Risk is defined by the ISO 31000 Risk Management Standard as “the effect of uncertainty on objectives”.

Project risk is defined by the PMI as “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective”.

Risk exists in the business enterprise and projects because of uncertainty and risk management is therefore about reducing uncertainty in the enterprise or project to an acceptable level. Risk management is applied in various areas of the enterprise, e.g. business and financial risk, operational risk, safety, environmental and health risk, and project risk. Project risk management aims to deliver a project on time, within budget, and with acceptable quality or performance.

The International Standards Organisation provides a conceptual model for risk management. It covers the main steps of the process, the interaction with stakeholders through communication and consultation, and how monitoring and review are required during all steps of the process. The first step of the process defines the scope and context since a risk assessment is done in collaboration with the environment of the business or project. A risk team needs to be assembled within the business or project to perform the risk management process steps. The analysis and evaluation steps determine each risk event's value and identify the critical risks. The treatment phase defines suitable ‘controls’ that reduce the probability or consequence of an event.

• Comparison of alternative analysis methods or tools for different risk analysis requirements
• Probability and consequence estimation and elicitation techniques in risk measurement and parameter estimation for probability distributions in risk simulation
• Investigation of monitoring and control effectiveness in project risk management

Study Leaders