Risk Management

  • Risk management is not about taking a large amount of risks and over coming each and every one of them. Risk management is about planning for failure, setting aside slack so that you can absorb the risks that don’t break your way.
    • Slack is the reserve set aside in money and time for work that may not need to be performed but may materialize because of risk.
    • Setting aside a risk reserve of 50 percent or better confidence level is called risk containment
  • Risk management is the explicit declaration of uncertainty. It allows you to go forth into risky territory with some assurance of just show much risk you’re running. Therefore, organizations can’t be aggressive about risk-taking without some meaningful assessment of the extent of the uncertainties.
  • Risk is stochastic, not deterministic.
  • Risk management is at odds with a “can do” attitude of management.
  • Risk is either aggregate (failure of the project) or it’s components (constituent causes). Risk management focuses on the components.
  • Risk management needs to be dynamically updated as situations evolve
    1. Risks are not inherently bad, indeed they may be the only way to succeed.
    2. Risks don’t ever go entirely away.
    3. Managing risk costs you something
    4. If the risk doesn’t materialize, risk management costs you something extra.
    5. The discipline must be applied across your portfolio.
  • Managing risk means moving through a project at a slower speed.



DeMarco, T. Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency. (Currency, 2002).