Risk Management Glossary

Below you will find an overview of the most important terms in Project Risk Management, which I used on this website and in my books. This is the place where you will quickly get an explanation for a specific term.


Acceptance  –  Do nothing. Especially for small risks, no actions are defined according to the motto “If it happens, it happens.”

Assumptions – Assumptions are beliefs or opinions on which further work and decisions are based in the project. Assumptions may prove to be incorrect. They represent uncertainties and must therefore be periodically checked for stability and validity.

Ambiguity Risk – Is uncertainty due to a lack of knowledge, and this could be reduced by gathering more information.

Avoid –  Eliminating the danger of risk by eliminating the cause.


Brainstorming – Creativity method to the find ideas in groups. Essential characteristic of brainstorming is the associative and non-rated collection of many spontaneous ideas and statements on a particular topic.

Budget – Amount of resources (e.g. money, people), which are available to the project.


Cause – Risk – Impact format – format to describe risks. Because of <cause> the <risk> can occur, which can then have this <effect>.

Communications management plan – Document that describes how and in what form communications will be handled in the project.

Company guidelines  – Policies, processes, definitions and templates that need to be applied throughout the organization for risk management.

Contingency plan – describes what to do, if the risk occurs.

Contingency reserve – Reserves (time, money) added to the project,  to deal with identified risks, for which no actions have been taken.

Critical path – It the  path from the beginning to the end of the network diagram that has the lowest sum of all buffer times.


Earned Value Management (EVM) – Project control method, which monitors project performance with quantitative indicators.

Emergent Risks – Risks that we cannot see because they are outside our experience or consciousness, so we do not know we should be looking for them. They are also called “the unknown unknowns”.

Event Risk – is the result of “stochastic uncertainty”. There is uncertainty about possible events in the future. It is something that has not yet occurred and may not occur, but if it does occur, it will affect one or more objectives.

Expected value – see Overall risk

Expert interview –  Interviews with experts to identify additional risks.


Fallback plan – The fallback plan shows what to do if the risk occurs and the contingency plan has no effect.


Gantt Chart – Bar chart which shows project task information. In risk management risk owner and risk score are added.

Go/no-go decision – Decision to stop the project or to continue. Is the project too risky compared to the potential benefits?


Historical records – Documents and information of previous, similar projects, which can show possible causes of risks, for example: lessons learned, risk analysis, etc.


Impact –  The damage if the risk occurs (delay, cost increase, loss of quality).

Insure –  Transferring the potential damage of a risk on someone else, for example, an insurance company.


Lessons learned –  Documented experience in the current or previously completed projects, that show, what went right, wrong and what you would do differently in a later project.


Management Reserve (MR) –  A cost and/or time budget added to the project for not identified risks, which may lead to unexpected problems. It is usually under the control of the senior management and is part of the project baseline only if it is effectively distributed.

Methodology –  Defines how risks  are managed in the project, and what data and tools are used.

Monte Carlo Simulation –  Computer-aided statistical method that simulates the expected project duration and project costs with the help of the probability theory.


Network diagram – Shows the relationships between the tasks in a project.


Operational risks – Risks that are associated with the ongoing operation and service (of the project result).

Opportunities –  Potential uncertain events that may positively affect the project.

Overall risk of the project (expected value) – Sum of the risk levels of risks and opportunities if no actions are taken.


Probability – The likelihood that a risk or opportunity occurs.

Project Office (PO) – Organization in the project, which performs “administrative work” such as project control, planning, preparation of presentations, meetings. PO’s are more used for larger projects.

Project Management Office (PMO) –  Organizational unit in the company, which is responsible for the area of project portfolio management, project management, PM tools etc..

Project Management Plan (PMP) – Especially for smaller projects this document covers the project definitions and descriptions of processes such as risk management, quality management and the communication.

Project Sponsor – The project sponsor (Client) of a project is the most important project stakeholder. He finances the project, signs the project charter and is the client, who makes the final decision about the success of the project.


