The default notion of risk is something harmful. This is what comes to mind when you hear the term ‘risk’. We always think of risk as a negative thing.
But this is not true. In fact, sometimes a risk can also be positive. In modern project management, this aspect is also actively being taken into planning consideration.
A negative risk is an event that, if it occurs, will have a negative impact on your project objective and if any positive risk occurs, it will have a positive impact on your project objective.
Therefore, a risk is not always dangerous.
Here I am not going into the detail of risks; rather I will discuss the most commonly used terms you will come across during your risk management planning such as risk, positive risks, negative risks, secondary risks, residual risks, etc.
If you understand these terms, not only will it help you understand the risk management process but it will also help you in your PMP and PMI-RMP exams, as there are usually many exam questions from these topics. So understand them well.
In this blog post, we’re going to look at the following risk management terms:
- Positive Risk
- Negative Risk
- Known Risk
- Unknown Risk
- Risk Tolerance
- Risk Threshold
- Residual Risk
- Secondary Risk
- Risk Trigger
- Risk Owner
- Risk Action Owner
As per the PMBOK Guide 5th Edition, “Project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, and quality.”
Risks are the recognition that uncertain events may occur. By recognizing them, the project manager can equip himself better to manage these risks.
A risk will not necessarily affect your project objective negatively, as it is also possible that a risk can bring benefits to your project.
A risk that negatively affects your project objective is known as a negative risk. A risk that affects your project positively is known as a positive risk.
A positive risk is also known as an opportunity.
A positive risk is a condition or situation favorable to the project that, if it occurs, will have a positive impact on any of your project objectives.
Simply put, a positive risk or opportunity can positively affect your project objective, and in this case, you work hard to realize this opportunity. The response strategy for positive risks is to increase the likelihood of the event happening.
For example, let’s say that you are managing a project and there is a chance that if you complete the project a few days earlier than the planned date, you might get another project.
A negative risk is also known as a threat.
A negative risk is a condition or situation unfavorable to the project that, if it occurs, will have a negative impact on any of your project objectives.
Negative risks will always harm your project; therefore, it is necessary for you to manage them accordingly. Since negative risks negatively affect the project, here your strategy will be to either remove the risk or minimize its chance of happening or its impact.
For example, let’s say that in your project there is a chance that some equipment may break down due to workload. This is an example of a negative risk, and if this happens it will have a negative impact on your project.
An issue it a hot point or a matter in dispute. With an issue, there will be some kind of disagreement among the project stakeholders. As a project manager, it will be your responsibility to manage issues and note them in an issue log with their resolution.
Known risks are risks that have been identified and analyzed.
For example, you know there is a chance that one of your team members may go on leave during the peak of your project. This is a known risk, and to manage this risk you make a plan that if the employee takes the leave, you will bring on another identified employee from your organization.
Also note that to manage identified risks you will use the contingency reserve.
Unknown risks are unknown, and they are not known until they happen. You cannot make a response plan for these risks, and you cannot manage them proactively since they are not identified during the planning phase.
Unknown risks are managed through the workaround, and to manage these kinds of risks you will use the management reserve.
There is a difference between the contingency reserve and management reserve. You as a project manager will have the authority to use the contingency reserve, but to use the management reserve you need management’s permission.
Risk tolerance tells you how sensitive the organization or individuals are to risks. High tolerance means people are willing to take a high risk, and low tolerance means people are not willing to take a high risk unless the benefit of taking the risk outweighs the fear of the risk.
Tolerance is shown in limits.
For example, for an organization a 5% cost overrun is acceptable, but anything more than that is not acceptable.
The risk threshold is an amount of risk that an organization or individual is willing to accept.
The risk threshold is usually a definitive figure.
For example, your organisation allows you a cost overrun by 10,000 USD, anything more than that is not acceptable.
The risk threshold is a further step in risk tolerance. In other words, you can say that it quantifies the risk tolerance with a more precise figure.
Residual risks are those risks that are expected to remain after implementing the planned risk response, as well as those that have been deliberately accepted.
For example, let’s say you are constructing a building in an earthquake prone zone. You design the building by assuming the highest degree of earthquake that can happen is 6 on the Richter Magnitude Scale. But what if an earthquake happens at 7 on the Richter Magnitude Scale?
In this case, the building might collapse.
This is an example of a residual risk.
Secondary risks are those risks that arise as a direct outcome of implementing a risk response of an identified risk.
For example, let’s say you are constructing a building, and as a security measure you installed electrical wire at the top of the boundary wall. But what will happen if someone accidentally touches the electrical wire, or during rain the electricity passes through the wet wall?
They will get an electric shock.
This is an example of a secondary risk.
Risk triggers are indications that a risk has occurred or is about to occur. Risk triggers are sometimes called warning signs or risk symptoms.
For example, cloud movement can be a risk trigger for rainfall.
A risk owner is a project team member who is assigned the responsibility of ensuring that the risk response is effective, and to plan additional risk response if required.
Usually the risk owner and risk action owner is the same person in a small or medium type of project. However, if the project is large and complex you can depute a separate risk action owner.
The responsibility of the risk owner will be to continuously manage the risks assigned to him and update the project manager on a regular basis.
You can assign a single risk to a single owner or many risks to a single owner depending on the situation, requirement, and capability of the team member.
Risk Action Owner
Usually you will depute a risk action owner if you have a very large project where it will be difficult for risk owner to manage the risk on its own, and therefore he needs a helping hand.
The risk action owner helps the risk owner to manage the risk. The responsibility of a risk action owner is to ensure that the agreed-upon risk responses are carried out as planned and in a timely manner.
A risk is an event that may or may not occur; however, if it occurs, it may impact your project objective. In order to stop yourself from surprising events, you will adopt risk management which helps you manage the risk proactively. Managing risks proactively will help you complete your project with less obstruction and more confidence. Initially, you may face some resistance from your stakeholders in implementing the risk management in your project, but if you show them the benefits of risk management with objective evidence, you can get their support.
In this blog post, I have tried to cover a few commonly used risk management terms. However, if you feel there is any other important term that should be added to the list, let me know through the comments section, and I would definitely consider adding those terms here.
I suggest bookmarking this article and reading it many times because if you understand these terms I assure you will have no issues with many questions in your PMP and PMI-RMP exams.