Risk management activities are applied to project management. Project risk is defined by the Project Management Institute (PMI) as, "an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives."^[1]

Within disciplines such as operational risk, financial risk and underwriting risk management, the concepts of risk, risk management and individual risks are nearly interchangeable; being either personnel or monetary impacts respectively. However, impacts in project risk management are more diverse, overlapping monetary, schedule, capability, quality and engineering disciplines. For this reason it is necessary in project risk management to specify the differences (paraphrased from the U.S. "Department of Defense Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs"):

• Risk management: Organizational policy for optimizing investments and (individual) risks to minimize the possibility of failure.
• Risk: The likelihood that a project will fail to meet its objectives.
• A risk: A single action, event or hardware component that contributes to an effort's risk.

An improvement on the PMI's PMBOK definition of risk management is to add a future date to the definition of a risk.^[2] Mathematically, this is expressed as a probability multiplied by an impact, with the inclusion of a future impact date and critical dates. This addition of future dates allows predictive approaches.^{[citation needed]}

Good project risk management depends on supporting organizational factors, having clear roles and responsibilities, and technical analysis.

Chronologically, project risk management may begin in recognizing a threat, or by examining an opportunity. For example, these may be competitor developments or novel products. Due to lack of definition, this is frequently performed qualitatively, or semi-quantitatively, using product or averaging models. This approach is used to prioritize possible solutions, where necessary.

In some instances it is possible to begin an analysis of alternatives, generating cost and development estimates for potential solutions.

Once an approach is selected, more familiar risk management tools and a general project risk management process may be used for the new projects:

• Risk management planning
• Risk identification and monetary identification
• Performing qualitative risk analysis
• Communicating the risk to stakeholders and the funders of the project
• Refining or iterating the risk based on research and new information
• Monitoring and controlling risks

Finally, risks must be integrated to provide a complete picture, so projects should be integrated into enterprise wide risk management, to seize opportunities related to the achievement of their objectives.

In order to make project management effective, the managers use risk management tools. It is necessary to assume the measures referring to the same risk of the project and accomplishing its objectives.^{[clarification needed][citation needed]}

The project risk management (PRM) system should be based on the competences of the employees willing to use them to achieve the project’s goal. The system should track down all the processes and their exposure which occur in the project, as well as the circumstances that generate risk and determine their effects. Nowadays, the big data analysis appears an emerging method to create knowledge from the data being generated by different sources in production processes. According to Górecki, big data seems to be the adequate tool for project risk management .^{[citation needed]}

• Committee of Sponsoring Organizations of the Treadway Commission
• ISO 31000
• Operational risk management
• Risk Management
• Risk appetite
• Risk management tools