Presents a categorization of risks into preventable, strategic, and external types, each requiring different management approaches. Provides a practical framework for building risk management processes that go beyond compliance checklists to genuinely protect project outcomes.