Many project managers start the risk process too late in the project. A proactive organization under- stands that risks are identified, discussed, investigated, understood, and mitigated to reduce their risk equivalent value (REV) while they are still an UFE. Many times, the first time a problem arises, the risk process is introduced into the project. What is worse is there is no risk plan, no risk training to provide the support to start managing risks. At this time the risk is actually already triggered into an issue. Once a risk potential has triggered into an issue, any chance of mitiga tion has evaporated; the only activi ty that makes sense is the response to the resulting issue. Simply put, risk management is the process of identifying these uncertain future events as risk potentials that have the probability of a negative impact on the successful production of the project’s deliverables. All risks except those that source from a systemic environ ment should be tied to a project’s deliverables. The reason for this requirement is that risks can disturb the normal project activity flow if they trigger into an issue distracting both the team’s atten-tion and the project’s resources in resolving the issue’s impact. Thus, the best approach in dealing with risk potentials is to correctly identify, score, and prioritize them within the scope of the project in order to apply scarce resources to the highest potential return on investment for mitigation activities. As said before, the risk manage- ment process must start very early in the project. A risk management plan implemented, tools and templates developed, enterprise level and compliance requirements considered.