29 January 2007

Risk Management 101: Describing a risk

In business and especially in projects it is important to be precise with language to avoid confusion and misinterpretation.

Risks should be phrased and framed properly in order to be best managed. Risks should identify three aspects;

  • The circumstances that enable the risk to occur, often the trigger
  • The actual risk, or thing that might happen
  • The impact of the risk event occurring to the project or business

For example these are poorly framed risks;

  • We may set the price too high
  • Technical resources are not available

This is a more effective way of describing the risk;

  • If we raise prices to high customers may find better alternatives and churn away causing loss of market share and revenue.
  • If technical resources are not available by [date] the project’s critical path will be affected resulting in at least a four week delay to launch
The second set of examples provide fuller descriptions that reduce the likelihood of misinterpretation and allow for a better assessment of the likelihood and impact of the risk.


  1. Anonymous4:47 am

    The conventional wisdom is to employ "That..." language for EVERY risk name/description (eg, That X will occur OR That Y will not occur). This forces clarity into the risk - it being an event and not a consequence.
    Rob P

  2. Anonymous4:29 pm

    What if there is more than one reason for the risk 'event' occurring- how would u capture that information in the description?

  3. More than one root cause means more than one risk.

    So when we break it down we have that first dot point; the trigger.

    If you want - put forward an example and we can break it down.