What is Risk?
The first step toward better addressing project risk is to understand it. Risk, according to Webster, is "a possibility of loss." Risks arise from uncertainty, our inability to foresee the future. If an uncertainty creates the potential for loss, we refer to it as a risk. The opportunity to quantify risk is provided by the language of probability. A probability distribution (sometimes called a risk profile) characterizes a risk by describing the range of possible consequences and their probabilities of occurrence, as shown in Figure 5.
Figure 5: Risk probability versus percentage of expected outcome
Types of Risk
There are many different kinds of risks of concern to projects. For example:
- Governance risk relates to board and management performance with regard to ethics, community stewardship, and company reputation.
- Strategic risks result from errors in strategy, such as choosing a technology that can't be made to work.
- Operational risk includes risks from poor implementation and process problems such as production and distribution.
- Market risks include competition, foreign exchange, commodity markets, and interest rate risk, as well as liquidity and credit risks.
- Legal risks arise from legal and regulatory obligations, including contract risks and litigation brought against the organization.
As indicated by these examples, project risks include both internal risks associated with successfully completing each stage of the project plus risks that are beyond the control of the project team. These latter types include external risks that arise from outside the organization but affect the ultimate value to be derived from the project. In all cases, the seriousness of the risk depends on the nature and magnitude of the possible end consequences and their probabilities.