How to identify risk?
Risk is defined as an uncertain event that can affect the objectives of a project and may contribute to
its success or failure. Risks with a potential for positive impact on the project are called opportunities,
whereas threats are risks that could negatively impact a project. Managing risk must be done
proactively, and it is an iterative process that should begin at project inception and continue throughout
the life of the project. The process of managing risk should follow some standardized steps to ensure
that risks are identified, evaluated, and a proper course of action is determined and acted upon
Risks should be identified, assessed, and responded to based, primarily, on two factors: the probability
of an occurrence and the probable impact in the event of the occurrence. Risks with a high probability
and impact rating should be addressed before those with a lower rating. In general, once a risk is
identified, it is important to understand the basic aspects of the risk with regard to the possible causes,
the area of uncertainty, and the potential effects if the risk occurs.
Difference between Risks and Issues
Risks are the uncertainties related to a project that could significantly alter the outcome of the project
in a positive or negative way. Since risks are future uncertainties, they have no current impact on the
project, but could have a potential impact on the future. The following are some examples of risks:
• Even after extensive training, the customer service representatives might not be ready to take
orders on the go-live date.
• The painting crew might be delayed due to heavy rain, which could negatively impact the
Issues are generally well-defined certainties that are currently happening on the project: so there is no
need for conducting a probability assessment as we would for a risk. Issues must be dealt with. Some
examples of issues include the following:
• Funding is not approved.
• Requirements are unclear.
Risks, if not addressed in time, may become issues. The goal of risk management is to be prepared, with
plans in place to deal with any risks that may occur.
Stakeholders include all people or organizations impacted by the project as well as those that have the
ability to impact the project. It is important to understand the risk attitude of the stakeholders. Risk
attitude is influenced by the following three factors:
1. Risk appetite: refers to how much uncertainty the stakeholder or organization is willing to take
2. Risk tolerance: indicates the degree, amount, or volume of risk stakeholders will withstand.
3. Risk threshold: refers to the level at which a risk is acceptable to the stakeholder organization. A
risk will fall above or below the risk threshold. If it is below, then the stakeholder or organization
is more likely to accept the risk.
Essentially, the risk attitude of the stakeholders determines how much risk the Stakeholders consider
acceptable, and hence when they will decide to take actions to mitigate potential adverse impacts of
risks. Therefore, it is important to understand the tolerance levels of the stakeholders in relation to
various factors including cost, quality, scope, and schedule.
Utility Function is a model used for measuring stakeholder risk preference or attitude toward risk. It
defines the stakeholders’ level or willingness to accept risk. The three categories of Utility Function are
1. Risk Averse: Stakeholder is unwilling to accept a risk no matter what the anticipated benefit or
2. Risk Neutral: Stakeholder is neither risk averse nor risk seeking, and any given decision is not
affected by the level of uncertainty of the outcomes. When two possible scenarios carry the
same level of benefit, the risk neutral stakeholder will not be concerned if one scenario is riskier
than the other.
3. Risk Seeking: Stakeholder is willing to accept risk even if it delivers a marginal increase in return
or benefit to the project.