Risk category

Risk category
See also

Risk category is defined as a group of possible causes of risk. Risk categorization is the important step in Risk Management and allows classifying risks into appropriate categories in order to plan further steps to take for each of these categories Properly prepared risk categorization might have big influence on further steps of effective counteracting of the risk.

There are two main ways to categorize organization risks[1]:

  • categorizing by source of the risk by using the Risk Breakdown Structure (RBS) method
  • categorizing by the project scope by using the Work Breakdown Structure (WBS) based method

or other ways, e.g. (project stage, root causes)

The main purpose of risk categorization is determining areas of the project, which are most subjected to the causes of uncertainty.

Risk Breakdown Structure

Risk Breakdown Structure (RBS), hierarchically presented specification of given risks divided into 4 main categories and multiple subcategories which are specified by areas and causes of identified risks. The Risk Breakdown Structure was developing in time. For different type of projects there can be different Risk Breakdown Structures appropriated[2].

Example of Risk Breakdown Categories and Subcategories for typical project[3]:

External, predictable or unpredictable e.g. legal challenges,

Technical, e.g. technology shifts

Organizational, e.g. unclear organizational objectives

  • Resources
  • Fundings
  • Prioritization
  • Project Dependencies

Project Management, e.g. poor budget planning

Risk categories based on Work Breakdown Structure

Taking into consideration area of the project, we can list following categories:

  1. Operational risks
  2. Budget risks
  3. Schedule risks
  4. Business risks
  5. Technical environment risks
  6. Information security risks
  7. Programmatic risks
  8. Infrastructure risks
  9. Quality and Process risks
  10. Resource risks
  11. Supplier risks
  12. Technology risks
  13. Technical and architectural risk

Other risk categories

Risk categories based on PMBOK Guide[4]:

  • External Unpredictable, e.g. unplanned regulatory changes
  • External Predictable, e.g. inflation, safety
  • Internal (Non Technical), e.g. Procurement Process Delay
  • Technical, e.g. Productivity limitations
  • Legal, e.g. customer lawsuits


  1. Project Management Institute 2013, p.560
  2. Project Management Institute 2013, p.317
  3. C. L. Pritchard 2015, p.16
  4. C. L. Pritchard 2015, p.13


Author: Natalia Kobos