Home / Courses / PM4060
Capella University — Project Management

PM4060: Risk Management in Project Management

A complete guide to Capella's PM4060. Every project carries uncertainty — this course teaches the formal process of identifying, analyzing, and responding to risk before it becomes an issue, using the same risk register and probability/impact tools professional PMs rely on.

UndergraduateRisk RegisterProbability & ImpactAPA 7th Edition

The difference between a risk and an issue is timing: a risk is a potential future event, an issue is a risk that has already happened. PM4060 exists entirely to keep risks from becoming issues by giving students a repeatable process for finding them early and planning a response before they occur.

Risk identification and the probability/impact matrix

PM4060 begins with risk identification techniques — brainstorming, checklists from past projects, SWOT analysis, and expert interviews — to build a risk register capturing every plausible risk, both threats and opportunities. Each risk is then assessed qualitatively using a probability/impact matrix, plotting how likely the risk is to occur against how severe its consequences would be, which produces a prioritized list separating the handful of high-priority risks that need active management from the long tail of low-priority risks that only need monitoring.

The four risk response strategies

For threats, PM4060 teaches four response strategies: avoid (change the plan to eliminate the risk entirely), mitigate (reduce the probability or impact), transfer (shift the risk to a third party, such as through insurance or a fixed-price contract), and accept (acknowledge the risk and do nothing proactive, sometimes with a contingency reserve set aside). The mirror strategies exist for opportunities (positive risks): exploit, enhance, share, and accept. Students practice matching the right strategy to a given risk based on cost, feasibility, and risk tolerance, rather than defaulting to the same response for every risk.

Key topics in PM4060

Working on a risk register, probability/impact matrix, or EMV analysis?

Our project management experts build PM4060-level coursework with accurate risk-analysis frameworks.

Get Expert Help

Worked example: expected monetary value (EMV) for a risk decision

  • Risk: A key vendor might miss a delivery deadline, requiring an expedited shipment
  • Probability: Estimated at 30% based on the vendor's past performance
  • Impact if it occurs: $10,000 in expedited shipping costs
  • EMV = 0.30 × $10,000 = $3,000 — this is the amount that should be set aside in the contingency reserve
  • Response strategy chosen: Mitigate — negotiate a backup vendor agreement, reducing probability to 10% and EMV to $1,000

Get Help With PM4060

Risk registers, probability/impact matrices, EMV analyses — built with the right formulas.

Place Your OrderView All Services

Related courses

Frequently asked questions

What is the difference between a risk and an issue?

A risk is an uncertain future event or condition that, if it occurs, would have a positive or negative effect on the project — it exists in the realm of probability. An issue is a risk (or an unforeseen problem) that has already occurred and now requires an active response, not a proactive plan. This distinction matters procedurally: risks are managed through the risk register with probability, impact, and a planned response strategy decided in advance; issues are managed through an issue log, tracked to resolution, often under time pressure since the event has already happened. PM4060 emphasizes that a well-run risk management process should convert as many potential issues into pre-planned risk responses as possible, since responding to a risk that was already anticipated is almost always cheaper and calmer than firefighting an issue that caught the team by surprise.

What is the difference between mitigating and transferring a risk?

Both are proactive risk response strategies for threats, but they differ in who ultimately bears the consequence. Mitigating a risk means taking action to reduce its probability of occurring, its impact if it does occur, or both — for example, adding a code-review step to reduce the probability of a software defect, or building in schedule buffer to reduce the impact of a delay. The project team still owns the risk after mitigation; it's just smaller. Transferring a risk means shifting the financial consequence of the risk to a third party who is often better positioned to manage it — buying insurance against a risk, or negotiating a fixed-price contract with a vendor so that a cost overrun risk becomes the vendor's problem, not the project's. Transfer usually has an upfront cost (an insurance premium or a contract markup) in exchange for capping the downside; PM4060 teaches students to weigh that cost against the risk's expected monetary value before choosing transfer over mitigation.