1.4d – Risk Management: Threats and Opportunities

Managing projects is fundamentally about managing uncertainty. Some uncertainty is a threat (things that could go wrong); some is an opportunity (things that could go better than expected).

1.4d.1 Identifying Risks

Threats (Negative Risks)

• Resource shortages (team sickness, turnover)
• Technical failures (platform instability)
• Schedule delays (vendor issues)
• External shifts (regulatory changes)

Opportunities (Positive Risks)

• Efficiency gains (new tool speeds up work)
• Technical breakthroughs
• Cost reductions (volume pricing)
• Early delivery potential

1.4d.2 Risk Analysis: Probability vs. Impact

Sarah learns to analyze risk using two dimensions:

1. Probability: How likely is this to occur? (Low/Medium/High)
2. Impact: How bad (or good) is the consequence? (Low/Medium/High)

Risk Score = Probability × Impact High-score risks are prioritized for proactive mitigation.

1.4d.3 Risk Response Strategies

For Threats

• Avoid: Change the plan to eliminate the risk (e.g., use a different technology).
• Mitigate: Reduce probability or impact (e.g., extra testing, backup servers).
• Transfer: Move the risk to a third party (e.g., insurance, fixed-price contracts).
• Accept: Acknowledge the risk and have a contingency plan if it happens.

For Opportunities

• Exploit: Ensure the opportunity happens (e.g., prioritize a high-value partnership).
• Enhance: Increase probability or impact (e.g., assign your best team to a breakthrough area).
• Share: Partner with others to capture the benefit.
• Accept: Take the benefit if it comes, but don't actively pursue it.

1.4d.4 The Risk Register

Sarah maintains a Risk Register, a living document tracking:

• Risk Description: What exactly might happen?
• Analysis: Current probability and impact score.
• Response Plan: What are we doing about it?
• Owner: Who is responsible for monitoring this risk?
• Status: Is the risk active, mitigated, or closed?

1.4d.5 Risk and Ways of Working

• Predictive: Extensive upfront identification and formal contingency planning.
• Agile: Continuous risk identification in every sprint. Mitigation through "spikes" (research tasks) and frequent feedback.
• Hybrid: Program-level risks managed predictively; team-level risks managed agilely.

1.4d.6 On the Exam: Risk Scenarios

Good Answers:

• Identify and assess the risk before acting.
• Choose a strategy that fits the risk's score.
• Assign clear owners.
• Monitor trends (are risks increasing or decreasing?).

Red Flags:

• Ignoring a risk and hoping for the best.
• Reacting only after a risk occurs (no plan).
• Treating all risks with the same level of urgency.

---

Key Concept

Risk management is not about eliminating risk (which is impossible); it's about being prepared so uncertainty doesn't derail your project.