What is the difference between a challenge and a risk?
Question asked by Anonymous
AFERM Experts Say...
The main difference is that a risk is an event that could possibly occur in the future, while a challenge (often referred to as an issue) is an event that has already occurred. Thinking about this question as the Office of Management and Budget (OMB) defines risk (uncertainty), there is really no distinction other than the level of confidence you have in assessing the event likelihood (see likelihood scale examples on page 97 in the Playbook) and events that fall under either term can be present on the Enterprise Risk Management (ERM) risk register. There is a higher level of confidence in assigning a very high likelihood if the event has already occurred than for events with some level of probability of occurring in the future. It is often easier to assess and evaluate challenges because you can identify the actual causal chains that led to the event which facilitates identifying root cause(s). Similarly, with events that have already occurred, it is much easier to identify the actual impact on the organization rather than having to predict what the impact might be.
Challenges, or issues as you say are equivalent often occur because risks had not been adequately evaluated such that the organization would have intelligently invested in controls before the issue occurred. There can be a significant leverage to investing in controls for risks, some of which have never occurred so that the adages an ounce of prevention is worth a pound of cure or a stitch in time saves nine become true.
Realistically, every project changes something as it goes along. Your role as the project manager is to make sure those changes are adequately assessed and incorporated into the schedule and budget.