What is the difference between a risk and an issue?

I agree with the last post. When working with people from the business (or operations), I have advised people to restate issues in the form of a question that must be resolved. (E.g., "Our estimated development need has doubled. How will we provide enough development resources for this phase of the work?", "The new business model implementation has stalled for lack of clear requirements. Who owes the requirements for the compensation scheme in the new business model?", "The process improvement consultants have been fired. How will we support the business process projects that have already been launched?") This makes issues actionable. If something comes up that seems to land on the fence between issue and risk (the important thing is that you are paying attention to it...), ask for it to be restated as a question (Literally, "What is the question we need to resolve here?"). As a rule of thumb (and as the previous writer suggested), if the question is about something that could possibly happen, it is a risk. If the question is about a problem or situation that needs resolution, it is an issue.

Anyone that has lead successful projects has some competence in this area even if they use different terms (or no terms) to describe what they are doing. When you begin to answer the issue question, you may decide that the resolution to a particular issue is to commit to do nothing and live with or mitigate the RISK. Unresolved issues, almost by definition, represent one or more types of risks. Back to the example... "So, the consultants were fired--what happens if we just let everyone figure it out?" The answer is an informal assessment of the risk associated with a chosen issue resolution. (I hope something in there made sense.)

I have found each of these posts very interesting and informative. I have two different thoughts to this - (1) As a consultant in my past, I found that many organizations used terms with different meanings. One of the surefire ways to increase the maturity of project management within organizations is to create a dictionary of said terms and help educate people to the precision of this guide. In many organizations one would be challenged if they confused "java" vs "visual basic" in IT or "concrete" vs "plywood" in construction. Yet we are willing to be obscure with the differences between risks and issues. So my thought is a risk and an issue is whatever you decide to to be - as long as everyone understands the meaning clearly. (2) For me, the distinction that people understand is the following: An issue threatens the project plan and, if in an open status is something that can be handled by the core team. A risk is something that threatens the charter and, if it occurs, will need involvement of sponsor or senior management to rectify. In some ways, a risk is often an escalated issue - and a risk event is the distinct occurance of a risk. From an organizational change perspective, I encourage my teams to reimagine "ISSUE" and phrase it as an "OPPORTUNITY." People come to me with small, medium and large opportunities - it helps us focus on solution and every issue is truly an opportunity to shine.

Joel

Extracted the text in the RAID Log for easier reading

Prince2 description of a Risk = Defined as uncertainty of outcome, whtehr positive opportunity or negative threat.
Description of Issue = "Project Issue" A term used to cover any concern, query, Request for Change, suggestion or off-specification raised during the project. They can be about anything to do with the project.
APM BoK/PRAM description of a Risk = An uncertain event or set of circumstances which, should it occur, will have an effect on the achievement of the projects objectives. [also refer BS6079-3]{Risks should be managed by the Project Manager and allocated a separate owner}
Description of Opportunity - A positive event [Risk] or outcome of proactive risk mitigation.
Description of Issue - An Issue is a Risk that can not be managed by the Risk Manager/Project Manager and needs to be referred to the Project Board for Review/Action.
PMI BoK/PRAM - Description Of Risk = An uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives.
Description of Opportunity - A condition or situation favourable to the project, a positive set of circumstances, a positive set of events, a risk that will have a positive impact on project objectives, or a possibility for positive changes. Contrast with Threat [A condition or situation unfavourable to the project, a negative set of circumstances, a negative set of events, a risk that will have a negative impact on a project objectives if it occurs, or a possibility for negative changes].
Description of Issue - A point or matter in question or in dispute, or a point or matter that is not settled and is under discussion or over which there are opposing views or disagreements.

Uk HM Treasury Orange Book Description Of Risk = uncertainty of outcome, whether positive opportunity or negative threat, of actions and events. It is the combination-nation of likelihood and impact, including perceived importance

ISO/IEC27005 & 27001Information Security Risk Management Standard - Description Of Risk = is the likelihood that something bad will happen that causes harm to an information asset. [Risk is a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization]

ISO 14971:2007 - Risk Management product lifecycle for medical devices - Description Of Risk = A Measure of the probability and severity of undesired effects; it is often taken as the simple product of probability and consequence. Combination of the probability of occurrence of harm and the severity of that harm

Software Engineering Institute - Description Of Risk = The Software Engineering Institute (SEI) defines risk as the possibility of suffering loss. In a development project, the loss describes the impact to the project which could be in the form of diminished quality of the end product, increased costs, delayed completion, loss of market share, or failure.

UK MOD Acquisition Operational Framework (AOF) - Description Of Risk = A significant uncertain occurrence, differentiated from an Issue by virtue of its lack of certainty. A Risk is defined by the combination of the Probability of an Event occurring and its Consequences on objectives. NOTE: The term “Risk” is generally used to embrace the possibility of both negative and/or positive consequences. However, “ Opportunity ” is specifically used to define those Risks with only the possibility of positive consequences. A condition where the outcome can only be estimated. NOTE: the term Uncertainties is also specifically used to describe uncertain occurrences that are considered insignificant in terms of impact on objectives.
Description of Opportunity - A Risk with positive Consequences. Combination of the Probability of an Event occurring and its positive Consequences on objectives.
Description of Issue - A significant certain occurrence differentiated from a Risk by virtue of its certainty of occurrence and by the fact that it should be accounted for in Planning & Scheduling activities and not Risk Management.

The risk is pointing to outcome for which we know the problem also we know the solution and outcome but the probability is not knwn.
This is why we qunatify it as per PI matrix

The Risk once happen become an Issue , So once Polio vaccine not adopted by masses can lead to risk of 1% , once we found such case it is an Issue

I hope it is clear

I agree with the last post. When working with people from the business (or operations), I have advised people to restate issues in the form of a question that must be resolved. (E.g., "Our estimated development need has doubled. How will we provide enough development resources for this phase of the work?", "The new business model implementation has stalled for lack of clear requirements. Who owes the requirements for the compensation scheme in the new business model?", "The process improvement consultants have been fired. How will we support the business process projects that have already been launched?") This makes issues actionable. If something comes up that seems to land on the fence between issue and risk (the important thing is that you are paying attention to it...), ask for it to be restated as a question (Literally, "What is the question we need to resolve here?"). As a rule of thumb (and as the previous writer suggested), if the question is about something that could possibly happen, it is a risk. If the question is about a problem or situation that needs resolution, it is an issue.

Anyone that has lead successful projects has some competence in this area even if they use different terms (or no terms) to describe what they are doing. When you begin to answer the issue question, you may decide that the resolution to a particular issue is to commit to do nothing and live with or mitigate the RISK. Unresolved issues, almost by definition, represent one or more types of risks. Back to the example... "So, the consultants were fired--what happens if we just let everyone figure it out?" The answer is an informal assessment of the risk associated with a chosen issue resolution. (I hope something in there made sense.)