*“How risky is this project?”*

Well, it’s… you know, there are lots of risks.

### A Gap in our Methods

I am not convinced that we have a satisfactory way to answer the question *“how risky is this project?” * We can evaluate all of the project risks and add them up and, without a doubt, this gives us a measure of a project’s risk. The problems with this approach, however, are legion. Let’s just pick two of the most obvious:

- If there is an estimating error in our assessment of each project risk (and there will be), then what is the chance that these errors will cancel each other out? Probably quite low – we might expect a random walk away from the true answer, as long as our estimating errors are truly random, rather than systematic. A lot of “ifs”.
- Where do we stop. We have an infinite series of finite risks. Some are small, but where do we set the cut-off?

Another approach is to pick a small, fixed subset of highly significant risk sources and evaluate them for a range of project options, to give comparable estimates against a basket of projects. This can work, as long as the project options are sufficiently similar to give a high confidence that the risk sources are equally valid as a full set of highly significant sources.

### A Pictorial Approach

My approach to understanding much of management – whether people, change, projects or risk – is to try and draw a picture. Here’s one I prepared earlier…

With this diagram, I am trying to illustrate that “a” project risk sits inside the project and will impact upon one or more of the time, cost or quality dimensions of the project’s objectives. When we talk about “the” project risk, we refer to an outer layer – either failure to deliver the project or its intended outcomes, or worse, an impact upon the sponsoring organisation or worse.

*The “so what?”*

When evaluating projects for projects, or thinking about a portfolio, we need to consider principal modes of project failure and their wider ramifications. Some of these threats may arise from individual project risks, but chiefly, they will arise from a combination of failures and adverse events.

So, to answer the question: *“How risky is this project?”* don’t try to understand lots of risks: look at your project from ever widening perspectives.

Glen B AllemanMike,

In our domain the inverse question is asked.

“What is the Probability of Program Success?”

This notion includes all the elements that “increase” the probability of success. This “increasing” effort is the role of project management.

Using PoPS, the risk question now becomes one of many questions asked to “increase the probability of success.”

But risk has two major divisions – technical risk and programmatic risk. The business risk aspects would be collected in the programmatic risk domain.

Estimating errors are not risks, there are uncertainties, or better yet variances in the estimating processes. To be a risk, it as to have a probability of occurrence. The risk might be, the estimating errors are either unknown, or the estimating errors we’re using are wrong. “The error on the error,” type of risk.