Steps Involved in Risk Management for an Improved Project Execution
By Lekharaju Chaitanya
1. What is risk management and why is it important?Risk is an uncertain event which could possibly on its occurrence, affect the ongoing project life-cycle/ phase and in turn the project’s outcome. A risk may be a potential hazard to the planned outcome of the project in terms of Cost, Time and Quality. However, in a few cases, the risk may turn out to be a positive catalyst to the project.Uncertainties in a project may be anticipated mostly based on experience and historical data which can be mitigated or avoided while few cannot be anticipated turning out to be absolute disasters ruining the project outcome out-and-out.One can compare the risks/ uncertainties with occurrence in every individual’s life shackling its progress. Attending untimely or de-efforts to mitigate it may lead to tragedy. Hence, managing such risks is of utmost importance to safeguard the interests of the project or life. Nevertheless, life is also a project with many phases in it.The objectives of the risk management initiative are toensure compliance with applicable rules and regulations,assurance that the activities comply with PACED (will be discussed later in this article),support decision-making with appropriate risk-based information,thus assisting in enhancingthe efficiency of operations,the effectiveness of processes andefficaciousness of strategies.2. What are the five steps in the risk management process?For a successful risk management, there are five (5) steps to be executed in a proper manner.Plan Risk Management - defining methodology to be applied for managing the risk.Identify the Risk(s) - listing out the possible uncertain events those could affect the project outcome.Perform Risk Analysis - analysing the probability of occurrence of the risk and its possible impact (Qualitative) on the project outcome based on the numerical analysis (Quantitative).Plan Risk Response(s) - developing strategies for the possible and probable risks to either enhance the positive effect or reduce the negative consequence.Control Risk(s) - performing all the above steps/ identifying new risks/ evaluating risk process effectiveness throughout the project.3. What are the 4 process steps of risk management?The four (4) process steps involved in risk management are:Identify - distinguishing the possible risksAssess - analyzing the probable impact of the identified risksControl - managing or mitigating the risks depending on the risk natureReview - evaluating the process of risk management to the requirements4.What are the methods of risk management?Methods of risk management include:Risk strategyRisk management frameworkRisk management documentationRisk management responsibilitiesRisk-aware cultureRisk training and communicationRisk assessmentImportance of and approaches to risk assessmentShort, Medium and Long-term risksRisk likelihood and impactLoss controlRisk responseImportance of risk appetite - risk capacity and risk exposure4Ts of hazard response - Tolerate, treat, transfer and TerminateRisk control techniques - Preventive, Corrective, Directive and DetectiveRisk assurance and reportingEvaluation of control environmentActivities of an internal audit functionRisk assurance techniques - audit committeesReporting on risk management - risk documentationImportance of corporate reputation5. How do you project risk management?Risk Management in project has become of utmost priority because of experiencing global financial crisis and increase in a number of corporate failures, also, increasing stakeholder expectations.Whichever the field the project is, there is always a possibility of encountering risks which may or may not be averted depending on its nature. However, risk management is everyone’s responsibility.Here, I would like to mention the 10 myths of risk management by Dr. David Wilson which clearly states what risk management is all about and its role among the project teams.All risks are badRisk management is a waste of timeWhat you don’t know won’t hurt youThe risk manager manages riskAll risks can and should be avoidedOur projects aren’t riskyRisk management requires statisticsRisks are covered by routine processesContingency is for wimpsRisk management doesn’t work6. What are the types of risk?Risks can be divided into three (3) categories:Hazard Risk - associated with the management of pure risk - need to be mitigated.Control Risk* - associated with the management of uncertainty (unknown and unexpected) - need to be managed.Opportunity Risk - associated with the benefits of speculative opportunities - need to be enhanced.Note: * not to be confused with Control Risk - one of the five steps of the risk management process.There are certain events that can only result in negative outcomes. These risks are hazard risks or pure risks. In general, organizations will have a tolerance of hazard risks, and these to be managed within the levels of that tolerance. A common area where these kinds of risks are observed is Occupational health and safety.There are certain risks that give rise to uncertainty about the outcome of a situation. These can be described as control risks. Often these risks generate uncertainties on the project budget, time and quality which are to be taken care of or managed to be in the desired range. The main purpose of managing such risks is to reduce the variance between anticipated outcomes and actual results.At times, organizations consciously take risks in order to achieve a positive return, though not guaranteed. These can be described as opportunity risks. These relate to the relationship between risk and return.However, apart from the above, a project may face risks from four (4) different ways which can be broken down as below. These, again, maybe of hazard, control and opportunity kind of risks.7. What are the principles and techniques of risk management?Principles of risk management:The main principle of risk management is that it reduces the volatility or uncertainty of outcomes thus achieving the best possible result/ product.A successful approach to risk management initiative and framework within an organization is known as PACED.P - Proportionate to the level of riskA - Aligned with other business activitiesC - Comprehensive, systematic and structuredE - Embedded within business processesD - Dynamic, iterative and responsive to changeHowever, the key goal of risk management is to enhance the efficiency of operations, the effectiveness of processes and efficaciousness of strategies.As the result of a risk may have on the project, a negative impact (due to hazard or pure risk) or a positive impact (due to opportunity or business risk) so the strategies to deal with the risks.Techniques in risk management:a. Hazard