Professional Documents
Culture Documents
Learning Outcomes
INTRODUCTION
Risk is inevitable in a business organization when undertaking projects. However, the project
manager needs to ensure that risks are kept to a minimal. Project managers face not only the
negative impact risk at all the time, as there are positive impact risks too. Once the risk has been
identified, project managers need to come up with a mitigation plan or any other solution to counter
attack the risk.
PROJECT RISK
Project risk is an uncertain event or condition that, if it occurs, has a positive or a negative effect
on a project objective. The base line of the project plan is triple constraint such as scope, cost, time
and quality. Changes in any of these items in triple constraint cannot only impact on each other;
they could in object the risk for other areas of the project. Changes of enterprise environment,
organizational process assets, government mandates and natural disaster can lead to project risk.
There are two types of risk such as:
Positive risk: -These are opportunities and desired by both the project managers and stakeholders.
It may positively affect the project. E.g. a new telecommunications service receiving much more
than the expected numbers of subscribers on the launch date of the service
These two types of risk should be managed very carefully. Therefore, the project manager should
consider the project risk management.
Project risk management is the art and science of identifying, analyzing and responding to risk
throughout the life of the project and in the best interests of meeting project objectives. It can help
to improve project success by helping select good project, determining project scope and
developing realistic estimates. Project manager can plan their strategy based on five steps of risk
management, which prevails in an organization.
a. Plan risk management:-This initial step involves the production of a risk management plan,
which can be a section of the project management plan or, for big projects, a document of its
own. It includes things like itemizing the risk categories (market, procurement, resources,
etc.), determining the timing and procedures for reassessing risks, and definitions of risk
probability and impact.
b. Risk identification:-This is where the value gets created. A good list of potential risks to a
project’s cost, schedule, or any other critical success factor is the key to great risk
management. Checklists are a good resource, as is expert judgment and previous project
experience. The project manager should answer the question “What could go wrong?”
Brainstorming, interviewing, risk profiles, historical data and work breakdown structure
analysis can be used to identify the project risk.
d. Risk response:-There are four risk response strategies for negative as well as positive impact
of risk
Mitigate Accept Enhance Accept
i. Avoid – Avoidance eliminates the risk by eliminating the cause. It may lead to not doing
the activity or doing the activity in different way. The project manager may also change or
isolate the objective that is in trouble. Some risks can be avoided by early collection of
information, by improving communication between stakeholders or by use of expertise.
E.g.: Extending the schedule or changing the scope of the project activity. Another example
could be a risk which is too hazardous that it may lead to loss of life and is avoided by
shutting down the project completely.
ii. Transfer – In Risk Transfer approach, risk is shifted to a third party. The third party, like
insurance company or vendor, is paid to accept or handle the risk on your behalf and hence
the ownership as well as impact of the risk is borne by that third party. This payment is
called risk premium. Contracts are signed to transfer the liability of risks to third party.
Risk Transfer does not eliminate the risk but it eliminates the direct impact of the risk on
the project.
E.g.: insurance policy, performance bonds, warranties, guaranties etc. This approach is
most effective in covering financial risk exposure.
iv. Accept – Acceptance means accepting the risk, especially when no other suitable strategy
is available to eliminate the risk. Acceptance can be passive acceptance or active
acceptance. Passive acceptance requires no other action except to document the risk and
leaving the team to deal with the risks as they occur. In an active acceptance approach, a
contingency reserve is designed to recover the losses of time, money or resources.
i. Exploit – Exploitation increases the chances of making a positive risk happen, leading to
an opportunity. A project manager should assign sufficient and efficient resources to take
advantage of this opportunity. This approach reduces the uncertainty associated with a
positive risk by ensuring that it definitely happens.
E.g.: some members of your team have determined a new technique to develop a product
and by using this technique, the project duration can be reduced by 20%. To exploit this,
you can ensure the technique is used in the project and other team members are trained on
the new technique.
ii. Share – When the project team members themselves are not fully capable of taking
advantage of the opportunity they might call in another company to partner with. The
expertise of another company is leverage to maximize the return out of the opportunity.
Examples of sharing opportunity include forming risk-sharing partnerships, teams, special
purpose companies, or joint ventures. In this all parties gains as per their investment and
action.
E.g.: team agreement between internal and external parties
iv. Accept – This involves taking the advantage of the positive risk as it happens but not
actively pursuing it. It is just like opportunity coming and being accepted without much
pre-planning.
e. Risk monitoring and controlling: -This process is used to implement risk response plans,
track identified risks, monitor residual risks, identify new risks and evaluate the effectiveness
g
of the risk process throughout the project. This process also helps to determine if project
assumptions are still valid, if the risk management policies and procedures are being followed
and if the contingency reserve for cost or schedule need to be modified. It also includes
updating organizational process assets and the lessons learned database for the benefit of
future projects.
Risk monitoring and control continues for the life of the project. Good risk monitoring and
control processes provide information that assists with making effective decisions in advance
of the risk’s occurring. Risk control may involve choosing alternative strategies,
implementing contingency plan, taking corrective action, or re-planning the project. The risk
response owner should report periodically to the project manager and the risk team leader on
the effectiveness of the plan, any unanticipated effects and any mid-course correction needed
to mitigate the risk.
The project risk management plan should document the procedures that will be used to manage
risk throughout the project. In addition to documenting the results of the risk identification and risk
quantification processes, it should cover who is responsible for managing various areas of risk,
how the initial identification and quantification outputs will be maintained, how contingency plans
will be implemented, and how reserves will be allocated. A risk management plan may be formal
or informal, highly detailed or broadly framed, based on the needs of the project. It is a subsidiary
element of the overall project plan.