When managing projects in an organization, you need to understand and define risk thresholds for these projects.
A risk threshold indicates the amount of risk exposure your organization is willing to accept related to cost, time, scope, or quality. Setting accurate risk thresholds aligned to organizational risk appetite allows you to make informed decisions on risks.
In this article, we’ll explore the concept of risk threshold in project management in-depth, as well as its importance, and how to leverage them for effective project risk management. You will also learn the difference between risk threshold and risk tolerance.
For PMP candidates, this is one topic that you definitely need to master as you can expect some questions from here in your PMP exam.
What is Risk in Project Management?
First off, let’s refresh our knowledge of what a risk entails in project management. A risk in project management is an uncertain event or condition that can impact your project objectives if it occurs.
As a project manager, it’s your responsibility to identify and assess potential risks that may affect your project’s scope, schedule, cost, or quality.
Positive risks present opportunities that can improve your project outcomes if they occur. For example, new technology becoming available could enable your team to complete tasks faster than planned.
On the other hand, negative risks are threats that can detriment your project if they materialize. An example is a key supplier going out of business, which could delay project activities.
Effective risk management requires identifying both positive and negative risks upfront through processes like brainstorming. You then analyze these risks to determine their likelihood and potential impact. This allows you to plan risk responses to maximize opportunities and minimize threats to your project’s success.
What is Risk Threshold in Project Management?
The risk threshold defines the total amount of risk exposure your project can accept. It sets the boundary for the risks you are willing to take on as a project manager before they become unacceptable to your stakeholders.
A risk threshold is quantified based on the risk appetite of your organization and project sponsor. For example, if your project has a budget of $100,000, leadership may set a risk threshold of $10,000. This means you should not take on risks that could lead to cost overruns beyond $110,000.
As a project manager, you will compare identified risks against the predetermined threshold. Risks exceeding the threshold require a response, such as mitigation or active acceptance, while risks within the threshold can simply be accepted as the exposure level aligns with your stakeholder risk appetite.
Defining an appropriate risk threshold allows you to balance risk versus reward and make decisions that meet project objectives.
Types of Risk Thresholds in Project Management
There are two main types of risk thresholds used in project management. These are:
1. Qualitative Risk Threshold
A qualitative risk threshold sets the maximum risk rating or score that you are willing to accept for individual risks. Many project managers use a risk matrix with probability and impact scales to assign scores to each identified risk.
You would then define a threshold score. For example, risks over 15 on a 1-25 scale require active mitigation.
2. Quantitative Risk Threshold
A quantitative risk threshold establishes the total risk exposure you are willing to accept for the overall project. This is calculated by quantifying risks into a monetary value based on the risk probability and cost/time impact.
Statistical modeling is used to determine the cumulative risk exposure. Leadership then sets a threshold dollar amount as the maximum acceptable exposure such as $100,000 for a $1M project budget.
Setting both types of thresholds allows you to gauge risks at the individual and portfolio levels. You should combine qualitative and quantitative analyses to determine if risks breach your accepted limits.
Importance of Risk Threshold in Project Management
Defining risk thresholds is a critical process in project risk management. Here are some key reasons why risk thresholds matter:
1. Aligns with Risk Appetite
A risk threshold quantifies the risk appetite of your organization and sponsor. By setting an appropriate threshold level aligned with their appetite, you can manage risks in line with your stakeholders’ expectations. Exceeding this threshold indicates that you have taken on too much risk.
2. Enables Risk Response Planning
By comparing each identified risk to the threshold, you can determine which ones require active mitigation or acceptance responses.
Risks below the threshold can be passively accepted. This way, you can then focus your risk responses on priority risks that are above the defined exposure limit.
3. Supports Objective Decision-Making
Risk thresholds provide objective parameters for your decisions as a project manager. Rather than making subjective calls on risk acceptance, you have defined guidelines on when a risk becomes unacceptable. This data-driven approach leads to defensible choices.
4. Drives Accountability
A risk threshold sets a target for your project’s risk exposure. This keeps you accountable for proactive risk management. It also demonstrates the ROI of mitigating risks within the threshold.
Risk Threshold in Project Management Example
Let’s look at an example to understand how to apply a risk threshold.
Imagine that you are managing a project with a budget of $100,000. Through your risk identification process, you highlight a risk of a delayed vendor delivery that could lead to additional rental costs for temporary equipment of $15,000.
You perform quantitative risk analysis and determine there is a 60% probability this risk occurs. The total risk exposure is 60% of $15,000, which is $9,000.
The project sponsor has set a risk threshold of $10,000 for cost overruns based on the organizational risk appetite.
Since your quantified risk exposure of $9,000 falls below this threshold, you can choose to accept the risk as-is. No active mitigation is required. You document this decision and rationale.
However, if further analysis shows a 75% probability, giving an exposure of $11,250, the risk now exceeds your threshold. You must implement responses like negotiating an earlier delivery date with the vendor to reduce the exposure below the acceptable threshold limit.
This example demonstrates how a defined risk threshold drives objective decision-making on risk response strategies.
Risk Threshold vs Risk Tolerance
Risk threshold and risk tolerance are related but happen to have distinct meanings when it comes to project risk management.
Risk tolerance is a broad measure of risk appetite that refers to the overall degree of uncertainty an organization is willing to take on. It is often qualitative and subjective.
A risk threshold on the other hand makes tolerance by quantifying it with a defined value, such as a budget contingency percentage. It sets a specific limit for risk exposure.
For example, a stakeholder may have a moderate risk tolerance but set a 10% cost overrun threshold to support this. The threshold provides actionable data to execute risk decisions aligned to the qualitative tolerance level.
As a project manager, you should confirm that risk thresholds support stakeholder tolerance, and then analyze if the threshold value is realistic given project objectives and constraints. Setting appropriate thresholds transforms tolerance into concrete guidance to manage project risks.
Summary of Risk Threshold in Project Management
Overall, defining risk thresholds is an essential activity for a project manager. It provides a clear target to guide your risk management approach aligned to stakeholder risk appetite and tolerance.
Leverage both qualitative and quantitative techniques to set risk thresholds, and use the thresholds to make data-driven decisions on risk response planning. Keep risks within the predefined limits to achieve project objectives.
With an understanding of risk thresholds, you can feel confident taking on calculated risks and minimizing threats for project success.
