Why are many project managers confused over risks? Why do some project managers include positive risks in risk management and others do not? Let's clarify the meaning of risk.
Risk is a Choice
Merriam-Webster defines risk as “the possibility of loss or injury: peril.” Most people think of risk as pure risk, as a possibility of loss. However, risk management has evolved to include a more holistic view that includes the potential for positive outcomes.
In his book Against the Gods: The Remarkable Story of Risk, author Peter Bernstein says, “The word ‘risk’ derives from the early Italian risicare, which means ‘to dare.’ In this sense, risk is a choice rather than a fate.” A modern definition of risk sees risk as “uncertainty about outcomes that can be negative or positive.”
The project manager’s job is to meet the project’s objectives through the management of risks, both positive and negative. The project manager’s choices drive their success or failure.
“When we take a risk, we are betting on an outcome that will result from a decision we have made, though we do not know for certain what the outcome will be.” –Peter Bernstein
Choose Your Definition
Within the world of risk management, we have different definitions of risk. A few years back, some of these definitions were more at odds with one another. However, there is greater alignment today. For projects, I recommend that you use the PMBOK® Guide or the PRINCE2® definition.
COSO Integrated Framework
The possibility that events will occur and affect the achievement of objectives.
An uncertain future outcome that can either improve or worsen your position.
An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.
|A set of events that, should they occur, will have an effect on achieving the project objectives.|
Risks, Issues, & Benefits
So, how does an issue differ from a risk? When a threat occurs, it becomes an issue or problem. By the way, when an opportunity occurs, it becomes a benefit. READ: Project Risks and Issues – What's the Difference?
How About You?
With so many definitions, how can a project manager create a practical foundation for managing risks?
Individuals should determine whether their organization has a standard definition for risk. If so, adopt that definition.
Include the definition in the glossary of your Risk Management Plan. Also include your risk response strategies for threats (e.g., accept, avoid, mitigate, transfer) and opportunities (e.g., accept, exploit, enhance, and share).
Review the definitions with your project team. Provide examples. Repetition will help team members better understand the terms.
PMI-RMP® Exam Series
Do you want to become a Risk Management Professional? Join me in the PMI-RMP® Exam Series!