If you are in project management, you’ve probably heard about most types of risks. But, do you know all of them? Are you sure? Let’s find out with this post about the types of risks that can come up in risk management.
The term “risk” makes us wary; we think about the potential for harm; however, this is not the full story. Sometimes, risks can be positive. In modern project management, all types of risks are taken into consideration when planning.
Let us get started.
Types of Risks
- Positive Risks
- Negative Risks
- Known Risks
- Unknown Risks
- Residual Risks
- Secondary Risks
- Risk Tolerances
- Risk Thresholds
A project risk is an uncertain event that will positively or negatively affect one or more objectives if it occurs.
Risk is acknowledging that uncertain events may happen, allowing the project manager can equip themselves and their team to manage risks better.
A risk can be of two types: positive or negative. The former is also known as an opportunity and the latter is called a threat.
A negative risk is an unfavorable condition or situation that will negatively impact one or more of your project objectives.
Because they harm your project objective; therefore, you must mitigate their impact. Your strategy will be to either avert the negative risk or minimize its chance of happening.
For example, let us say that there is a possibility that a piece of equipment may break due to overuse; this will hurt your project.
Positive risk is a condition or situation that will have a good impact on any of your project objectives.
Since these risks are favorable, you should try to encourage them. The response strategy is to increase the likelihood of the event happening or increase the impact.
For example, let us say that if you complete your project a few days before the scheduled date, you will get another gig.
Negative and positive are the two main types of risks.
This is a hot topic or a disputed matter. When project stakeholders have a disagreement, it is known as an issue. As a project manager, it is your responsibility to manage and note issues in an issue log with their resolution.
These risks have been identified.
For example, you know that there is a chance that one of your team members may go on leave during the peak of your project. This is a known risk; to manage it, you make a plan to bring in an identified employee.
You will use the contingency reserve to manage known risks.
These are unidentified risks; they are unknown until they happen. Since you cannot create a response plan, you cannot proactively manage these risks.
Unknown risks are managed through workarounds. Use the management reserve for these types of risks.
This is the sensitivity of stakeholders or organizations towards risks.
High tolerance means people are willing to take risks, while low tolerance is an unwillingness unless the benefit outweighs the fear.
Tolerance is shown in limits.
For example, a 5% cost overrun is acceptable for an organization but anything above is not.
This is the amount of risk that an organization or individual is willing to accept.
The risk threshold is usually a definitive figure.
For example, your organization allows you a cost overrun of 10,000 USD. Anything more than that is not acceptable.
The risk threshold is a further step in risk tolerance. You could say that it quantifies the risk tolerance with a more precise figure.
These are risks that are expected after implementing the planned risk response.
For example, let us say you are constructing in an earthquake-prone area. You design the building with the assumption that the largest magnitude possible is a 6 on the Richter Scale.
What if an earthquake of a greater magnitude occurs?
This is an example of residual risk.
These arise as a direct outcome of implementing response to an identified risk.
For instance, assume you are constructing a building and, for security reasons, you installed electrical wire along the boundary wall. What will happen if someone accidentally touches the wire or if the wall is soaked during a storm?
Someone might get an electric shock.
This is an example of secondary risk.
Triggers indicate that risk is about to occur. They are sometimes called warning signs or risk symptoms.
For example, dark clouds can be a risk trigger for rainfall.
In this blog post, I have provided several types of risks. If I missed any risk type, please let me know in the comments section.
I will update this blog post with any added information.