Although the terms risk and uncertainty are often used interchange-
ably, they are not the same. Risk is dened as the “cumulative eect
of the probability of uncertain occurrences that may positively or
negatively aect project objectives” (Ward 2008, 353). is is unlike
uncertainty, which considers only the event and where the probability
is completely unknown. e traditional view says that risk is a situa-
tion where an event may happen and the frequency of occurrence can
be evaluated based on a probability distribution of past occurrences or
environmental considerations. Although that observation has limited
utility in project management, it does distinguish between risk and
uncertainty. With risk, there is a sense of the relative level of event
probability. With uncertainty, however, that probability is completely
To understand whether an event is truly “risky,” the project man-
ager must understand the potential eects resulting from its occur-
rence or nonoccurrence. Determining risk in this manner requires
judgment. For example, although an event may have a low likelihood
of occurring, the consequences, if it does occur, can be catastrophic.
A commercial airline ight illustrates this type of situation: Although
the probability of a crash is low, the consequences are generally grave.
Although many people feel uncomfortable about ying because of the
consequences of failure, most people do not consider ying a high risk.
is example also emphasizes the principle that risk greatly depends
on individual perception.
e nature of any given risk is composed of three fundamental ele-
ments: the event, the probability, and the severity (or impact) (see
Figure 2.1). e event is the description of the risk as it may occur.
Event descriptions are crucial. e probability and impact of a plane
crash at the gate are far dierent from the probability and impact of
a plane crash from an altitude of 30,000 feet. us, risk managers
must explore the nature of the risk event itself before they can begin
to examine risk probability and impact. Without a clear denition of
the risk event, ascertaining probability and impact become far more
dicult. As a rule, risk events should be described in full sentences. A
template for such a sentence can be as simple as: (Event) may happen
to the project, causing (impact to the project objectives). Such a con-
sistent approach to the risk denition aords a much easier journey
through the remainder of the risk process.
After the risk event has been dened, we must establish the poten-
tial severity of its impact. How badly could it hurt the objective? Only
when we have a sense of the degree of impact under consideration can
probability be assessed. Statistical data and probability theory play
important roles in determining this variable. However, because proj-
ects in the traditional project environment are unique, it is sometimes
dicult to ascertain whether an applicable historical record for com-
In most organizations and for most projects, there is little disagree-
ment about the level of risk if the variables are classied as follows:
Severity of the consequence (impact)
Probability of occurrence
Figure 2.1 Concept of risk.