A Practical Risk Management Guide for Achieving Organizational Success
Photo by Firmbee.com / Unsplash

A Practical Risk Management Guide for Achieving Organizational Success

Project management is an intricate process that requires a lot of attention to detail, particularly when it comes to managing risk. This course will delve into the Australian Standard for Risk Management, AS/NZ ISO 31000:2009, and the PMBOK® Guide approach to managing risk in projects. These two risk management methods play a crucial role in project management, and it is important to be aware of both and be able to use them effectively within your project. 

While the two methods share many similarities, it is essential to note that the terminology used by the PMBOK® Guide and the Australian Standard differs. Therefore, throughout the course, we will provide clarification of terms to ensure that there is no confusion. Furthermore, we will cover other common risk management methods used by organizations and associations worldwide that may be required by your organization, particularly if you are working for an international company in Australia or are working overseas. 

In addition to introducing the different risk management methods, we will establish that having a systematic and consistent approach, clear terminology, and effective record-keeping are critical elements of effective risk management. By the end of this course, you will have a solid understanding of the different risk management methods and how to use them effectively in your project.

ISO 31000:2009 Risk management

The 'ISO 31000:2009 Risk management - Principles and guidelines' standard provides comprehensive guidelines for the principles and implementation of effective risk management. It is a universal standard that offers a general approach for all types of organizations, whether dealing with specific risks or sectors. Although the standard is not intended for certification purposes, it supports the management of risk as an integral part of the management process.

Additionally, the 'SA/SNZ HB 89:2013' and its international equivalent 'ISO 31010 Risk Management - Risk Assessment Techniques' provides valuable information on the selection and application of risk assessment tools and techniques. As a generic guide, the standard requires customization to account for the organization's context, the sector it operates in, and the project's individual aims and objectives. Managing risk at the operational level requires applying the risk management process to activities, projects, and programs.

The standard promotes the management of risk as an integral part of the management process. Although the 'Executive' is responsible for defining and documenting the risk management policy, all employees must participate in interpreting and implementing the policy at the operational level. As the external and internal environments in which projects and organizations exist and operate are dynamic, new and changing levels of risk must be identified, analyzed, monitored, evaluated, and treated continuously.

The International Organization for Standardization (ISO) outlines the following principles of risk management:

• Improve the likelihood of achieving objectives

• Encourage proactive management

• Identify and treat risk throughout the organization

• Improve identification of opportunities and threats

• Achieve compatible risk management practices between organizations and nations

• Comply with relevant legal and regulatory requirements and international norms

• Improve financial reporting

• Improve governance

• Improve stakeholder confidence and trust

• Establish a reliable basis for decision making

• Improve controls

• Effectively allocate and use resources for risk treatment

• Improve operational effectiveness and efficiency

• Enhance health and safety performance as well as environment protection

• Improve loss prevention and incident management

• Minimize loss

• Improve organizational learning

• Improve organizational resilience

As the study progresses, each of the interconnected steps in the process diagram in Figure 1 will be examined in more detail. Not only will the theory of risk management be explored, but the principles will also be applied to all forms of organizations. The iterative process of managing risk is not always neat and discrete due to the dynamic nature of the external and internal environments. Therefore, identifying, analyzing, monitoring, evaluating, and treating risks on an ongoing basis is essential to ensure that the organization achieves its objectives and maintains resilience.

Above is the diagram for the ISO 2009:31000 which is very similar to the original AS/NZ 2004:4360 Standard in terms of its processes and the areas that are covered.

A Technical Approach

The Risk Standard is a methodology that takes a technical approach to risk management. It aims to make discussions more scientific and factual, removing unnecessary emotions from what can become very emotive discussions and analysis. The standard employs various concepts, including the notion that risk perception constitutes likelihood multiplied by consequence. It also assumes that all decisions can be made rationally and seeks to provide an "objective" assessment of risks. The standard reduces risk to checklists and audits and utilizes data analysis and decision analysis to come up with a rational process of hazard identification. The underpinning belief of this methodology is that there is data and information that can be collected on which decisions can be made. However, risks are essentially about the future, which is unknown, and this means that estimates are essentially real forecasts. There are also cost constraints that may prevent data collection due to its high cost.

