<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=150057&amp;fmt=gif">

Risk Threats and Opportunities: Similarities and Differences

January 07, 2020 |   | 
6 minutes read
Safran Software Solutions

Safran Software Solutions

Opportunities and threats are often difficult to separate. What poses as an opportunity may become a threat if not correctly handled.

Two Sides of the Same Coin?

“Risk is the effect of uncertainty on the achievement of an objective, either positive or negative”.

This is a commonly held definition amongst most risk practitioners. This has led most risk practitioners to consider that threat (i.e. the negative effect of uncertainty) is the opposite of opportunity (i.e. the positive effect of uncertainty). This can be compared to how 'heads' is the opposite of 'tails' on a coin.

Most organizations struggle with the concept of identifying opportunities while excelling at finding trivial threats. However, opportunity isn't the opposite of threat as most people conceive it, but a different thing altogether that requires an alternative approach to management.

Discover why qualitative risk analysis is an essential skill for all risk professionals.

 


The Biological Imperative of Risk

Organisms need to be constantly aware of their surroundings to avoid danger. This evolutionary characteristic has led to the human brain being highly attuned to the negative effects of uncertainty in the natural world. This leads us to see hazards more readily in any pursuit we undertake, including managing projects.

The most common type of opportunities identified at risk workshops I have facilitated are usually associated with what can be achieved after project completion. This includes the spin-off project, which other customers or markets can sell into.

It's a constant battle to bring the group back into the bubble of current project delivery to ask how this project can be delivered better, be that by improved performance for less money, shorter delivery times, or more effective delivery methods. 

Even if the team can spot these project opportunities, they're invariably ‘baked into’ the project delivery without going through the same risk assessment process that threats are subjected to, and so they rarely appear in a risk register. 

People just want to action opportunities in a way that's different from wanting to deal with threats, and I believe this is because of the ways people see the likelihood of opportunities occurring.

Probability of Opportunity is Dependent on Action

Uncertainty lies at the heart of the definition of risk, but we struggle to calculate the probability of opportunity even at a gut level. Invariably they will need to act in order to make it happen, as opposed to acting to prevent its occurrence. 

Let’s take an example: I want to drive to the airport to catch a flight. I know that certain threats can occur which may prevent me from reaching the airport in time such as traffic (highly likely), car breakdown (low likelihood), or getting lost (low likelihood).

So I take precautions to prevent their occurrence or reduce the impact by:

  • Checking the route
  • Listening to the radio traffic news
  • Following the Sat Nav
  • Ensuring the tyres are in good shape
  • Making sure there is enough petrol in the tank
  • Ensuring the oil and water levels are topped up

Based on my assessment, I know what time to set off and my anticipated arrival time.

So how can I fit opportunities into this scenario? I've already assumed that I won't exceed the speed limit, and the selected route is the best one for the given time of day, so there's little opportunity to get there any faster. 

Perhaps I should change my outlook on the objective and ask myself ‘can I make the ride more profitable?' If I know that other people from my office or in my area are heading for the same flight, perhaps there is an opportunity to ride share. This doesn't change the original objective but does benefit me as a potential cost saving.

Here's the problem - it'll require some effort on my part to make it happen, and so calculating the probability of opportunity comes down to how much I want to make it happen.

If I'm struggling for petrol money, then I'd be better motivated to seek the opportunity (so it's highly likely to occur). However, if money is not a problem for me, then I'll be less inclined to seek the opportunity (low likelihood of occurrence).

Alternatively, I may not be motivated by simply money, but also by having a companion on the trip. In this case the likelihood will change again.

Ambiguous Language

Another reason why opportunities are hard to identify is that they're sometimes hidden within the same language as a threat. For example, when a simple approach has been taken to the description of a risk. When the project objective is delivering material in nine days, the risk is 'we will be early if the material arrives in six days.' However, it's invariably described as 'we'll be late if the material doesn't arrive in ten days.'

It's the same risk – there's uncertainty on the arrival of the material – but it will undoubtedly be recorded in the risk register as a threat. This is because they're different scenarios. In one, there are infinitely more days than nine. While in the other, there are only three days less than nine - with expectations to arrive in three. Even if the likelihood of arriving in six days is greater than being later than ten days, odds are this will be considered a threat. If the odds of an early delivery are good, then the objective may be reduced to delivery of the material in six days, with a threat of being late if later than seven days. 

Making risk language unambiguous will help reduce this problem. This can be achieved through the adoption of a risk meta language based on the bow tie model. This model explicitly considers the source of an event, the event itself, and the impact of the event on an objective.

