White Paper
• • •


August 19, 2016


Risk gets a bad rap. It most often has a negative connotation, but it also has a kinder, softer, more beneficial side! Risk and risk management is inherent to business decision making. Every industry, company, department, and project is engaged in risk management.

As a Project Manager, I must constantly assess the opportunities and barriers to achieving project milestones and objectives. However, the process of risk management starts before a project is even defined and will continue beyond the project’s completion. From a project perspective, there are at least four key decision points that involve risk management.


Risk is the reason that companies undertake process-improvement and technological advancements - to avoid the negative risk of obscelence and to enhance the positive risk of new opportunity and positive return-on-investment.

As with all projects, the first decision to be made is whether the Return on Investment (ROI) of a project will be sufficient to justify the investment. What problem am I trying to solve? What opportunity am I trying to leverage? How is my customer base and/or industry changing? What will happen if I DON’T move on this project? Can I afford to wait?

There are times when projects are undertaken even when the cost to implement exceed the anticipated ROI or benefit. Government or industry mandates are a prime example. However, generally speaking, projects are approved because the financial benefit due to improved efficiencies, competitive advantage, technological advancement, and/or product development significantly exceeds the cost.


Risk is inherent to every project and, indeed, every aspect of our day-to-day lives. In order to function, we must learn to assess and either accept, avoid, mitigate, or transfer risk based on its probability and impact. It is generally the very reason that consulting companies are asked to assist clients with business-critical projects.

In their social media blog “The Soul of Enterprise,” Ed Kless and Ron Baker discuss why “Risk is NOT a four-letter word,” Ed observes that “Consultants are wary of talking about risk with their prospects and customers. The irony here is that the reason why they are hired… is risk!” 2

Why are they wary? Perhaps because it admits imperfection or perhaps because it opens a Pandora’s Box of nebulous circumstances whose probability and impact can be difficult to quantify.

Risk can be thought of as a continuum between the knowns and unknowns. The higher the likelihood of a given outcome (the “known knowns”), the more comfortable companies are with accepting the risk for the project.

On the other end of the spectrum exists uncertainty. Uncertainty implies an inability to measure OR predict likelihood of an occurrence (the “unknown unknowns”). By definition, no one can predict its occurrence, even Consultants. For such uncertainty, businesses should have an emergency process defined and team established to quickly assess and respond to the risk (e.g. natural disasters, infrastructure failures, acts of terrorism, corporate acquisition or sale opportunities.)

In between the “knowns” and “unknowns”, are the “known unknowns”. This is where clients understand the “known” value or potential ROI of a project, but may not have the experience, time or resources to navigate the “unknowns” that are likely to present themselves and impact success. Consultants are generally hired to mitigate this type of risk by applying a degree of product knowledge and/or industry experience that the client values. The greater the level of uncertainty and risk exposure, the more likely the client will seek to transfer or share the risk with Consultants.


Successful projects require risk management. That is not to say that a successful project always ends within the original estimated time, resource allocation, or scope definition. Projects are subject to changes in scope, resources, and time when the risk of not doing so puts the objectives of the project in jeopardy.

Project Management Professionals (PMP’s) define risk as “An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.”3

A Project Manager (PM) strives to identify, measure and mitigate risk throughout a project. A Project Plan is developed to align project tasks with the scope, resources and time allotted to the project in the Statement of Work or Scope Document. A Risk Register is developed with the help of team members and experts in order to list possible risks, their probability and impact, and ideally action required were they to occur. When risks or variances from the Project Plan occur, a PM then uses Change Management procedures to assess, document, and respond to those changes in such a way as to continue to ensure success of the project.

Experienced PM’s and Consultants come to the project with an intuition and knowledge of where the risks - both positive and negative, opportunities vs. inefficiencies – are likely to occur and how to best mitigate their impact. This is one of the biggest reasons for ensuring that your project team includes a PM and the input from experienced team members or Consultants.

You may know the story of the Consultant hired by a client to fix a mission-critical piece of equipment. The client had already invested countless hours and dollars trying to fix the equipment. The Consultant arrived, listened to the client describe the problem and efforts made to fix it, reviewed and evaluated the equipment, then pulled out his hammer. With a carefully-placed tap, the equipment began working again. The client was thrilled. When the invoice for $10,000 arrived, the client was taken aback and asked for a detailed itemization of the services rendered. This statement that arrived read as follows:

Tapping with a hammer….……... $10
Knowing where to tap…….…..$9,990


Every system has a margin of error and every industry has a different tolerance for error. It is important to understand a company’s risk tolerance. This is the degree or amount of risk that a company or individual is willing to withstand. The manufacturing industry is accustomed to monitoring failure rates within established tolerance levels. Likewise, the insurance and financial industries are based on the actuarial discipline that assesses risk for both itself and its clients. Project management also should seek to identify risk tolerance.

Risk tolerance should be discussed and evaluated throughout a project, but particularly as relates to testing. In testing, a project team must determine the point at which test outcomes are sufficiently accurate so as to enable go live. This will help to determine the strategy, time, and resources required in order to achieve the desired margin of error without experiencing diminishing returns.

It is true that every complex system is as unique as the company that deploys it. It is also true that every mature system has evolved through trial and error.4 One could therefore conclude that every installation of a complex system is prone to its own degree of trial and error as it is configured to meet the company’s unique requirements.

While Consultants are hired to bring a history of knowledge and experience to a project, the fact remains that there will always be risks associated with the implementation of unique, complex systems. The more unique a company, the more likely the possibility for trial and error in their system configuration, data conversion, system integration and/or testing. Such trial and error, while frustrating to a client with a low risk tolerance, needs to be discussed throughout a project implementation and planned for as a normal part of user acceptance testing and risk management.

By admitting to the existence of project risk and the need for appropriate risk management, a project’s probability of success will increase. Risk is not a four-letter word to be avoided at all costs. Rather it should be defined, measured, evaluated and responded to as a key measurement of business growth and opportunity.

1 Merriam-Webster Dictionary

2 The Soul ofEnterprise.com, Episode #87 – Risk is NOT a Four-Letter Word, April 12, 2016, Ed Kless.

3 Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide), 5th Edition

4 TEDGlobal 2011 Conference, Tim Harford, Economics writer, “Trial, Error and the God Complex”, July 2011.

About the Author

Latest Articles from the Author
No items found.
©2018 CS3 Advisors | All rights Reserved
This website is owned by CS3 Advisors. CS3 Advisors is independent from Sage and is not authorized to make any statement, representation, or warranties or grant any license or permission on behalf of Sage regarding any product, service, or website content. Certain materials made available on or through this website are owned by Sage and cannot be used without the prior written permission of Sage.
Proudly Crafted by DSB Creative