types of risks

If you are in project management, you’ve heard about most types of risks. But, do you know all of them? Are you sure? Let’s find out with this post about the types of risks that can come up in risk management. 

The term “risk” makes us wary; we think about the potential harm; however, this is not true; risks can be positive. In modern project management, all types of risks are considered when planning.

Types of Risks

  • Risks
  • Positive Risks
  • Negative Risks
  • Issues
  • Known Risks
  • Unknown Risks
  • Residual Risks
  • Secondary Risks
  • Risk Tolerances
  • Risk Thresholds

Risks

A risk is an uncertain event that will positively or negatively affect one or more project objectives if it occurs.

Risk is acknowledging that uncertain events may happen, allowing the project manager to manage risks. 

A risk can be of two types: positive or negative. The former is also known as an opportunity, and the latter is called a threat.

Negative Risk

A negative risk is a situation that will negatively impact one or more of your project objectives.

Because they harm your project objective; therefore, you must mitigate their impact. Your strategy will either avert the negative risk or minimize its chance of happening.

For example, let us say that there is a possibility that a piece of equipment may break due to overuse; this will hurt your project.

Positive Risk

Positive risk is a condition or situation that will positively impact any of your project objectives.

Since these risks are favorable, you will encourage them. The response strategy is to increase the likelihood of the event happening or increase the impact.

For example, let us say that you will get another gig if you complete your project a few days before the scheduled date.

Negative and positive are the two main types of risks.

Issues

This is a hot topic or a disputed matter. When project stakeholders disagree, it is known as an issue. As a project manager, you are responsible for managing and noting issues in an issue log with their resolution.

Known Risks

These are identified risks.

For example, there is a chance that one of your team members may go on leave during the peak of your project. This is a known risk; to manage it, you make a plan to bring in an identified employee.

You will use the contingency reserve to manage known risks.

Unknown Risks

These are unidentified risks; they are unknown until they happen. Since you did not identify these risks, you cannot proactively manage these risks.

Unknown risks are managed through workarounds using the management reserve.

Risk Tolerance

This is the sensitivity of stakeholders or organizations towards risks.

High tolerance means people are willing to take risks, while low tolerance is an unwillingness unless the benefit outweighs the fear.

Tolerance is shown in limits.

For example, a 5% cost overrun is acceptable for an organization, but anything above is not.

Risk Threshold

This is the amount of risk an organization or individual is willing to accept.

The risk threshold is usually a definitive figure.

For example, your organization allows you a cost overrun of 10,000 USD. Anything more than that is not acceptable.

The risk threshold is a further step in risk tolerance. You could say that it quantifies the risk tolerance with a more precise figure.

Residual Risks

These are risks that are expected after implementing the planned risk response.

For example, let us say you are constructing in an earthquake-prone area. You design the building assuming the largest magnitude possible is a six on the Richter Scale. 

What if an earthquake of a greater magnitude occurs?

This is an example of residual risk.

Secondary Risks

These arise as a result of implementing a response to an identified risk.

For instance, assume you are constructing a building and, for security reasons, you installed electrical wire along the boundary wall. What will happen if someone accidentally touches the wire or the wall is soaked during a storm?

Someone might get an electric shock.

This is an example of secondary risk.

Risk Triggers

Triggers indicate that risk is about to occur. They are sometimes called warning signs or risk symptoms.

For example, dark clouds can be a risk trigger for rainfall.

Summary

In this blog post, I have provided several types of risks.  Let me know if I missed any risk type in the comments section.

I will update this blog post with any added information.

Fahad Usmani, PMP

I am Mohammad Fahad Usmani, B.E. PMP, PMI-RMP. I have been blogging on project management topics since 2011. To date, thousands of professionals have passed the PMP exam using my resources.