Understand the relationship between assumptions and risks to manage these two related concepts

You can live with your assumptions, but you must manage your risks.

You have probably all had to describe assumptions and risks, but did you realize that the two concepts are closely related? In fact, they could be thought of as two sides of the same coin. Let me describe the relationship simply at first.

  • Let's say you recognize an event or condition that exists in the future. There is a probability that the event or condition will occur, but it is less than 100%.
  • Let's also say that you don't want this event to happen. If it does there will be a negative impact on your project.
  • The question now is how comfortable you are that the event or condition will not occur. If you are comfortable, you could state this event or condition as an assumption. That is, you are "assuming" the event or condition will not occur. On the other hand, if you're concerned that the event or condition will occur, you could identify it as a risk. Identifying it as a risk allows you to put a plan into place to endure that the event or condition actually does occur.

Let's take an example of a common statement that is included in many Project Definitions -- "The resources needed for this project will be available when needed." What kind of a statement is this? Most people would say it is an assumption. After all, when a project starts, you always assume you will get the resources you need.

However, is it always an assumption? Can you imagine starting a project where the people and equipment were not available and there was a realistic possibility that they would not be ready when you need them -- perhaps because another project needed to finish first? It's not too difficult to imagine that scenario. In that case, the same statement would definitely be a risk -- not an assumption.

The key thing to remember is that the same statement might be an assumption or a risk depending on the circumstances of your particular project. In fact, assumptions can be simply viewed as low-level risks.

Now let’s get a little more sophisticated with our definitions of assumptions and risks. Let’s say again that we have a future event that will have an adverse impact on our project. In other words, if the event occurs, it will cause some difficulty for your project. If the combination of the probability of the event occurring and the impact to your project is unacceptable, we can identify it as a risk. If the combination of the probability of the event occurring and the impact to your project is acceptable, then we can call it an assumption. If it is an assumption, we can "assume" that it will not happen, or we can "assume" that if it does happen the impact on our project will be acceptable.

Identifying a future event or condition as a risk allows you to put a proactive plan in place to manage the risk. Identifying it as an assumption let's everyone know that you did foresee the event, but you think that it will not be a factor. All of your risks and assumptions should be monitored and validated throughout the project to ensure that you continue to understand their nature.

Remember -- you can live with your assumptions. You must manage your risks.