If you want to learn more about risk management and how to effectively manage risks, you can watch a video called "Risk Maker Risk Taker: A Manager's Guide to Risk." This video (https://youtu.be/BP6H8AxHZok), which is available on DVD 035-2006, provides valuable insights on how to become a better risk manager.

PMBOK® Guide and Risk Management

Effective project management is crucial to the success of any project, and the PMI PMBOK® Guide offers a structured process that enables individual risk events and overall project risk to be understood and managed proactively. By minimizing the potential threats and maximizing opportunities, this methodology optimizes project success. The Guide emphasizes the importance of risk management as a central component of project management. Risk is one of the nine Knowledge areas of this methodology, and the Guide specifically focuses on risk management during the Planning Phase in the Process Planning Group (section 11.1 – 11.5) and in the Closure Phase in Monitoring and Control (section 11.6). These sections cover various aspects of risk management, including risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, risk response planning, and risk monitoring and control. 

It is essential to note that all these processes interact with each other and with the processes of other Knowledge Areas. The PMI PMBOK® Guide defines risk as an uncertain event or condition that, if it occurs, has an effect on at least one of the project objectives. It stresses that project risk is a future event, which means that it is not yet a reality but has the potential to impact the project's objectives and outcomes. By using this methodology, project managers can proactively identify and manage risks to ensure project success.

Figure 11-1 Project Risk management Overview, Project Management Institute 2012, A guide to the project management body of knowledge (PMBOK® Guide), 5th ed., P 312

PMI Practice Standard for Project Risk Management

The PMI Practice Standard for Project Risk Management is an essential guide for project managers and stakeholders who are striving to establish a reliable and effective process for managing risks. This comprehensive resource provides a detailed overview of the risk management process, including essential tools and techniques that can be utilized in conjunction with the PMBOK Guide.

The main objective of the PMI Practice Standard for Project Risk Management is to establish a globally recognized standard for project management practitioners, outlining the best practices for managing risks on most projects. By setting this standard, the guide ensures that risk management is consistently applied across the board, resulting in more efficient and effective project management.

It should be noted that this guide only covers risk management as it applies to individual projects, and not to programs or portfolios of projects. However, it provides principles that can be applied to project risk management, identifying critical success factors that can be utilized to achieve positive outcomes.

For project managers who want to ensure that project risks are managed effectively and efficiently throughout the project's life cycle, the PMI Practice Standard for Project Risk Management is an indispensable tool.

Other Risk methodologies: RAMP, SHAMPU, M_o_R and RFA

Over the years, risk management has evolved into an activity of global significance. Most developed and developing countries have come together to adopt common standards and methods that help them identify and mitigate risks. However, the evolution of risk management has been shaped by the specific needs of individual industries and countries. This has resulted in the development of unique terminology and processes that are tailored to specific requirements. The Finance Industry, in particular, has played a significant role in shaping the evolution of risk management methods and techniques.

Today, there is a vast range of standards, methods, guides, and frameworks for project risk management that have emerged from various industries and countries. Each approach is tailored to specific requirements and has its unique strengths and weaknesses. The success of a risk management strategy depends on its ability to cater to the industry, project, and the focus of the risk management strategy.

The ISO 31000 Standard and the PMBOK are the most popular and widely accepted methods, standards, and guides in this field. However, there are many other ways to approach risk management, each with its unique benefits. By leveraging these different strategies, organizations can develop a comprehensive risk management plan that is tailored to their specific needs and that maximizes their chances of success.

