Project risk: definition and advice for project managers

Further, nature of any possible risk is defined based on both likelihood and consequence from low, moderate, high, to an extreme. PMBOK describes risk quantification as "evaluating risks and risk interactions to assess the range of possible outcomes". In general, "risk quantification is a process of evaluating the risks that have been identified and developing the data that will be needed for making decisions as to what should be done about them" .

“Individual” risk is defined as an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives. This step includes analysing the likelihood, severity, and response plan for each risk you have found. While determining project risks' severity it is important to consider how the risk will affect the project's goals, can it cause a delay in its completion, undermine the budget or other resources, etc. For that reason, the best option is to include the opinions of a project team or key stakeholders in this step.

This implies different standards divide the risk management process into different steps but the core concepts remain the same. For example, PMBOK defines the third step as risk response development which means categorizing of assessed risks into acceptable or unacceptable risks and developing of responses accordingly. Whereas, almost the same definition exists for risk evaluation step in ISO 31000. This implies that the importance of risk assessment cannot be overlooked. First, risk quantification help in preparing contingencies for time and cost estimates.

Understanding the risk event

In expert opinion, risks are quantified based on the opinions of experts or senior executives based on their experiences. One of the best ways to use expert opinion is to conduct risk assessments workshops where experts can discuss and consequently assign values to the risks identified. This bias can be minimized by using Delphi method, but there still be a chance of high variation in opinion. Figure 4 shows an example of risk quantification using expert opinion in a case study on construction project conducted by Yildiz et al. . The ratings are estimated ratings, quantified by SEM software based on the sub risks and attributes ratings assigned by experts using 1-5 Likert Scale. Several standards exists that define principles of managing risks for effective risk management in an organization.

definition of project risk

Project managers can also look at various contingency plans or discuss the potential risk with other stakeholders in the project to generate new ideas about how to manage it. If a potential risk can derail the entire project, it’s important for managers to categorize it and then look for ways to mitigate its effects. Operational risk includes any risk that may affect ongoing project operations, such as issues with production, team management, or the poor implementation of general policies. Scheduling risks are ones that often arise due to improper planning.

What is Project Analysis? Stages of Project Analysis

Basically, it serves as a guide for you and your team throughout the project execution. So, investing time and effort into its development is more than worth it - sometimes your whole project depends on it. All the hard work done identifying, analysing and prioritising risks would be for nothing if you don't assign the task of overseeing it to someone. A risk owner can be anyone - for example, often it is a team member who is the most suited to monitor the risk. Then that person is responsible for identifying risk as well as leading the work towards its resolvement.

  • Quantitative Risk Analysis is the numerical analysis of the probability and impact of identified risks.
  • There is always uncertainty about the positive outcome of a project.
  • One of biggest reasons projects fail is the lack of valuable information that can make a difference on our projects.
  • If a known project risk does occur during the project, the project manager should then use measures devised during project planning to mitigate negative effects and maximise positive effects.
  • The heart of risk management is helping your sponsor and team to achieve their objectives.
  • Even better, unlike lightweight competitors, our dashboard requires no setup.

The risk will then be categorized as either source- or effect-based. In some instances it is possible to begin an analysis of alternatives, generating cost and development estimates for potential solutions. There should be considerable dynamism in this during the project life cycle.

Step 2: Risk Analysis

These values can be positive and negative resulting in gain or loss respectively. For example, if there is 60% probability that a certain equipment will fail during a project that will result in USD10,000, then EMV will be USD -6,000. It can be perceived that a total of USD4,500 is required as a contingency, but in actual only USD1,100 are required as all of the events are not going to happen. This means, the risks which are not going to happen will add their value to EMV pool, where risks that are going to happen will utilize value from this pool.

The project manager is generally responsible for identifying and mitigating risks – usually looking at specific elements. Anything that could affect the project, for better or worse, requires the project manager’s attention. Several tools and techniques are used in order to apply risk quantification in projects. PMBOK provides 5 methods that can be used in risk quantification process. These tools and techniques are described briefly below, along with application, advantages, and disadvantages of each tool.

definition of project risk

So, risks are things that may occur; issues and benefits are things that have occurred. Risk management standards, guides, and methodologies define risk in many different ways. Some include the possibility of positive risks or opportunities; others do not. Monte Carlo simulation is usually used in cost and schedule estimation. The benefits of using Monte Carlo are easiness of tool, numerical estimation, and greate level of confidence .

