Project Risk Management for Niche Websites


Developing a proactive approach for managing risks increases the success of your projects. The end result is minimizing losses and maximizing gains. Using risk management methods allow you to address problems sooner and avoid reactionary responses.

Definition of Risk

Risk is the effect of uncertainty on objectives, whether positive or negative. Objectives can be time, cost, scope, or quality related effects.

One note here: a risk can be positive, also. We normally think about risks in a negative light, i.e. losing rankings due to a Google algorithm update or selecting a poor niche. Think of a positive risk as an opportunity.

Risks have one or more causes, and if the risk occurs there may be one or more impacts. For example, the completion of a niche site might be delayed due to a problem creating the content. The problem creating the content is the cause of the risk. The delay of the completion is the effect, if the risk occurs.

Case Study

Let’s discuss a specific example to understand how to use structured risk management with your niche site.

Risk of Google Algorithm Updates

This may be the biggest risk that all niche site owners face: Google Algorithm Updates.  The majority of the traffic that niche sites receive is from organic search traffic from Google.  Algorithm updates can strike without warning – one day your site is ranking number one and the next day your site might be ranked down at 75.  A change like that can cut your site off from the majority of your visitors.

Even niche sites with a clean, white hat backlink profile are at risk.  You might assume that because you did not engage in any shady link building practices by using automated link building software (or other similar link building tactics) that you are in the clear.  That simply is not true.

No one can control how Google updates the algorithm, so there is a risk associated with any niche site that is getting traffic from Google searches.

Risk Definitions and Terminology

Let’s pause before we continue with our case studies to review definitions and terminology associated with risk management.

 Risk Identification

Risk identification is the activity that documents the possible risks that could impact a project and the characteristics of the risks. Anyone on the project team can identify risks – for most of us with a team of one, we will do the bulk of the identifications. However, knowledgeable people outside of the project team can provide valuable insight by identifying risks as well.

 The main ways to identify risks are brainstorming, interviewing experts, and reviewing information by others that are more experienced (like blog articles).

Risk Analysis

Risk analysis includes methods that help you prioritize risks which help to improve the overall performance of the project. In addition, this step documents and describes the effects of the risk, which helps you make decisions in the presence of uncertainty.

For example, a risk with a high probability and a medium impact is a higher priority risk than a risk with a medium probability and a low impact. You should spend your time and efforts on the risks that have the highest combination of probability and impact.

Risk Response Planning

Risk Response Planning involves developing options and actions to enhance positive risks and reduce the impact of negative risks. There are four main techniques to deal with risks:


(Note: The example is referencing the Google algorithm update that penalizes web pages that have over optimized, or over used, the keywords in the anchor text of the backlinks to a web page.)

 1. Avoid the risk: The goal of risk avoidance is to prevent the risk or the impact of the risk from happening. Sometimes, you can avoid a risk by a change in the approach, obtaining additional information, or gaining experience.  Example: Avoid the risk of over optimization of keywords by not using keywords at all.

2. Transfer the risk: The goal of risk transference is to move the responsibility of the negative impact and the response to another party. Example: Transfer the risk of over optimization of keywords to a link building service. The responsibility of the response (if the risk occurs) is transferred and part of the negative impact is transferred.

3. Reduce the risk: The goal of risk reduction (also called mitigation) is to reduce the probability and/or the impact of the risk to a reasonable threshold. In the majority of cases, it is more effective to prevent a risk from occurring than it is to repair the impact of a negative risk. Sometimes, it is not possible to prevent a risk from occurring so the best course is to reduce the negative impact. Example: Reduce the risk of over optimization of keywords by using keywords very sparingly.

4. Accept the risk: Risk acceptance is used for cases that the level of probability the risk occurs is low, the impact of the risk should it occur is insignificant, or a suitable response to the risk has not been identified. Example: Accept the risk of over optimization of keywords by using keywords without any concern for over optimization penalties.

