ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

What is Project Risk

Updated on May 24, 2012

Project Risk Managment

Project Risk Management
Project Risk Management

What is Risk

Project Risk Management

Risk is an inherent factor of virtually every human endeavor. Human beings naturally consider risk and reward as part of the decision-making process. The consideration is not always formalized and may occur at a subconscious level.

The Concept of Risk

Risk is all around us; it plays a part in virtually everything that we do. It can be very difficult to predict and assess risky outcomes accurately.

‘Risk’ as a word originates from the French word Risk meaning ‘daring’.

Risk is a measure of the probability and consequence of not achieving a specific project goal. It therefore depends on both the likelihood (probability) of an event occurring and on the consequences (impact) if that event should it occur. Risk is therefore a function of the event, the probability of it occurring and the effect if it occurs. This relationship is sometimes known as the first level equation for risk and can be expressed as

Risk = f(event, uncertainty, consequences)

It is prudent to consider risk in terms of the second level equation for risk:

Risk = f(event, hazard, safeguard)

In this consideration, something – or the lack of something – causes a risky situation. The source of danger is a hazard and the mitigation or defense against the hazard is a safeguard .

Risk acts like a barrier to the development of effective strategy. Risks are evaluated in some way, and if the risk is perceived as being greater than some minimum threshold level, the organization shies away from encountering it; proceeding is too risky. However, effective risk management allows the risk to be controlled to such an extent that there is no longer any need to shy away from it, so that the risky application is able to be pursued ahead of the competition.

The impact of a risk and the probability of it occurring can be considered in terms of the exposure of the organization and the organization’s sensitivity to a particular risk profile. Exposure is a measure of the vulnerability of parts of the organization to risk impacts. Exposure arises when any asset or other source of value for the organization is affected by changes in key underlying variables resulting from the occurrence of a risk event. An organization is exposed to risk when a realized changes in a variable within a given time scale will result in a change in one or more of its key performance indicators. Exposure is therefore a measure of the vulnerability of an organization to stated risks. An organization’s sensitivity to risk is a function of three elements. These are the significance (or severity) of the enterprise’s exposures to the realization of different events (that is, sensitivity to such items as changes in competition, weather conditions, etc), the likelihood of the different events occurring, and the firm’s ability to manage the implications of those different possible events should they occur. Sensitivity is therefore a measure of likelihood and impact, modified to some extent by the ability of the organization to manage these variables.

Risk management is not only about competitor advantage in terms of approaching ventures that contain high risk levels. The organization that is able to develop an effective risk management program, within the limits of its own sensitivity and degree of exposure, is the one that can take good commercial decisions. Having mastered the risks that put the others off, the successful risk management organization is in a much better position to take advantage of risky ventures in the marketplace.

It is possible to say that risk is the distribution of possible outcomes in a firm’s performance over a given time horizon that are due to changes in key underlying variables.

The use of risks to create value is changing. The profile of risk management and the risks defined by organizations in decision making are also changing. As more risks come within the decision-making boundaries of an organization, the risk management system becomes more sophisticated and refined.

So risk is inevitable and can be good. There is therefore a need for some effective way of managing this risk to make sure that is effectively addressed and used. It is always unclear what will happen in the future; and opportunities and threats can be forecast with different degrees of accuracy. However, in general terms, the decision maker acting under conditions of risk would be most concerned with the following questions:

• What can go wrong with the project?

• What possible outcomes do we face as a result of these risks?

• Where do these risks and consequent outcomes originate?

• Do we have any control over these risks and if so are we using it?

• Are the risks and consequent outcomes related to any extent?

• What is the degree of exposure of the organization to these risks?

• How sensitive is the organization to each degree of exposure?

• Do these risks affect the achievement of the overall strategic objectives of the organization?

• What response options do we have?

• What contingencies or emergency responses are in place?

• Can we match the worst case scenario?

• If not which scenario reaches the limit of our response abilities?

• What is the potential reward associated with each risk?

• Are we prepared to accept a risk and corresponding outcome that is beyond our limits to absorb?