Qualitative risk analysis – Subjective evaluation of probability and impact of the risks with predefined scales.

Quantitative risk analysis – Numerical analysis of the risks in order to determine potential cost or project delays in Dollars or days.

Reducing the impact – Reduce the potential damage if the risk occurs by some measures

Reducing the probability – Reduce the probability by certain measures that the a risk materializes.

Reserves – see Management Reserve or Contingency Reserve.

Residual risks –  Identified risks for which no actions have been defined.

Response planning –  Defining activities, which reduce the probability and/or impact of risks or eliminate the risks, and increase the probability of occurrence of the benefits and/or opportunities.

Risk –  Is an uncertain future event or condition that, if it occurs, has a negative or positive effect on at least on project objective.

Risk appetite – Is the degree of uncertainty an entity is willing to take on, into anticipation of a reward.

Risk assessment –  Assessment of the probability and impact of risks with defined scales.

Risk attitude –  Is our personal attitude towards risks, depending on the respective situation and how uncertainty does affect the defined objectives in our opinion.

Risk averse – Avoid risks and seek other solutions that may be more expensive.

Risk capacity – The ability of a company to take a certain project risk, without falling into financial difficulties at possible, realized losses.

Risk categories – (Risk breakdown structure RBS acc. PMBOK ®) risk categories and sub categories help in systematically identifying risks and contribute to the effectiveness and quality of risk identification.

Risk identification – Identify risks with different methods, with the involvement of the project team, sponsor/client and other stakeholders.

Risk management audit – A quality assurance measure of the project management offices (PMO) or internal audit. Risk auditors  check whether the defined risk management process is followed.

Risk management plan – Describes how risk management is structured and carried out in the project.

Risk management process – Systematic process that describes how project risks are identified, analyzed and how to respond to risks.

Risk mitigation – Reducing the risk value by reducing the potential damage or by reducing the probability.

Risk monitoring – The identified risks, residual risks and actions are monitored and new risks identified. This will ensure that the response plan is executed and effectively reduces the risks associated with the actions taken.

Risk Officer – Central role in the company, which is responsible for risk management. He has in-depth risk management expertise and assists the Project Manager and the Sub-Project Manager in all aspects of risk management.

Risk Owner – He monitors his risks continuously and initiates the planned risk reduction actions  or the emergency plan at the specified time.

Risk register – List (database) of all identified risks, causes, effects, scores, actions, etc. The risk register is the central element in the collection, evaluation and monitoring of risks and actions.

Risk reporting – Report the risks and actions  to the PMO, the senior management and the steering committee.

Risk review – Risk reviews are periodically measure of the project team to increase the quantity, quality and description of the risks and opportunities found as well as enhance the effect of the defined measures.

Risk score – Result of multiplying the values of probability and impact.

Risk threshold – Amount (limit) of uncertainty or the level of impact, which a project, company, or key stakeholders is  willing to accept.

Risk tolerance – is the degree, amount or value of risk that an organization is comfortable taking, or the degree of uncertainty that an organization or stakeholder is able to handle.

Roles and responsibilities – Who performs the activities in risk management and which responsibility and competences do they have.

Root cause – Many of the risks identified are not the real risks, but effects. The real risks are often deeper.


Secondary risks – Defined measures for risks may also include risks.

Stakeholder –  a person, group of people or an organization that is actively involved in the project or is affected by the course of the project or the project result. They can affect the execution of the project or the project result positive or negative.


Transfer  –  Transferring the risk to a subcontractor or Insure the risk with an insurance company.

Trigger –  Early warning signal that announces that a risk is about to occur.


Variability Risk – is the result of a “aleatory uncertainty. Aleatory uncertainty is caused by an inherent, natural randomness. Something will happen in any case, but we do not know what the result will be.


Workarounds – Unplanned action to not identified risks that occur.

Work Breakdown Structure (WBS) – Complete hierarchical arrangement of all elements of a project in the form of an organizational chart.