How to Actually Define Risk Categories


  •  Minute Read

Every project has risks. But, where are the greatest concentrations of risks? What are the common causal factors? Where should we invest our limited time, energy, and budget? In this blog post, we will look at how to actually define risk categories to answer these questions and more.

Risk Category. A group of potential causes of risk. 

- PMBOK® Guide, Seventh Edition -

What are Risk Categories?

A risk category is a group of potential causes of risk. Categories allow you to group individual project risks for evaluating and responding to risks.

Project managers often use a common set categories such as:

  • Schedule
  • Cost
  • Quality
  • Scope.

However, project managers may use other categories. Imagine a project manager who is managing a software development project. She may use these categories: 

  • Requirements
  • Design
  • Coding
  • Testing
  • Implementation.

Another set of categories is called PESTLE:

  • Political
  • Economic
  • Social
  • Technological
  • Legal
  • Environmental

Additionally, the PESTLE acronym is often used as a prompt list for identifying risks.

Furthermore, your risk categories should be included in your risk management plan. Project managers should also include the categories in their risk registers.


Why Use Categories?

Putting risks in categories can help in several ways. First, you can better determine where your concentrations of risks are greatest.

Categories are more meaningful when you perform a quantitative risk analysis resulting in quantified risk exposures (e.g., $20,000). You can sum and compare the total exposures within each risk category. You could even create a pie chart to illustrate the concentrations of risks.

Second, it allows you to identify common causes. Project managers often identify different risks that have the same causes.

Third, you can develop better risk responses. You can zero in on the most powerful and common causes and better manage them.

How to Define Categories

Check your organizational process assets to determine if your organization has a standard set of categories that might apply to your project.

Your project management office (PMO) may also have a standard risk breakdown structure (RBS) that provides categories and sub-categories of project risks. Click here to see an article by Dr. David Hillson on this topic.

Perhaps there are no organizational assets and you are managing a project, unlike anything you’ve managed before. One effective method for defining your risk categories is the Affinity Map method. You can use this technique to identify risks, place them into logical groups, and then name each group/category.

How About You?

How about you? Are you leveraging the power of risk categories? If not, consider defining the risk categories for an upcoming project. Or perhaps, define categories for a project you recently started. Either way, add the risk category element to your risk register. And as you identify your risks, select the appropriate category.

You may also like