Proving the value of risk management


Dr. David Hillson


Dear Risk Doctor,

Risk management is considered by management to be a waste of time and money if nothing happens. How can project managers convince management and decision-makers that risk management is a good investment and necessary, even if an actual event does not occur?

Yours hopefully,

Project Manager


Dear hopeful Project Manager,

You raise an important and vexing question for risk practitioners – how do we prove we’re adding value?! I have a three-part answer:

  • Firstly, in old-style implementations of risk management that focus only on threats, you’re right that successful risk management means “nothing happens” (or at least no unexpected problems happen). In line with Popper’s Falsifiability Principle, we know it’s impossible to prove a negative, even though absence of evidence is not evidence of absence. So we couldn’t say for certain that investing in risk management was positively correlated with lack of problems. However now we have a new view of risk which includes opportunities as well as threats.

  • Now successful risk management results in avoiding problems as before, but we also create additional value through maximising and exploiting opportunities. And of course this can be measured. So perhaps we can create a demonstrable and measurable “Risk Management ROI” in this way.

  • Secondly, while we cannot run a project twice so we have no control for proving risk management effectiveness, we can learn from experience over time. Organisations which have been tracking project performance over the years can demonstrate that as risk management maturity increases, so does project success. What gets measured gets improved. And nothing beats demonstrating success to get the attention of management!

  • Thirdly, senior management will quickly realise and accept the value of risk management when they understand the close link between risk and objectives. They understand the need to “spend to save”, and will be looking for a payoff
    from risk management in terms of more successful achievement of project and business objectives. When they see those benefits then their commitment will be reinforced yet further.

I hope that answers your question adequately and that you manage to persuade your management to invest in managing risk.

With best wishes,

The Risk Doctor


© David Hillson



Please consider allowing cookies to be able to share this page on social media sites.

Change cookie settings
No history has been recorded.
Back to top