Dealing with Risk and Uncertainty 143derived from the study of
decision and risk analysis,
the statistical sibling to
project risk management.
Threat The effects of risk
can be positive or negative.
Positive effects of risk are
often referred to as opportu-
nities. Threatsare the nega-
tive—or “downside”—
effects of risk. Threats are specific events that drive your project
in the direction of outcomes viewed as unfavorable (e.g., sched-
ule delays, cost overruns, and inferior product performance).
Managing Risk: An Overview
Many approaches can be used to address risk and the threats it
produces. However, most processes for managing risk tend to
follow some variation of this basic four-step approach:
Step 1.Identification (determining what threats exist). Identify
all significant uncertainties (sources of risk), including specific
threats (also called potential problemsor risk events) that could
occur throughout the life of the project.
Step 2.Quantification (determining how big the threats are).
Obtain information on the range of possible outcomes for all
uncertainties and their dis-
tribution and/or probabili-
ties of occurrence, to bet-
ter understand the nature
of the threats and their
potential effects on the
project.
Step 3. Analysis (determining which threats are of greatest
concern). Use the knowledge gained through risk assessment
to determine which potential problems represent the greatest
Focus on Threats
With all due respect to
the notion of capitalizing
on opportunities, your time will
probably be better spent focusing on
trying to counteract threats.
Experience tells us that you’ll
encounter many more factors that
can make things bad for you than fac-
tors that can make things better.Risk assessment The
combination of risk identifi-
cation and risk quantifica-
tion.The primary output of a risk
assessment is a list of specific poten-
tial problems or threats.