When we hear the term ‘risk’, potential harm comes to mind. This assumption is not always correct. Sometimes, it can be positive. In modern project management, risk is actively taken into planning consideration.
There are many types of risks and terms related to risk management that often confuse people, and exam takers may make mistakes. Therefore, in this blog post we will discuss the most commonly used risk management terms for your easy reference.
These terms will help you understand the risk management process, and will help you with your PMP and PMI-RMP exams.
The following are the most commonly used risk management terms:
- Positive Risk
- Negative Risk
- Known Risk
- Unknown Risk
- Risk Tolerance
- Risk Threshold
- Residual Risk
- Secondary Risk
- Risk Trigger
- Risk Owner
- Risk Action Owner
- Contingency Reserve
- Management Reserve
- Contingency Plan
- Fallback Plan
Project risk is an uncertain event that will have a positive or negative effect on one or more project objectives, if it occurs.
Risk is acknowledging that uncertain events may happen. By recognizing them, the project manager can equip themselves and their team to better manage the risk.
A risk can be either positive or negative. A positive risk is also known as an opportunity and a negative risk as a threat.
A positive risk is a condition or situation that is favorable to the project and will have a good impact on any of your project objectives if it occurs.
Since these risks positively affect your project, you should try to have them happen. The response strategy for positive risks is to increase the likelihood of the event happening or increase the impact.
For example, let us say that there is a possibility that if you complete your project a few days before the scheduled date, you will get another.
A negative risk is a condition or situation that is unfavorable to the project and will have a bad impact on one or more of your project objectives, if it occurs.
Negative risks always harm your project; therefore, it is necessary for you to manage them. Your strategy will be to either avert the risk or minimize its chance of happening.
For example, let us say that in your project there is a possibility that some equipment may break due to workload; this is an example of a negative risk, and if this happens, it will hurt your project.
This is a hot topic or a disputed matter; with an issue, there is disagreement among the project stakeholders. As a project manager, it will be your responsibility to manage issues and note them in a log with their resolution.
Known risks are risks that have been identified.
For example, you know that there is a chance that one of your team members may go on leave during the peak of your project. This is a known risk, and to manage this you make a plan to bring in another identified employee.
You will use the contingency reserve to manage known risks.
These are unidentified; they are not known until they happen. You cannot make a response plan for these risks and you cannot manage them proactively.
Unknown risks are managed through workarounds; to manage these kinds of risks, you will use the management reserve.
Risk tolerance is about the sensitivity of stakeholders or organizations towards risks.
High tolerance means people are willing to take risks, while low tolerance means people are not willing to take a high risk unless the benefit of taking the risk outweighs the fear.
Tolerance is shown in limits.
For example, a 5% cost overrun is acceptable for an organization, but anything above that is not.
This is the amount of risk that an organization or individual is willing to accept.
The risk threshold is usually a definitive figure.
For example, your organization allows you a cost overrun of 10,000 USD, but anything more than that is not acceptable.
The risk threshold is a further step in risk tolerance. In other words, you can say that it quantifies the risk tolerance with a more precise figure.
These are risks that are expected to remain after implementing the planned risk response, as well as those that are deliberately accepted.
For example, let us say you are constructing a building in an earthquake-prone zone. You design the building by assuming the highest magnitude of earthquake that can happen is 6 on the Richter Scale. However, what if an earthquake with a greater magnitude occurs.
In this scenario, the building might collapse.
This is an example of a residual risk.
Secondary risks are those that arise as a direct outcome of implementing the response of an identified risk.
For instance, assume you are constructing a building and for security reasons you installed electrical wire at the top of the boundary wall. But what will happen if someone accidentally touches the electrical wire, or the electricity passes through the wet wall during a storm?
They will get an electric shock.
This is an example of a secondary risk.
These are indications that a risk has occurred or is about to. Risk triggers are sometimes called warning signs or risk symptoms.
For example, cloud movement can be a risk trigger for rainfall.
This is a project team member who is assigned the responsibility of ensuring that the risk response is effective and to plan additional risk responses if required.
Generally, the risk owner and risk action owner is the same person in a small or medium type of project. However, if the project is large and complex, you can assign a separate risk action owner.
The responsibility of the risk owner is to manage risks assigned and update the project manager on a regular basis.
You can assign a single risk to one owner or many risks to one owner depending on the situation, requirements, and the capabilities of the team member.
Risk Action Owner
Usually, you will assign a risk action owner if you have a large project where it is difficult for the risk owner to manage the risk on their own and they need a helping hand.
The risk action owner helps the risk owner manage the risk. The responsibility of a risk action owner is to ensure that the agreed-upon risk responses are carried out as planned.
A contingency reserve is a calculated reserve used to manage identified risks.
This is a part of the cost baseline and a project manager does not need any approval to use this reserve.
A management reserve is created by expert judgement based on the project’s complexity and uncertainty. Usually, it is a percentage of the cost baseline, for example, 5% or 10%.
The management reserve is part of the project budget and a project manager needs management’s approval to use this reserve.
The management reserve is used for unidentified risks.
A contingency plan is for managing identified risks.
The contingency plan uses the contingency reserve.
This is also used to manage identified risks. You will use this plan when your contingency plan proves ineffective or fails; it’s a fallback
You will use the contingency reserve for the fallback plan.
In this blog post, I have tried to cover a few commonly used risk management terms. If you understand them well, I believe solving questions from the risk management knowledge area will be easy for you on your PMP and PMI-RMP certification exams. If you feel there are any other important terms that should be added to the list, let me know through the comments section, and I will consider adding those terms here.