Schedule risk can also lead to performance risk - missing the timeline to perform its intended mission. As the name implies, a positive risk is an unexpected event that positively affects the project. As long as the risk has not yet occurred, the project manager can simply monitor the risk until the project ends or the risk expires. Once a project is underway, a more active phase of project risk management begins.

From small businesses to the biggest brands in the world, our agencies and freelancers are making an impact with more than 120,000 of their clients. The mistake many PM and team members make is listing either causes of the risk or even possible triggers of the risk as the risk itself.

What Is Risk Analysis?

In other words, it is the risk that the project will cost more than the budget allocated for it. This is perhaps the most common of all the project risks, and it happens due to poor budget planning, not managing your resources correctly, and inaccurate cost estimation and scope creep. This type of project risk can often lead to the other two common risks - schedule risk and performance risk. Successful project managers understand the importance of seeking feedback from their team members. Your frontline employees will have an acute understanding of potential risks.

definition of project risk

More sophisticated risk management software, such as Monte Carlo simulation software, can help you develop models and use simulations to analyze and respond to various risks. Developing a response to risks involves developing definition of project risk options and defining strategies for reducing negative risks and enhancing positive risks. A decision tree is a diagramming analysis technique used to help select the best course of action when future outcomes are uncertain.


In our family reunion, hiring a professional event planner would have transferred the responsibility of planning for and monitoring poor weather to the event planner. Lastly, accepting risk is done when the risk is so low or the impact so little that the project is not really endangered should it occur; the risk is basically ignored. A family reunion happening in Arizona in July is very unlikely to be disturbed by rain; therefore, the risk of being rained out is accepted without taking any other steps. It is easy for anyone to think they will be in the same position and working on the same projects, but the reality of the situation is work situations can change at the drop of a hat.

Get the latest news and insights in project management

Risk quantification is very important in project management and its importance cannot be overlooked. It helps in quantifying risks and aid in making rational decisions. It also helps in preparing contingencies for cost, time, and human resource estimates. Several national and international standards exist that explain the principles and processes of risk management. All of the standards are based on the same fundamental core concepts and organization can use any of the standards that best suits them. Risk can be quantified using several methods proposed by different standards.

Cost of each work item is estimated through 3 points of likelihood i.e. low, likely, and high. Then statistical distribution such as normal distribution or beta distribution is used to calculate mean and variance. To calculate mean and variance of total project estimate, means and variances are added together for all work items. It is an easy technique for calculating budget and time contingency of a project, but it cannot be used for unforeseeable risks that may happen during a project.

Project risk is defined by the Project Management Institute as, "an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives." A risk is anything that may affect a project’s performance, budgets, or timeline when it materialises. Risks are therefore possibilities; there is a possibility that a certain incident may affect the project.

Respond to the Risk

Project managers have the sometimes daunting task of making sure that risk management plans have to align with company goals and strategy. The contingency of a risk management plan may scale back on the budget or alter the schedule which may not line up with the policies of upper management. This means project managers will have to work alongside senior leadership to iron out synergies and take care of any differences which may not always be the easiest of processes. The definition of risk needs to be understood in order to correctly identify, manage and hope to reduce the uncertainty of risk on our projects. I would define a successful project as a project that has produced the fit-for-use deliverables within the defined budget and timeframe. The alarming statistics from the Standish Chaos Report should alarm us as PM.

An example of this is a project risk in the test phase of, for example, a product. By testing more and better, risks are not prevented, but every effort has been made to limit the possible consequences of a negative event that may occur. Suppose a project manager is warned by someone about an increased risk of bankruptcy with certain suppliers, he or she can then make the decision to choose another supplier. In many large-scale projects, a relatively large amount of attention is paid to comprehensive risk management and mitigation strategies for when problems arise.

Leave a Reply