The purpose of risk management is to identify potential problems before they occur, or, in the case of opportunities, to try to leverage them to cause them to occur. Risk-handling activities may be invoked throughout the life of the project.
It is less costly to mitigate risks to prevent them from triggering (to be proactive) than it is to deal with issues that arise if the risk does trigger (to be reactive). Unmanaged risks can easily prevent a project from achieving objectives or even cause it to fail to succeed. Risk management is important during project initiation, planning, and execution; well-managed risks significantly increase the likelihood of project success.
The University of Waterloo has a risk management policy -- Policy 11 -- which obligates each of us to assess, monitor and report institutional risks. The University defines risk as “the chance of occurrence of an event or trend that will have a negative impact on operations or fulfillment of objectives at the institutional, academic unit and/or academic support unit levels.” Institutional risks that need to be reported are described in the University’s Risk Management Reporting Guideline.
Risk can also be positive. We often call positive risks ‘opportunities’. Opportunities have a different set of risk responses than negative risks because we often want to maximize opportunities or make them more likely to happen.
Both negative and positive risks are tracked in a risk register or a RAID log.