Risk Management for Project Managers: Concepts and Practices by Marcus Goncalves by Marcus Goncalves - Read Online

Book Preview

Risk Management for Project Managers - Marcus Goncalves

You've reached the end of this preview. Sign up to read more!
Page 1 of 1


Chapter 1

Understanding Risk: Opportunities or Threat?


The goal of risk assessment and mitigation management is to measure and assess risk events, with the ultimate goal of managing those risks. In practical terms, risk management is the process of minimizing, or mitigating, risk events, starting with the identification and evaluation of such events and extending on to the optimization of the resources used to monitor and minimize it.

It is important that project managers have a total understanding of risk management, by familiarizing themselves with the principles of the risk management process. Under the Project Management Institute’s (PMI) Project Management Body of Knowledge (PMBOK), risk management falls into the arena of Project Planning. But over time, specific standards and methods have been developed with respect to risk management best practices. Such methods of analysis have assisted those of us practicing risk management in establishing standard ways of identifying, assessing, and responding and managing risk events. These methods have also helped us practitioners to manage risks by avoiding, transferring, or reducing the impact of such risks, or by various other alternative solutions that will be discussed throughout this book.

In 2002, the U.S. National Institute of Standards and Technology (NIST) published a set of risk management best practices. According to the guide, risk management consists of risk assessments, risk mitigation, and ongoing risk evaluations and assessments. For instance, the risk assessment stage is where project managers identify and evaluate each risk, the impact these risks have on the organization, and any risk-reducing recommendations. The risk mitigation stage involves prioritizing, implementing, and maintaining appropriate risk-reduction measures that are recommended in the risk assessment process, while the ongoing risk evaluation and assessment stage asks that the organization continuously evaluate their risk management activities in reducing risks.

Generally speaking, any risk event is a result of uncertainty in a project, or process, including but not limited to uncertainties in the market place such as variations on demand, supply and the stock market, project failures, accidents, and natural disasters, to name a few. As we will discuss later in this book, when dealing with risk analysis, a risk prioritization process should be followed whereas risks that pose the threat of great loss and have great probability of occurrence are dealt with first. Table 1.1 provides an example to this process, which can be useful in strategizing various risk scenarios.

Table 1.1 - A sample template of a risk event analysis matrix

As observed in Table 1.1, the two main variables to be analyzed in any risk assessment and mitigation process, which should govern the response actions required, are the probability of occurrence and the impact of the risk. For instance, let’s assume a risk event condition where the impact on the project is minor and the probability of it actually occurring is low. In such scenario the best course of action, risk mitigation, may be to accept the risk without any interventions. Conversely, however, a condition where the likelihood of a risk event occurring is high and the impact is significantly high as well, there might be a need for extensive risk management. The study of risk assessment and mitigation methods helps us understand how a certain priority can be established in dealing with the risk. Therefore, it is key to this process that we first understand what risks are, and what they are not.

What is Risk?

Risk, or better yet risk events, can be found in almost anything that we set out to do or accomplish in life, be it in business or our own personal lives. Think of a risk event as situation that can potentially have a negative impact on something, or a process, that is important, or of value to you. Risk events can be caused by an endless variety of factors. Since we cannot anticipate all risk events and mitigate every single one of them, it is important for us to devise methods to understand and analyze the severity of a risk, so we can decide how to effectively respond to it, from deciding to do nothing about it, or something, to not taking the risk at all. Hence, a risk event should always be analyzed for its probability of occurring, the higher the chance that a risk event will happen the higher the risk. Probability is then assessed in combination with loss.

As suggested earlier in this chapter, when it comes to project management, all types of risk can occur, such as knowledge risk, relationship risk or process-engagement risk. Unfortunately, as we already know, each of these risk events can have a huge impact on the productivity of your teams and ultimately on the success of the project at hand. That said, it is also important to understand that not all risks can be avoided, nor should it, otherwise nothing would ever be accomplished in your lives, or projects, as risk events exists in every single task we are involved with, some higher, some lower, but they are always there, waiting to comply with Murphy’s Law, where anything that can go wrong, will! Our job is to identify and analyze these risk events, their potential outcomes, and decide when to allow the risk. Such analytical process of assessment, analysis, and mitigation causes us to follow a risk management cycle, as depicted in Figure 1.1.

Figure 1.1 - Risk Management Cycle

As illustrated in Figure 1.1, there are four steps in the process of risk management, which will be discussed in details in later chapters of this book. In general terms, the first step is the assessment of risk events, followed by evaluation and management of the same. The last step is measuring the impact of such risk events.

Risk event identification, the first step, typically starts at the base or the surface level of a project. The key questions here is, what can go wrong? What can deviate from what has been planned? As we ask such questions we are also trying to identify the source of such risk events. By risk source we mean any cause, which could be either internal or external to the project at hand. External sources are often beyond our control while internal sources are potentially controllable, to a certain extent at least. For example, we cannot control an unexpected rain (external), but we can control how we deal with it by carrying an umbrella (internal), etc.

After major risk events have been identified then