Why I Do Not Like the Phrase "Risk and Opportunity"
I want to clarify something in today’s article. I’ve heard a few people say and seen some people write on “risk and opportunities.” I’ve noticed all of these conversations and articles miss one area.
Our projects do not have risks and opportunities; we only have risks.
Because opportunities are risks!
If you are studying for any of the PMI exams, you need to understand that risk encompasses both positive and negative risks. These are also opportunities (positive) and threats (negative) risks.
Today, I focus on why risk managers stress; it is just risk vs. risk and opportunities.
Terminology: Webster vs. Project Management Institute
The problem behind the different approaches to risk lies within the definitions.
You see below that the way that project managers and non-project managers define risk is quite different. One (Webster) has a negative tone, while the other’s (PMI) gives a more neutral definition as PMI focuses on the “uncertain event or condition”.
The Webster Dictionary gives a robust and lengthy definition of risk, defining risk as::
possibility of loss or injury
someone or something that creates or suggests a hazard
the chance of loss or the perils to the subject matter of an insurance contract
the degree of probability of such loss
a person or thing that is a specified hazard to an insurer
an insurance hazard from a specified cause or source
the chance that an investment (such as a stock or commodity) will lose value
to expose to hazard or danger
to incur the risk or danger of
The Standard for Risk Management Portfolios, Programs, and Projects defines risk as:
An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more objectives. (See also issue, opportunity, and threat)
At first glance, you can immediately see a huge difference between these definitions of risk.
We have the Webster’s Dictionary definition of risk, which deals directly with injuries, hazards, loss, etc. While the PMI definition of risk focuses on uncertain positive and negative effects on one or more objectives.
So, yes, I have an issue with using the terms “risk and opportunity” together. However, my disagreement primarily lies with project managers who misuse these terms during discussions about risks in project management.
A Quick Deeper Dive Into PMI Risks, Threats, and Opportunities
Now that we have defined risk using Webster and PMI, we can see how project and non-project managers view risks. PMI had a shorter and less detailed definition than Webster. These fewer details in the PMI definition of risk stem from PMI risks having multiple supportive definitions.
The Standard for Risk Management, Portfolios, Programs, and Projects by PMI defines risk, threats, and opportunities as:
Risk: An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more objectives.
Threat: A risk that would have a negative effect on one or more objectives. (See also issue, opportunity, and risk)
Opportunity: A risk that would have a positive effect on one or more objectives. (See also issue, threat, and risk)
As clearly stated in the PMI standard, risks within project management are positive (Opportunities) and negative (Positive).
By using these definitions of risk, I hope you see that saying “Risk and Opportunity” is the same as saying “Risks and Risks,” – which sounds ridiculous.
If definitions do not convince you, let’s go into risk response strategies and how they work within the risk management process—ultimately supporting our argument on saying ‘Risk and Opportunities’.
Addressing Opportunities and Threat Risks With Risk Responses In Project Planning
The risk management process consists of identifying, analyzing, and responding to your risks. Whether your risks are positive or negative, the risk management process does not change.
The only difference comes at the risk response step.
During this analysis, you will assess and assign the risk response strategies for your risks. These responses align with your risks, based on threat or opportunity, and how you want to respond to limit the risk’s impact on your project.
The risk response strategies are:
Opportunities Risk Responses
(Positive Risks)
Escalate
Exploit
Share
Enhance
Accept
Threat Risk Responses
(Negative Risks)
Escalate
Avoid
Transfer
Mitigate
Accept
Risk responses are split between both opportunities and threats. There are overlapping responses, but majority of the strategies are directly aligned to the negative or positive impact of the actual risk.
Understanding and considering your risk responses protects your project’s time, scope, and cost. You cannot understand your response strategy without understanding if you have a threat or an opportunity.
Understanding how to respond is one of the important aspects of identifying both positive and negative risks for a project. Now, what are the implications of not properly identifying risks as opportunities or threats within the risk process?
Implications For Not Understanding Opportunities and Threats in the Project Risk Management Process
Hopefully, you understand that risks are either an opportunity or a threat. But do you understand why we want to analyze risks for their positive or negative impact?
Risk management’s main goal is proactive management of both positive impact and negative impacts throughout our projects. These impacts are critical in developing the risk exposure of a project, impacting time, resources, and even the project’s scope.
Misrepresenting a risk as a threat when it is an opportunity or an opportunity when its a threat can lead to multiple bad outcomes.
The consequences of misjudging your risk are:
Realized Risks
Misaligned Budget
Project Failing.
Realized Risks:
When we do not have the proper risk response in place, our negative risks can still materialize as a risk. Also known as a realized risk, when this happens, you now have an issue for your project.
-
Implications for a realized risk means scope could broaden, or your schedule could extend, in return, cost rise.
Misaligned Budget:
During your risk assessment, you develop a contingency and management reserve budget.
-
Contingency Reserve: Time or money allocated in the schedule or cost baseline for known risk with active response strategies.
-
Management Reserve: Time or money that management sets aside in addition to the schedule or cost baseline and releases for unforeseen work that is within the scope of the project.
When your identified risk is realized, you most likely need to dip into your contingency or management reserve funding.
-
If emerging risks are missed or not seen, these unforeseen risks require using management reserves for your project. And based on the cost of the risk, these could easily bust your budget.
Project Failing:
The worst-case scenario is that your project fails to deliver its objective.
-
Implications for a project failing are:
-
Finances: You lose all the funding put into it.
-
Reputation: It can damage your organization’s reputation, losing current and future customers
-
Community: Community projects mean a decreased quality of life for the impacted community.
-
Stakeholders: It can damage any relationship with stakeholders, internal and external, in the organization – creating doubt in your ability during future projects.
-
You must understand the difference between a threat and an opportunity. It is up to you and your team to ensure that you include clear risk management standards around risk management within your risk management plan.
Without this clear delineation, you risk missing or misrepresenting a risk, resulting in higher risk exposures.
How to Manage Opportunities and Threats During Project Execution
I hope by now, I have you on board that the saying “Risks and Opportunities” = Not Correct.
If so, you might ask yourself, “Ok, then how do I track these Risks”?
Our projects should have risk assessment that allow us to track new risks. In this tool, we list out information like:
-
Risk Name
-
Category
-
Probability x Impact Assessment
-
Risk Rating
-
Risk Response
This template helps build out what risks are important, which ones need to be fully managed, and allow you to label which are Threats and which are Opportunities.
If you don’t already have a Risk Assessment Template – download the one below for mine!
Once you have everything in your template, you have the beginning of your risk register – where you will monitor and control your risks throughout your project.
In Conclusion
If during your project, you have any uncertainty surrounding any positive or negative impact on your project, you have risks. Positive risks are referred to as opportunities, and negative risks as threats.
Although our Webster’s dictionary gives the term “risk” a negative connotation, risk in project management is not an automatic negative.
Therefore, when you use terminology like “We are going to evaluate our Risks and Opportunities” within project management, you essentially say that you are evaluating “risks and risks”.
The Challenge
As current or aspiring project and risk managers, I challenge you to inform stakeholders of this delineation between positive and negative risks. Educate them not only to look at the bad that can happen on the project but also to focus on the good.
During your project planning and risk analysis, ask your project team and stakeholders what “opportunities” they see. Process these, put them within your risk registers, and monitor them like you would any other risk.
If you do not do this, no one will, and your project and the projects throughout your organization take the chance to miss out on the positive effects of opportunities on their projects.
-Russ Parker
The Risk Blog is reader supported – Please consider contributing to the operating costs of running this blog!
