Back to Risk Categories and Taxonomy

Risk Categorization by Control Ability (Controllable vs Uncontrollable Risks)

5 minutes 5 Questions

Risk categorization by control ability distinguishes risks based on the extent to which an organization can influence or manage them. **Controllable risks** are internal risks over which the project team or organization has direct influence. These risks can be mitigated or eliminated through effective management actions, process improvements, or policy changes. Examples include project scope changes, team skill levels, and operational inefficiencies. By identifying controllable risks, organizations can implement specific strategies to reduce the likelihood of occurrence or minimize their impact. Techniques might include training programs, adoption of new technologies, or restructuring project workflows. In contrast, **uncontrollable risks** are external risks that are beyond the organization's direct influence. They arise from factors outside the project team's control, such as natural disasters, economic downturns, regulatory changes, or geopolitical events. Since these risks cannot be prevented by the organization's actions, the focus shifts to developing response plans that can alleviate their impact. This might involve purchasing insurance, creating contingency reserves, or establishing alternative plans to maintain project continuity. Understanding the distinction between controllable and uncontrollable risks aids in strategic planning and resource allocation. It helps project managers and stakeholders prioritize efforts on areas where they can have the most impact. For controllable risks, investments in preventive measures provide tangible benefits. For uncontrollable risks, building resilience and flexibility into the project becomes paramount. This categorization also emphasizes the importance of environmental scanning and staying informed about external factors that could affect the project. By monitoring the external environment, organizations can anticipate potential uncontrollable risks and prepare accordingly. Moreover, acknowledging the existence of uncontrollable risks encourages organizations to cultivate adaptability and responsiveness, qualities essential for navigating uncertain and complex project landscapes. In essence, risk categorization by control ability enables a balanced approach to risk management, combining proactive measures for controllable risks with strategic preparedness for uncontrollable ones. It enhances decision-making and contributes to the overall robustness of the project management process.

Risk Categorization by Control Ability: Controllable vs Uncontrollable Risks

What is Risk Categorization by Control Ability?

Risk categorization by control ability is a method of classifying risks based on the degree to which they can be controlled by the project team. This approach divides risks into two primary categories:

1. Controllable Risks: These are risks that the project team can influence, manage, or mitigate through direct actions. The team has the ability to reduce either the probability of occurrence or the impact if the risk materializes.

2. Uncontrollable Risks: These are risks that lie beyond the project team's sphere of influence. The team cannot prevent these risks from occurring or significantly reduce their impact through direct actions.

Why is Risk Categorization by Control Ability Important?

Understanding which risks you can control and which you cannot is crucial for effective risk management for several reasons:

- Resource Allocation: It helps teams focus their limited resources on risks they can actually influence.
- Strategy Development: Different approaches are needed for controllable versus uncontrollable risks.
- Stakeholder Communication: It sets realistic expectations about what the team can and cannot manage.
- Contingency Planning: For uncontrollable risks, robust contingency plans become essential.

How Risk Categorization by Control Ability Works

Step 1: Risk Identification
Identify all potential risks that might affect the project.

Step 2: Assessment of Control
For each identified risk, evaluate whether the project team can influence:
- The probability of the risk occurring
- The impact if the risk materializes

Step 3: Categorization
Based on the assessment, categorize each risk as either:
- Controllable: The team can take measures to influence the risk
- Uncontrollable: The risk is beyond the team's sphere of influence

Step 4: Strategy Development
Develop appropriate strategies based on the categorization:
- For controllable risks: Focus on prevention, mitigation, or transfer strategies
- For uncontrollable risks: Focus on acceptance, contingency planning, and insurance

Examples of Controllable vs Uncontrollable Risks

Controllable Risks:
- Technical issues within the project scope
- Resource allocation problems
- Communication breakdowns within the team
- Quality control issues
- Schedule slippage due to internal factors

Uncontrollable Risks:
- Natural disasters
- Major economic shifts
- Political instability
- Regulatory changes
- Competitor actions
- Global pandemics

Exam Tips: Answering Questions on Risk Categorization by Control Ability

1. Understand the Key Distinctions
- Remember that controllability is about the project team's ability to influence the risk, not about the severity of the risk.
- A risk can be severe yet controllable, or minor yet uncontrollable.

2. Look for Action Phrases
- Questions often include phrases that indicate controllability.
- Terms like "the project team can prevent," "measures can be taken," or "within team authority" suggest controllable risks.
- Phrases like "external factors," "beyond project influence," or "outside organizational control" suggest uncontrollable risks.