or pure risk:Avoid - changing the project plan so that particular risk can’t occur during which inadvertently new risks arise called secondary risks.Mitigate - steps are to be taken to reduce the likelihood and/or impact of an identified risk.Transfer - outsourcing the risk or awarding the handling of risk to a third party.Accept - tolerating the risk as it is. b. Opportunity or business risk:Exploit - reduce the time to completion or to provide lower cost than originally planned.Share - forming risk-sharing partnerships, teams or JVs.Enhance - increase the probability and/or positive impact of an opportunity.Accept - no action.In whichever the given situation, both the risks must be assessed and managed.8. What are the four ways to deal with risks?Priority significant risks facing by an organization are those that have:High or very high impact in relation to the benchmark test for significanceHigh or very high likelihood of materializing at or above the benchmark levelHigh or very high scope for cost-effective improvement in controlTo handle such risks, Paul Hopkin - Author of Fundamentals of Risk Management, stated in his book, four (4) ways called 4Ts.Tolerate risk and its likely impact - a detective action is required to control the risk.Treat risk to reduce the likely impact - a corrective action is required to control the risk.Transfer risk to the third party - a more directive action is required to control the risk.Terminate activity generating the risk - a preventive action is required to control the risk.9. What is risk management in project management?Drawing a distinction between project risk management and the reason why the project was undertaken is of utmost importance because project risk management is concerned about the risks embedded within the delivery of the project. Project risk management should be an extension of project planning. The main requirements of any project are that it is delivered on time, within the budget (cost) and to specification or performance (quality).A risk is often defined in terms of uncertainty or deviation from required outcomes. Therefore, the focus of risk management is often on the reduction in the variability of outcomes and the management of control risks. Project risk management is a type of control management. Project risk management is one of the successful areas for the application of risk management tools and techniques.As per the Project Risk Analysis and Management (PRAM) Guide developed by The Association for Project Management (APM), there are five (5) points in a project where an accurate prediction of the impact of risk-based events can be done:Feasibility: at this stage the project is most flexible, enabling changes to be made that can reduce the risks at a relatively low cost.Sanction: the client can view the risk exposure associated with the project and check at all steps to reduce/ manage the risks have been taken.Tendering: the contractor can ensure that all risks have been identified by the risk contingency or risk exposure limits have been set.Post Tender: the client can ensure that all risks have been identified by the contractor and assess the likelihood of programmes being achieved.During implementation: the likelihood of completing the project to cost and timescale will increase if all risks are identified and correctly managed.Risk management should be embedded in project management so as to consider that it is just another project management technique. It must not be seen as an optional. It must be built-in into project management and not seen as a bolt-on. Built-in risk management has two (2) key characteristics:Project management decisions are made with an understanding of the risks involved.Risk management must be integrated with other project management processes.10. The Importance of Risk Management In An OrganisationImportance of Risk Management in an Organization can be understood by analyzing a series of steps:Level of risk:The explicit management of risks brings benefits. By taking a proactive approach to risk and its management, organizations will be able to achieve improvement in:OperationsProcessesStrategyStakeholders should expect that organizations will take full account of risks that may cause disruption within operations, late delivery of projects or failure to deliver the strategy.The exposure presented by an individual risk can be identified in terms of likelihood of the risk materializing and the impact of the risk when it does materialize. As risk exposure increases, then likely impact will also increase. The level of risk should be compared with the risk appetite (set of risk criteria) of the organization for risks of that type.Impact of hazard risks:Hazard risks undermine the objectives, and the level of impact of such risks is a measure of their significance. Hazard risk management is closely related to the management of insurable risks. Hazard (or pure) risk can only have a negative outcome.Hazard risk management is concerned with:HealthSafetyFire preventionAvoiding damage to propertyConsequences of defective productsHazard risks can cause disruption to normal operations resulting in increased costs. Theft and fraud can also be significant hazard risks to an organization. Techniques to avoid such risks include adequate security procedures, segregation of financial duties, and authorization and delegation procedures, etc.Risk and reward:Another feature of risk and risk management is that many risks are taken by organizations in order to achieve a reward. When an organization puts the value at risk, it should do so with the full knowledge of the risk exposure and it should be satisfied that the risk exposure is within the appetite of the organization. Even more important, it should ensure that it has sufficient resources to cover the risk exposure. Risk and uncertainty:Risk is sometimes defined as uncertainty of outcomes. It is particularly applicable to the management of control risks. Control risks are most difficult to identify and define but are often associated with projects. The overall intention of a project is to deliver the desired outcomes on time, within budget (cost) and to specification (quality).A certain level of deviation from the project plan can be tolerated, but it must not be too great.Attitudes to risk:Different organizations will have different attitudes to risk. Some organizations may be considered to be risk-averse while some others risk aggressive. To some extent, it depends on the nature and maturity of the marketplace within which it operates, as well as the attitude of the individual board membersRisks cannot be considered outside the context that gave rise to them. Improvement in the decision-making process is one of the key benefits of risk management.
based on 16 customer reviews