Types of Risk

Broadly, there are two types of risk - Business risk and Project risk. 

Business Risk
This covers the threats associated with a project not delivering products that can achieve the expected benefits. It is the responsibility of the Project Board to manage business risks. It includes such areas as:

*

The validity and viability of the Business Case

*

Whether the project continues to support the corporate business strategy, including such elements as:

*         Strategic direction

*         Commercial issues

*         Market change

*

The consequences to the corporate body of failure or limited success

*

The stability of the business areas involved

*

Programme requirements

*

Impact on the Customer of the results of the project

*

The risks of the end result meeting the stated requirements, but not fulfilling expectations

Project Risk
This is the collection of threats to the management of the project and hence to the achievement of the project's end results within cost and time. These risks may be managed on a day-to-day basis by the Project Board, Project Manager or Team Manager. Risks will be many and varied, but would include the following broad categories:

 

*

Procurement issues, covering those risks caused by being dependent on a third party, including:

*         Failure of the third party

*         Failure by them to deliver satisfactorily

*         Contractual issues

*         Mismatch between the nature of the task and the procurement process

*

Organisational factors such as:

*         Additional staff responsibilities alongside project work

*         The project culture, or lack of it, within the Customer organisation

*         Personnel and training issues

*         Skill shortage

*         Potential security implications

*

Specialist issues; there will be a wide variety of issues here because each project has its own particular specialist elements which bring with them their own risk elements. However, there are some general issues which will apply to many project types, such as:

*         How well requirements can be specified

*         To what extent the requirements can be met using currently available and understood facilities and approaches

*         The extent to which a project involves innovative, difficult or complex processes and / or equipment

*         The challenges and problems regarding quality testing

*         The risks that the specified requirements will not be achievable in full, or that not all requirements will be correctly specified.

It must be stressed that the above lists are given purely to illustrate the areas of risk that need to be considered as part of project management. Each project must be considered in its own right.

Once identified, risks are not kept separate (e.g. business, project, Stage Plan). They are all entered in the one Risk Log that is always reviewed in its entirety.