RISK MANAGEMENT

PROCESS
NANING ARANTI WESSIANI
DEPARTMENT OF INDUSTRIAL ENGINEERING
Risk Management: Definition
Any set of actions taken by individuals or corporations in an effort to alter the risk arising from
their business (Merna and Smith 1996)
Smith (1995) states that risk management is an essential part of the project and business
planning cycle which:
 requires acceptance that uncertainty exists
 generates a structured response to risk in terms of alternative plans, solutions and contingencies
 is a thinking process requiring imagination and ingenuity
 generates a realistic attitude in an investment for staff by preparing them for risk events rather than
being taken by surprise when they arrive.
Risk Management Process: Smith (1995)

Allocation of
Identification of Analysis of Response to
appropriate
risk/uncertainty implication minimize risk
contingencies
Risk Management Process: Chapman &
Ward (1997)

Define Focus Identify Structure

Ownership Estimate Evaluate Plans

Risk Management Process: Chapman &
Ward (1997)
Define
Consolidate any
Focus
relevant existing
information about the Look for and develop
Identify
project, and to fill in a strategic plan for the
risk management All key risks and
Structure
any gaps uncovered in
the consolidation process, and to plan responses should be
process the risk management identified, with Test the simplified
process at an threats and assumptions, and to
operational level opportunities provide a more
classified, complex structure
characterised, when appropriate
documented, verified
and reported
Risk Management Process: Chapman &
Ward (1997)
Ownership Estimate Evaluate Plans
Client/contractor Identifies areas of Diagnosis of all Base plans in activity
allocation of clear significant important difficulties terms at the detailed level
required for
ownership and uncertainty and areas and comparative implementation, with
management of risk of possible significant analysis of the timing, precedence,
and responses, such uncertainty. implications of ownership and associated
as the allocation of responses to these resource usage
client risks to named difficulties should take Risk assessment in terms
individuals, and the place, together with of threats and
approval of contractor specific deliverables opportunities.
allocations like a prioritised list of Recommended proactive
risks or a comparison and reactive contingency
of the base plan and plans in activity terms,
contingency plans with timing, precedence,
ownership and associated
with possible resource usage
difficulties and revised
A management phase that
plans includes monitoring,
controlling and developing
plans for immediate
implementation.
Risk Management Process: PMBOK
(1996)

Risk Quantification
Risk Identification Risk Response
and Analysis
Risk Identification
 Risk identification consists of determining which risks are likely to affect the project and
documenting the characteristics of each one.
 Risk identification should address both the internal and the external risks.
 The primary sources of risk which have the potential to cause a major effect on the project should
also be determined and classified according to their impact on project cost, time schedules and
project objectives.
 The identification of risks using both historical and current information is a necessary step in the
early stage of project appraisal and should occur before detailed analysis and allocation of risks
can take place.
 It is also essential for risk analysis to be performed on a regular basis throughout all stages of the
project.
 Risk identification should be carried out in a similar manner at both corporate and strategic
business levels.
Risk Identification: Input & Output
INPUT OUTPUT

 Product or service description  Sources of risk

 Other planning outputs (Ex: work breakdown  Potential risk events
structure, cost and time estimates,
specification requirements  Risk symptoms

 Historical information  Inputs to other processes

Risk Identification: Purposes
1) to identify and capture the most significant participants (stakeholders) in risk management
and to provide the basis for subsequent management
2) to stabilise the groundwork by providing all the necessary information to conduct risk
analysis
3) to identify the project or service components
4) to identify the inherent risks in the project or service
Risk
Identification
Process
Risk Quantification and Analysis
 Risk quantification and analysis involves evaluating risks and risk interactions to assess the
range of possible outcomes.
 It is primarily concerned with determining which risk events warrant a response.
 The major output from risk quantification and analysis is a list of opportunities that should be
pursued and threats that require attention.
 The risk quantification and analysis process should also document the sources of risk and risk
events that the management team has consciously decided to accept or ignore
 Two types of methods: qualitative and quantitative risk analysis.
Risk
Quantification
and Analysis
Process
Risk Response
 Risk response involves defining enhancement steps for opportunities and responses to
threats.
 Responses to threats generally fall into one of the following categories:
1) Risk Avoidance: eliminating the source of the risk within a project or by avoiding projects or business
entities which have exposure to the risk
2) Risk Reduction: lowering its probability or lessening its impact (or both)
3) Risk Transfer: does not eliminate or reduce the criticality of the risk, but merely leaves it for others to
bear the risk
4) Risk Retention: risks may be retained intentionally or unintentionally
Risk Response
Process
The Benefit of
Implementing
Risk
Management
Academic and
Practitioners
View