Why is risk both negative and positive

Learn the tools to thrive at the Edge of Chaos

Why is risk both negative and positive

April 15, 2020 Uncategorized 0

The Project Management Institute’s definition of an individual risk is:

an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives

(PMBOK 6th ed.).

A positive effect? Both as a consultant and as a trainer I often come along this confusion: why is an opportunity a risk?

The answers I get reflect this confusion. They often sound something like either:

  • good things might have bad consequences, or
  • the human mind tends only to look at threats, so we need to actively attract attention to opportunities.

While both these arguments are true, and the second is very relevant to the point, there is a more fundamental way to see this.

The explanation lies in fact in a simpler reason:

threats and opportunities are the same thing.

Confusing? Let’s see… The concept of risk is defined by three things:

  1. uncertainty – i.e.: if I know that my money will not last until the end of the month… it’s sad, but sorry, it’s not a risk. It’s an issue (or simply your problem). But a risk is also defined by
  2. the event which may (or may not) occur compared to
  3. an assumption made.

It is the comparison between a potential event and the assumptions I am planning with which makes a risk become either a threat or an opportunity.

For Example:

  1. Uncertainty: I do not know the price of iron ore in six months’ time.
  2. Assumption: the price stays as is
  3. Risk event1: The price may rise (this is a threat if I buy iron ore, an opportunity if I sell it),
  4. Risk event2: The price may decrease (the other way around, you get the picture…)

Risk is an uncertain event. Whether it is a threat or an opportunity can only be defined after I know my starting position vs. the uncertainty. A more project related example can probably bring this point home.

Imagine the following situation:

I am expecting a supplier to deliver some equipment that we’ll be installing for my project. I call the supplier, let them know that we are on a tight schedule and ask what lead time I should count on. They tell me that they can certainly commit to a two-month lead time.

Imagine that in this example two months is just right for me: a later delivery would mean that my certified installers (drum resources) will not be available and I’ll end up installing late, commissioning later, and final acceptance would be so late I’d end up owing penalties (but less than two months would be better for me).

OK, so I set the two months delivery time into my schedule. No penalties planned. Management is happy, and I get a pat on my back. I go home relaxed (after a pint at the pub).

However half way through the night I wake up suddenly with my eyes open wide thinking… “How often has this supplier actually delivered as promised? I do remember delays in the past…” rats! Sleep is a no-show now. Might as well get up and head off to an early start in the office.

As soon as I get there I check our historical and my worst fears are confirmed. In fact, this supplier is very often late (like between 40% and 60% of the time… my historical data is not very accurate). They are regularly two weeks late on this kind of delivery. So now what? A two-week delay gets me right into penalties. No way I can tell this to management (and never mind the customer…)!

So, I analyse the threat (add it to my risk register), I figure out a series of actions I’ll take to reduce the threat. I’m checking that the PO is sent out right away. I’ll take care of a bunch of customs clearance docs in advance, just to make sure they don’t get in the way. I also tried to get a delay penalty included into the order, but procurement said that will not be possible (“…hey, thanks…”). I did however add a timed alarm in my phone to remind me to call the supplier every week for a follow-up.

Summarizing: I identified a risk, decided it is a threat against my plan, and I defined response actions to mitigate the threat.

I could however have looked at the situation differently:

I could have concluded that the supplier has been late in the past so often, that expecting them to be on time this time is simply not realistic. I could therefore have included the two weeks delay directly into the schedule as planned.

This of course would mean including also the delay in installation into the schedule, and the final penalties paid to the customer into the cost baseline (…hmm probably a difficult sell to management).

However, the supplier did commit to delivering in two months. I should therefore take in consideration the option of them coming in early (i.e. on-time).

What could I do to harvest this opportunity? Well…. I could send the PO out right away, deal with customs clearance stuff, call the supplier regularly to keep them on track… the smartest amongst you will have noticed that there is no difference between these two options from any “real life” point of view. The only difference between these two options relates to my documentation alone (oh, and the reaction from management…).

On one hand I have an optimistic project plan (and therefore a threat), on the other a pessimistic plan (and therefore opportunities. But nothing has really changed in the underlying uncertainty or in the work I plan to perform. The only shift has occurred in my assumptions and in my documentation.

Let’s summarize:

what matters is the uncertainty (i.e.: I don’t know when the equipment is going to be delivered). The threat or the opportunity only appear after I have defined an assumption in the project plan (they will be on time, or they will be late…). In both cases, I can take actions to meet my preferred result, but what I call it (threat or opportunity) is just a question of which assumption I made in the first place.


We never actually deal with threats or opportunities, what we deal with is the reduction of uncertainty. Getting a future event to become 100% likely or 0% likely is in both cases a reduction of uncertainty. Strategies to deal with threats, and strategies to deal with opportunities are both doing the same thing: they are reducing uncertainty.

Leave a Reply

Your email address will not be published. Required fields are marked *