GPM First

Reading list

David Hillson's must-read guide to risk management

David Hillson’s must-read guide to risk management provides a list of essential references for anyone wanting to learn more about risk (and let’s face it, we all need to do that!). The list is in three parts: The Risk Doctor Collection (books by David Hillson), the most-read items from David’s risk bookshelf and a list of current risk standards and guides.


The number of books on risk management is both large and growing. Unfortunately the number of good books on risk management is somewhat smaller! As a professional risk practitioner, I’m always on the lookout for books that add something new to the sum total of knowledge in this important topic area. And as an author on risk myself, I try to ensure that my own books cover aspects of risk management that others don’t address.

After 30 years in the risk field, I’ve seen lots of risk books come and go. My risk bookshelf is quite full, including many books that are not as useful now as they once were. A few remain well-thumbed since their message remains relevant today.

This list of risk management recommended reading has three sections. It includes some of my all-time favourite books on the subject, which I’m happy to endorse and recommend to others. I also include my own titles (‘The Risk Doctor Collection’) in the hope that others will find them as useful as I intended them to be. Finally, I list some of the more important risk standards and guidelines, which risk practitioners should be aware of, even if they haven’t read and memorised every word.

The list covers many aspects of risk management, not just limited to managing risk in projects and programmes. This partly arises from my own broad interest in the topic. But, more importantly, I believe that project and programme management professionals can learn much about how risk is understood and managed in other settings. As one of my colleagues in The Risk Doctor Partnership frequently says, ‘Risk is risk – and risk management is risk management.’ I think she means that the underlying concept of risk is the same wherever it appears, and the basic approach to managing risk applies in every setting.

I hope you find some stimulating and useful reading listed here. Happy reading!

David Hillson, The Risk Doctor


The Risk Doctor collection

1. The Risk Doctor’s Cures for Common Risk Ailments, David Hillson: Management Concepts, 2014. ISBN 978-1-56726-459-3

This book describes 10 frequent risk management problems, with clear diagnostic symptoms supported by real-world cases, allowing readers to self-diagnose. Proven treatment options show how to recover from each ‘risk ailment’ and prevent its recurrence. The book closes by describing how to stay risk-healthy once risk ailments have been dealt with. Begin your recovery now and look forward to a future filled with the rewards of a healthy approach to risk management!

2. A Short Guide to Risk Appetite, David Hillson and Ruth Murray-Webster: Gower, 2012. ISBN 978-1-4094-4094-9

Risk appetite is a hot topic, but despite the high level of interest, there is no consensus on what it is, how it should be expressed or measured, or how it can be practically used in business or projects. This book cuts through the confusion to produce clear definitions and simple guidelines, answering the all-important question: ‘How much risk should we take?’ The book also introduces the RARA Model linking risk appetite with risk attitude as a practical tool to control risk-taking.

3. Practical Project Risk Management: The ATOM Methodology (2nd edition), David Hillson and Peter Simon: Management Concepts, 2012. ISBN 978-1-56726-366-4

Written by expert practitioners for practitioners with little or no prior experience, the second edition of this award-winning book offers a realistic and proven scalable approach to project risk management that really works. The ATOM Methodology (Active Threat & Opportunity Management) allows us to minimise threats and maximise opportunities proactively and effectively. This unique book is packed with tips and hints to demystify the risk process, and provides generic templates and guidelines to support real-world application.

4. Exploiting Future Uncertainty: Creating Value from Risk, David Hillson: Gower, 2010. ISBN 978-1-4094-2341-6

This practical guide contains over 60 focused briefings, each addressing a key part of the risk challenge. The five themes cover basic risk concepts, risk management in practice, people aspects, linking better business to risk-taking and managing risk in the wider world. Whether you read a complete section or dip into a particular topic, you’ll find clear practical advice with specific how-to tips and guidance that you can implement immediately.

5. Managing Risk in Projects, David Hillson: Gower, 2009. ISBN 978-0-566-08867-4

The revised edition of this concise book describes current best practice in project risk management and introduces the latest developments, to enable those responsible for managing risk in projects to do so effectively. If you know that risk management is important to your success but you feel you could do it better if only you knew how, this book is for you.

6. Managing Group Risk Attitude, Ruth Murray-Webster and David Hillson: Gower, 2008. ISBN 0-566-08787-1

Based on the authors’ own experience and ground-breaking research, this book explores how groups of people make decisions that they perceive as risky and important. A unique framework is developed and applied, providing a practical model using applied emotional literacy to manage group risk attitude. This in turn allows boards, senior management teams and other groups to improve their decision making in the face of uncertainty, ensuring that they are able to take the right risks safely.

7. Understanding and Managing Risk Attitude (2nd edition), David Hillson and Ruth Murray-Webster: Gower, 2007. ISBN 978-0-566-08798-1

The second edition of this significant book brings together leading-edge thinking on risk attitudes and emotional literacy to create a valuable resource for those wishing to move beyond mere implementation of a risk process and towards a people-centred approach to risk management. Practical guidelines address the most common shortfall in current risk management: the failure to manage human aspects of the process.

8. The Risk Management Universe: A Guided Tour (revised edition), David Hillson: British Standards Institution, 2007. ISBN 0-580-43777-9

The updated second edition of this wide-reaching book brings together 17 leading experts from different risk management disciplines to describe current best practice and point to future developments. It offers a 'guided tour' of the main dimensions of the risk management universe, helping business leaders to understand and address the full range of risks they face. A final integrative discussion draws the threads together and identifies the underlying unifying themes. No other book brings together so many aspects of risk management under one cover!