The Human Cognitive Process - Pattern Recognition and Attention

Decision making and risk are elements of the human cognitive process. People make decisions in relation to perceived rewards and risk. The decision-making process is largely dependent upon perceived rewards and risks. Perception of risk varies from person to person and in relation to the potential effects of the risk event. Most aspects of the human cognitive process make a subjective evaluation of risk.

Bounded Rationality

The approach to information processing is known as bounded rationality . It is based on the philosophy that a being will generally opt for rational behavior within constraints. Most cognitive processes will be based on reasoning, and therefore logical and rational outcomes, based on pattern recognition and learning will be naturally preferred to illogical and irrational ones.

Project Risk Assesment

Elements of Project Risk Assesment
Elements of Project Risk Assesment

Risk Forecasting and Analysis

Risk Forecasting and Prediction Momentum

Bounded rationality therefore uses knowledge of past events to assess a current risk in making a decision. This assumes that acceptable outcomes from the past will continue to be acceptable outcomes during the current evaluation process.

This is the concept of risk forecasting . In relation to risk forecasting, we can generally say that it is:

• based on experience. Experience gained in the past is used to analyze and forecast what might happen in the future.

• As much subjective as objective based.

• Possible to subject it to complex modeling as in chaos theory, although it is not restricted to complex mathematical modeling.

• An area that is perhaps best evaluated using a combination of modeling and subjective approaches.

• based on using data from past experience in order to allow extrapolation as a basis for predicting future trends.

In other words, what happened in the past and is happening in the present will continue in the future unless something happens to change it – known as prediction momentum.

In developing a forecast, a decision maker uses a two stage process. The decision maker infers what the future is like before the proposed action, and also infers what the future will be like after the proposed action. This is of course not an exact science. The future is uncertain, and the decision maker may make wrong assumptions and inferences. In addition, even in the most careful predictions, some unexpected mutation may affect the predictions.

Various forecasting techniques can be used and each has strengths and weaknesses.

Some important considerations are given below in relation to forecasting.

Accurate data.

Any forecasting technique is only as accurate as the data used in developing and operating it. Most organizations store formal records and most individuals retain relatively accurate records and memories of their own experiences. If the more accurate the data is, the more accurate the prediction.

Time limits.

Generally, the accuracy of any prediction model is a function of the time scale that is required. The longer the time scale, the more difficult it is to make accurate predictions. More and more variables and mutations come in to the equation as time continues.


Detailed and complex forecasting is a labor-intensive Endeavour. It can be very expensive to provide all the resources that are required. If fewer resources are provided, the overall accuracy of the prediction could be reduced.


Intuition and bias are powerful influences on any forecasting application.

It can be very difficult to erase them from the equation completely. Vision is an important attribute.

Intuition and Bias

Intuition and bias are major determinants in how successful forecasting models are in both application and outcome. In most real applications, the decision maker looks at a prediction model and then makes a decision based on his or her intuitive reasoning.

Intuition is a combination of experience and extrapolations forward. It is an example of pooled interdependency within the cognitive process. By using experience, the decision maker can look at all the data and information that have been stored in his or her long-term memory, and also at the pattern recognition information that is arriving in relation to the current situation. He or she can then combine the two and project the situation forward to decide on the best course of action. The extrapolation from known to unknown often includes large areas where definite information is lacking. Intuition can be both individual and organizational. Companies store and use collective experience in much the same way as individuals.

Bias is the tendency for a person or group to misinterpret data or observations because of their own perceptions or outcome preferences. A marketing team may truly believe that their company’s product is better than it actually is because they have been committed to selling it for a long period of time.

Risk Handling

So risk is all around us and it is essential for the propagation of enterprise and innovation. There will always be an element of risk in any enterprise, and this characteristic is not going to go away. The key factor is to manage risk.

This is done by deciding what level of risk is acceptable and what level is not acceptable. Risk that is not acceptable is transferred or reduced in some way.

Once the residual risk is at an acceptable level, it is managed so as to ensure that it does not affect the performance of the project and/or of the organization as a whole.

