How Much Risk You Are Willing to Tolerate?
Every project manager deals with risk assessment and risk management. If done right, the project manager will ensure the overall project plan includes a risk management plan early in the project. The risk management plan is typically guided by the risk attitude of the project stakeholders, which is determined by their risk appetite, risk tolerance, and risk threshold.
The PMBOK Guide offers detailed definitions and guidance for each of these factors. For this discussion, we will use simplified descriptions:
Risk appetite is the level of risk that an organization is willing to accept to reach its goals and objectives. Risk appetite is typically culturally determined within the organization.
Risk tolerance tells you how sensitive the organization or the project stakeholders are to risks, their willingness to accept or avoid risk. Risk tolerance is variable, if not fluid, from person to person.
Risk threshold is the level of impact, typically a clear figure, beyond which the organization will no longer tolerate the risk. Risk threshold is a negotiated or determined quantified limit.
Project stakeholders are hardly ever asked what their individual tolerance level is. They agree on the risk management plan, but transfer their trust and expectations to the project manager. Stakeholders may understand the risk, but they may not fully grasp what acceptance of the risk means in practice.