Risk Analysis and Management of Projects (RAMP)

Risk management has emerged as a critical component of the global business ecosystem, with a growing number of organizations implementing common standards and practices for identifying and mitigating risks. In the past, the development of risk management methods was largely influenced by specific industries or countries to address their unique needs, resulting in a diverse range of terminologies and approaches. This phenomenon is particularly evident in the Finance Industry, which has contributed significantly to the evolution of risk management practices over the years.

As a result, numerous standards, methods, frameworks, and guides have been developed to facilitate project risk management, each with its own advantages and disadvantages depending on the industry, project, and objectives. These resources are designed to help organizations assess the likelihood and impact of potential risks, develop strategies to manage them, and implement effective risk mitigation measures. While the ISO 31000 Standard and the PMBOK are widely recognized and accepted as best practices, there are several other approaches that are equally effective in managing risks. It is important for organizations to evaluate each method carefully and select the one that best aligns with their goals, objectives, and risk appetite.

Shape, Harness, And Manage Project Uncertainty (SHAMPU)

Risk assessment is a crucial aspect of project management, and one widely accepted and effective framework is SHAMPU. This acronym stands for Shape, Harness, and Manage Project Uncertainty and provides a generic risk assessment process, consisting of nine steps: Define, Focus, Identify, Structure, Ownership, Estimate, Evaluate, Plan, and Manage. 

In their book, Chapman and Ward present the UK approach to risk management in projects using the SHAMPU acronym. The framework provides a structure to review approaches to analyzing stakeholders and related uncertainty management issues. The nine phases of the framework are: project definition, focusing the uncertainty management process, identifying sources of uncertainty, structuring issues, clarifying ownership, estimating variability, evaluating implications of uncertainty, harnessing plans, and managing implementation. 

The authors explore various approaches to stakeholder analysis and suggest generic strategies for managing stakeholder expectations, ranging from "hard-soft" spectrum characterization. They conclude that a systematic approach to stakeholder management is facilitated by the use of project uncertainty management processes that distinguish different stages of the project life cycle. 

The three stages of SHAMPU are as follows:

- Shape: This stage defines and focuses the project, providing a strategic view that shapes the project manager's approach to uncertainty. The uncertainties are identified, categorized, and assigned to specific owners, and the variability of risk is estimated while evaluating their implications. 

- Harness: This stage complements the strategic plan by identifying risks in ways that leverage the strategic shape of risk assessment. 

- Manage: Once the tactical plan is in place, management is needed to address uncertainty relevant to the project throughout its life cycle.

Risk Factor Analysis (RFA)

Risk Factor Analysis (RFA) is a widely used method of risk analysis that follows a qualitative approach. It is designed to help managers identify factors that can have a significant impact on the quality of the outcome of a project while providing them with new perspectives that can help them effectively manage qualitative risks.

One of the key strengths of RFA is its flexibility. It can be adapted to a wide range of scenarios, regardless of the type of qualitative risks involved. For example, RFA can help identify and manage risks that may affect project cost, such as labour and material costs, as well as scheduling risks, such as the availability of facilities and personnel. It can also help manage technical risks related to the maturity level of technology applied to the project.

Besides, RFA can help deal with uncertainties around financial resources. These uncertainties may include the vulnerability of funding for various project tasks or the inability to gain sufficient funding to complete the project. By identifying and assessing the impact of such uncertainties, RFA helps managers develop effective strategies for reducing risk.

Overall, RFA is a comprehensive and flexible system that can help organizations manage risks effectively. By analyzing all potential factors that may impact the project outcome, RFA helps organizations develop robust risk management strategies that ensure project success.

Management of Risk (M_o_R).

The Management of Risk (M_o_R) is a risk management strategy that was developed and sponsored by the UK government agency Office of Government Commerce (OGC). It is widely used within the UK government as the de facto risk management standard for its public projects, and is also affiliated with the PRINCE2 methodology. The M_o_R method is primarily used for managing risk in government, and is also used in Australia.

