Risk Management

Overview:Risk is inherent in almost every business decision. Risk management is the means by which uncertainty is systematically managed to increase the likelihood of meeting project objectives. The purpose of risk management is to reduce the overall project risk to a level that is acceptable to the project sponsor and other stakeholders. The key word is systematic, because the more disciplined the approach, the more we are able to control and reduce the risks. This chapter presents a framework for identifying risks and developing strategies for managing them.

THE ROLE OF EXECUTIVE MANAGEMENT IN PROJECT RISK MANAGEMENT

Executive management plays a crucial role in every projects success. The primary responsibility for carrying out risk management activities lies with the project manager and the project team, but they cannot do it alone. The project sponsor and the executives responsible for project selection and portfolio oversight make four essential contributions to risk management: Maintain both a contingency and a reserve within the project budget. Contingency accounts for known risks and the possible cost of dealing with them if they arise. Reserve accounts for the unknown-unknowns. Hold the project manager and team accountable for the risk management deliverables, and allow for the time it takes to create them. Ben Franklins adage, An ounce of prevention is worth a pound of cure applies to risk management; project executives must pay for and demand the ounce. Promote a climate that recognizes the value of risk management. Strange as it may seem, many project managers are criticized for identifying risks and developing contingency plans: they are accused of pessimism or planning to fail. These project managers should receive praise rather than criticism because they are investing in avoiding obstacles, solving problems before they arise; the ultimate act of proactive management. Never forget the relationship between cost, schedule, quality, and risk. The so-called triple constraint is well known in project management: cost, schedule, and quality are related because it takes time and money to produce a product. Risk is an inherent, though often unrecognized, factor in that relationship. Most strategies to cut schedule and cost increase risk. When an executive asks a project team to produce a more aggressive schedule (i.e., cut some time off the teams proposed schedule) or to sharpen their pencil to reduce the budget estimate, that executive is asking the team to add risk.

RISK IDENTIFICATION

Risk identification is the process of determining risks which might affect the project and documenting their characteristics. A useful method for developing a risk identification strategy begins by creating a classification scheme for likely risks. Risks commonly fall into one or more of the following classification clusters: Financial Risk: Financial risk refers to the financial exposure a firm opens itself to when developing a project. Technical Risk: When new projects contain unique technical elements or unproven technology, they are being developed under significant technical risk. The greater the level of technical risk, the greater the possibility of project underperformance in meeting specification requirements. Commercial Risk: For projects that have been developed for a definite commercial intent (profitability), a constant unknown is their degree of commercial success once they have been introduced into the marketplace. Commercial risk is an uncertainty that companies may willingly accept, given that it is virtually impossible to accurately predict customer acceptance of a new product or service venture. Execution Risk: Execution risk is a broad that seeks to assess any unique circumstances or uncertainties that could have a negative impact on execution of the plan. Contractual or Legal Risk: This form of risk is often consistent with projects in which strict terms and conditions are drawn up in advance. Many forms of contracted terms (eg. Cost-plus terms, fixed cost, liquidated damages) result in a significant degree for risk.

Other than the above mentioned types of risks, there are some more common forms of risks in projects. The list below, offers a short set of some of the more common types of risk most projects may be exposed to: Absenteeism Resignation Staff pulled away by management Additional staff/skills not available Training not as effective as desired Initial specifications poorly or incompletely specified Work or change orders multiply due to various problems Enhancements take longer than expected

ANALYSIS OF PROBABILITY AND CONSEQUENCES

The next step in the process consists of trying to attach a reasonable estimate of the likelihood of each of these risk events occurring.

Figure Quanlitative Risk Management Assessment Matrix Probability combined with consequences provides a sense of overall risk impact. With a prioritization scheme (on the basis of probability and consequences), the project team is better able to focus their attention where their energy can do the most good.

Quantitative risk assessment can be shown as:

RISK MITIGATION STRATEGIES

The next stage in risk management is the development of effective risk mitigation strategies. There are four possible alternatives a project organization can adopt in deciding how to address risks: (1) accept risk, (2) minimize risk, (3) share risk, (4) transfer risk. Accept Risk: One option that a project team must always consider is whether the risk is sufficiently strong that any action is warranted. Any number of risks of a relatively minor nature may be present in a project a matter of course. However, the likelihood of their

occurrence is so small or the consequences of their impact are so minor, they may be judged acceptable and ignored. In this case the decision to do nothing is a reasoned calculation, not the result of inattention or incompetence. Minimize Risk: This means either reducing the probability of a risk event from happening and/or reducing the impact if it does not happen. Share Risk: Risk may be allocated proportionately among multiple members of the project. It could be done by developing a partnership for the project. In addition to partnerships that pool project risk, ameliorating risk through sharing can be achieved contractually. Many project organizations create relationships with suppliers and customers that include legal requirements for risk to be shared among those involved in the project. Transfer Risk: In some circumstances, when it is impossible to change the nature of the risk, either through elimination or minimization, it may be possible to shift the risks bound up in a project to another party. This option acknowledges that even in the cases where a risk cannot be reduced, it may not have to be accepted by the project organization, provided that there is a reasonable means for passing the risk along.

REPORTING RISK STATUS

Involving management in the project is always a good idea. The more they know about the project, the better able they are to support the project team. So add some risk management information to your regular status report or produce a risk summary report with the following information: Near-term risks. The team will confront these in the next two reporting periods. By including these, the project manager ensures his or her management wont be caught off guard if one of these risks occurs. Risks needing executive action. If management has the capability to reduce the probability or impact of a risk, make sure that is clearly communicated. The current contingency and management reserve amounts. If the project is using more or less contingency or management reserve than planned, management may want to either increase the reserves or take some of that reserve and allocate it to other uses. Recently retired or experienced risks. Management will want to know what happened to the risks that were near term on the last few reports. Continuous risk management is essentially the practice of repeating the major risk management processes throughout the life of the project. Through constant vigilance we continuously find problems before they find us.

PROJECT RISK ANALYSIS AND MANAGEMENT PROCESS

PRAM (Project Risk Analysis and Management) is a generic project risk management approach that offers a model for the life-cycle steps a project team might adopt in developing a risk management methodology. Nine distinct steps in the PRAM model present each phase of the process and its associated deliverables. The nine phases of a comprehensive project risk assessment include the following steps: Define: definition, deliverables, statement of work and project scope. Focus: plan the risk management process, and determining the best methods for addressing project risk. Identify: assess the specific sources of risk at the outset of the project, and then organize them. Structure: review and refine the manner in which we have classified risks for the project. Clarify ownership of risks: distinguish between risks that the project organization is willing to handle. Estimate: develop a reasonable estimate of the impacts on the project of both the identified risks and the proposed solutions. Evaluate: critically evaluate the results of the estimate phase to determine the most likely plan for realizing potential risks. Plan: produce a project risk management plan that proactively offers risk mitigation strategies for the project as needed. Manage: monitor actual progress with the project and associated risk management plans, responding to any variances in these plans, with an eye toward developing these plans for the future.

Summary: Project risk is defined as any possibile event that can negatively affect the viability of a project.There are four distinct phases of project risk management.that includes risk identification,analysis of probability and consequences,risk mitigation strategies and control and documentation.There are various primary causes of project risk and approaches to risk identification.Various approcahes of risk mitigation are there that help in the control and reduction of risk.