Risk management is not task management

In every project, open issues arise. They’re not necessarily risks – but if left unresolved, they might become one.

Not long ago, I sat with a frustrated project manager. While preparing a status presentation, she struggled with how to present the “open issues”:

👉 If she included everything – it might look like she’s creating risks. 👉 If she downplayed them – the participants might feel the picture isn’t complete.

This isn’t about hiding information; it’s about balance. Professionally, the project manager’s role is to raise the issues, prepare them before the meeting, and tell the story in the best possible way.

The topics that require decisions should be precise and well-defined, so that during the meeting, decision-makers get a clear and focused picture. That way, the meeting will be efficient, and the most valuable resource – the decision-makers’ time, which is always in short supply – will be used optimally.

And here lies the distinction: Risk management is a different discipline. It operates across three clear levels: 1️⃣ Low – no mitigation required. If mitigation already exists, the risk isn’t truly low. 2️⃣ Medium – requires consideration of mitigation depending on impact and likelihood. 3️⃣ High – requires clear mitigation, otherwise it’s a direct threat to the project’s success.

How is this managed in practice? ✔️ Present your recommendation: the assessed risk level and the reasoning behind it. ✔️ Add examples of possible mitigations. ✔️ Leave the final decision to the organization – to accept, adjust, or choose differently.

This keeps risk management professional and transparent, distinguishing between “presenting open issues” and “making risk-based decisions.”

💡 A thought to take with you: When you present a project status – do you integrate risk management within your open issues, or keep it separate to avoid unwanted interpretation?

And how does all this relate to #DataIntegrity? One of the core principles in implementing regulatory requirements is the ability to manage risks – to speak about them, live them, and breathe them. True in system implementation, true in life.