Skip to main content

Manage Risk

Learning Objectives

After completing this unit, you will be able to: 

  • Explain risk attitude.
  • Categorize project risks.
  • Identify and document risks.
  • Assess risk exposure.

What Is Your Risk Attitude?

Gauge showing levels of risk attitude, ranging from low to medium to high

Are you a risk taker—one who is always up for a new adventure? Do you avoid risk, preferring to take the road already known? Or are you somewhere in between, willing to take calculated risks?

Walden University lets you know it’s all about attitude.

Risk attitude (perception) defines your overall position on risk, which can range from risk taker to risk avoider. Your overall risk attitude is influenced by three factors: risk appetite, risk tolerance, and risk threshold. Risk appetite is the degree of willingness to accept risk in relation to the expected reward. Risk tolerance is how much risk you will withstand; and it may be different depending on the circumstances. Risk threshold is the upper and lower limits of risk you are willing to take.

Your personal risk attitude influences the choices you make and whether you take or pass on opportunities depending on the level of uncertainty and risk. But have you ever done a detailed risk analysis as a way to calculate the risk? Applying project risk management can help you make informed decisions, just as it does in business organizations.

What’s at Risk?

Organizations, project managers, and project sponsors are aware that risks await any project. They have no interest in activities that negatively impact the organization or the project plan. What they are interested in is the opportunity and return on investment that the project represents. But they can’t afford to throw caution to the wind. From the time a project is selected and throughout its lifecycle, they must adopt a more measured risk attitude. They must understand and plan for the risks they face.

The first piece of risky business occurs during project selection. Decision makers must decide which projects to select. Risk attitude plays a factor in this decision. But project selection is an analytical process that’s bigger than mere risk appetite. 

How do executives decide whether to pursue certain projects based on the level of risk? How do they weigh the options? How do they plan for risk?

It starts with risk management—a proactive and continuous approach for managing the uncertainty that exists in all projects. Risk attitude will largely influence these decisions, but organizations can only make informed decisions to accept risk or not when they have an estimated level of risk.

How is project risk estimated? Let’s see how it works.

Expect the Unexpected

The first step is to identify potential risks. These are typically documented in a risk register. Brainstorming and interviews are common techniques that help identify risk. But regardless of the technique, it’s important for the project sponsor, key stakeholders, and subject matter experts to be involved in the process and take ownership for certain risks. The project manager and the project team may not have the functional expertise or strategic insight to accurately identify or own them.

Think about possible sources or categories of project risk as a way to organize the risk list. These include:

  • Strategic: Risk that the project will fail to achieve business objectives.
  • Operational: Risk that a project will impact the ability to conduct business as usual.
  • Technical: Risk that technical solutions will fail.
  • Compliance: Risk of sanctions from regulatory agencies.

Playing cards on a dealer’s table, each labeled with a type of risk and the title Categories of Project Risk

It’s impossible to identify every risk that could occur, but risk management is an iterative process. Over the life of the project, the project team reviews and updates the risk register as needed.

Let’s use an example to demonstrate the concepts.

Develop a Risk Register

You’re the CFO for a large, multinational bank. The bank is considering a project to migrate all customer data from a legacy system to a new cloud-based system. This will enable the bank to provide real-time updates to customer data and reduce the footprint in the bank’s data center. 

You’re the sponsor. The CEO mentions this is a mission critical project and the stakes are extremely high. The window of opportunity to complete the migration is very tight. Any missteps could leave the bank unable to provide current data to its customers.

Worse than that, the bank could incur significant fines from regulatory agencies if current customer data is negatively impacted. You meet with the project team, high-level stakeholders, and subject-matter experts to assess the risk exposure of the project.

During a brainstorming session, the team identified these risks.

Risk Register

Type of Risk 

Risk Source / Category 

Risk Name 

Risk Description 

Threat 

Operational 

System downtime 

There is a planned window of system downtime during the migration. Downtime beyond that will mean that customer data is unavailable for longer than expected.   

Threat 

Technical 

Equipment failure 

Equipment failure during the migration will extend system downtime, leaving the bank unable to provide current customer data. 

Threat 

Compliance 

Data availability 

The SEC requires that customer data be available in a very specific timeframe every day. Unavailable customer data will lead to significant fines by the SEC. 

Threat 

Security 

Vulnerability of data 

Customer data will be particularly vulnerable during the migration. Any perceived threat will require the migration to stop. The recovery process will extend system downtime, leaving the bank in violation of SEC regulations.

Take a Calculated Risk

Once risks have been identified, the project team chooses a method to analyze them. Most often, the process begins with a qualitative assessment to determine the likelihood (probability) of occurrence and the effect to the organization (impact).

Your team uses a 3-point scale to analyze the risk: 1 = low; 2 = moderate; 3 = high.

The resulting score (probability x impact) provides the exposure for each risk and opportunity. The total of the individual scores provides the overall exposure of the project. For this project, you categorize the exposure this way: 1 to 3 = low; 4 to 6 = moderate; 7 to 9 = high.

Let’s look at the results.

Type of Risk 

Risk Source / Category 

Risk Name 

Probability 

Impact 

Score 

Threat 

Operational 

System downtime 

3–High 

3–High 

9–High 

Threat 

Technical 

Equipment failure 

1–Low 

3–High 

3–Low 

Threat 

Compliance 

Data availability 

2–Moderate 

3–High 

6–Moderate 

Threat 

Security 

Vulnerability of data 

2–Moderate 

3–High 

6–Moderate 

What is the overall risk exposure of the project? 

The total of the risk score is 24, divided by 4 (the number of risks) = 6. The risk exposure of the project is moderate. You and the team decide to move forward.

Walden University cautions that risk management doesn't end once the project is selected. After selection, project managers must identify, plan for, and mitigate every risk that could rain on their project plan at every stage. Failure to continually measure, plan for, and manage project risk throughout the lifecycle could lead to project failure or even worse, negative impact to the organization.

Keep learning for
free!
Sign up for an account to continue.
Sign Up Login
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities
Skip for now