The M_o_R method involves a detailed risk management process that is tailored to the needs of the organization. It focuses on management structure, roles and responsibilities, and implementing a number of checklists to support the phases of the process. The scope of the M_o_R method has developed and evolved over time to meet the specific needs of government organizations. As a result, it has limited application to non-government sectors.

If you want to learn more about the M_o_R method, you can refer to the book 'Everything you wanted to know about Management of Risk (M_o_R®) in less than 1000 words' by Williams Graham (2011), which is available at The Stationary Office.


Committee of Sponsoring Organizations of the Treadway Commission (COSO)

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a prominent US-based organization dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control, and fraud deterrence. The objective of COSO is to improve organizational performance and governance while reducing the extent of fraud in organizations. 

COSO was established in response to the increasing number of corporate and accounting scandals, such as Enron, Tyco International, Adelphia, Peregrine Systems, and WorldCom, which were largely attributed to poor accounting internal controls and risk management. In 2001, COSO initiated a project and engaged PriceWaterhouseCoopers to develop a framework that would be readily usable by managements to evaluate and improve their organizations' enterprise risk management. 

COSO has become a vital organization in the accounting and financial industry, not only in the US but worldwide. Its framework has been widely adopted by many organizations as a guide to assess and enhance their internal control systems, risk management processes, and overall governance.

 Project Risk Analysis and Management (PRAM). 

Project Risk Analysis and Management (PRAM) is a crucial aspect of project management that involves identifying, assessing, and mitigating potential risks that could impact the success of a project. This framework is associated with the Association of Project Management (APM) in the United Kingdom. The APM's PRAM Guide is a widely accepted risk management framework, and it is preferred by many construction and UK-based organizations. 

The PRAM Guide offers a more philosophical and free-flowing approach to risk management, focusing on principles and guidelines rather than strict rules and procedures. It encourages project managers to consider all aspects of risk, including financial, technical, and environmental factors, and to develop mitigation strategies that are tailored to the specific needs of the project.

In contrast, the Project Management Institute's (PMI) Practice Standard for Project Risk Management is written in a more structured and practical style, providing a step-by-step approach to identifying, analyzing, and responding to project risks. It emphasizes the importance of risk planning and monitoring throughout the project lifecycle and provides a clear framework for project managers to follow.

Both frameworks are valuable resources for project managers, and the choice between them often depends on the specific needs and preferences of the organization. Ultimately, the goal of both PRAM and the PMI's Practice Standard is to help project managers proactively identify and address potential risks, leading to more successful project outcomes.

Other Risk methodologies: RAMP, SHAMPU, M_o_R and RFA

Adaptive Project Management (AgilePM, Scrum)

In recent years, there has been a shift towards a new approach in project management known as Adaptive Project Management or AgilePM. This approach is also referred to as change-driven or adaptive project management and is gaining popularity across various industries.

AgilePM is based on an iterative and incremental approach where each iteration is very rapid and typically lasts for 2-4 weeks. The iterations are fixed in time and resources, which allows for better control over the project timeline and budget. This approach is particularly popular in software projects, where the requirements and priorities can change rapidly, but it is increasingly being used in other types of projects as well.

The AgilePM methodology emphasizes collaboration and communication between the project team and the stakeholders. The team works closely with the customer to continually refine and prioritize the project requirements, ensuring that the final product meets their needs. The team also holds regular meetings to review progress, identify any issues, and adjust the project plan as needed.

Overall, AgilePM offers a more flexible and adaptive approach to project management that can help teams to respond quickly to changing requirements and deliver high-quality results in a timely and cost-effective manner.

The Agile Principles

The Agile Principles are a set of guiding concepts that help project teams in implementing agile projects. It is essential to use these concepts to implement agile methodologies successfully in your projects. The following are the four primary Agile Principles that can help you achieve your goals:

1. Flexibility is vital in Agile projects because it allows teams to adapt quickly to changes. Agile teams should be able to change direction, priorities, and requirements without losing sight of the project's overall objectives.