Risk Monitoring and Control

From the Project Management Body of Knowledge (PMBOK), risk monitoring and control involves the identifying, analyzing, and planning for newly arising risks, keeping track of the identified risks, reanalyzing existing risks, and reviewing the execution of risk responses while evaluating the effectiveness of the responses.

You should review risks on a regular interval and document any changes. In most cases weekly reviews are appropriate. If a risk has a high probability or if the impact is great, then you may want to assess the risk more frequently.

Risks may arise anytime in the project life cycle so it is important to identify new risks. Use the same methods of brainstorming and interviewing to find new risks through the project. Again, weekly sessions are appropriate to identify new risks.

Execute any corrective actions for negative risks as planned, dependent on the priority of the risk.  A risk with a high probability and a high impact requires swift, decisive action to address the risk. A risk with a low probability will not require the same level of urgency.

Case Study: Revisited

Let’s review the example listed above and apply the Project Risk Management Ideas.

Risk of Google Algorithm Updates

Risk Identification

Google Algorithm updates could negatively impact the search engine rankings.

The risk impact if the risk occurs would be a reduction in traffic to the website, plus a reduction in revenue.

 Some examples of risk response planning are:

  1. Avoid the risk by obtaining the majority of the website visitors from sources other than organic search engine traffic. Risk avoidance is not a viable option if you plan on attracting free traffic from Google.  You could use Facebook to attract your traffic. You would need to develop a following on Facebook.  Most likely, you would need to purchase ads to get visitors to your site.

  2. Reduce the risk from occurring by using only white hat backlinking techniques.  Do not engage in any gray hat link building.  If you already have gray hat based links, then you would need to remove or disavow the links in the Google Webmaster Tools.

  3. Reduce the impact of the risk by obtaining traffic from social media (Facebook, Twitter, Pintrest, etc…).  If you have traffic from multiple sources, the impact will not be as great if you fall in google rankings.

  4. Transfer part of the responsibility of the risk by hiring an SEO firm to handle your backlinking.  Research link building services to handle some portion of your backlinking. Then, you can hire a high quality company.

  5. Accept the risk and impact by using gray hat backlinking techniques to build the ranking.  You should have plans in place, ready to execute if the risk occurs.  It would be worthwhile to have a list of the links to your webpage so that you could use the Google Webmaster Disavow tool. Another option would be hiring a link building service to improve your backlinking profile.  If the risk actually occurs, then you could start the corrective action plan to improve the situation.

No immediate action is needed, but you should determine the trigger that will initiate the corrective action plan.

Case Study Conclusion

You should notice that several of the solutions for dealing with a risk are similar.  The solutions for risk response planning will most likely use a combination of the avoidance, reduce, or transference methods.

  • Preventing or reducing the impact of a risk is more effective than correcting a risk after it occurs. Remember the phrase “an ounce of prevention is worth a pound of cure”

  • Be proactive dealing with risks and try to think a few steps ahead

  • Careful analysis and planning in every phase of the project will naturally minimize your risks overall
2 comments… add one
  • Roberto

    Hey Doug, very interesting approach.
    I think we must take risk into account when creating niche sites, but we shouldn’t be scared by it. We have to take action and set up projects anyway. For example, creating multiple different income streams can help you minimizing the overall risk.

  • Stuart

    Good stuff Doug, and this is the tightrope that many “White Hat” SEOs have to walk with their clients on a day to day basis.

    If the client income is solely derived from online efforts (Google search traffic) then link building risks anyway outside of the normal “guidelines” can destroy their business if Google decide to make an alteration to those guidelines. The issue is clients also wish to have near linear results month on month in terms of ranking for the money spent…

    For your own sites you can take more risks if its not your sole income (or if you feel dangerous) – but the risks do need to be considered and this is why many are building their own PBNs or content networks, this way if there is a penalty applied they can easily remove the links and hopefully regain what they lost.

    🙂 Cheers

Leave a Comment