Controls to Reduce Risk & Pitfalls to Avoid


There are numerous controls to avoid and reduce the risks to your project or organization. Though the risk is not always avoidable, there are ways to alter it. Below are proven controls used to alter risk.


– Engineering Controls: these are controls that reduce risk using engineering methods. This can include:

1. How one designs a project

2. The material used in a project

3. How one substitutes materials to meet technical and economic needs

– Administrative Controls: there are a variety of controls that reduce risk through administrative actions:

1. Creating signs, placards, posters, and visible warnings

2. Creating programs, standard operating procedures (SOPs), instructional material, and having policies in place

3. Conducting training and practicing plans before they are used

4. Limiting how exposed personnel are to hazards by reducing their time in an area and where they are working by policy and proper training. 

– Physical Controls: these controls act as barriers to protect personnel. These can include:

1. Personal protective equipment (PPE)

2. Fences

3. Personnel/Supervisors that oversee safety

Pitfalls to Avoid

In addition to knowing some of the common controls used in risk management, it is important to know the mistakes (pitfalls) you should avoid. Below is a list of common pitfalls seen in risk management:

– Over Optimism: overlooking root causes and not being honest with risks associated with your project/company.

– Misrepresentation: relying on one or very few perspectives (*this skews your data!)

– Alarmism: “worst case” events are included in assessments regardless of their likelihood (*they should be considered, but not given the highest priority!)

– Indiscrimination: All risks are given the same value or priority (*not all risks are the same priority!)

– Prejudice: subjective opinions are used rather than facts in assessing risk.

– Inaccuracy: using poor information or data to assess your risks.


The controls mentioned above are only some of the ways to alter risk, and we encourage you to use these controls in addition to your own. On top of this, your organization or project may experience pitfalls not mentioned above. There is no simple “one-size-fits-all” approach to risk management. However, controls like these can inspire you or your organization. We hope that after reading this, you learned a new way to approach risk management for your next project.

Source Used

Greenert, J. (2010). “OPNAV INSTRUCTION 3500.39C.” Department of the

Navy, Office of the Chief of Naval Operations, p. 1 – 41.

The Risk Management Cycle


The risk management cycle is a model organizations and project managers use and is fundamental to their risk management framework. This cycle includes the steps taken to reduce risk and can be modified according to the needs of the organization or project. The risk management cycle featured in this article will focus on four areas. These include identifying the risk, analyzing & evaluating the risk, treating the risk, and monitoring the risk. 

Step 1 – Identifying the Risk:

The first step in the risk management cycle is identifying your risk. Your risks can vary depending on your work, but there are some common categories of risks to be aware of. Below are a few risk categories you may face within your organization or project:

– Operational risk

– Reputation risk

– Financial risk

– Security & fraud risk

– Legal & compliance risk

– Environmental risk

When identifying your risks, your list must be accessible to everyone on your project or within your organization. All employees may have different backgrounds or insights on various scopes of your work. It is important to get the most value from your risk identification, and thus the most risks can be identified if everyone can offer their input. 

Step 2 – Analyzing & Evaluating the Risk:

After identifying your risks, you must know their likelihood and severity. Not all risks are equal, and your organization may not have the resources to combat every risk. When analyzing your risks, you should be aware of their impact on your project or organization. More severe and likely risks should be given the most time and attention. Less likely and less severe risks should be addressed but should also receive a lower priority than the others. 

Step 3 – Treating the Risk:

Once you’ve analyzed and evaluated your risks, you must find a way to contain or prevent them. How you treat your risks may vary depending on the threat they pose, their severity, their likelihood, and the category they are in. It is vital to work with professionals within your organization and experts within the category of risk you are treating. For more ways to reduce risk within your organization or project, read one of our other articles, “Controls to Reduce Risk & Pitfalls to Avoid.”

Step 4 – Monitoring the Risk:

Finally, it is essential to note that not all risks can be contained or prevented. Some, such as environmental risks, can occur at any time and must always be considered. As time passes, more data and information may inform how you deal with a risk. Because of this, you may devise a solution for a risk or find a way to contain it better in the future. That is why you should review and update your risks, often, to increase your awareness and devise new strategies to deal with them.


Knowing the steps of the risk management cycle can significantly benefit anyone on a complex project or within an organization. As mentioned, the risk management cycle can be different for every task. It can be modified and expanded to meet the needs of whatever you may need it to. Not everyone may face the same risks, but we all deal with them. Knowing how to identify, analyze & evaluate, treat, and monitor even the most basic risks will help you deal with more complex ones. We hope you find this knowledge helpful and that you can implement our cycle or make your own!

Sources Used:

Thomas, Christine. “Five Steps of the Risk Management Process.” 360factors,

Five Steps of the Risk Management Process

“What are the 7 types of risk?” Strike Graph,


The Risk Management Checklist: One of Many Tools


Every day, whether as an individual or a large organization, people are forced to deal with risks. Risks come in many different forms, but the solution to managing those risks may vary depending on the situation. Fortunately, there are tools that risk managers at all levels can use to help them simplify their processes, convey their goals to others, and create an environment that contributes to a safer project or organization. One of these tools is the risk management checklist.

Purpose & Example:

The purpose of a risk management checklist is to ensure that activities in your project are being accomplished and that risks are being reduced while doing so. Additionally, it allows for tracking risks across an organization and enables non-risk managers to easily evaluate what risks may exist in their organization or project. Below is a risk management checklist provided by the United States Center for Disease Control and Prevention (CDC) and modified by RoC Consult ApS. This checklist can be used for a variety of applications, including large projects and reducing risk within your organization:

Best Practices to Continuously Improve:

A risk management checklist, like the one shown above, can be beneficial for any large project or organization. However, these checklists must be continuously updated and improved. Checklists like these are of no help if they’re discarded in a desk drawer or buried among hundreds of files on someone’s computer. To help you or your organization best use these checklists, some of the CDC’s best practices are provided below:


The risk management checklist is only one of many tools used to manage risk within your organization or on a large project. We encourage you to use the provided checklist or create your own to best suit your risk management objectives. We also stress the importance of keeping your checklist up-to-date and improving it as you learn more about your risks. There is no simple “one-size-fits-all” approach to risk management. However, we hope this tool can be a resource for you or your organization. 

Source Used:

“CDC Unified Process Checklist.” Center for Disease Control and Prevention, 11 November 2006, _checklist.pdf