Threats and opportunities in the risk management of projects

Project risk management helps with achieving project objectives, especially those concerning cost and time. APM defines a risk event as “an uncertain event or set of circumstances that would, if it occurred, have an effect on the achievement of one or more [project] objectives”. Using this definition, risks can be either threats that hurt the objectives or opportunities that benefit them.  

Risk as opportunity 

Project professionals have expressed concern with the concept that risks can be ‘positive’, since it does not align with thinking in the non-project world, where risks are always negative. There is also a feeling that opportunities are often not identified, and if identified, they are treated differently from threats. APM’s Risk SIG conducted a survey among APM Corporate Members to assess the state of risk management, with an emphasis on opportunity management. Over 100 project professionals responded, and around 80 completed the entire survey.  

Over 90% of the organisations that responded carry out project risk management and use APM’s definition of a risk event. There is, however, quite a difference between the application of risk management for larger projects and for smaller ones. As an example, 70% of larger projects have someone taking the role of risk manager, whereas for smaller projects this is only 35%. Quantitative risk analysis is used in over 60% of larger projects, but in less than 30% of smaller projects.  

Project managers want to keep control 

The results show that risk management is taken very seriously by project organisations, but more so for larger projects. Part of the survey focused on opportunities and showed that 50% of organisations see opportunities as quite different from threats, and they are not viewed as ‘two sides of the same coin’. The most striking answer was that an opportunity involves a conscious choice whether to seize it or not (66% of the respondents), whereas a threat is an event that may or may not happen.  

Organisations seem to relate opportunities less to the risk world, where it is completely uncertain whether the opportunity will materialise or not, and more to the business world, where one can choose to seize an opportunity. Over 70% of the organisations indicated that they pursue business-related opportunities on their projects. For 55% of organisations, the distinction between a risk-related opportunity and business opportunity is not clear. Project managers like to keep control of these opportunities, though; fewer than 10% want to leave opportunity management purely to the business.  

Threat and opportunity management vs risk management 

Although there is confusion about the ‘opportunity’ concept, most organisations feel they can properly take advantage of opportunities (over 70%) and don’t identify opportunities just to comply with the client’s request (less than 15%). There is also reluctance to discuss opportunities with the client. The concept that risks can be positive is difficult for some. Over 60% of respondents associate ‘risk’ with just a negative outcome, and over 65% would prefer the term ‘threat and opportunity management’ over ‘risk management’ in projects. Over 60% would even like to use the term ‘risk and opportunity management’.  

There was a repeated call to change the risk terminology so that risks cannot be positive, but not necessarily to overhaul the risk management process completely. Some indicate that opportunity management could benefit from its own process and register; others want to prevent creating yet another process and ask for more gradual changes.  

This article appears in the spring issue of Project journal, available free to APM members 

This blog was co-authored by Marian Bosch-Rekveldt, Delft University of Technology; Sara Rye, London South Bank University; and Peter Simon, Lucidus Consulting.