What is a Risk?

Sky Diving

By Frank Mangini

Project management and risk management are two sides of the same coin. Projects cannot exist without risk. Project managers must understand risks and how to describe risk before they can hope to manage risks. We should all agree what a risk is, how to state a risk and how a risk statement is different from a problem statement.

For projects, a risk is an uncertain event or condition that could have a negative effect (threat) or a positive effect (opportunity) on the project objectives.

Most of the time we think of risks as negative events but they can also be opportunities for the project. For example, with an incentive fee contract, the risk of making profit depends upon the performance of the project. Exceeding the project objectives is an opportunity to make more profit and is considered a positive risk. Of course, under performing is a negative risk or a threat to the project profitability.

Every risk refers to a future event and must therefore have an element of uncertainty and some potential impact. Most risks also have some limited time element when the risk no longer exists because it has occurred or been resolved to an acceptable level. The risk uncertainty can rarely be completely eliminated, only reduced to an acceptable level.

Sample Risk Statement: “We may fail the Beta tests due to insufficient resources causing the delivery scheduled date to slip.”

This statement expresses the uncertainty of failing the Beta tests and the impact of schedule slip and the risk disappears after the Beta testing. This risk needs to be analyzed to determine the probable impact on the project and what risk response should be taken. The analysis results would normally become part of the project Risk Response Plan.

Sample Problem Statement: “We have insufficient resources to pass the Beta tests which will cause the delivery schedule to slip.”

There is no uncertainty in this statement; it is almost 100% assured that the Beta tests will fail. This is a definite problem that needs to be addressed by the project plan. No sponsor would normally approve a project plan without addressing this problem.

When preparing a project plan or risk management plan, be sure to distinguish clearly between what is a problem and what is a risk by properly stating the problem or risk. Remember risks should be stated as uncertain events and problems are stated as almost 100% certain events.

We know very few events are 100% certain. Some project managers will consider probabilities above 95% likelihood as problems. This depends upon project circumstances and stakeholder preferences for risk aversion. The project Risk Management Plan specifies the criteria for risk definition, analysis, thresholds and response.


Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top