5th Edition PMBOK® Guide—Chapter 11: Risk Management Concepts

1.  Introduction

Chapter 11 of the 5th Edition of the PMBOK® Guide deals with the knowledge area of Risk Management, a subject of increasing importance for project managers.    Before I discuss in detail the six project management processes involved in this knowledge area, I wanted to take some time out to discuss some of the basic concepts of risk management that are discussed at the beginning of this chapter.

2.  The Concept of Risk

One of the first concepts of risk management to understand is the definition of risk.   According to the 5th Edition of the PMBOK® Guide, project risk is “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, or quality.”

Okay, let’s discuss this concept with regards to the following question:  “are you at risk of dying?”   If there is no time frame specified, the answer is “no”, in the sense that death is not an uncertain event; it will happen to us all.   As John Maynard Keynes, the famous economist, once said, “in the long run we are all dead.”    Now if you ask the question “are you at risk of dying in the next 10 years,” and put a time frame on the question, then the question can be asked in a meaningful way.   If you tell me how old you are, what your sex is, what country you are living in, and whether you smoke cigarettes or not, I might be able to able to give you a figure based on the actuarial tables compiled by insurance companies in your country.

So, the words uncertain event are key to the definition.   Another set of key words is “positive or negative.”   Technically speaking, the uncertain event can have a positive or negative impact on the project objectives.   This technical use of the word “risk” differs from the ordinary, everyday definition of risk which tends to mean only those events which have a negative impact.    If someone says to me, “Johnny is giving a party tonight,” and I respond, “oh, there might be a risk that I will have a good time,” the person I’m talking to will probably detect that I’m being sarcastic as opposed to just giving a neutral prediction.    That’s using the everyday usage of the word “risk”.    I think PMI recognizes that there is some difference between the technical definition and the ordinary definition of the word “risk”, because in the 5th Edition of the PMBOK® Guide there are a lot of instances where they will use “reduce risks and enhance opportunities”, the opportunities, of course, being the events which impact the project positively and the risks being those which impact it negatively.    They are conceding the everyday usage of the word “risk” in order to emphasize the point being made, that you have to reduce the impact or likelihood or negative events and enhance those of positive events if you are truly doing risk management.

The third key part of the definition is the phrase “if it occurs”.    If a risk that has been forecast actually occurs, it is no longer a risk, it is an issue.

2.  Causes of Risk

The causes of risk can come from various sources, such as:

  • a requirement, such as legal requirement imp0sed by laws or regulations
  • an assumption, such as the conditions in the market (which may change)
  • a constraint, such as number of personnel available to work on any given phase of the project, or
  • a condition, such as the maturity of the organization’s project management practices

3.  Known vs unknown risks

Known risks are those which can be identified and analyzed beforehand in such a way as to be able to a) reduce the likelihood of their occurrence, or b) plan a risk response to reduce their impact in the event that they occur.   These risk responses, as we will shall say, are paid for out of a contingency reserve which is normally under control of the project manager.    An unknown risk, on the other hand, are those that are not identified beforehand.    If they are not identified, they cannot be analyzed, and of course cannot be managed proactively.    If these kind of risks occur, the response is called a workaround and is paid for out of a management reserve which is normally not under control of the project manager, but rather of management (hence the name “management reserve”).

4.  Risk attitude

Remember that risk has two components, the uncertainty of an event, which is measured by its probability, and its potential impact on the project.    The amount of uncertainty that an organization can accept is measured by its risk appetite; the amount of impact the organization can accept is measured by its risk tolerance.

The combination of the uncertainty and the probability can give you the amount that needs to be put aside to handle that risk, sometimes referred to as the reserve, and the amount of reserve that the organization can accept is measured by its risk threshold.    It is this latter concept which will determinate what kind of risk response the organization may take.

5.  Risk response

There are four possible responses to a risk, depending on whether there is low or high probability of its occurring, and whether the financial impact if it does occurs is either high or low.

  • Avoid–for high probability, high impact events
  • Transfer (such as purchasing insurance)–for low probability, high impact events
  • Mitigate–for high probability, low impact events
  • Accept–for low probability, low impact events

These are some of the concepts that are used when planning risk management on a project.   Now that I have given an explanation, I will start with the next post to cover the first project management process involving risk management, process 11.1 Plan Risk Management.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: