by sharing new thinking and good practices that emerge. Use lessons learned reviews and project meetings to fine-tune processes and behaviors.
  2. Basics
    1. Create the basic process and basic supporting tools
      Adapt or create the tools, templates, and process that will implement the behaviors you want.
    2. Make them ‘Good’
      Test and refine your tools, but do not aim for perfect. Aim for the continuous improvement of your processes and tools iteratively.
    3. Share your processes and tools
      Get your process and toolset out into your wider organization. You may not aspire to create change at that level, but by adopting a generous approach to sharing, you’ll create a somewhat more comfortable environment for your own project’s culture to sit within.

Phase 3: Demonstrate and Grow Value

Let your team succeed and find ways to recognize and celebrate their successes.

  1. Quick wins
    1. Create quick wins
      Look for opportunities to demonstrate the value of what you are doing.
    2. Communicate successes widely
      Ideal opportunities are formal project reports and presentations – particularly to senior executives in your organization. But there are also informal opportunities with project bulletins and knowledge sharing.
    3. Engage champions
      Look for enthusiasts from among your team; people who have seen success and feel part of it. Then, engage them to spread the word to your wider stakeholder community.
  2. Learning and Development
    1. Evaluate early implementation or piloting of processes and tools
      Discover what works and what does not.
    2. Enhance your initial process and tools
      Develop the processes and tools, and supplement with more tools.
    3. Develop briefing and training materials.
      For a long project, you’ll need to brief and train new team members as they come on board.

Extending the Risk Culture Beyond Your Project

If you do aspire to extend your Risk Culture beyond your project, then one way is to treat a successful project implementation of risk culture as an organizational pilot.

  1. Roll-out
    1. Training
      Create a training program and make a schedule for a wider organizational staff to attend modules designed for their work.
    2. Communication
      Build an organization-wide communication plan and maintain your communication process relentlessly.
    3. On-going support
      Set up mechanisms to support practitioners who are using your new processes and tools.
  2. Embedding and Reviewing
    1. Assess progress periodically
      If necessary, step in and make changes.
    2. Scan your business, political, and competitive environment for changes that should inform regular reviews of your processes, tools, and decision criteria.
    3. Consolidate performance and reward successes.
      Recognize the contributions team members make and find ways to celebrate and reward their work.

The Assets You’ll Need for a Strong Project Risk Culture

In this section, I want to briefly outline the asset set you’ll need to develop, to maintain your risk culture.

Policies

A risk culture needs underlying policies. But keep them as light-touch as you can. They need to reflect the nature of your project and the risks it faces. Think about factors like scale, complexity, value, and the consequences of success or failure.

Crucially, your policies should identify responsibilities at all levels. Everyone must share responsibility – that is the meaning of ‘culture’.  But who will take the lead on risk management, and review the processes, tools, and outcomes? And what about governance? How will risk be monitored at Sponsor or Project Board level?

Processes

Develop processes that meet the needs of your project and fit the priorities of your stakeholders. You will do better with a simple process that is used effectively than a comprehensive one that is soon abandoned or used infrequently. Document your processes clearly, and disseminate them widely. And keep them under periodic review.

Perhaps most important is the need to integrate your processes with supporting infrastructure like:

  • tools
  • templates
  • contract forms
  • technology
  • reporting and escalation processes
  • how you communicate with your organization and stakeholders,
  • other project and program management processes,
  • organizational process for knowledge management,
  • team-member training and induction.

Tool-set

Build a set of tools to meet your project’s needs, and follow the process you’ve created. The most fundamental risk tool will be a risk register. But, on larger projects, you will need more; all the way up to complex and costly enterprise-scale software products.

Capabilities

Set up training and learning programs to create a team of capable people who share a common understanding, language, and toolset. After training, create opportunities for everyone to use their new knowledge and develop their skills, judgment, and awareness. Maintain their professional development by encouraging the sharing of experiences and learning.

Incentives and Recognition

The old saying ‘what gets measured gets managed’ is true here. If you don’t monitor and gather data on risk management activities, then there will be little incentive for people to comply.

Likewise, if your sponsor and project board do not review what these data are telling them and act on what they learn, then poor performance will be tolerated. Use simple incentives like recognition and thanks. And, above all, ensure that people know what you expect of them and that this expectation is a part of how you will assess their performance on your project.

Implementation Imperatives

As with all change, establishing this culture needs commitment throughout your project, but especially from the top. This means that, once started, you must maintain your commitment to it.

More than that, you need conspicuous support and endorsement from the governance structures and individuals who oversee your project. Lobby them hard.

As a project manager, risk management is in your blood. You are used to imposing discipline around uncertainty and the pressures of a project environment. But here is your chance to do it well.

A Risk Culture can achieve two things at the same time

It can:

  • Make your life easier by making important behaviors into the default, and
  • Enhance your project’s performance and results.

Whilst this kind of culture-building is never easy, this is not a costly initiative, yet it offers a great return on effort. I urge you to consider it.


Learn More about Risk Management and Project Risk Culture

If you want to focus on building a safety-first risk management culture, the first place to start is with my interview with Professor Andrew Sherry of the University of Manchester. He has huge experience in safety-critical industry settings and great examples to help understand the why and how of creating a risk culture…

After that, we have great resources that cover all aspects of Risk Management…

The Basics of Risk Management

The Risk Management Process

More Advanced Risk Management Ideas

Risk Management Certification

Avoid Project Failure

Project failure is all too common. What are the reasons for it, and how can you stop them?


What are Your Experiences of Creating a Project Risk Culture

I’d love to read about your experiences, observations, or questions and will always respond to any comments below.

PNGs by Vecteezy

Never miss an article or video!

Get notified of every new article or video we publish, when we publish it.

Mike Clayton

About the Author...

Dr Mike Clayton is one of the most successful and in-demand project management trainers in the UK. He is author of 14 best-selling books, including four about project management. He is also a prolific blogger and contributor to ProjectManager.com and Project, the journal of the Association for Project Management. Between 1990 and 2002, Mike was a successful project manager, leading large project teams and delivering complex projects. In 2016, Mike launched OnlinePMCourses.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Never miss an article or video!

 Get notified of every new article or video we publish, when we publish it.

>