The SEPG Conference in Boston in 1995 had a bookstore. One of the books I browsed offered an idea about risk — something like, "Risk comes from commitment."

I don't remember anything else about the book, but that idea stayed with me. Before that moment, most of what I'd read about risk focused on uncertainty as the defining quality that characterizes risk. That quote helped me to see that uncertainty, all by itself, isn't enough to constitute risk. A possible event is a risk event only if it jeopardizes a commitment. For example, suppose I am working on a project, and I am wildly uncertain about when I will finish. Does my uncertainty constitute risk? Only if I have committed to finishing by a certain time. If I haven't made any commitments about when I will finish, my uncertainty is not a risk. It's just uncertainty.

I've used this relationship between risk and commitment to help projects in a number of ways: to identify risks, and to identify commitments that have not been made explicit.

Experiment: Use commitments to identify risks. Write down every commitment your project has made. For each commitment, ask, "What could happen that would jeopardize this commitment?" Your answers tell you your most important project risks.

Experiment: Use risks to identify commitments. Brainstorm a list of project risks. For each risk, ask, "What would happen if this risk occurred?" and "What outcome would this risk jeopardize?" The answers identify outcomes that someone thinks are important either to achieve or to prevent. Explicitly negotiate whether to commit to those outcomes. Then communicate your decisions to the affected project stakeholders.

PS. I don't remember the name of the book from which I got the quote about risk and commitment. If you know the source of the quote, please let me know. I think that the quote is from the introduction or an early chapter, and that the author (or authors) worked at IBM.