You are on page 1of 8

Risk Management

Overview:Risk is inherent in almost every business decision. Risk management is the means by which uncertainty is systematically managed to increase the likelihood of meeting project objectives. The purpose of risk management is to reduce the overall project risk to a level that is acceptable to the project sponsor and other stakeholders. The key word is systematic, because the more disciplined the approach, the more we are able to control and reduce the risks. This chapter presents a framework for identifying risks and developing strategies for managing them.

Executive management plays a crucial role in every project¶s success. The primary responsibility for carrying out risk management activities lies with the project manager and the project team, but they cannot do it alone. The project sponsor and the executives responsible for project selection and portfolio oversight make four essential contributions to risk management: ‡ Maintain both a contingency and a reserve within the project budget. Contingency accounts for known risks and the possible cost of dealing with them if they arise. Reserve accounts for the unknown-unknowns. ‡ Hold the project manager and team accountable for the risk management deliverables, and allow for the time it takes to create them. Ben Franklin¶s adage, ³An ounce of prevention is worth a pound of cure´ applies to risk management; project executives must pay for and demand the ounce. ‡ Promote a climate that recognizes the value of risk management. Strange as it may seem, many project managers are criticized for identifying risks and developing contingency plans: they are accused of pessimism or planning to fail. These project managers should receive praise rather than criticism because they are investing in avoiding obstacles, solving problems before they arise; the ultimate act of proactive management. ‡ Never forget the relationship between cost, schedule, quality, and risk. The so-called triple constraint is well known in project management: cost, schedule, and quality are related because it takes time and money to produce a product. Risk is an inherent, though often unrecognized, factor in that relationship. Most strategies to cut schedule and cost increase risk. When an executive asks a project team to produce a more aggressive schedule (i.e., cut some time off the team¶s proposed schedule) or to sharpen their pencil to reduce the budget estimate, that executive is asking the team to add risk.


given that it is virtually impossible to accurately predict customer acceptance of a new product or service venture. a constant unknown is their degree of commercial success once they have been introduced into the marketplace. Cost-plus terms. there are some more common forms of risks in projects. fixed cost. liquidated damages) result in a significant degree for risk. the greater the possibility of project underperformance in meeting specification requirements. Commercial risk is an uncertainty that companies may willingly accept. ‡ ‡ ‡ Other than the above mentioned types of risks. they are being developed under significant technical risk. Commercial Risk: For projects that have been developed for a definite commercial intent (profitability). Many forms of contracted terms (eg. Execution Risk: Execution risk is a broad that seeks to assess any unique circumstances or uncertainties that could have a negative impact on execution of the plan. Technical Risk: When new projects contain unique technical elements or unproven technology. Contractual or Legal Risk: This form of risk is often consistent with projects in which strict terms and conditions are drawn up in advance.Risk identification is ³the process of determining risks which might affect the project and documenting their characteristics. offers a short set of some of the more common types of risk most projects may be exposed to: ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Absenteeism Resignation Staff pulled away by management Additional staff/skills not available Training not as effective as desired Initial specifications poorly or incompletely specified Work or change orders multiply due to various problems Enhancements take longer than expected ANALYSIS OF PROBABILITY AND CONSEQUENCES . The greater the level of technical risk. Risks commonly fall into one or more of the following classification clusters: ‡ ‡ Financial Risk: Financial risk refers to the financial exposure a firm opens itself to when developing a project.´ A useful method for developing a risk identification strategy begins by creating a classification scheme for likely risks. The list below.

Quantitative risk assessment can be shown as: . Figure Quanlitative Risk Management Assessment Matrix Probability combined with consequences provides a sense of overall risk impact. the project team is better able to focus their attention where their energy can do the most good.The next step in the process consists of trying to attach a reasonable estimate of the likelihood of each of these risk events occurring. With a prioritization scheme (on the basis of probability and consequences).



(3) share risk. However. (2) minimize risk. (4) transfer risk. ‡ Accept Risk: One option that a project team must always consider is whether the risk is sufficiently strong that any action is warranted.RISK MITIGATION STRATEGIES The next stage in risk management is the development of effective risk mitigation strategies. There are four possible alternatives a project organization can adopt in deciding how to address risks: (1) accept risk. Any number of risks of a relatively minor nature may be present in a project a matter of course. the likelihood of their .

Management will want to know what happened to the risks that were near term on the last few reports. either through elimination or minimization. not the result of inattention or incompetence. ‡ The current contingency and management reserve amounts. This option acknowledges that even in the cases where a risk cannot be reduced. they may be judged acceptable and ignored. PROJECT RISK ANALYSIS AND MANAGEMENT PROCESS . provided that there is a reasonable means for passing the risk along. the better able they are to support the project team. it may be possible to shift the risks bound up in a project to another party. management may want to either increase the reserves or take some of that reserve and allocate it to other uses. Share Risk: Risk may be allocated proportionately among multiple members of the project. the project manager ensures his or her management won¶t be caught off guard if one of these risks occurs. In addition to partnerships that pool project risk.occurrence is so small or the consequences of their impact are so minor. ameliorating risk through sharing can be achieved contractually. Through constant vigilance we continuously find problems before they find us. The more they know about the project. By including these. If the project is using more or less contingency or management reserve than planned. when it is impossible to change the nature of the risk. ‡ REPORTING RISK STATUS Involving management in the project is always a good idea. If management has the capability to reduce the probability or impact of a risk. Many project organizations create relationships with suppliers and customers that include legal requirements for risk to be shared among those involved in the project. It could be done by developing a partnership for the project. ‡ ‡ Minimize Risk: This means either reducing the probability of a risk event from happening and/or reducing the impact if it does not happen. ‡ Recently retired or experienced risks. it may not have to be accepted by the project organization. Continuous risk management is essentially the practice of repeating the major risk management processes throughout the life of the project. In this case the decision to ³do nothing´ is a reasoned calculation. ‡ Risks needing executive action. make sure that is clearly communicated. So add some risk management information to your regular status report or produce a risk summary report with the following information: ‡ Near-term risks. Transfer Risk: In some circumstances. The team will confront these in the next two reporting periods.

The nine phases of a comprehensive project risk assessment include the following steps: ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Define: definition. Nine distinct steps in the PRAM model present each phase of the process and its associated deliverables. Clarify ownership of risks: distinguish between risks that the project organization is willing to handle. deliverables. statement of work and project scope. and then organize them. Summary: Project risk is defined as any possibile event that can negatively affect the viability of a project. Manage: monitor actual progress with the project and associated risk management plans.PRAM (Project Risk Analysis and Management) is a generic project risk management approach that offers a model for the life-cycle steps a project team might adopt in developing a risk management methodology. Estimate: develop a reasonable estimate of the impacts on the project of both the identified risks and the proposed solutions.There are various primary causes of project risk and approaches to risk identification. Identify: assess the specific sources of risk at the outset of the project. Evaluate: critically evaluate the results of the estimate phase to determine the most likely plan for realizing potential risks.risk mitigation strategies and control and documentation.There are four distinct phases of project risk management. and determining the best methods for addressing project risk. responding to any variances in these plans. with an eye toward developing these plans for the future.Various approcahes of risk mitigation are there that help in the control and reduction of risk.analysis of probability and consequences.that includes risk identification. Plan: produce a project risk management plan that proactively offers risk mitigation strategies for the project as needed. Structure: review and refine the manner in which we have classified risks for the project. . Focus: plan the risk management process.