Faculty of Management Studies and Commerce

Department of Financial Management

Project Management – BBAF 4133
Handout – 03

Issued Date: - 13/09/2022 Mrs. Jeyan Suganya Dimon Ford

………………………………………………………………………………………………………
PROJECT RISK MANAGEMENT

Learning Outcomes

After completing this topic you will be able to,

• Define project risk and project risk management
• Discuss positive and negative impact of risk
• Describe project risk management input, tools and techniques and out put
• Explain project risk management processes

INTRODUCTION

Risk is inevitable in a business organization when undertaking projects. However, the project
manager needs to ensure that risks are kept to a minimal. Project managers face not only the
negative impact risk at all the time, as there are positive impact risks too. Once the risk has been
identified, project managers need to come up with a mitigation plan or any other solution to counter
attack the risk.

PROJECT RISK

Project risk is an uncertain event or condition that, if it occurs, has a positive or a negative effect
on a project objective. The base line of the project plan is triple constraint such as scope, cost, time
and quality. Changes in any of these items in triple constraint cannot only impact on each other;
they could in object the risk for other areas of the project. Changes of enterprise environment,
organizational process assets, government mandates and natural disaster can lead to project risk.
There are two types of risk such as:

Project Management Page 1

Negative risk: -These are unwanted and potentially can cause serious problems and derail the
project. E.g. the main programmer on the project is quitting the job. Lack of construction material
due to the political issues in case of a construction project

Positive risk: -These are opportunities and desired by both the project managers and stakeholders.
It may positively affect the project. E.g. a new telecommunications service receiving much more
than the expected numbers of subscribers on the launch date of the service

These two types of risk should be managed very carefully. Therefore, the project manager should
consider the project risk management.

PROJECT RISK MANAGEMENT

Project risk management is the art and science of identifying, analyzing and responding to risk
throughout the life of the project and in the best interests of meeting project objectives. It can help
to improve project success by helping select good project, determining project scope and
developing realistic estimates. Project manager can plan their strategy based on five steps of risk
management, which prevails in an organization.

a. Plan risk management:-This initial step involves the production of a risk management plan,
which can be a section of the project management plan or, for big projects, a document of its
own. It includes things like itemizing the risk categories (market, procurement, resources,
etc.), determining the timing and procedures for reassessing risks, and definitions of risk
probability and impact.

b. Risk identification:-This is where the value gets created. A good list of potential risks to a
project’s cost, schedule, or any other critical success factor is the key to great risk
management. Checklists are a good resource, as is expert judgment and previous project
experience. The project manager should answer the question “What could go wrong?”
Brainstorming, interviewing, risk profiles, historical data and work breakdown structure
analysis can be used to identify the project risk.

Project Management Page 2

Project Management Page 3
c. Risk assessment:- Qualitative assessment involves prioritization of risks. Since risk has two
components – probability of occurrence, and impact, each of these factors should be
prioritized on a scale of, 1-10. High- medium- low works well too. Proceed through the risk
register and create two more columns. Then assign a ranking to probability and impact.
Quantitative assessment includes Monte carol techniques, sensitivity analysis and expected
value analysis.

d. Risk response:-There are four risk response strategies for negative as well as positive impact
of risk
Mitigate Accept Enhance Accept

Risk response Risk response

strategy strategy
(Negative impact) (Positive impact)

Avoid Share Exploit

Transfer

The strategies to deal with Negative Risk or Threats are:

i. Avoid – Avoidance eliminates the risk by eliminating the cause. It may lead to not doing
the activity or doing the activity in different way. The project manager may also change or
isolate the objective that is in trouble. Some risks can be avoided by early collection of
information, by improving communication between stakeholders or by use of expertise.
E.g.: Extending the schedule or changing the scope of the project activity. Another example
could be a risk which is too hazardous that it may lead to loss of life and is avoided by
shutting down the project completely.

ii. Transfer – In Risk Transfer approach, risk is shifted to a third party. The third party, like
insurance company or vendor, is paid to accept or handle the risk on your behalf and hence
the ownership as well as impact of the risk is borne by that third party. This payment is
called risk premium. Contracts are signed to transfer the liability of risks to third party.
Risk Transfer does not eliminate the risk but it eliminates the direct impact of the risk on
the project.
E.g.: insurance policy, performance bonds, warranties, guaranties etc. This approach is
most effective in covering financial risk exposure.