Simple Bow Tie Model

 

The Bow Tie Model

Clearly articulating the objective in realistic terms will help to shape the potential for opportunities to be identified. However, in most cases the business case will have been built around the best-case scenario and so most objectives are unlikely to make a significant impact. This, perhaps more than anything else, lies at the heart of why so few opportunities are identified by projects.

Bow Tie Walk-through

Play Button

Opportunity Treatment

One other aspect that causes opportunities to be overlooked is the lack of language dedicated to the treatment of opportunities. Threats have a whole host of words held for their treatment: mitigation, avoidance, transference, termination, and insurance are just some of them. Even the word tolerate has the implication that it's something which can be lived with if it should occur, rather than being lived without.

What are the equivalent words for acting on opportunities? Words like take, seize, or exploit spring to mind, but they all sound unethical in comparison to terminate or mitigate. Once again, opportunities are deemed to be something to action rather than something to deal with.

Similarly, what's the equivalent to risk contingency? We hold 'float on schedule' as a time contingency or 'money in reserve' as a cost contingency. But we do not, or cannot, deliberately hold a negative float or deficit budget on the expectation that opportunities will always be successful. Any project manager justifying a negative margin position at the start of a project with the expectation that all opportunities will be used to deliver a positive outcome would be laughed out of the room in most organizations.

Similar but Different

While opportunities spring from uncertainty in the same way that threats do, they are not treated equally in either the language used by risk professionals or in the way project schedules and budgets are established. As such, they'll always play second fiddle to threats, and this can be clearly seen when the word 'risk' is more often used as a synonym for threat by most people, including project professionals themselves.

But just because it's a poor cousin to threat, does that mean 'opportunities' should be treated differently, or should we just lower our expectations about how projects should handle them? Are we expecting too much when we look at a risk register with a 10:1 ratio of threats to opportunities and demand the project team finds more?  

Discrimination against opportunity exists in so much of risk management, but it should not be a barrier that holds back organizations from finding opportunity on its projects. There are a few simple steps which can be used to give opportunity the chance of finding a more equal footing.

Imagination is required when identifying both threats and opportunities, and this can be enhanced using diversity in risk identification workshops. Each person's level of experience and diversity of human characteristics is a great source of inspiration for identifying innovative opportunities. 

A skilled risk facilitator should also ensure that opportunity identification workshops are given an equal priority with threat identification workshops. And where appropriate, the word ‘risk’ is explicitly used to mean both positive and negative impact. Indeed, the language used by a risk facilitator will have a significant influence over the types of risk the team identifies. 

Finally, finding tools and techniques which have been designed based on the original definition of the word risk will enable a team to seek opportunities, as well as threats, during the life cycle of the project.

Choose a Risk Management Tool Without Threat Favouritism

Opportunities contain the same basic building blocks as threats, i.e. they have a likelihood of occurrence and an impact on an objective. This means the data associated with them can be managed using the same tools.

Collaborative Approach

When considering choosing a risk management tool, choose one that will enable a collaborative approach to risk identification, and utilizes bow tie methodology for the risk description.

Neutral Language

Look for tools that don't assume that risk means threat. All language within the tool should give equal weighting to threats and opportunities. This equality should be extended to the reports and visualizations, such that colour schemes can differentiate but don't psychologically bias threat in favour of opportunity. All supporting documentation should be written in a neutral language.

Equal Weighting 

Safran Risk Manager has been designed to give an equal weighting to opportunities and threats wherever possible. The language used throughout the tool is neutral and makes no assumption of one over the other.

The bow tie methodology that lies at the core of the Safran Risk Manager's risk recording process enables threats and opportunities to be articulated and recorded against project objectives without favouritism. 

Safran Risk Manager dashboard widgets present opportunity and threat data on an equal footing, and the reports differentiate without discrimination. 

Opportunity Knocks

In conclusion, opportunities will continue to be elusive in most project risk registers, but deserve to have the same rights as threats. Opportunities are different, and humans will continue to regard them as an afterthought simply because our brains are wired to see 'threats' first, and our language has evolved to see risks as something to be dealt with, while opportunities are something to action. 

However, using skilled Risk Managers, well facilitated risk workshops, and adopting good quality risk management tools, will help your organization find the opportunities to exceed your project expectations.

Want more information?
Watch this presentation on this topic featuring the the Association for Project Management Risk SIG and Institute for Risk Management Nuclear SIG by Chris Ritson of Safran