The Risk Management Society defines risk tolerance as the
amount of uncertainty an organization is prepared to accept if the risk was to occur.
Risk tolerance can be often communicated as acceptable or unacceptable outcomes
beyond which the organization is unwilling to lose. Exceeding the established
risk tolerance level not only affects the overall project objectives, but it
also threatens its survival due to the consequences mainly in terms of budget, schedule,
compliance and reputation. Risk tolerance is usually set by the executive board
and are linked with the organization’s strategic goals.
Tolerance and the risk management process
bottom line of the Risk Management Process is to capture the organizational
philosophy for managing and taking risks, help define and drive the
organization’s expected risk culture and guide overall resource allocation to
respond appropriately to these risks. The 5th edition of the PMBOK
guide discusses how critical it is to understand
the organization as a system because all the environments must be analyzed to
determine the level of risk that jeopardizes the organization’s objectives. The
key of the risk management process key is to understand the organization as an
open and dynamic system that interacts with its surroundings and defines its strategy
to survive and grow.
How should the tolerances of individual team members, key
stakeholders, customers, and the project manager be handled in the risk
The most daunting task of the risk management process is
that project managers must gather all the stakeholders who support the project
and obtain their risk tolerances in terms of cost, schedule and overall project
performance. Pritchard goes on into explaining that the project manager cannot
identify all the risks alone. A team approach must be followed to take advantage
of splitting these activities and make the risk management process more
accurate and timely. To overcome the difficulty of relaying on individual
contributors Pritchard suggests the project manager should come up with
different scenarios to test the stakeholder’s expectations. He gave the
following example, “If a team member came to you and reported a 10% overrun, would
you shut down the project? What about a 20% overrun? 30% overrun?”. Dr.
Kerzener agrees with Pritchard’s views and add that earned value measurement is
only part of what stakeholders want to hear. It is imperative that project
managers interview the stakeholders to learn what information they deem as
important. Every stakeholder may have a different risk appetite and the project
manager may then find it necessary to develop a different risk management plan.