Project Management Page 4

 iii. Mitigate – Mitigation reduces the probability of occurrence of a risk or reduces the impact
of the risk within acceptable limits. This approach is based on the fundamental principle
that earlier the action taken to reduce the probability or impact of a risk is more effective
than doing fixes to repair the damages after the risk occurs.
E.g.: Use of advance technology or best practices to produce more defect free products.
Mitigation may require a prototype development to measure the risk level. In case where it
is not possible to reduce the probability of the risk, the risk impact reduction is targeted by
identifying the linkages that determine the risk severity.

iv. Accept – Acceptance means accepting the risk, especially when no other suitable strategy
is available to eliminate the risk. Acceptance can be passive acceptance or active
acceptance. Passive acceptance requires no other action except to document the risk and
leaving the team to deal with the risks as they occur. In an active acceptance approach, a
contingency reserve is designed to recover the losses of time, money or resources.

The strategies to deal with Positive Risk or Opportunity are:

i. Exploit – Exploitation increases the chances of making a positive risk happen, leading to
an opportunity. A project manager should assign sufficient and efficient resources to take
advantage of this opportunity. This approach reduces the uncertainty associated with a
positive risk by ensuring that it definitely happens.
E.g.: some members of your team have determined a new technique to develop a product
and by using this technique, the project duration can be reduced by 20%. To exploit this,
you can ensure the technique is used in the project and other team members are trained on
the new technique.

ii. Share – When the project team members themselves are not fully capable of taking
advantage of the opportunity they might call in another company to partner with. The
expertise of another company is leverage to maximize the return out of the opportunity.
Examples of sharing opportunity include forming risk-sharing partnerships, teams, special
purpose companies, or joint ventures. In this all parties gains as per their investment and
action.
E.g.: team agreement between internal and external parties

Project Management Page 5

 iii. Enhance – Enhancing involves increasing the probability of occurrence of the risk and
expanding its impact. This is done by identifying and influencing the various risk triggers.
E.g.: An opportunity includes adding more resources to project activities to finish it earlier

iv. Accept – This involves taking the advantage of the positive risk as it happens but not
actively pursuing it. It is just like opportunity coming and being accepted without much
pre-planning.

e. Risk monitoring and controlling: -This process is used to implement risk response plans,
track identified risks, monitor residual risks, identify new risks and evaluate the effectiveness
g

of the risk process throughout the project. This process also helps to determine if project
assumptions are still valid, if the risk management policies and procedures are being followed
and if the contingency reserve for cost or schedule need to be modified. It also includes
updating organizational process assets and the lessons learned database for the benefit of
future projects.

Risk monitoring and control continues for the life of the project. Good risk monitoring and
control processes provide information that assists with making effective decisions in advance
of the risk’s occurring. Risk control may involve choosing alternative strategies,
implementing contingency plan, taking corrective action, or re-planning the project. The risk
response owner should report periodically to the project manager and the risk team leader on
the effectiveness of the plan, any unanticipated effects and any mid-course correction needed
to mitigate the risk.

RISK MANAGEMENT PLAN

The project risk management plan should document the procedures that will be used to manage
risk throughout the project. In addition to documenting the results of the risk identification and risk
quantification processes, it should cover who is responsible for managing various areas of risk,
how the initial identification and quantification outputs will be maintained, how contingency plans
will be implemented, and how reserves will be allocated. A risk management plan may be formal
or informal, highly detailed or broadly framed, based on the needs of the project. It is a subsidiary
element of the overall project plan.

Project Management Page 6