What is Risk Exposure?
Risk exposure is the quantified amount of risk carried — for one risk, probability × impact (its EMV); for a project, the aggregate across the register. It's the number that makes risk comparable to everything else: exposure versus contingency, exposure versus expected benefit, exposure now versus last quarter.
Its management use is ratio thinking: reserves should track open exposure, and the exposure-to-benefit ratio is the honest health metric gates should read.
Formula
Exposure = probability × impact (aggregate: Σ across open risks)
Worked example
At the mid-project gate: open exposure $2.6M, remaining contingency $2.1M, remaining benefit case $18M. The ratio review is quick and sober — exposure exceeds reserve for the first time, driven by two commissioning risks. The board tops up contingency from management reserve now, at planning prices, instead of in month 22 at crisis prices. That's exposure doing its job as a steering number.