Skip to main content.

Foreword: David Hillson, Capturing Upside Risk: Finding and Managing Opportunities in Projects

Capturing Upside Risk

Our friend and business collaborator, Dr David Hillson, also known as The Risk Doctor, has written a new book, Capturing Upside Risk: Finding and Managing Opportunities in Projects, published by Routledge on 1 August 2019. The publisher's information about the book is available here.

Dr Dale Cooper, Director of Broadleaf, was pleased to write the Foreword for David's book. It is reproduced below.


The value of any activity or project for an organisation is linked intrinsically to its objectives. Unless an activity or project enhances the organisation's purpose and objectives then it has little value. David defines risk as 'uncertainty that matters'. Something matters if it has an impact on objectives, otherwise it doesn't matter and it represents no risk. Similarly, if there is no uncertainty then there's no risk, whether objectives are affected or not.

The relationship between activities and value is often complicated, and objectives provide a concise framework for linking the two. Several international standards adopt this approach to understanding how much risks matter and how risk management can help managers make better, value-adding decisions. ISO 31000 Risk management – Guidelines makes explicit the relationship between risk management and value: ‘the purpose of risk management is the creation and protection of value’. IEC 62198 Managing risk in projects – Application guidelines expands on this: ‘risk management contributes to the demonstrable achievement of objectives and improvement of performance and quality in projects and the assets, products and services they create’.

Despite this, much of the literature on risk management, and much of its practice, focuses solely on protecting value by reducing the likelihood and extent of negative outcomes on objectives. In the context of project risk management, this inevitably focuses attention on threats, the sources of risks that might have negative implications for project value, overlooking wider possibilities to achieve better outcomes.

The contribution of this book is to help readers move from a narrow focus on detrimental effects on objectives to a broader view of all effects on objectives. Uncertainty that matters, risk, may be associated with either positive or negative effects on objectives, or both – the definition embraces all kinds of impacts. This supports the guiding principle in ISO 31000, that risk management creates value, as well as protecting it. Managing those sources of risk that may lead to positive impacts, opportunities, forms an important part of getting the most from project risk management.

Although the title of the book includes the word opportunities, this is not its sole focus. Most of what David describes here applies to all project risk management, not just to those parts that deal with positive consequences for objectives and outcomes. He describes how to manage all kinds of project risks, created by both threats and opportunities, emphasising the broad interpretation of the definition of risk.

Nevertheless, there are aspects of the project risk management process as it is often undertaken that should be conducted slightly differently if its full value is to be realised. David explains the project risk management process, and he provides both the rationale for enhancing it and guidance on how to take full advantage of the wider perspective.

The book has three sections: three initial chapters dealing with why opportunities matter, a longer section on the process for managing opportunities in projects, and a final short section on making it work.

The second section of the book is structured to provide a step-by-step guide to the project risk management process, with a chapter devoted to each step. An initial discussion of the purpose and principles for each chapter sets out the scope and key points.

The chapter on finding opportunities is particularly valuable. It starts with well-known approaches for risk identification, based on the past (looking back), the present (looking around) and the future (looking forward). Most of these are directed to identifying threats, sources of risk with negative impacts on objectives. It then discusses how those approaches can be modified to find opportunities, considering past-focused, present-focused and future-focused techniques.

David points out that past-focused techniques, like those based on checklists and lessons learned, may be of little use until an organisation has built up historical resources and experience in identifying opportunities. However, present-focused techniques like influence diagrams and assumptions analysis are readily adapted for opportunities, and the principles embodied in more specialised techniques like fault tree analysis can be adapted to construct benefit trees.

In the realm of future-focused techniques, brainstorming is one of the most common risk identification processes in practice. Risk managers and risk workshop facilitators will find the tips on enhancing brainstorming to better identify opportunities particularly useful. Thinking processes like 'three wishes', 'good luck', 'in your dreams' and 'what if not?' are all simple, straightforward and easy to apply, but they are not common tools for many facilitators. Pre-mortems, combining elements of futures thinking, scenario analysis and visualisation are also outlined.

Other ‘two dimensional’ tools that identify threats and opportunities at the same time are also discussed, including SWOT analysis and force field analysis.

A key section of the chapter on finding opportunities deals with developing a mindset for identifying opportunities. For many project teams and project risk practitioners, project risk management has been about threats and negative impacts, and it has been this way for many years. Breaking out of this mode of thinking requires active intent; David lists some of the defining characteristics of a mindset that is open to opportunities and offers advice on how to reinforce them.

This book is easy to read. The writing is relatively informal, but precise, and the style is clear, logical and persuasive. The clarity of thought and expression explains why David is such a sought-after speaker. This book is a must-read for project risk practitioners, as well as for project professionals who are serious about addressing all the risks on their projects, including the good ones.

Dr Dale F Cooper

Director, Broadleaf Capital International

Cammeray, May 2019