Risk tolerances

From apppm
Jump to: navigation, search

Developed by Edvinas Zamaratskis

Risk tolerance is an amount of risk that a project driven organization can withstand. This element in project management indicates the willingness of organization and it's people to avoid or accept risks. Risk tolerance can be analyzed from three different perspectives: company, project manager, and stakeholder. The company risk tolerance depends on the financial stability and project diversification. A project manager’s risk tolerance is affected by job security and corporate culture. The stakeholder’s risk tolerance is influenced by project objective. The project success depends on agreeable level of risk tolerance and early risk management planning.


Big idea

In project management, risk tolerance is the measure of the degree of uncertainty that a stakeholder accepts in respect of the project risk assessment. The three major stakeholders are the project organization, the customer or the owner of the project and the project manager. Uncertainties often are intangible, or invisible, therefore stakeholders have different perceptions of what constitutes risk and subsequently its tolerance. Hence these three stakeholder groups rarely have the same view on the possible outcomes of a project. The attitude towards risk tolerance varies depending on risk characteristics and project’s internal and external environment. Therefore, it is important to first define “risk” and “risk tolerance” and how it relates to project management in a technology-driven organization.

According to classical decision theory, risk is generally understood to be the distribution of possible outcomes, their probability and impact. In project management, this definition can be applied to time, cost, quality, and other factors that can affect these three concerns. It can be concluded, that a risk can either be an opportunity or a threat. An opportunity has positive effect on project objectives, while a threat possess a negative impact. The objective of risk management is to increase the probability of positive risks, and reduce the probability of negative risks.[1]

Risk tolerance is the degree, volume or amount of risk that an organization can withstand. It indicates how sensitive organizations, stakeholders, and people are towards risks. High tolerance often means that organizations welcome high risks while tolerance tells otherwise. Risk tolerance is still a developing area of research because of its human dynamics. A simple conception of risk tolerance can be expressed by claiming that individual decision-makers are risk averse. However in reality many other circumstances shape attitudes toward risk, and thus risk tolerance is a complex topic demanding a more complex definition.[2]


Risk tolerance application leads to more efficient use of resources because the project team has a better understanding of how to respond to threats and how to exploit opportunities. It is important to prioritize risks and address the most crucial ones, to know which should be avoided, reduced, transferred or accepted. In the same manner, opportunities can be exploited, enhanced, shared or ignored.

In addition to that, risk tolerance provides the project team a better understanding of how far down the list of prioritized risks it should go. This can result in improved decision-making that leads to lower costs, better performance, and a shorter delivery of the project. The following steps should be taken in order to reap benefits of risk tolerance.

First of all, a detailed risk management plan should be put in place. It should include definition of risk tolerance levels. It should address risk tolerance not only from the company perspective, but also with regard to the key stakeholders of project. Early assessment should improve decision maker making process as the project progress over time and issues become more complex.

Secondly, a firm should review its compensation policies for project managers and other employees. People weigh the possible rewards in making decisions that impact projects. By initiating a compensation structure where a portion of a remuneration is at risk or based on performance, organization influences employees likelihood of taking risks. This is a tool that firms can use to either increase decision-makers risk-taking ability or increase risk aversion.

Thirdly, it is important for companies to exercise an organizational culture that which promotes calculated risk-taking and innovation. Risk taking should be well thought out and measured. Project managers should be trained to quantify risks. Upper management should lend a hand in getting functional managers involved in the risk management process to help improve their decision making ability. By going through these processes, a project manager should improve evaluation of the personal risk tolerance level as well as that of the project team and the company as a whole.

Additionally, comprehensive performance reviews of project managers are another important component for maintaining a shared understanding and vision of risk tolerance. In reviewing the project manager’s performance, the upper management should critique the project manager’s apparent level of risk aversion. By doing so, the project manager receives formal guidance for future decisions.

A clear communication strategy is important and steps should be taken to ensure its effectiveness. First, the organization handling the project should identify who it is they need to establish channels of communication with, through which good and bad news can be delivered. The second step is to identify whose opinion, positions, and interests the firm should be aware of. This enables the firm to manage issues accordingly and more readily exploit opportunities. If the project manager does not receive input from the appropriate representatives of the stakeholder, or the messages are not cohesive, the project performance will suffer and accepted risk levels will not be met.

Finally, in performing risk assessment, decision issuing entity should adopt an outside view. This means that a project manager should look at what has happened with similar scenarios outside of the project and even outside of the organization. By doing so, there is less chance the project manager will make overly optimistic forecasts, which lead to failed projects. Project risk tolerance is a crucial part of any risk management plan. Risk tolerance should be analyzed continuously during the life cycle of the project.

Determining risk tolerance

Figure 1: Risk tolerance calculation method.