Risk Assessment and Control

There are different types of risk. Risks also have different characteristics. People often assess these characteristics as part of the risk analysis process. While this assessment is often subjective, it can involve highly complex objective analysis. Total elimination of risk is rarely achieved and is often impossible. Therefore, the assessment process acts as a means of evaluating the risk that remains so that some kind of monitoring and control system can be set up. This concept forms the basic elements of a risk management system.

Risk management is a strategic approach. Risk assessment and control have to form a part of a long-term operational process. Risks have to be calculated and analyzed in advance and then monitored against performance to identify where risks are changing and how effectively they are being managed. There is a tactical element involved as well, since responses may depend on the specific nature of the occurrence. However, it is important to realize that a risk management strategy should be developed in detail for a project before the project actually starts, the strategy being implemented as early as possible in the life cycle of the project.

Risk assessment is part of the collective risk analysis process. Risk analysis involves the determination of the probability of individual risky events occurring, and also of establishing some measure of the potential consequences of each event occurring, together with some kind of monitoring and control system to assist with the management process. Risk handling is the process of dealing with risks. It is not sufficient to identify and analyze the risks; the risks have to be handled in some way in order to reduce the likelihood of individual events occurring. Risk feedback is an essential section in the process. Feedback is the process where the results of occurred risks are analyzed and any results and items for use in future strategies are fed back into the system. Risk analysis, handling and feedback are often referred to collectively as risk control .

Elements of Risk Assessment

Risk assessment is about identifying and assessing all potential risk areas within the project. It is probably the most difficult phase of the project risk management process. Risk has been defined previously as a combination of uncertainty and constraint. Constraints are generally difficult to remove, but it is important that they are recognized and understood.

The essence of project management is planning, forecasting, budgeting and estimating, which implies that very little in the project is certain. Thus, determining the uncertainty in a particular project could just about include every aspect of that project. This is highly impractical because the cost and time required to carry out such an assessment would be prohibitive; common sense must therefore be applied to ensure that the process of risk assessment is restricted to attempting to select only those areas of the project with the most severe constraints and the greatest uncertainty.

It is nevertheless important to remember that the process is in fact an iterative one and that risk assessment is only complete when the assessors and project manager are satisfied that all undetected risks are insignificant.

The assessment process allows the risk taker to develop a risk typology. This can be based on probability and impact or on safeguard and hazard. The impact is the severity of the effect on either the budget, the schedule to project completion, the quality of the work, or the safety of the project. Whether the severity of impact of the risk or the probability of the risk occurring at all is high or low is a matter for the judgment of the risk assessor and the project manager.

Elements of Risk Control

Risk control involves the thorough investigation of the entire project and will include reviewing the project’s plans, documents and contract to identify all possible areas where there may be uncertainty or ambiguity about what is proposed or the method through which objectives are to be achieved. The constraints inherent in the project must underpin all these investigations and should be considered. The performance of individual sections or activities where risks have been identified is then monitored to ensure that risk is being minimized and to gauge the magnitude of any changes in the risk status of the activity.

Risk control is particularly important in monitoring the evolution of risks.

Because risks change over time in terms of probability and impact, it is imperative that any such evolutions are monitored and controlled. In modern business, rabbits can grow into sharks if you don’t watch them carefully!

Risk Identification

Risk identification requires different approaches and considerations by different people within the project. Any person’s perception of risk depends on numerous factors, including:

• where the individual is in the organization;

• the power level of the individual;

• the immediate area of authority of the individual;

• the responsibilities of the individual.

The risk itself, as an occurrence or event, will have a source and an effect.

For any given event, there could be numerous potential sources and numerous different effects. Control requirements will vary depending on the criticality of the risk element and on the relative power and importance of the activity as part of the greater whole.

Some risks are more controllable than others, in that people can make varying efforts to try to avert them. Some events can be prevented to some extent, such as avoiding car crashes by regularly maintaining a vehicle. Others, such as accidents caused by other drivers, are very difficult for an individual to prevent.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)