Why do we need to categorize risks?

Let me start with the definition of the word ‘category’

cat·e·go·ry(noun): any general or comprehensive division; a class.

group, grouping, type

The main goal of risk management is to avoid unpleasant surprises. This requires comprehensive list of identified risks. Risk categories are specific way to group risks under a common area which provides a structured & systematic approach in identifying risks to a consistent level of detail.

Some of the advantages using risk categories are:

* A good set of risk categories enable a greater management focus, thought provoking, and increasing the opportunity of identifying a wider range of risks

* As I told earlier, risk categories give structured approach to risk identification through which all risk areas are explored without fail

* Categorizing risks improve the effectiveness & quality of the risk identification & analysis processes

* Grouping risks by common root causes can lead to developing effective risk responses

* Risk categories also helps in risk assessment by interviewing or meetings with participants selected for their familiarity with a specific risk category

* Risk categories give greater ability monitor and control risks identified classified under the same area or root

It isn’t possible to develop one-size-fits-all risk categories for all projects/organizations. There could be common list of risk categories available which can be adapted with specific changes required for our projects. There are many ways to categorize risks. Generally, risks to the project can be categorized by

* sources of risk,

* the area of the project affected i.e. using Work Breakdown Structure(WBS), or

* other useful category like a project phase, to determine areas of the project most exposed to the effects of uncertainty.

Example for risk categories:

* Financial
* Security
* Legal & regulatory compliance
* Safety
* Stakeholder management
* Strategic
* Technology

As per PMBOK® Guide, risk categories are part of organizational process assets. Every organization should have standard lists of risk categories and it can be retrieved from achieves of already executed project.

To identify risks, project managers start with risk categories. But the process of identifying risks can also lead to identification of new risk categories. The newly identified category added to risk category list.

Risk categories can also represented in a structured way into a Risk Breakdown Structure (RBS). The RBS is a hierarchically organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks.

2 thoughts on “Why do we need to categorize risks?

  1. Categories help ensure we are looking at a lot of kinds of risk that need to be brought into a risk management process. I know you’re just getting started on the topic, so I’ll be interested in seeing what you propose as a comprehensive risk management approach. Keep up the good work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s