POSTER 11 · UNCERTAINTY & RISK
Risk Management Basics
Risk is the effect of uncertainty on objectives. Manage it as a continuous loop — identify, analyse, plan a response, and monitor — never a one-off event.
Project Management
The Risk Process (6 steps)
1
Plan Risk ManagementDecide how risk will be run: scales, roles, appetite, thresholds.
2
Identify RisksFind threats & opportunities. Write as cause → risk → effect.
3
Qualitative AnalysisRank by probability × impact. Prioritise the vital few.
4
Quantitative AnalysisModel overall effect on cost/schedule (e.g. Monte Carlo).
5
Plan ResponsesChoose a strategy + owner for each prioritised risk.
6
Monitor & ControlTrack, re-assess, watch triggers, manage the reserve.
Types of Risk
- Threat — uncertainty with a negative effect.
- Opportunity — uncertainty with a positive effect.
- Known risk — identified; managed with a contingency reserve.
- Unknown risk — unforeseeable; covered by a management reserve.
- Individual risk — affects one or more objectives if it occurs.
- Overall risk — the combined effect of uncertainty on the whole project.
- Residual — what remains after responses; secondary — created by a response.
Probability × Impact
| P \ I | VL | L | M | H | VH |
|---|---|---|---|---|---|
| VH | M | H | E | E | E |
| H | L | M | H | H | E |
| M | L | M | M | H | H |
| L | L | L | M | M | H |
| VL | L | L | L | M | M |
Low
Medium
High
Extreme
Response Strategies
AvoidEliminate the threat — change scope or plan.
ExploitMake sure the opportunity happens.
TransferShift the threat to a third party (insure, contract).
ShareAllocate the opportunity to a capable partner.
MitigateReduce probability and/or impact of the threat.
EnhanceIncrease probability and/or impact of the opportunity.
AcceptTake no action; set a contingency reserve (active) or none (passive).
EscalateOutside authority? Raise to programme / portfolio level.
Key Terms
- Risk appetite — uncertainty an org is willing to take on.
- Risk threshold — the level of impact that triggers action.
- Risk owner — person responsible for managing a risk.
- Trigger — a warning sign that a risk is about to occur.
- Contingency reserve — time/cost set aside for known risks.
- EMV — Expected Monetary Value = probability × impact.
Memory Hooks
- “Cause → Risk → Effect” — the shape of every good risk statement.
- Threats: A-T-M-A — Avoid, Transfer, Mitigate, Accept.
- Opportunities: E-S-E-A — Exploit, Share, Enhance, Accept.
- Contingency = known, Management = unknown reserve.
Common Questions
- Risk vs issue? A risk is future & uncertain; an issue has already happened.
- Who owns the reserve? PM controls contingency; sponsor controls management reserve.
- Qualitative or quantitative first? Qualitative — it filters what is worth modelling.
Review Checklist
- I can list the 6 process steps in order.
- I can give the 4 threat & 4 opportunity responses.
- I know contingency vs management reserve.
- I can write a cause–risk–effect statement.
- I can place a risk on the P×I matrix.
Executive Summary
Effective risk management is proactive, not reactive. Build a prioritised risk register early, assign a named owner to every significant risk, fund a contingency reserve sized to your analysis, and review the register at every status point. The goal is not zero risk — it is taking the right risks knowingly, within a defined appetite, so opportunities are captured and threats never become surprises.