Risk tolerance concerns both the probabilities of risk occurrences taking place and the resulting impact of those risks. Tools and techniques have been developed to quantify risks and how the organization risk tolerance weighs against them. One way to determine the risk tolerance, is to ask a decision making entity if it would use the opportunity to make a risky, but potentially profitable investment. The required investment is an amount R. The investment has a 50% chance of success. If it succeeds, it will generate the full amount invested, including the cost of capital, plus that amount again. In other words, the return will be R if the investment is successful. If the investment fails, half the investment will be lost, so the return is minus R/2 (see fig. 1). Note that the expected value of the investment is R/4.

If R were very low, most decision makers would want to make the investment. If R were very large, for example, close to the market value of the organization, most decision makers would not take the investment. The risk tolerance is the amount R which will not influence decision makers between making and not making the investment. The results of risk tolerances obtained from different executives within the same organization can vary significantly.[3]

Alternative ways to model and quantify of risk tolerance

Figure 2: Risk tolerance profile.

Information collected into project risk register during risk assessment process can be used to generate risk tolerance profile (fig. 1). The process begins with the company determining the positive or negative impact it is capable to endure of a probable threat or opportunity. With this information, the risk tolerance line is mapped out. Each risk is plotted according to its probability of occurring, as well as the impact it would have. With this information charted out, the firm can identify the individual risks that lie above the firm’s tolerance level and focus resources towards those. The utility curve is another tool for understanding risk tolerance. A utility curve shown in fig. 2 demonstrates a risk averse decision maker while fig. 3 shows a risk-taker.[4]

When measuring risk and determining acceptable levels for tolerance, it is important that projects are viewed as a portfolio. By taking on multiple projects with uncorrelated or negatively correlated outcomes, a firm builds a portfolio of projects whereby the overall level of risk is lower than what one would perceive by looking at projects individually.

Company perspective

Risk tolerance of the company usually depends on the extent of financial stability and project portfolio diversification. Organization may lower its overall risk exposure by taking on multiple projects with uncorrelated or negatively correlated outcomes. While this is true for the organization, it is not true for a project manager dedicated to one project. For this reason, upper management must ensure project managers understand their project’s role within the context of the project portfolio.

It can be claimed, that taking risks can be beneficial to a firm that is able to accept them because it enables opportunity. Another aspect of the organizational risk tolerance is, that it depends on the importance of the project within the aggregate project portfolio. For instance, if the project being handled is critical, the organization is willing to take more risks. Alternatively, if it is not critical, then the organization might increase risk tolerance for that one.

Risk tolerance of organizations is dynamic and fluid. Company's acceptance of risk changes throughout the duration of a project. For instance a company’s commitment and investment in the project grows and more is at stake through its progression. Even though the project has fewer risks in towards final stages, the ones that still persist can be more dangerous.

Project manager perspective

The risk tolerance of the project manager and other members of the project team depends on job security and corporate culture. Project manager should have a detailed understanding of the firm’s tolerance level for the possible occurrence of every sizable risk or opportunity. Two categories of risk which concern project manager can be identified. These are project risk and professional risk.

Project risk applies to the uncertainties for a project manager in achieving a project’s goals in terms of time, cost, and quality. These risks are the main subject of risk management as they apply to project management.

Professional risk deals with a project manager’s uncertainties with respect to future job advancement and reward. This type of risk receives less attention, but it can potentially drive a project manager’s decisions and cause those decisions not to be in line with defined risk tolerance levels.

Stakeholder perspective

The project stakeholder risk tolerance depends on the project objective, which often is different from the organization’s risk tolerance levels. The stakeholder is the customer or client for which a project is being carried out. Risk tolerance levels must be examined by the stakeholder and conveyed to the project team, regardless of whether the tolerance level is high or low. The purposes behind a project and the project’s ultimate goals are generally laid out very early in the relationship between a contractor and client, and risk tolerance levels should be set and defined at the same time.


Organizations have limited resources and various project proposals competing for them, there is an inclination for too optimistic estimates and forecasts. Combined with this, any expression of pessimism could be viewed as disloyalty to the organization or the project team. Additionally, incorrectly identified risk tolerance levels could lead to projects being delivered late, over budget, under quality, out of scope, and without meeting all the initial goals. Due to to size and complexity, some projects could be plagued with conflicting tolerances of risks. Finally, tt is difficult for all project stakeholders to agree on risk tolerance levels throughout the life cycle of the project.


  1. 1 http://www.unnap.com/six-sigma/risk-appetite-tolerance-and-threshold-explained/
  2. 2 http://synergybusiness.com/files/PDF/White_Papers/Examining-Risk-Tolerance-in-Projectdriven-Organization.pdf
  3. 3 http://www.prioritysystem.com/reasons5e.html
  4. 4 https://books.google.dk/books/about/The_Project_Management_Question_and_Answ.html?id=XjB30_XPikcC&redir_esc=y
Personal tools