Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.
The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.
Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase.
Project risk management is an important aspect of project management. Risk Management is one of the nine knowledge areas defined in PMBOK. Project Risk can be defined as unforeseen event or activity that can impact the project progress, result or outcome in a positive or negative way. A risk can be assesed using two factors: impact and probability. If the probability is 1, it is an issue. This means that risk is already materialized. if the probability is zero, this means that risk will not happen and should be removed from the risk register.
The Practice Standard for Project Risk Management provides a benchmark for the project management profession that defines the aspects of Project Risk Management that are recognized as good practice on most projects most of the time. The Practice Standard can be used by project management practitioners to validate the risk management process being employed in a specific situtation, project or organization. The Practice Standard for Project Risk Management is consistent with the current release of A Guide to the Project Management Body of Knowledge: (Pmbok Guide).