Managing Risk, Issues and Change Without Losing Control

Reality vs The Plan

Your beautiful plan will collide with reality: suppliers slip, requirements evolve, and people make mistakes. Risk, issues and change management help you stay in control without freezing progress.

PFQ Expectations

At PFQ level you should: use a simple risk management process, distinguish risks from issues, and apply basic change control and configuration management to protect scope, quality and baselines.

Car Journey Analogy

Project plan = route. Risks = things that might happen (traffic). Issues = things that have happened (flat tyre). Change requests = passenger wants new destination. Configuration = tracking the latest route and documents.

What Control Really Means

Good control is not saying no to everything. It is seeing trouble early, responding proportionately, and changing the plan on purpose, not by accident.

What Is a Risk?

A project risk is an uncertain event or set of events that, if it occurs, will have a positive or negative effect on project objectives. Negative = threat, positive = opportunity.

What Is an Issue?

An issue is a current problem, query or concern that is already affecting the project or needs a decision now. There is no uncertainty about whether it has happened.

Core Difference

Risk may happen in the future; you can influence probability and impact. Issue has happened or is present now; you focus on resolution and damage limitation.

Timeline View

Before an event: it is a risk. When it happens: it becomes an issue. After resolution: it becomes a lesson for future projects.

Student Website Scenario

You are building a student society website. Classify each statement as a risk or an issue to practice the distinction.

Statements to Classify

1. Our only web developer might get sick during the exam period.
2. The client cannot access the test site today.
3. There is a 40% chance IT will delay server access.
4. The hosting bill is overdue and the site has been taken offline.

Suggested Classifications

1. Risk (threat). 2. Issue. 3. Risk (threat). 4. Issue. Risks describe future uncertainty; issues describe current problems.

Language Clues

Words like might, chance signal risk. Words like cannot, has been, already signal issues. Train yourself to listen for these clues in real projects.

The Risk Loop

A simple PFQ-aligned risk process: 1) Identify risks, 2) Analyse probability and impact, 3) Plan responses, 4) Implement and monitor. Repeat throughout the project.

Identify Risks

Use brainstorming, checklists, lessons learned, WBS and schedule. Scan technical, schedule, cost, resource, legal, safety and reputation categories to find uncertainties.

Analyse Risks

Estimate probability (Low/Medium/High) and impact on time, cost, scope, quality, benefits. Use a simple risk matrix to prioritise which risks need action.

Plan Responses

Threats: avoid, reduce, transfer, accept. Opportunities: exploit, enhance, share, accept. Choose a strategy that fits the importance and cost of action.

Implement and Monitor

Assign an owner for each risk, add responses as real tasks and allowances, and review the risk register regularly. Risks may close, turn into issues, or new ones appear.

What Is an Issue Log?

An issue log is a central list where you record and track all project issues: description, impact, priority, owner, target resolution date, status and actions.

Issue Management Steps

1) Capture the issue, 2) Assess impact and urgency, 3) Decide action or escalate, 4) Implement the action, 5) Review and close, recording the outcome.

Risk vs Issue Records

Risk register is forward-looking, about uncertainty. Issue log is now-focused, about concrete problems and decisions. Both are needed for control.

Tools in Practice

Modern tools like Jira or Azure DevOps often track risks and issues together but use different fields or tags so you can report them separately.

Why Change Control?

Change is normal; uncontrolled change is scope creep. Change control is the formal process for handling requests to change scope, requirements, schedule, cost or quality baselines.

Why It Matters

Change control protects your scope statement and baseline plan, ensures changes are visible, evaluated and approved, and prevents silent erosion of time, budget and quality.

Simple Change Process

1) Request, 2) Record, 3) Assess impact, 4) Decide (approve/reject/defer), 5) Implement updates, 6) Review benefits. Keep a change log throughout.

Key Governance Rule

No change to scope, time or cost should be made without being recorded and approved at the right authority level. This is central to modern project governance.

What Is Configuration Management?

Change control decides what changes; configuration management controls which version of each item is official. It keeps documents, code and plans under version control.

Configuration Items

Configuration items include requirements, designs, source code, test plans, user manuals, and baseline schedules and budgets that must be versioned and tracked.

Why It Matters

Configuration management ensures everyone uses the same version, links changes to updated items, and supports auditability of what changed, when, and who approved it.

Core Activities

Plan and identify CIs, control changes to them, record status and history, and verify that actual items match documented versions. Tools like Git support these principles.