2. Working closely with the customer throughout the project is another critical principle. Agile methodologies emphasize customer collaboration, and the team should work with the customer to ensure that the project meets their requirements and expectations.

3. Ensuring the final solution meets the business need is a crucial principle of Agile. The team should focus on delivering a solution that aligns with the business goals and objectives. It is essential to keep in mind that delivering a product that does not meet the business need is a failure for an Agile project.

4. Deferring decisions about detail until the last responsible moment is another key principle of Agile. Agile teams should avoid making decisions too early in the project, as they may not have all the necessary information. Decisions should be made at the last responsible moment to make the best use of available information.

Source: AgilePM Practitioner Course Version 15.1 2014 (WWW.alc-group.com) APMG International.

Adaptive PM and Risk

Adaptive project management and risk management are two critical aspects of any successful project. One approach to project management that has gained popularity in recent years is the agile approach. The agile approach is particularly effective in managing operating risks as it involves breaking the project into smaller parts, which makes it easier to identify and mitigate risks. 

However, when it comes to integrating the agile process with standard organizational processes such as risk management, there are concerns that doing so may compromise the agility of the project. To address this issue, researchers have proposed various strategies for integrating agile development and risk management. For instance, some have suggested that risk management should be integrated into the agile development process at the outset, while others have recommended that risk management should be a standalone process that runs parallel to the agile development process.

Nyfjord, Kajko-Mattsson, and Abrahamsson (2008) have explored the integration of agile development and risk management in detail, and their research provides valuable insights into this subject. In their PhD dissertation, they propose a framework for integrating risk management into the agile development process, which involves identifying risks early on, continuously monitoring them, and taking appropriate actions to mitigate them. Their framework also emphasizes the importance of involving all stakeholders in the risk management process and adopting a proactive approach to risk management.

The Need for a Systematic Approach

Effective risk management is crucial for the success of any project. However, evidence shows that it requires a consistent and systematic approach. The risk management process itself is incidental to the success of risk management. What is key is consistency and systematic adoption of techniques and processes that facilitate an integrated positive thinking approach, a continuous and proactive approach, rigorous thinking, forward thinking, a value adding process management approach, a broad and balanced approach, responsible thinking, accountability for decision making, process-driven risk management, transparent discussions, interdependent management, and effective communications.

Good risk management also demands proper record keeping and documentation. With a well-maintained and comprehensive documentation system, communication becomes more effective, accountability is ensured, and baseline data is provided, which helps in allocating responsibilities and creating a historical record or knowledge base.

Different Processes Different Strengths

Risk management is an essential process in project management, and there are various methods to manage risk in projects. Each method has its advantages and disadvantages, and it is essential to understand them before selecting one that suits a particular project. In this course, we will focus on two popular approaches to risk management: the Australian standard and the PMI PMBOK® Guides.

The Australian standard is a comprehensive approach to risk management, emphasizing the importance of integrating risk management into the organization's overall governance, risk management, and compliance (GRC) framework. The standard provides a systematic process for identifying, assessing, treating, monitoring, and reporting risks in a consistent and transparent manner. However, this approach may not be suitable for all projects, as it is primarily designed for large organizations with well-established risk management processes.

On the other hand, the PMI PMBOK® Guides is an internationally recognized standard for project management, which includes a chapter on risk management. The PMBOK® Guides provides a framework for identifying, analyzing, and responding to risks in projects. However, it lacks depth in some areas, such as taking action and capturing lessons learned.

It is essential to note that there are other approaches to managing risk in projects that are also valid. However, each method has its limitations and may not be suitable for all projects. David Hillson's table illustrates some of the deficiencies of alternative methods when managing risks in projects. Therefore, project managers should carefully evaluate the strengths and limitations of each approach before selecting one that best suits their project's unique attributes.

Project Risk VS. Organisational Risk

 Risk management in project management is a complex process that involves several unique characteristics. David Hillson's book highlights the distinctiveness of project risk management, which is attributed to several factors. These factors include complexity, assumptions and constraints, people, stakeholders, change, and deliberate design. 

