All projects have some risks. They may only have low-level
risks, but they have some risks nonetheless. The purpose of risk management is
to identify risks that are important enough for you to manage–and then manage
them!

You evaluate risks based on two factors–the likelihood of
occurrence and the impact to your project. As a project manager, you need to
decide if these risks are important enough for you to worry about. Your answer
says something about your risk tolerance.

For example, let’s say we have a project that will cost
$50,000 and take six months of duration. Early in the project you identify a
risk that is very likely to occur, but has an impact of $100 and one-half-day
duration. You may choose to ignore this risk since the impact is small, rather
than incur the effort and cost of managing the risk. 

Tips in your inbox

Looking for expert IT project management? Get the help you need from TechRepublic’s free Project Management newsletter, delivered each Wednesday.

Automatically sign up today!

In that example, the numbers were fairly trivial and the
risk was easy to ignore. But, ratchet the impact up a little higher. Let’s say
the risk now had an impact of $2,500 and one week duration. What about $5,000
and two weeks duration? Would you manage either of those risks now? Your answer
provides a sense for the level of risk you are willing to tolerate.

When you are performing risk identification, you need to
determine your tolerance level for risks. This will help you focus on the risks
that are important, while ignoring risks where the impact falls below your
tolerance level.

Risk tolerance can be unique to the project manager but it
can also be cultural in your organization. Some organizations will generally
accept riskier projects. They will also tend to have a higher threshold before
they chose to manage a risk on specific projects. This doesn’t mean they don’t
do risk management. In fact they might perform rigorous risk management.
However, the project managers in these organizations tend to accept a higher threshold
for risk probability and risk impact before they will put a specific risk plan
in place to manage the risk.

On the other hand, some organizations tend to accept less
risky projects and tend to have a lower threshold to manage risks on projects.
In other words, let’s say you have a similar project in both organizations. The
project managers in these risk-averse organizations will tend to manage risks
that a project manager in the other organization might choose to leave.

What does the risk tolerance mean to you? First, understand
that you don’t need to manage every risk–only the important ones. You should
have a model to help you determine which ones are important. This may be a way
to classify risks as high, medium or low–and then manage the high risks. It
might mean that you will manage every risk that has more than 50% likelihood of
occurrence and a risk impact of over 5% of schedule and budget.

These are just examples. You need to come up with the
tolerance level on your project and then map your identified risks against it.
Those that fall under your risk tolerance will be the ones you will ignore,
while those over your risk tolerance will be managed.