4 types of risks in project management and ways to handle them

July 2, 2022

Risk management is one of the mandatory aspects of managing any project. A risk is an uncertain event or condition, the occurrence of which positively or negatively affects one or more project objectives. All risks can be roughly divided into four categories.

Known unknowns 

These are classic risks, most often we talk about them. We do not know exactly whether they will occur, but we can speculate or guess.

Example: In one project, a freelancer stopped answering the phone and disappeared without doing his work–we can assume that this risk could happen again in our new project.

Known knowns

Facts and requirements are another category of risk.

Example: If you own a car, you know that you have to have it serviced regularly–then you don't have to worry about breakdowns due to lack of maintenance.

In fact, it's not even a risk, it's a requirement to have your car serviced at regular intervals. Similarly, if you don't want to lose data, you make regular backups before any changes. These are also requirements, but they become risks if we don't comply with them. The machine can break down, the data can be lost.

Unknown knowns

We almost never think about this category of risk. These are the unknown-knowns–those hidden facts that exist outside our world picture. 

Example: Your acquaintance is working in Africa on one project. One day elephants come to the construction site and, after trampling and scattering everything, go back to the savannah. The residents of the local village are not surprised, for them it is a familiar picture of the world. Could the manager from New York have thought of this? No, in his world elephants live in a zoo and do not attack anything. In his world, this risk does not exist.

It is possible to identify hidden facts only by stepping outside the box. To step outside the box, it is possible to involve outside experts, communicate more with the community, and watch different cases.

Unknown unknowns

The most unpleasant category of risks is the emerging risks, the unknown unknowns.

Example: COVID-19. Could humanity assume that through a chain of animal carriers humans would be infected with a terrible virus that would change our entire habitual lives? Extremely low probability. It is an event from the realm of the famous Black Swans - completely unpredictable. 

That is, the risks that arise are things we couldn't even think of because they either never happened, or it was impossible to predict. This is something that we can't foresee or anticipate. But we can work on the project's resilience to risk by making sufficient provisions in both the schedule and the budget - and that's not a small thing. If our project is easy to accept change, and our processes are clear, we can detect such risks much earlier than they appear.

Threats and opportunities

Risks can be both negative (threats) and positive (opportunities). Negative risks can lead to a worsening of the situation–the development period will increase, the cost of work will increase, and we will get a lower quality product. When planning, we often pay attention to the threats.

Example: As a result of vague terms of reference (reason), we can misunderstand the tasks (risk) and make a product that does not meet the expectations of the customer (consequence).

We rarely think about positive risks. In fact, we don't even make a habit of calling something positive a risk. But why don't we manage our opportunities? With them, we can reduce testing time, reduce labor costs, and make better features–all these affect the goal of the project.

What risks should not be confused with

First: risk is not a reason. If we are launching a new product, or even if we have never done such a project before, these are not risks, they are facts and the harsh reality in which we find ourselves. So different risks can follow from these reasons that each one will need to be handled differently.

Second, don't confuse risks with consequences. "We won't meet the deadline," "The product won't meet the expectations of potential users" are exact consequences. And each will be a consequence of different risks. To distinguish what is in front of us – the cause, the risk, or the consequence – let's practice formulating risk.

Formulate the risk so it can be handled

A good risk formulation should include cause, risk, and consequence. Risk always arises for a reason. We will work with the risk itself in the project. And the consequences are what the risk can lead us to.

For example, we have never done this project before, so we could agree to too tight a deadline, and therefore we will not meet the deadline.

As a result, from this formulation, we can understand:

  • why we have this risk (we are doing this project for the first time);
  • what threatens us (we estimated the deadline incorrectly) is the risk or the threat;
  • how it will affect the goal of the project (at least we will finish the project later) – this is a consequence of the risk.

If you formulate risk using this formula, you can easily understand what you need to work on so that negative risk doesn't occur and positive risk can be taken advantage of.


So, risk happens. :) The challenge for the project manager is to take all risks into account as much as possible. In our experience, automating processes that do not require the direct participation of a manager helps free up time for strategic planning and a greater focus on project development.

How can we help with this? Radar is a tool for project management and status-reporting, which helps you easily monitor all projects. You see all the processes and progress of your projects at a glance, spend less time on data collection and reporting, and improve team communication through transparency.

Featured articles