Projects are designed to take risks, as risk is related to reward. They are created to achieve objectives that are closely linked to corporate strategy. Therefore, project risk management is an essential aspect of any project. 

Project risk management involves identifying, analyzing, and mitigating potential risks that could impact the project's success. It requires a comprehensive understanding of the project's scope, timeline, budget, and goals. 

Furthermore, external environmental factors can significantly impact project risk management. Understanding the external environment, including economic, political, and social factors, is crucial to identify potential risks and develop appropriate risk management strategies. 

In finding, project risk management is a critical process that requires careful planning and execution to ensure the project's success. Understanding the unique characteristics of project risk management, as well as the external environment, is essential to developing effective risk management strategies.

Good processes does not guarantee good Risk Management

It is important to understand that even though having a good systematic process in place can help you manage risks, it is not a guarantee of good risk management. However, it puts you in a better position in terms of information and thinking than those project managers who do not have a systematic approach. It is essential to create a culture that encourages openness to risk to ensure effective risk management. Going through the administrative processes without challenging your thinking and analyzing the situation is not enough.

According to the Kutsch Elmar research paper, project risk management is sometimes conditioned by deliberate ignorance of project managers. This behavior is characterized by taboos and a suspension of belief, which demotes risk management to an administrative exercise with little or no impact on the project outcome. If project managers fail to address the problem of irrelevance, project risk management may become not only ineffective but also counterproductive.

To address these issues, the Australian/New Zealand Institute of Insurance & Finance (ANZIIF) launched its Risk Management Faculty in Sydney in September 2013. During this event, Dr. David Hillson, The Risk Doctor, was the invited guest speaker. He emphasized that having a broader concept of risk can lead to more effective risk management and, consequently, more successful projects and businesses. Dr. Hillson challenged the audience's limited thinking about risk and explained that risk management should be an integral part of the project management process, rather than just an administrative exercise. By adopting this approach, project managers can identify potential risks and develop strategies to manage them effectively, resulting in successful outcomes.

“Black Swan” and “Perfect Storms”

"This passage discusses the concept of the Black Swan theory, a term coined by Nassim Nicholas Taleb to describe rare events that have a disproportionate impact on history, science, finance, and technology. The author argues that our ability to predict the future is limited, and that we are often blind to uncertainty and unaware of the role that rare events play in shaping history. 

Taleb's book, The Black Swan, explores the idea that one single observation can invalidate a general statement - a limitation to our learning from observations or experience that highlights the fragility of our knowledge. The book also addresses the non-computability of the probability of consequential rare events using scientific methods, as well as the psychological biases that make people unable to account for uncertainty.

The author also discusses the concept of a "perfect storm," which refers to a situation caused by a combination of unfavorable circumstances that result in an event of unusual magnitude. These metaphors are used to describe events that are extreme, rare, and retrospectively predictable, but not predictable from a forward-looking perspective.

The passage notes that data collection and risk assessment are problematic due to the potential for black swan events to occur. Poor use or disregard for historical information has led many organizations to miss the potential for "perfect storms." The author argues that we need to be more aware of the role that rare events play in shaping our world and the limitations of our ability to predict the future.

The text also provides information about Nassim Nicholas Taleb, who is an essayist, belletrist, and researcher interested in chance, particularly extreme and rare events. Taleb's work falls at the intersection of philosophy, epistemology, ethics, mathematical sciences, social science/finance, and cognitive science. The author notes that Taleb mainly derives his intuitions from a two-decade-long and intense practice of derivatives trading.

Finally, the passage provides additional resources for those interested in learning more about the Black Swan theory and Nassim Nicholas Taleb's work, including videos and links to Taleb's homepage."

