11.1 Defining Risk

Learning Objectives

  1. Define project risk.
  2. Define the difference between known and unknown risks.
  3. Describe the difference between the business risk of the organization and project risk.

Risk is the possibility of loss or injury (Merriam-Webster Online, 2009).Project risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective (Project Management Institute, Inc., 2008).Risk management focuses on identifying and assessing the risks to the project and managing those risks to minimize the impact on the project. There are no risk-free projects because there is an infinite number of events that can have a negative effect on the project. Risk management is not about eliminating risk but about identifying, assessing, and managing risk.

Tzvi Raz, Aaron Shenhar, and Dov Dvir (Raz, Shenhar, & Dvir, 2002). studied the risk management practices on one hundred projects in a variety of industries. The results of this study suggested the following about risk management practices:

  • Risk management is not widely used.
  • The projects that were most likely to have a risk management plan were those that were perceived to be high risk.
  • When risk management practices were applied to projects, they appeared to be positively related to the success of the project.
  • The risk management approach influenced the meeting of project schedules and cost goals but exerted less influence on project product quality.
  • Good risk management increases the likelihood of a successful project.

Risk deals with the uncertainty of events that could affect the project. Some potential negative project events have a high likelihood of occurring on specific projects. Examples are as follows:

  • Safety risks are common on construction projects.
  • Changes in the value of local currency during a project affect purchasing power and budgets on projects with large international components.
  • Projects that depend on good weather, such as road construction or coastal projects, face risk of delays due to exceptionally wet or windy weather.

These are examples of known risks. Known risks are events that have been identified and analyzed for which advanced planning is possible. Other risks are unknown or unforeseen.

Terrorist Attack

On September 11, 2001, project team members were flying from various locations to a project review meeting in South Carolina when all flights were cancelled because of the attacks on the World Trade Center. Members of the leadership team could not make the meeting or return to their home base, and progress on the project, like many projects that day, was delayed.

Sudden Family Death

Just before a project meeting in Texas, the engineering lead received word that his father had died in the middle of the night. The team delayed making decisions on some critical engineering events without the knowledge and judgment of the engineering manager.

Whole Crew Fails Drug Test

On a project in Texas, the entire twelve-member masonry crew failed the drug screening test even though they had been told that drug screening was required on the project.

These events were unforeseen by the project team, and in all three cases the projects experienced schedule delays and additional costs.

Project risks are separate from the organizational risks that are associated with the business purpose of the project.

A project was chartered to design and construct a copper mine at a cost not to exceed $1.2 billion. If a project is completed on time, within budget, and meets all quality specifications, the project is successful. If the price of copper drops below the profit threshold for the company, the organizational goals of the project may not be achieved. The price of copper is an organizational or business risk. The copper mining company authorized the project based on assumptions about the future price of copper. The price of copper is not a project risk on this project.

Key Takeaways

  • Project risk is the possible outcome that planned events on the project will not occur as planned or that unplanned events will occur that will have a negative impact on the project.
  • Known risks can be identified before they occur, while unknown risks are unforeseen.
  • Organizational risks are associated with the business purpose of the project and assumed by the client when deciding to do the project.


  1. According to PMI, project risk is a(n) ___________ event or condition that, if it occurs, has an effect on at least one project objective.
  2. A risk such as the future market price of a commodity is an example of a(n) _________ risk.
  3. Define risk in your own words.
  4. Give an example of a known risk and an unknown risk that are different from those in the text.
  5. Describe the difference between organizational risk and project risk in your own words and give an example of each that is not used in the text.

Planning for Known and Unknown Risks

Consider a trip that you might be planning. Describe at least five risks that are associated with taking the trip.


Merriam-Webster Online, s.v. “risk,” http://www.merriam-webster.com/dictionary/Risk (accessed August 21, 2009).

Project Management Institute, Inc., A Guide to the Project Management Body of Knowledge (PMBOK Guide), 4th ed. (Newtown Square, PA: Project Management Institute, Inc., 2008), 273.

Raz, T., Aaron J. Shenhar, and Dov Dvir, “Risk Management, Project Success, and Technological Uncertainty,” R&D Management 32 (2002): 101–12.


Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Project Management from Simple to Complex Copyright © 2016 by University of Minnesota is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book