Reading: Waltzing with Bears...
I'm now reading Waltzing with bears: Managing risk on software projects, written by Tom DeMarco and Tim Lister. It's less than 200 pages, but gets strong reviews in encouraging a structured approach to risk management.
It's certainly true that project managers, focused on what can be done and overcoming obstacles, can shy away from frankly describing risk impact to stakeholders (as "explicitly stated uncertainty"). While some of the information is redundant for a PMP (defining risk, conceptually similar to PMBOK's "an uncertain event or condition..."; strategies for managing negative risk), the book is an intriguing and sobering read, with the Denver International Airport case study underscoring the high costs of improper risk management in a project.
Especially valuable in defining risk for software management: Chapter 8's description of the risk diagram and the tendency to view the "earliest articulated date" as the expected delivery date or deadline. (When, in fact, the entire diagram, showing the likelihood of delivery date over a time period is the best definition of the expected delivery date.)
In chapter 5, the authors provide some reasons why organizations may choose not to perform risk management, but omit the most important reason. The costs and benefits of risk management activities for projects are reviewed and it's found that the costs exceed the benefits. This is most likely to occur if, during the Identify Risks process, risks that later become issues are not identified. And, as the result, the most impactful risks were never mitigated in the Risk Management Plan. For more on risk management assessment, see Chuck Weis' presentation on measurement.