  • https://youtu.be/BDbuJtAiABA
  • https://youtu.be/g0ShuJ5Maz8


  • PMBOK, Schmimbock - Hatfield, Michael (Hatfield, Michael, 2007 [Hatfield, M 2007, 'PMBOK, Schmimbock', PM Network, January, Business Source Complete, EBSCOhost, viewed 8 November 2012.]
  • Project risk management - Project Management Institute (U.S.) (Project Management Institute (U.S.), 2013)
  • 10 golden rules of project risk management - Jutte, Bart (Jutte, Bart, 2000) [Jutte, Bart ‘10 Golden Rules of Project Risk Management’ Project Smart 2010-2011 ]
  • Risks and projects - Hilson, David (Hilson, David, 2009) [Hillson, David. Managing Risk in Projects. Abingdon, Oxon, GBR: Ashgate Publishing Group, 2009 (eBook)]
  • KPMG Avoid Major Project Failure - Turning Black Swans White here
  • Read Chapter 11 of PMBOK® Guide (5th edition). PMBOK® Guide (5th edition). Chapter 11 of Introduction PP 309-353 or Read Chapter 11 of PMBOK® Guide (4th edition). Introduction PP273-276
  • AS/NZS ISO 31000:2009 Risk Management - Principles and Guidelines PP1-7 Section 1:Scope, Section 2: Terms and Definitions, Section 3: Principles. 
  • Ward, Stephen, & Chapman, Chris 2008, ‘Stakeholders and Uncertainty in Projects’ Vol 26, Issue 6, Construction Management and Economics PP567-577
  • The UK equivalent to the Australian Standard - Risk Management - Management of Risk (M_o_R®) 
  • PDF version from STS Sauter Training and Simulation in Switzerland which also adds in ISO31000 comparisons: 
  • PMI 'Practice Standard for Project Risk Management' (2009). This is available for PMI members free see http://www.pmi.org/en/PMBOK-Guide-and-Standards/Standards-Library-of-PMI-Global-Standards.aspx This related to the 4th edition of the PMBOK guide
  • Chapman, C. B.; Ward, Stephen., 2003, Project Risk Management : Processes, Techniques, and Insights. Hoboken, NJ John Wiley & Sons, Ltd. (UK).
  • "RAMP – Risk Analysis and Management for Projects", site: http://www.zurich.co.uk/NR/rdonlyres/E0E97535-DD8D-4B72-910C-D05DA0AA52BD/0/RAMPInformation.pdf
  • "Risk Factor Analysis--A New Qualitative Risk Management Tool", www.lanl.gov/orgs/d/d5/documents/risk-fact.pdf
  • Jutte, Bart ‘10 Golden Rules of Project Risk Management’ Project Smart 2010-2011 http://www.projectsmart.co.uk/10-golden-rules-of-project-risk-management.html
  • Hillson, D 2009, Managing risk in projects, Gower Pub, Farnham, England. P29
  • Taleb, Nassim Nicholas (April 2007). The Black Swan: The Impact of the Highly Improbable (1st ed.). London: Penguin. p. 400. ISBN 1-84614045-5. Retrieved 23 November 2012
  • Junger, Sebastian 2000, The Perfect Storm. New York: W. W. Norton & Company. p. 38.
  • Paté‐Cornell, E 2012 'On “Black Swans” and “Perfect Storms”: Risk Analysis and Management When Statistics Are Not Enough', Risk Analysis, vol. 32, no. 11, pp. 1823-1833. also available via this address:  http://onlinelibrary.wiley.com/doi/10.1111/j.1539-6924.2011.01787.x/pdf/MEP.%20black%20swans%20and%20perfect%20storms.Rev5.Dec.2011.pdf 
  • Kutsch, Elmar and Hall, Mark 2010 ‘Deliberate ignorance in project risk management’ Journal of Project Management Volume 28, Issue 3, April 2010, Pages 245-255
  • This is a long video version from ESI International a project management consulting firm (http://www.esi-intl.com/consulting). it's 25 minutes long and a bit soporific (!) but if you just want to cut to the chase and get to the risk section it's at 18.32 in! https://youtu.be/dPGLtbr4oao