Risk management: Best practice & future developments

Project Risk Management Best Practice
📌 Best practice in Risk Management is defined as routine activities which lead to Excellence, meaning it should be something done all the time, not just for large or specialized projects.
📌 There is no agreement on a single standard for project risk management; instead, guidance converges across several key documents like the PMI PMBOK and the APM PRAG guide.
📌 Risk is clearly distinguished from uncertainty: Risk is uncertainty that matters because it can affect defined objectives (time, budget, quality).
📌 The core risk management process involves planning, identification, assessment (qualitative is essential, quantitative is optional), response planning, implementation, and monitoring.

Defining Risk: Uncertainty Meets Objectives
🐭 The speaker uses a mouse analogy: Projects succeed because of the "cheese" (value/benefits), but managers must look out for "traps" (threats).
📌 A risk is defined as an uncertain event or set of circumstances that, if it occurs, affects one or more project objectives.
📌 Best practice recognizes that risk includes both threats (negative impacts) and opportunities (positive impacts), requiring proactive management for both.
📌 The PMI definition confirms this, explicitly stating that project risk has a "positive or negative" effect on objectives.

Risk Response Strategies (Threats and Opportunities)
🛡️ Threat response strategies (Avoid, Transfer, Mitigate, Accept) have direct, mirrored strategies for opportunities (Exploit, Share, Enhance, Accept).
➡️ Exploit is the aggressive response to opportunities, aiming to ensure they happen (mirroring Avoidance for threats).
➡️ Share corresponds to Transfer, involving collaboration to bring in benefits rather than pass on burdens.
➡️ Acceptance for opportunities means having contingency plans ready to leverage the good luck if it occurs.
🐸 The principle of "deciding vs. doing" is crucial; risk management is useless unless implemented, as only implementation changes the risk exposure.

Future Developments in Risk Management
📈 Future risk management development focuses on three areas: Integration, Depth/Breadth, and addressing People Risk.
🔗 Integration means moving towards Total Risk Management (TRM), where risk attitude and behavior are built into the corporate culture, not just "bolt-on" to projects.
🧠 People Risk acknowledgment is vital, emphasizing that risk management is about people making decisions under uncertainty, requiring an understanding and modification of risk psychology and attitudes (Risk Maturity).
🔬 Depth and Breadth improvement includes deeper analysis (better tools, AI influence) and broader application across all objectives, programs, portfolios, and the business enterprise-wide.

Key Points & Insights
➡️ Best practice is routine, not special: Excellence in risk management should stem from activities performed consistently by everyone, not just on flagship projects.
➡️ Embrace duality: Always manage risk holistically, giving equal importance to maximizing opportunities as much as minimizing threats.
➡️ Action is non-negotiable: Risk management efforts are wasted if response planning does not lead to implementation, as only action changes the actual risk exposure.
➡️ Define your terms: To use tools like the Probability Impact Matrix effectively, terms like "Low Probability" or "High Impact" must be clearly defined specifically for each project.

📸 Video summarized with SummaryTube.com on Jan 29, 2026, 20:03 UTC