Full Text

Over 3 years ago, the Risk Management Committee undertook the project of developing a dictionary that would provide standard terms for publications and presentations on the subjects of risk, risk analysis, and risk management. This effort included input and reviews by more than 100 individuals from AACE International and other organizations, and by professionals involved in risk analysis outside of the cost engineering and project management community. This dictionary is also available on the Project and Cost Management Forum (TCMFORUM) on CompuServe in Library 13 ("Associations/Standards"),

Many of the terms included are from probability and statistics; others are peculiar to project risk management. The 50 terms defined here are the ones most commonly used in works on risk management.

WHAT IS RISK?

Part of the need for this dictionary is to address the historical ambiguity of the definition of the word risk. Estimates can be either too high or too low because they forecast the future and there are uncertainties about what can happen. Since "uncertainty" could result in outcomes that are better or worse than the estimate, we all can agree on the following definitions.

* Threats are events that could adversely affect results.

* Opportunities are events that could improve results.

* Uncertainty includes the complete range of positive and negative impacts.

We spoke to many cost engineers, project managers, and other Total Cost Management professionals. There are three common "conventions" for defining risk.

* Risk is the same as uncertainty, i.e., risk = threats + opportunities.

* Risk relates to unwanted, undesirable outcomes, i.e., uncertainty = risks + opportunities.

* Risk is the net impact of uncertainty, i.e., risk = threats opportunities.

Each author/presenter should address this ambiguity by clearly stating how he or she defines risk in their work. If authors do not, they should avoid using the term risk in their works.

WHAT IS RISK MANAGEMENT?

There are also various definitions of risk management, risk analysis, risk assessment, risk control, and risk mitigation. While there is agreement that there are sequential activities used to manage project risk, these activities are called by different names. Risk analysis, for example, has been used to mean any or all of the activities. AACE International's Risk Management Committee has established standard names for each...