Skip to main content

Acceptable and residual risk: Tips on how to identify risk in project management

4 November 2019

Projects are, by their very nature, subject to a range of risks. Project management not only exists to ensure work is carried out and completed, but it is also the function responsible for minimising as much risk as possible throughout and following a project.
Because risk is such an important topic in the world of project management, a language has developed around risk in its varying forms. This terminology helps professionals in the industry to understand various aspects of a risk, and whether and how that risk has been addressed.

A female project manager having a discussion about risk with a project team.
There are three main terms that are essential to understand:

Inherent risk

This is the risk that exists under current controls, or before controls are put in place. For example, when a busy surf beach has no lifesavers on duty and no warning signs indicating currents, surf conditions, dangers or recommendations for safety, an inherent risk is that swimmers might drown.

Residual risk

‘Residual’ means ‘leftover’, so residual risk is the risk that remains once controls have been put in place to address the inherent risk. Going back to the surf beach example, there is now a team of surf lifesavers on duty. They have erected flags to indicate a safer area for swimmers. They have put signs along the beach, in various languages, to educate beachgoers around the importance of swimming between the flags. There is now less risk of swimmers drowning, but if a surfer ignores the rules and cuts through the area between the flags, there is risk of swimmer injury. There is also a risk of minor injuries as swimmers tumble into each other in the more crowded surf zone between the flags. These are some of the residual risks.

Acceptable risk

We know that zero risk, while well-intentioned, is impossible. Acceptable risk is the level of risk at which an individual, company or project team, comfortable. The target for any project manager is to arrive at the pre-defined level of acceptable risk. What constitutes an acceptable level for any given risk will vary, depending on the context of the risk, the probability of its occurrence and its potential impact. Back at the beach, this might mean that minor injuries from swimmers running into each other are acceptable, but more serious injuries that can be caused by surfboards are not. As the risk of drowning has been mitigated, added controls would be required to keep surfers out of the swimming zone.

How are risks identified?

In an environment where risk takes so many forms, how does a project management team identify all residual risk and put controls in place to bring the risk level down to ‘acceptable’? Here are our top tips:

1) Employ a variety of tools and techniques

This may seem obvious, but when project managers become comfortable with certain processes they repeat those same processes in every project. Such repetition discourages real engagement in the risk identification process. To keep your focus sharp, it is important to consciously and regularly seek out new processes to add to your toolbox.

2) Don’t just interview subject matter experts

Every project manager knows to interview subject matter experts; this is a vital part of the risk identification process. But in some cases, those experts are telling you what you already know. Take a look at the people who work with or by the side of those experts. Who is it that might have a slightly different point of view? Who is it that answers the phone and fields complaints?

Think like a journalist – if they interview a CEO for a story, the journalist could likely predict what the CEO is going to say prior to the interview. But if they speak with staff members and ex-employees, they might develop a very different and unexpected picture and, as a result, will be able to write a much more interesting and accurate story. The same goes for risk identification.

3) Invite a cross-section of people into brainstorming sessions

Brainstorming sessions are also a common risk identification method. The most successful brainstorming sessions are those that contain people from a mix of backgrounds. In fact, people who know nothing whatsoever about the technical requirements of a project can often come up with some of the most insightful observations. This is because they’re not blinkered by the restrictions of industry familiarity and experience. Some engineering firms are now inviting artists such as musicians into their project planning meetings to welcome completely fresh, unpolluted points of view. So, don’t just invite the usual project suspects.

A cross-sectional team having a brainstorming session.

4) Look from different angles

Rather than simply identifying general project risks, change your point of view by approaching risk from a specific angle. For example, analyse what might represent a risk to quality, schedule or safety. Concentrating on one potential problem from a particular angle helps to introduce a level of clarity that previously may not have existed. 

5) Fall in love with the problem

When problems arise and create risk in a project, the next step is often to find a solution as quickly as possible. But spending longer to develop a deeper understanding of the problem itself leads to a more robust set of solutions that address the root cause. A simple way to do this is with a cause and effect diagram (also known as a fishbone diagram), which looks at each problem as the direct result of a set of events or circumstances. If the causes can be solved, there will be no need to respond in a reactive way to the problem, as it will no longer arise.

6) Keep checklists 

The end of one project only ever leads to the beginning of the next, so keep lists of every risk identified in every project. It’s better to have checklists in a searchable and sortable format, as it will serve you well when you are planning and identifying risk in your future projects.

Project risk is just one of the many units you’ll study in SCU’s Master of Project Management. The course offers a breadth of business insights that are required for a well-rounded career in project management roles across core business functions. 

Learn more about SCU Online’s Master of Project Management. Get in touch with our Enrolment team on 1300 589 882.