Skip to content

Threats and opportunities in the risk management of projects

Added to your CPD log

View or edit this activity in your CPD log.

Go to My CPD
Only APM members have access to CPD features Become a member Already added to CPD log

View or edit this activity in your CPD log.

Go to My CPD
Added to your Saved Content Go to my Saved Content
Gettyimages 1189561513

Project risk management helps with achieving project objectives, especially those concerning cost and time. APM defines a risk event as “an uncertain event or set of circumstances that would, if it occurred, have an effect on the achievement of one or more [project] objectives”. Using this definition, risks can be either threats that hurt the objectives or opportunities that benefit them.  

Risk as opportunity 

Project professionals have expressed concern with the concept that risks can be ‘positive’, since it does not align with thinking in the non-project world, where risks are always negative. There is also a feeling that opportunities are often not identified, and if identified, they are treated differently from threats. APM’s Risk SIG conducted a survey among APM Corporate Members to assess the state of risk management, with an emphasis on opportunity management. Over 100 project professionals responded, and around 80 completed the entire survey.  

Over 90% of the organisations that responded carry out project risk management and use APM’s definition of a risk event. There is, however, quite a difference between the application of risk management for larger projects and for smaller ones. As an example, 70% of larger projects have someone taking the role of risk manager, whereas for smaller projects this is only 35%. Quantitative risk analysis is used in over 60% of larger projects, but in less than 30% of smaller projects.  

Project managers want to keep control 

The results show that risk management is taken very seriously by project organisations, but more so for larger projects. Part of the survey focused on opportunities and showed that 50% of organisations see opportunities as quite different from threats, and they are not viewed as ‘two sides of the same coin’. The most striking answer was that an opportunity involves a conscious choice whether to seize it or not (66% of the respondents), whereas a threat is an event that may or may not happen.  

Organisations seem to relate opportunities less to the risk world, where it is completely uncertain whether the opportunity will materialise or not, and more to the business world, where one can choose to seize an opportunity. Over 70% of the organisations indicated that they pursue business-related opportunities on their projects. For 55% of organisations, the distinction between a risk-related opportunity and business opportunity is not clear. Project managers like to keep control of these opportunities, though; fewer than 10% want to leave opportunity management purely to the business.  

Threat and opportunity management vs risk management 

Although there is confusion about the ‘opportunity’ concept, most organisations feel they can properly take advantage of opportunities (over 70%) and don’t identify opportunities just to comply with the client’s request (less than 15%). There is also reluctance to discuss opportunities with the client. The concept that risks can be positive is difficult for some. Over 60% of respondents associate ‘risk’ with just a negative outcome, and over 65% would prefer the term ‘threat and opportunity management’ over ‘risk management’ in projects. Over 60% would even like to use the term ‘risk and opportunity management’.  

There was a repeated call to change the risk terminology so that risks cannot be positive, but not necessarily to overhaul the risk management process completely. Some indicate that opportunity management could benefit from its own process and register; others want to prevent creating yet another process and ask for more gradual changes.  

This article appears in the spring issue of Project journal, available free to APM members 

This blog was co-authored by Marian Bosch-Rekveldt, Delft University of Technology; Sara Rye, London South Bank University; and Peter Simon, Lucidus Consulting. 

2 comments

Join the conversation!

Log in to post a comment, or create an account if you don't have one already.

  1. David Hillson
    David Hillson 05 May 2023, 03:30 PM

    Thanks for this Alexander. I read the article when it appeared in Project journal. Survey responses are interesting, but the key question is what to do with them. As you know, there's often a big difference between "common practice" and "good practice", so the fact that the majority of your respondents' organisations don't include opportunity within an integrated risk process doesn't necessarily mean that the idea is wrong or should be dropped. In my view, it just means that those of us who believe in pragmatic good practice need to redouble our efforts to educate our colleagues and peers on the benefits of including a broader perspective on how we think about and manage risk in our projects, programmes, portfolios and businesses. APM can also play an important role here, through its publications and events, especially those from the APM Risk SIG.

  2. Ashok Singha
    Ashok Singha 10 May 2023, 06:04 PM

    We need to focus more on opportunities as this allows us to discover additional benefits also. It's a good article. Thanks.