Visit Audio Recordings for the audio version of this section.
- Define project risk.
- Define the difference between known and unknown risks.
- Describe the difference between the business risk of the organization and project risk.
Risk is the possibility of loss or injury.1 Project risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective.2 Risk management focuses on identifying and assessing the risks to the project and managing those risks to minimize the impact on the project. There are no risk-free projects because there are an infinite number of events that can have a negative effect on the project. Risk management is not about eliminating risk but about identifying, assessing, and managing risk.
Tzvi Raz, Aaron Shenhar, and Dov Dvir3 studied risk management practices on one hundred projects in a variety of industries. The results of this study suggested the following about risk management practices:
- Risk management is not widely used.
- The projects that were most likely to have a risk management plan were those that were perceived to be high risk.
- When risk management practices were applied to projects, they appeared to be positively related to the success of the project.
- The risk management approach influenced project schedules and cost goals but exerted less influence on project product quality.
- Good risk management increases the likelihood of a successful project.
Risk deals with the uncertainty of events that could affect the project. Some potential negative project events have a high likelihood of occurring on specific projects. Examples are as follows:
- Safety risks are common on construction projects.
- Changes in the value of local currency during a project affect purchasing power and budgets on projects with large international components.
- Projects that depend on good weather, such as road construction or coastal projects, face risk of delays due to exceptionally wet or windy weather.
These are examples of known risks. Known risks are events that have been identified and analyzed for which advanced planning is possible. Other risks are unknown or unforeseen.
Project team members were flying to a project review meeting in South Carolina when a severe storm caused all flights to be cancelled. Members of the leadership team could not make the meeting and weren’t even able to return to their home base for a couple of days.
Sudden Family Death
These events were unforeseen by the project team, and in both cases the projects experienced schedule delays and additional costs.
Project risks are separate from the organizational risks that are associated with the business purpose of the project.
A project was chartered to design training for a new customer management system at a cost not to exceed $250,000. If a project is completed on time, within budget, and meets all quality specifications, the project is successful. If the customer management system does not meet the needs of the organization, the organizational goals of the project may not be achieved. The customer management system is an organizational or business risk. The company authorized the project based on assumptions about the system meeting their needs. The system’s capability is not a project risk on this project.
- Project risk is the possibility that project events will not occur as planned or that unplanned events will occur that will have a negative impact on the project.
- Known risks can be identified before they occur, while unknown risks are unforeseen.
- Organizational risks are associated with the business purpose of the project and assumed by the client when deciding to do the project.
 Merriam-Webster Online, s.v. “risk,” http://www.merriam-webster.com/dictionary/Risk(accessed August 21, 2009).
 Project Management Institute, Inc., A Guide to the Project Management Body of Knowledge (PMBOK Guide), 4th ed. (Newtown Square, PA: Project Management Institute, Inc., 2008), 273.
 Tzvi Raz, Aaron J. Shenhar, and Dov Dvir, “Risk Management, Project Success, and Technological Uncertainty,” R&D Management 32 (2002): 101–12.