4
©2009 Project Management Institute. Practice Standard for Project Risk Management
1
CHAPTER 1 − INTRODUCTION
1.2 Project Risk Management Defi nition
The defi nition of Project Risk Management, as defi ned in the PMBOK
®
Guide – Fourth Edition, is the basis
for this practice standard: “Project Risk Management includes the processes concerned with conducting
risk management planning, identifi cation, analysis, responses, and monitoring and control on a project.” The
PMBOK
®
Guide – Fourth Edition also states: “The objectives of Project Risk Management are to increase the
probability and impact of positive events, and decrease the probability and impact of negative events in the
project.” In the PMBOK
®
Guide – Fourth Edition, “project risk is an uncertain event or condition that, if it occurs,
has a positive or negative effect on a project’s objectives.” Project objectives include scope, schedule, cost,
and quality.
Project Risk Management aims to identify and prioritize risks in advance of their occurrence, and provide
action-oriented information to project managers. This orientation requires consideration of events that may
or may not occur and are therefore described in terms of likelihood or probability of occurrence in addition to
other dimensions such as their impact on objectives.
1.3 Role of Project Risk Management in Project Management
Project Risk Management is not an optional activity: it is essential to successful project management.
It should be applied to all projects and hence be included in project plans and operational documents. In
this way, it becomes an integral part of every aspect of managing the project, in every phase and in every
process group.
Many of the project management processes address planning the project, from concept to fi nal design
and from procurement through daily management of execution and close-out. These processes often
assume an unrealistic degree of certainty about the project and, therefore, they need to include treatment of
project risks.
Project Risk Management addresses the uncertainty in project estimates and assumptions. Therefore, it
builds upon and extends other project management processes. For instance, project scheduling provides dates
and critical paths based on activity durations and resource availability assumed to be known with certainty.
Quantitative risk analysis explores the uncertainty in the estimated durations and may provide alternative dates
and critical paths that are more realistic given the risks to the project.
Project Risk Management is not a substitute for the other project management processes. On the contrary,
Project Risk Management requires that these project management processes (e.g. scheduling, budgeting, and
change management) be performed at the level of the best practices available. Project Risk Management adds
the perspective of project risk to the outputs of those other processes and adds to their value by taking risk
into account. For instance, risk management provides the basis upon which to estimate the amount of cost and
schedule contingency reserves that are needed to cover risk response actions to a required level of confi dence
for meeting project objectives.