Risk and opportunity



Risk and opportunity includes the identification, assessment, response planning and implementation and control of risks and opportunities around projects. Risk and opportunity management helps decision-makers to make informed choices, prioritise actions and distinguish among alternative courses of action. Risk and opportunity management is an ongoing process taking place throughout the lifecycle of the project.



The purpose of this competence element is to enable the individual to understand and effectively handle risks and opportunities, including responses and overall strategies.



Risk (negative effects) and opportunity (positive effects) are always viewed in their relation to and consequences for realising the objectives of the project. It is advisable as a first step to consider which overall strategies would best serve the handling of risks and opportunities relative to the corporate strategies and the project in question. After that, the risk and opportunity management process is characterised by first identifying and assessing risks and opportunities, followed by the development and implementation of a response plan covering the intended and planned actions for dealing with identified risks and opportunities. The response plan should be developed and implemented in line with the chosen overall risk and opportunity strategies. The individual is responsible for involving team members and keeping the team committed to the risk and opportunity management process; for making the team alert to risks and opportunities; for involving other stakeholders in the process and for involving the appropriate subject matter experts whenever necessary.


Key competence indicators

Develop and implement a risk management framework

The individual designs, develops and implements a risk management framework in order to ensure that risks and opportunities are managed consistently and systematically throughout the project lifecycle. The risk management framework should include the definition of the methods to be used to identify, categorise, evaluate, assess and treat risks and should link to the organisation’s risk management policy and international, national or industry standards. When projects are part of a programme or portfolio, the risk management framework also describes who is responsible for handling which risks and opportunities and what kind of escalation paths there are (upwards, downwards, sideways).


  • Identifies a range of potential risk management models
  • Develops a risk management framework consistent with organisational policy and international standards
  • Ensures the consistent application of the risk management framework


Identify risks and opportunities

The individual is responsible for the ongoing task of identifying all sources of risks and opportunities and involving others in this process. There are various sources of risks and opportunities, both internal to the project and external. The individual can make use of various techniques and sources to identify risks and opportunities (e.g. from lessons learned, literature, risk and opportunity breakdown structures and interactive sessions with team members, stakeholders and subject matter experts). The identification process is not only about identifying risks, but also about opportunities that could, for instance, make the deliverables cheaper, or make the project run faster, less prone to risks or simply better from a quality perspective. Because the influences coming from the environment of the project do change over time, risk and opportunity identification should be a continuous and ongoing process.


  • Names and explains various sources of risk and opportunity and the differences between them
  • Identifies risks and opportunities
  • Documents risks and opportunities in a register


Assess the probability and impact of risks and opportunities 

The individual is responsible for the ongoing task of assessing identified risks and opportunities. Risk and opportunity assessment can be done qualitatively and quantitatively. The best approach is to do both and to regularly re-assess both risks and opportunities. The qualitative assessment could cover a more in-depth analysis of the sources behind identified risks and/or opportunities; it also deals with conditions and impacts. An example is scenario planning.

The quantitative assessment deals with probabilities and estimates and it also translates probabilistic impacts into quantifiable measures. Quantitative assessment provides numerical values measuring probability and impact expected from risks and opportunities. Monte Carlo analysis and decision trees are examples of powerful quantitative risk assessment techniques.


  • Engages in qualitative risk and opportunity assessment
  • Engages in quantitative risk and opportunity assessment
  • Makes and interprets a risk or opportunity decision tree, with outcomes


Select strategies and implement response plans to address risks and opportunities

The individual is responsible for the ongoing process of selecting and implementing optimal responses to any identified risk or opportunity. This process entails assessing various possible types of responses and finally selecting the ones that are optimal or most appropriate. For each risk the response options may include:

  • Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
  • Accepting or increasing the risk in order to pursue an opportunity
  • Removing the risk cause
  • Changing the likelihood
  • Changing the consequences
  • Sharing the risk with another party or parties (including contracts and risk financing)
  • Accepting the risk by informed decision
  • Preparing and implementing a contingency plan

Similar response options apply to opportunities:

  • Eliminating the uncertainty by making the opportunity definitely happen (exploit)
  • Allocating ownership to a third party who is best able to handle it (share)
  • Increasing probability and/or impact, by identifying and maximising key opportunity drivers (enhance)
  • Taking no special measures to address the opportunity (ignore)

Those risks that are not acceptable and those opportunities that are to be pursued require an appropriate response plan. Often, even after implementing risk responses, there is a residual risk that still has to be managed.


  • Explains various means and methods for implementing a chosen overall strategy for the risk and opportunity management process
  • Evaluates responses to risks and opportunities, including their strengths and weaknesses
  • Evaluates alternative means and methods for implementing a risk and opportunity response plan
  • Influences the plan for resources and competences required to implement responses
  • Implements and communicates a risk and opportunity response plan


Evaluate and monitor risks, opportunities and implemented responses

After the appropriate risk and opportunity responses have been implemented (this may include appointing risk owners for certain or all risks) the risks and opportunities will need to be monitored. The risks and opportunities and the appropriateness of the selected responses should be re-assessed periodically. Risk and opportunity probabilities and/or impacts may change, new information may become available, new risks and opportunities may arise and the responses may no longer be appropriate. The overall strategies may also need to be evaluated. In fact, risk and opportunity management is not just a periodic process, but should take place continuously as all actions may carry a risk aspect.


  • Monitors and controls the implementation and execution of a risk and opportunity response plan
  • Communicates the risks and opportunities and the appropriateness of the selected responses