What is Risk? 

Risk is the possibility or likelihood of occurrence of an undesirable event. 

. Risk management focuses on identifying and assessing the risks to the project and managing those risks to minimize the impact on the project. 

There are no risk-free projects because there is an infinite number of events that can have a negative effect on the project. Risk management is not about eliminating risk but about identifying, assessing, and managing risk.

What is Project Risk?

Project risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective.

A project has many individual risks associated withe project. Further, the project has an overall level of risk with regard to the successful completion of the project based upon project manager and sponsor standards. 

The Project Management Institute (PMI) has addressed this dual perspective of overall risk and individual risks in the Practice Standard for Project Risk Management (PMI, 2009, p. 10), and also in the PMBOK^® Guide - Fifth Edition (PMI, 2013, p. 310), both of which have two distinct definitions of risk:

• “Individual risk” is defined as “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives.”
• “Overall project risk” is defined as “the effect of uncertainty on the project as a whole.”

This breakdown is important as the project manager is responsible for identifying, assessing, and managing the individual risks that are recorded in the risk register. At another higher level, the project manager is also required to account to the project sponsor, the project owner, and other stakeholders for the overall risk exposure of the project.

What is Risk Management

The project management team must  understand the kinds and levels of risks on the project. It must also develop and implement plans to mitigate these risks. 

Risk  is the likelihood of an unwanted event happening during the project. Thus, project risk entails the type and amount of risk varies by industry type, complexity, and phase of the project. 

The project team must manage this risk consistently with the risk tolerance or risk profile of the stakeholders. 

Methods of Dealing with Project Risk?

There are four basic ways to handle a risk.

• Avoid: The best thing you can do with a risk is avoid it. If you can prevent it from happening, it definitely won’t hurt your project. The easiest way to avoid this risk is to walk away from the cliff, but that may not be an option on this project.
• Mitigate: If you can’t avoid the risk, you can mitigate it. This means taking some sort of action that will cause it to do as little damage to your project as possible.
• Transfer: One effective way to deal with a risk is to pay someone else to accept it for you. The most common way to do this is to buy insurance.
• Accept: When you can’t avoid, mitigate, or transfer a risk, then you have to accept it. But even when you accept a risk, at least you’ve looked at the alternatives and you know what will happen if it occurs. If you can’t avoid the risk, and there’s nothing you can do to reduce its impact, then accepting it is your only choice.

What is a Risk Management System?

Risk Management Systems are designed to identify, quantify, and predict the impact of the risk on the project. The outcome is therefore a risk that is either acceptable or unacceptable. 

The acceptance or non-acceptance of a risk is usually dependent on the project manager’s tolerance level for risk. This decision is often made pursuant to a Risk-Reward Analysis. 

What is a Risk Management Plan?

A risk management plan is a documented approach to identifying, communicating to stakeholders, and dealing with the risk present in a project. 

Project managers may identify risk by the phase during which the risk of occurrence is present. 

When developing a risk management plan, take the following steps: 

• Identify the potential project risks. 
• Assess the probability or likelihood of each element of risk occurring
• Estimate the impact of the risk element occurring
• Risk Reward Analysis
• Risk Mitigation Plan for the prioritized risks.

What is Risk Identification? 

Risk identification means identifying the various potential occurrences that could cause a negative impact on the project. The identifiable risks can be broken down as follows:

• Implicit risk management - This is the overall project risk inherent in decisions made about the structure, scope, content, and context of the project, particularly (though not exclusively) in the pre-project phase;
• Explicit risk management - This is the individual project risks identified through the standard risk management process to identify, analyse, respond to, and control risks, mostly during the remainder of the project lifecycle.

Examples of common sources of risks broken down by internal and external risks  include: 

• Internal Project Management
  • Top management not recognizing this activity as a project
  • Too many projects going on at one time
  • Impossible schedule commitments
  • No functional input into the planning phase
  • No one person responsible for the total project
  • Poor control of design changes
  • Problems with team members.
  • Poor control of customer changes
  • Poor understanding of the project manager’s job
  • Wrong person assigned as project manager
  • No integrated planning and control
  • Organization’s resources are overcommitted
  • Unrealistic planning and scheduling
  • No project cost accounting ability
  • Conflicting project priorities
  • Poorly organized project office
  • External Project Risks
  • Unpredictable
    • Unforeseen regulatory requirements
    • Natural disasters
    • Vandalism, sabotage or unpredicted side effects
  • Predictable
    • Market or operational risk
    • Social
    • Environmental
    • Inflation
    • Currency rate fluctuations
    • Media
  • •    Technical
    • Technology changes
    • Risks stemming from design process
  • •    Legal
    • Violating trade marks and licenses
    • Sued for breach of contract
    • Labour or workplace problem
    • Litigation due to tort law
    • Legislation

What is a Risk Breakdown Structure? 

A risk breakdown structure organizes the risks that have been identified into categories using a table with increasing levels of detail to the right. 

 You can use the same framework as the work breakdown structure (WBS) for developing a risk breakdown structure (RBS). 

What is Risk Evaluation?

Risk evaluation means evaluating the potential negative occurrences and assessing which has the highest possibility of occurring and which has the highest potential impact on the project. 

The presence of risk occurrences tends to increase with the complexity of the project. There are four key types of complexity in a project:

• External Complexity
• Internal Complexity
• Technological Complexity
• Environmental Complexity

See the DPCI for more information on assessing complexity. 

What is the Risk-Reward Analysis? 

You may use the information in the risk plan to conduct a risk reward analysis. This generally means identifying the impact of a risk on the project value. Use the following formula

Project Value with Risk = ((Project Value - Risk Impact) x Probability of Impact) + (Project Value x (1- Probability of Impact)). 

This calculation shows you the value of the project in light of the risk factor.  Knowing this figure will allow you to prioritize risks and your efforts in dealing with them. Also, if the value of the project is negative as a result of the risk, the project should not be undertaken. 

This understanding is important for decisions concerning how to deal with the risk (Avoid, Transfer, Mitigate, Accept). If the project goes forward, it will be instrumental in taking future steps toward mitigation. 

What is a Risk Profile?

A risk profile identifies the existence of risk in a project and the risk tolerance of the project stakeholders (particularly the project manager and project team). 

What is Risk Mitigation? 

Assuming the project goes forward, the project management team should create a plan for mitigating or reducing (if possible)  the risks inherent in the project. 

Risk can be mitered in the following manners: 

• Risk avoidance - Avoiding the potential for a potential occurrence in the project or avoiding the entire project. 
• Risk sharing - Sharing the risk with a partner in the project.
• Risk reduction - Taking steps to reduce the likelihood of an occurrence or the impact of an occurrence. Think of locking in contract rates to avoid the effect of price fluctuations. 
• Risk transfer - Placing the risk on a third party, such as through insurance, swaps, or other contractual means. 

Each risk mitigation technique used should be captured in a risk mitigation plan. 

Each of these mitigation techniques can be an effective tool in reducing individual risks and the risk profile of the project. 

An example of a risk mitigation technique that reduces the impact of occurrence of a risk includes:

• Contingency Fund - Contingency is funds set aside by the project team to address unforeseen events. Contingency funds are allocated to a specific risk if possible. 
• Fallback Plan - This fallback plan is an alternative course of action in the event of an occurrence (that is not otherwise mitigated) that causes a need to change the scope of the project. 

The plan will assign the specific mitigation activities to an individual who has responsibility for taking the action and monitoring the presence of a risk. 

The risk management plan is often integrated into the project execution plan.

The risk mitigation plan is updated as a risk occurs or passes and is reviewed often for necessary changes.