A risk is an uncertain event or condition that, if it occurs, can have a positive or negative effect on one or more objectives. Identified risks may or may not materialize in a project. Project teams endeavor to identify and evaluate known and emergent risks, both internal and external to the project, throughout the life cycle.
Project teams seek to maximize positive risks (opportunities) and decrease exposure to negative risks (threats). Threats may result in issues such as delay, cost overrun, technical failure, performance shortfall, or loss of reputation. Opportunities can lead to benefits such as reduced time and cost, improved performance, increased market share, or enhanced reputation.
Project teams also monitor the overall project risk. Overall project risk is the effect of uncertainty on the project as a whole. Overall risk arises from all sources of uncertainty, including individual risks, and represents the exposure of the stakeholders to the implications of variations in project outcome, both positive and negative. Management of overall project risk aims to keep project risk exposure within an acceptable range. Management strategies include reducing drivers of threats, promoting drivers of opportunities, and maximizing the probability of achieving overall project objectives.
Project team members engage with relevant stakeholders to understand their risk appetite and risk thresholds. Risk appetite describes the degree of uncertainty an organization or individual is willing to accept in anticipation of a reward. Risk threshold is the measure of acceptable variation around an objective that reflects the risk appetite of the organization and stakeholders. The risk threshold reflects the risk appetite. Therefore, a risk threshold of ±5% around a cost objective reflects a lower risk appetite than a risk threshold of ±10%. The risk appetite and risk threshold inform how the project team navigates risk in a project.
Effective and appropriate risk responses can reduce individual and overall project threats and increase individual and overall opportunities. Project teams should consistently identify potential risk responses with the following characteristics in mind:
- Appropriate and timely to the significance of the risk,
- Cost effective,
- Realistic within the project context,
- Agreed to by relevant stakeholders, and
- Owned by a responsible person.
Risks can exist within the enterprise, portfolio, program, project, and product. The project may be a component of a program in which the risk can potentially enhance or diminish benefits realization and, therefore, value. The project may be a component of a portfolio of related or unrelated work in which the risk can potentially enhance or diminish overall value of the portfolio and realization of business objectives.
Organizations and project teams that employ consistent risk evaluation, planning, and proactive risk implementation often find the effort to be less costly than reacting to issues when the risk materializes.
More information on risk management may be found in The Standard for Risk Management in Portfolios, Programs, and Projects [3].
Leave a Reply