What is Risk Management?

A Summary of PMI's
Standards for Risk Management
in Portfolio, Program, and Project Management

headshot-transparent-background

I predict, in the future, as is the case now, half of all Adamsson Associates will be nationally certified project management professionals, specializing in change management, program or portfolio management, and/or business analysis.

(I am a PMI-certified project management professional, my wife is not.)

Risk management is the 'R' we deliver in a business owner's RESTequity portfolio.  This report flies over the Project Management Institute's Standards for Risk Management within the contexts of portfolio management, enterprise, program, project and change management, as well.  

I will outline PMI's key concepts, frameworks, and best practices for effectively identifying, analyzing, and responding to risks across different organizational levels for your business owners.  So, if you are not a project manager, yet, read on to answer the question, "What is risk management?


Q: Why would a business owner buy long term care insurance,
when the business could buy it for them?


A Short Course in Long Term Planning book cover

Yours, with our thanks for answering 2 quick LTC questions.

Keys to Successful Risk Management: 

risk management success

Risk is inherent:  Every organizational activity, especially endeavors like portfolios, programs, and projects, involves risk. Recognizing and proactively managing these risks is crucial for achieving strategic objectives and maximizing value creation.

A systematic approach is essential:  A structured and iterative approach to risk management, encompassing planning, identification, analysis, response planning, implementation, and monitoring, is vital for effectively addressing risks throughout the lifecycle of any endeavor.

Tailoring and scaling are crucial:  Risk management processes should be tailored and scaled to meet the specific characteristics of the endeavor, considering factors like available resources, organizational maturity, and risk appetite.

Integration is key:  Successful risk management requires seamless integration with other organizational processes, including strategic planning, governance, stakeholder engagement, and performance management.

Accountability and responsibility are shared:  Risk management is a shared responsibility, requiring active participation and collaboration from all stakeholders, including executives, managers, team members, and external partners.

The Language of Risk: an uncertain event or condition that, if it occurs, has either a positive or a negative effect on one or more objectives.

risk appetitite

Risk attitude is an organization's or individual's disposition toward uncertainty, ranging from risk-averse to risk-seeking, influencing how risks are assessed and managed.

Risk appetite is the degree of uncertainty an organization or individual is willing to accept in anticipation of a reward, guiding risk management decisions and parameters.

Risk threshold is a measure of acceptable variation around an objective, reflecting risk appetite and serving as a key element in defining risk strategy and escalation paths.

key concepts:

Uncertainty is the lack of complete knowledge or predictability about future events or outcomes, inherent in portfolios, programs, and projects.

Ambiguity is the state of having multiple possible interpretations or meanings, making it challenging to identify and assess risks accurately.
Threat is a risk with a negative effect on one or more objectives, requiring proactive management to mitigate potential negative impacts.
Opportunity is a risk with a positive effect on one or more objectives, requiring proactive management to exploit potential benefits and enhance value creation.

The Risk Management Sequence of Activities

risk management activities
  1. Plan Risk Management: Define the scope, objectives, and approach for managing risks, including roles, responsibilities, and resources.
  2. Identify Risks: Systematically identify and register potential risks that could impact the endeavor, considering both internal and external factors.
  3. Perform Qualitative Risk Analysis: Evaluate the probability and impact of identified risks, prioritizing them based on their potential significance.
  4. Perform Quantitative Risk Analysis: Numerically assess the overall effect of identified risks on objectives, providing insights into potential contingency needs.
  5. Plan Risk Responses: Develop appropriate response strategies for prioritized risks, considering factors like risk appetite, organizational constraints, and potential secondary risks.
  6. Implement Risk Responses: Execute the agreed-upon risk response actions, ensuring timely and effective implementation to address identified risks.
  7. Monitor Risks: Continuously track identified risks, assess the effectiveness of implemented responses, and identify any emerging or residual risks.

Risk management across domains:

enterprise risk management
  • Enterprise: ERM focuses on managing risks at the organizational level, aligning risk management with strategic objectives and ensuring consistent practices across the enterprise.
  • Portfolio: Portfolio risk management aims to optimize the mix of components to balance risk and reward, ensuring alignment with organizational strategy and maximizing value delivery.
  • Program: Program risk management focuses on managing risks that could impact the realization of program benefits, ensuring effective integration of component projects and achieving strategic alignment.
  • Project: Project risk management aims to minimize the probability and impact of negative risks while maximizing the probability and impact of positive risks, ensuring successful project delivery within defined constraints.


Enterprise Risk Management (ERM) identifies and forecasts major risks confronting an organization, then aligns risk management with organizational culture, capability, and strategy.

Effective risk management is crucial for achieving organizational success in today's complex and uncertain business environment.

By adopting a structured and integrated approach, organizations can proactively identify, analyze, and respond to risks, maximizing opportunities while mitigating potential threats.

This concise overview provides a foundation for understanding key concepts and best practices in risk management, enabling organizations to navigate uncertainty and achieve their strategic objectives.