Risk concePts
Although the terms risk and uncertainty are often used interchange-
ably, they are not the same. Risk is dened as the “cumulative eect
of the probability of uncertain occurrences that may positively or
negatively aect project objectives” (Ward 2008, 353). is is unlike
uncertainty, which considers only the event and where the probability
is completely unknown. e traditional view says that risk is a situa-
tion where an event may happen and the frequency of occurrence can
be evaluated based on a probability distribution of past occurrences or
environmental considerations. Although that observation has limited
utility in project management, it does distinguish between risk and
uncertainty. With risk, there is a sense of the relative level of event
probability. With uncertainty, however, that probability is completely
To understand whether an event is truly “risky,” the project man-
ager must understand the potential eects resulting from its occur-
rence or nonoccurrence. Determining risk in this manner requires
judgment. For example, although an event may have a low likelihood
of occurring, the consequences, if it does occur, can be catastrophic.
A commercial airline ight illustrates this type of situation: Although
the probability of a crash is low, the consequences are generally grave.
Although many people feel uncomfortable about ying because of the
consequences of failure, most people do not consider ying a high risk.
is example also emphasizes the principle that risk greatly depends
on individual perception.
e nature of any given risk is composed of three fundamental ele-
ments: the event, the probability, and the severity (or impact) (see
Figure 2.1). e event is the description of the risk as it may occur.
Event descriptions are crucial. e probability and impact of a plane
crash at the gate are far dierent from the probability and impact of
a plane crash from an altitude of 30,000 feet. us, risk managers
risk ManageMent
must explore the nature of the risk event itself before they can begin
to examine risk probability and impact. Without a clear denition of
the risk event, ascertaining probability and impact become far more
dicult. As a rule, risk events should be described in full sentences. A
template for such a sentence can be as simple as: (Event) may happen
to the project, causing (impact to the project objectives). Such a con-
sistent approach to the risk denition aords a much easier journey
through the remainder of the risk process.
After the risk event has been dened, we must establish the poten-
tial severity of its impact. How badly could it hurt the objective? Only
when we have a sense of the degree of impact under consideration can
probability be assessed. Statistical data and probability theory play
important roles in determining this variable. However, because proj-
ects in the traditional project environment are unique, it is sometimes
dicult to ascertain whether an applicable historical record for com-
parison exists.
In most organizations and for most projects, there is little disagree-
ment about the level of risk if the variables are classied as follows:
Low risk
Low risk
High risk
Increasing risk
Severity of the consequence (impact)
Probability of occurrence
Figure 2.1 Concept of risk.

Get Risk Management, 5th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.