What is the difference between a risk and an issue?

Many people confuse an issue with a risk.  A risk is an event that may occur; an issue is an event that has occurred.  Generally there are considerably fewer issues than risks, and if not, re-consider doing the project!

Then there is the difference between a project risk/issue and operational risk/issue.  A project risk is an event that may occur during the project lifecycle and consequently put the project development or delivery (or part of it) in jeopardy.  An operational risk is an event or situation that may be introduced with the implementation of the project.  Operational risks need to be agreed by the project owners that they are willing to accept these newly introduced risks once the project is completed and operational.

Defining issues and risks

The basic objective or goal of any project is to manage it to a successful completion, but there will always be risks that will have the potential to jeopardize a successful outcome, so a risk analysis is required to identify and mitigate them so the project is not adversely impacted.    The best approach is a workshop with representation from the various project team members to discuss the potential project risks.  Risk identification is an iterative process because new risks may only be identified as the project progresses through its life cycle and previously identified risks may get resolved and closed.

Create a risk and issue register to assist with managing these.

A note here, that a potential situation is not a risk.  A risk occurs because of a potential situation, so when identifying the risk it is important to determine the risk occurring from the situation.

Assessing issues and risks

Risks and issues need to be assessed (and categorised dependant on their impact).  Regular review dates should be attached to each, dependant on their impact category.  Determining the probability of the risk will assist in impact category.   High/Critical risks and issues need to be monitored and reviewed regularly.  Mitigation plans are required for risks.

Reviewing issues and risks

The frequency of reviewing these risks and issues depends on the size of the project.  Obviously high/critical risks need to be reviewed frequently.   A good approach is to allocate each risk and issue  to a project team member to be managed (although they are not necessarily the owner).  Either review these at the project team meetings or allocate regular, specific sessions to do this.

Managing issues and risks

People should be aware of and track risks, but spend their time resolving the issues.

Bear in mind that some risks can be positive, and hence represent an opportunity rather than a threat to the project.  Embrace these opportunities by preparing a plan which supports them and takes advantage of them.


These are just a few of my thoughts, I would really like to hear about other people’s views and how you deal with the horrible four letter word… RISK!