Risks and Opportunities


uripide, the famous tragedian of classical Athens, in Medea wrote: “Gods reserve us a lot of surprises: while the expected doesn’t take place, a god gives a chance to the unexpected”.

We are used to consider unexpected as threat over the question of uncertainty. Before considering all unexpected events as threats, we should deepen the definition of threat.

From the PMI’s PMBoK Guide, a “Threat” is a condition or situation unfavorable to the project, a negative set of circumstances, a negative set of events, a risk that will have a negative impact on a project objective if it occurs, or a possibility for negative changes.

The concept of risk is usually associated to the discipline of statistics: an event (or its consequences derived by the fact that it has happened) could be classified as risky only when you had no certainty about its happening.

The lack of certainty reserve us the impossibility to even list all the elements that contribute to the event’s happening; and this occurs not only because of inaccurate analysis, but also over the question that the high number of variables and/or the lack of objective data reduces the quantity of alternatives being effectively considered by the PM.

Returning to the definition of risk, it seems that you can consider it only thinking to a negative event.

It should be more correct considering “risky” whatever event which we couldn’t consider certain in its happening.

All in all, we could define an event as a “threat” or as an “opportunity” depending on whether the consequences associated to its happening appear to be “hostile” or “profitable”.

There are many kind of risks:

Example of kind of risks

Example of risks

– Natural risks (e.g. flood, earthquake, thunderstorm, and so on);

– Financial risks (e.g. interest rate, market, foreign-exchange and so on);

– Commercial risks (e.g. pricing policy, new products on the market and so on);

– Technical risks (e.g. use of innovative technologies, equipment fault and so on);

– Human risks (e.g. industrial accidents, lack of a skill necessary to the project and so on);

– Economical risks (e.g. rise of raw material’s pricing, contract negotiations and so on);

– Political risks (e.g. any regulation’s change, trade/labor/craft unions, mergers and so on).

There are four fundamental steps, each following other, that form the cycle of risk management.

Risks cycle

Risks Cycle

– Identification (i.e. making a sort of assessment)

– Quantification (i.e. analyzing risks to categorize them, to calculate impact and probability, to check the correct response)

– Planning (i.e. planning the actions to contrast the threats or to enhance the opportunities)

– Monitor & Control (i.e. verifying the result of the actions, the emerging of new threats/opportunities and updating plans).

Let’s deepen the four steps mentioned above.

Risks Identification

It’s a real turning point. There are at least two techniques to help us.

1) Cause-Effects Analysis

2) Multi Vote

Ishikawa Diagram

Example of Ishikawa Diagram

The Cause-Effects Analysis could be performed listing the causes that could trigger an event and then, for each of these causes, assessing the possible consequences on the project. A graphical representation could help us performing this kind of activity, the Fishbone Diagram (also called Ishikawa Diagram).

You can read HERE an interesting article posted on this blog about the Multi Vote technique.

Risks Quantification

We have to assess the events, their impacts and their probability.

We could describe the probability using a qualitative scale (very low, low, medium, high, very high probability). The probability could be determined using historical data registered during previous projects or using social-economics studies (e.g. the probability that a determined place could be subjected to an earthquake or to a flood could be find on internet analyzing historical data about that place).

The impact of the events (if they happen) could be described using a qualitative scale (very low, low, medium, high, very high impact). To calculate the real impact, we should ask the following question: “what objectives will be subjected to the impact?”

A risk, for example a third party misses a consignment, could seriously harm the time objectives that the project have to fulfill, while could have no impact on quality objectives; the deliverable could be late consigned but could fulfill the quality requested by the client.

Risk Matrix

Example of Risk Matrix

The final act of this phase is drafting the Probability-Impact Matrix.

The major risks are the ones that get high values for either the probability and the impact.



Risks Planning

During this phase we’ll define the actions to do in case a risk became an issue (i.e. the event has occurred).

The plans drafted during this phase are called “Contingency Plan”.

Risks Monitor & Control

It’s mandatory, in the end, that the determined strategies are implemented to:

– avoid that a risk could become an issue;

– to obtain that the events triggering opportunities will happen.

During the execution phase of the project, at every progress meeting, the Project Manager will have to:

1) check the whole list of already opened project risks;

2) analyze other risks not already taken into account.

Please rate this post:



Donate € 5,00

Help the growth of this blog

Latest Tweets