9. Effective Opportunity Management for Projects: Exploiting Positive Risk, David Hillson: Taylor & Francis, 2004. ISBN 0-8247-4808-5

Despite being written over a decade ago, this major work remains the leading resource for people wanting to capture upside risk. It makes the case for inclusion of opportunity management within the traditional risk process, and provides detailed descriptions of simple proven tools and techniques to make it work in practice. Adopted widely as a university textbook, it also offers clear guidance for practitioners on how to exploit positive risk.


Other risk books

1. Risk Intelligence: Learning to Manage What We Don’t Know, David Apgar: Harvard Business School Press, 2006. ISBN 978-1-59139-954-4

This is one of those books I wish I’d written! Not only does it have a great title, but the content is good too! Dividing risks into those we can learn about and those that are inherently undiscoverable, Apgar explains how to expose knowable risks and increase your ‘Risk IQ’.

2. Against the Gods – The Remarkable Story of Risk, Peter L. Bernstein: J Wiley, 1996. ISBN 0-471-12104-5

A timeless classic. This book traces the history of risk management from ancient times to current experience, with fascinating stories and insights along the way.

3. Global Risk: Business Success in Turbulent Times, Sean Cleary and Thierry Malleret: Palgrave Macmillan, 2007. ISBN 978-0-230-52531-3

Drawing on their experience working with the World Economic Forum, the authors lay out a compelling vision of the causes of global risk, with real-world solutions.

4. How to Manage Project Opportunity and Risk, Chris Chapman and Stephen Ward: J Wiley, 2012. ISBN 978-0-470-68649-2

This is the third edition of a book previously called ‘Project Risk Management: Processes, Insights and Techniques’, and the old title describes the content very well!

5. Simple Tools and Techniques for Enterprise Risk Management (2nd edition), Robert J. Chapman: J Wiley, 2011. ISBN 978-1-119-98997-4

At last, a book on enterprise risk management that provides practical guidance on how to do it.

6. Project Risk Management Guidelines: Managing Risk with ISO 31000 and IEC, Dale Cooper, Pauline Bosnich, Stephen Grey, Grant Purdy, Geoffrey Raymond, Phil Walker and Mike Wood: J Wiley, 2009. ISBN 978-1-118-82031-5

This fully-updated second edition of a major reference book is a must-read for anyone working on major projects. The Broadleaf team of authors are real practical experts – and they write well too.

7. Risk: The Science and Politics of Fear, Dan Gardner: Virgin Books, 2008. ISBN 978-1-905264-15-5

Written by a Canadian journalist, this is my favourite book on popular views and misconceptions about risk, with lots of real-world examples backed up with hard data.

8. Integrated Cost-Schedule Risk Analysis, David Hulett: Gower, 2001. ISBN 978-0-566-09166-7

Few people know how to do quantitative risk analysis properly, and David Hulett is one of them. This book provides in-depth guidance on building, running and interpreting a Monte Carlo model.

9. The Black Swan: The Impact of the Highly Improbable, Nassim Nicholas Taleb: Allen Lane/Penguin, 2007. ISBN 978-0-713-99995-2

This is where the term ‘Black Swan’ started, and Taleb’s unique writing style (not for everyone) provides multiple examples of major-impact risks that seemed unknowable before they happened.

10. Risk Analysis – A Quantitative Guide (3rd edition), David Vose: J Wiley, 2008. ISBN 978-0-470-51284-5

Everything you ever wanted to know about quantitative risk analysis (QRA) – and quite a bit more too! David Vose is the experts’ expert when it comes to QRA, and this book captures much of his expertise on the topic.


Risk standards and guidelines

1. Project Risk Analysis & Management (PRAM) Guide (2nd edition), Association for Project Management: APM Publishing, 2004. ISBN 1-903494-12-5

2. Prioritising Project Risks, Association for Project Management: APM Publishing, 2008. ISBN 978-1-903494-27-1

3. Interfacing Risk and Earned Value Management, Association for Project Management: APM Publishing, 2008. ISBN 978-1-903494-24-0

4. Risk Management – Code of Practice and Guidance for the Implementation of BS ISO 31000, British Standard BS 31100:2011: British Standards Institute, 2011. ISBN 978-0-580-71607-2

5. Risk Analysis & Management for Projects (RAMP)” (3rd edition), Institution of Civil Engineers, Institute and Faculty of Actuaries: ICE Publishing, 2014. ISBN 978-0727741578

6. A Risk Management Standard, Institute of Risk Management (IRM), the Public Risk Management Association (ALARM), & Association of Insurance and Risk Managers (AIRMIC: IRM/ALARM/AIRMIC), 2002

7. A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000, Institute of Risk Management (IRM), the Public Risk Management Association (ALARM), & Association of Insurance and Risk Managers (AIRMIC): IRM/ALARM/AIRMIC, 2010

8. Risk Management – Principles and Guidelines, International Organization for Standardization ISO 31000:2009: International Organization for Standardization, 2009

9. Risk Management – Vocabulary, International Organization for Standardization Guide 73:2009: International Organization for Standardization, 2009

10. Risk Management – Risk Assessment Techniques, International Organization for Standardization ISO IEC 31010:2009: International Organization for Standardization, 2009

11. A Guide to the Project Management Body of Knowledge (PMBoK® Guide)” (5th edition), Project Management Institute: Project Management Institute, 2013

12. The Practice Standard for Project Risk Management, Project Management Institute: Project Management Institute, 2009

13. Management of Risk: Guidance for Practitioners (3rd edition), UK Office of Government Commerce (OGC): The Stationery Office, 2010. ISBN 978-0-11-331274-0

Submit your own content for publication

Submit content