3. Context Matters
- The same risk might be controllable in one project context but uncontrollable in another.
- Pay attention to the project environment and constraints described in the question.

4. Response Strategy Clues
- Questions about risk response strategies can hint at categorization.
- Prevention and mitigation strategies typically apply to controllable risks.
- Acceptance and contingency planning are more common for uncontrollable risks.

5. Watch for Hybrid Cases
- Some risks have both controllable and uncontrollable aspects.
- Exams might test your ability to identify which aspects can be influenced.

6. Apply the "Influence Test"
- When uncertain, ask: "Can the project team take actions that would meaningfully change the probability or impact of this risk?"- If yes, it's likely controllable; if no, it's likely uncontrollable.

7. Common Exam Scenarios

Scenario 1: Risk Prevention
When asked about preventive measures, focus on controllable risks. If the question describes an uncontrollable risk but asks about prevention, the answer likely involves preparing for consequences rather than preventing the risk itself.

Scenario 2: Response Planning
Questions might ask you to select the most appropriate response plan. For controllable risks, look for options that reduce probability or impact. For uncontrollable risks, look for options that prepare for consequences.

Scenario 3: Resource Allocation
If asked about efficient resource allocation for risk management, prioritize controllable risks where your efforts will have meaningful impact.

8. Remember the PMI-RMP Framework
- Align your answers with PMI's risk management framework.
- PMI emphasizes proactive approaches to controllable risks and robust contingency planning for uncontrollable ones.

By mastering the distinction between controllable and uncontrollable risks, you'll be better equipped to make strategic risk management decisions in both exam scenarios and real-world projects.

Test mode:
Start practice test
PMI-RMP - Risk Categories and Taxonomy Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

When categorizing project risks based on control ability, which of the following represents the most appropriate response strategy for an uncontrollable external market risk?

Correct Answer: Develop contingency plans and monitor market indicators

For uncontrollable external market risks, the most appropriate response strategy is to develop contingency plans and monitor market indicators. Here's why: The correct answer is optimal because: - External market risks are beyond the organization's control - Contingency planning prepares the organization for potential market changes - Monitoring market indicators provides early warning signs - This approach acknowledges the risk while maintaining realistic response capabilities Why other options are incorrect: - Implementing comprehensive internal process changes is an overreaction and may not address the actual market risk - Applying standard risk mitigation procedures for technical risks is inappropriate as technical risks are typically controllable internal risks - Modifying project scope to avoid market exposure is often impractical and could compromise project objectives The key principle is that uncontrollable risks require preparation and monitoring rather than attempts at direct control or avoidance.

Question 2

In a project's risk categorization framework, when should a risk be classified as partially controllable?

Correct Answer: When the project team can influence the probability but not the impact of the risk

A risk is classified as partially controllable when the project team has influence over some aspects of the risk but not all of them. Specifically, when the team can affect the probability of the risk occurring but does not have control over its impact, it is considered partially controllable. Here's why: 1. Being able to influence probability but not impact is a classic case of partial control - this accurately describes partial controllability. 2. If both probability and impact depend on external factors, this would be an uncontrollable risk, not partially controllable. 3. Being able to manage impact but having no effect on probability is the inverse scenario, but still represents partial controllability. However, in risk management, controlling probability is generally more valuable than controlling impact. 4. Having complete control over all aspects would make it a fully controllable risk, not partially controllable. Partial controllability specifically refers to situations where the team has control over some aspects of the risk while other aspects remain beyond their influence. The ability to influence probability while having limited control over impact is the most common and practical scenario in project risk management.

Question 3

Which characteristic best defines a controllable risk in project management?

Correct Answer: The project team has authority to influence its probability or impact

A controllable risk in project management is defined by the ability of the project team to take meaningful action on the risk. The correct answer is correct because it focuses on the key aspect of controllability - the project team's authority to influence either the probability of the risk occurring or its potential impact. This direct ability to affect the risk outcome is what makes a risk truly controllable. The other options are incorrect because: - Requiring extensive coordination between stakeholders does not necessarily mean the risk is controllable - it just indicates complexity - Being able to monitor and track a risk is not the same as being able to control it - you can monitor many risks that you cannot influence - Simply falling under PMO governance does not make a risk controllable - it only indicates organizational oversight

Go Premium

PMI Risk Management Professional Preparation Package (2025)

  • 3223 Superior-grade PMI Risk Management Professional practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless PMI-RMP preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Risk Categorization by Control Ability (Controllable vs Uncontrollable Risks) questions
12 questions (total)
Start 12 question test