Managing Risk as Opportunity


With our principles, processes and practices and the needed risk management approach, let’s look at how to manage risk for opportunities.

With uncertainty comes opportunity. But if a project manager is consumed with managing the risks, there is little time to manage the opportunities. Good risk management is not about fear of failure; it is about removing barriers to success. This is when opportunity management emerges.

Although risk management as defined in PMBOK is useful, a better paradigm to manage both risk and opportunity is “Managing in the Presence of Uncertainty.” Uncertainty is created when risks appear along the path to success. With uncertainty comes opportunity. If the project manager is busy managing the risks, there is little time to manage opportunities ignoring half the management in the presence of the uncertainty equation.

Some useful definitions for risk/opportunity management:

  • Risk – a potential problem or threat that could affect a project’s ability to meet its operational capability and performance, technical, cost, schedule, financia or other objectives.
  • Risk Management – the continuous, proactive process of identifying and assessing the program, risk, defining appropriate risk handling strategies and plans and monitoring those actions to completion.
  • Opportunity Management – the identification of opportunities to help attain project goals and the identification and implementation of actions to capture those opportunities.

What is the Intention of Risk Management?

Actively managing risks can increase the probability that a project or program will have a successful outcome. This motherhood statement makes it clear that risk management as part of successful project management is a strategy. Risk management is not an event performed along the way; it is a continuous process.

There are many books, papers articles and professional associations describing how to manage risk. One phrase used by project a manager is risk buy down that is, the buying of information to reduce risk. The purchasing of this information can be explicit: buy a report that compares three products being considered as an off-the-shelf solution rather than analyze them as part of the project. Or spend money building a prototype to test the structural integrity before committing to manufacturing. Or, pay for a public survey of constituents before rerouting a bicycle path.

Risk management must be an integral part of planning and execution. PMBOK® defines 6 processes for managing risk. To make risk management explicit, the tasks for managing risk must be:

  • Embedded in the schedule – flagged as risk management tasks with predecessors, successors, durations and priorities.
  • Assigned resources – risk manager and technical assessment staff, cost accounts and WBS numbers, performance targets and exit criteria.
  • Budget – apportioned to the risk level, cost baseline and actuals against the project baseline.
  • Tracked in the normal status review – risk manager reports risk reduction status as percentage complete or zero percent/100 percent complete.
  • Defined outcomes result from risk buy down and management tasks are made visible through accomplishment criteria or some form of qualitative assessment.
  • Assessed for compliance to specification through a risk buy down chart showing risk reduction as the project proceeds.

This makes risk management part of the normal project planning and control processes. Once in place, the risk management plan is no longer a separate event represented solely in a document, but part of the project management team’s responsibility.


Glen Allenman is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.

Leave a Comment

Leave a comment

Leave a Reply