We’ve discussed issues and Risk tracking and we’ve gone over the Risk Management Plan. What we really haven’t done yet is define what Risk truly is on a project. For me, it’s always been one of those grey areas that I was never comfortable admitting was grey.

So let’s get to the bottom of this.

Definition of Risk

As we identified in The Risk Management Plan article, the definition of Risk Management is…

“Risk management is the systematic process of identifying, analyzing, and responding to project Risk. It includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objectives.”

And the definition of Risk is…

“Exposure to the chance of injury or loss; a hazard or dangerous chance.”

So when we discuss the concept of Risk in terms of a project and Project Management, we are looking at those events or issues that arise during the course of an engagement that may affect the successful outcome of a project and therefore need to be assessed and planned for mitigation.

A Risk can be nearly anything. It can be the upcoming performance of an activity that has never been performed before and therefore the outcome or duration is very uncertain. It can be the potential loss of a key project personnel resource to another project. It can be the unknown status of funding from the customer side for an upcoming phase of the project. Or it can be the use of a new technology for the overall solution or for accomplishing specific tasks on the project.

Identifying Risks

The way I look at it, Risks are basically issues that progress or need to have a plan. Not always, but usually, a Risk arises from an issue that is discovered or discussed by the project teams. Issues are tracked and may become Risks to the project. And they are only Risks if they have a potential negative impact on the outcome of the project – either success, timeline or budget.

A risk is something that is identified, can be planned for, and can be potentially mitigated. An emergency that arises on a project – like a natural disaster or the unforeseen removal of a key customer resource – is not a risk because it was not something that was a potential issue from the beginning.

Under extreme risk planning…if you’re attempting to cover everything…you can plan for these events but for 6-12 month projects it’s likely a waste of time and resources to develop a full-blown Disaster Recover Plan or to plan for the potential loss and course of action for every possible resource. Generally, risk identification comes out of known issues or real potential issues and attempts are made to plan for them and plan for a course of action or actions to take in the event that they are realized. That is called Risk Mitigation.


Risk items come up on every project. Recognizing issues as Risks when they arise is a talent and it’s one that the Project Manager and the delivery team need to acquire to help ensure project success. Sometimes it requires out-of-the-box thinking and not just basing everything on the fact that it’s “never happened that way before.”That’s a dangerous mentality. Check for Risks throughout the project and keep revisiting the list of Risks that have been identified to ensure that they are planned for in the event that they are realized during the lifetime of the project.