Muhammad Omar
Mr.Omar holds PhD degree in Engineering Management from UET, Taxila. He has Master’s degrees in Engineering Management,
Computer Sciences and Physics. He holds several globally respected certifications including SAP, Oracle, Lean Six-Sigma Black Belt,
TOGAF, Harvard Manage Mentor, Certified Quality Assurance Professional, Certified Quality Assurance Lead Auditor etc.
He served in a Telecom organization of Pakistan as a Director- Quality Management Systems in Governance & QA Department. He
possesses more then 16- years of experience in Project Management, Quality Management, ERP systems implementations in
Pakistan and overseers. He got the opportunity to work on various important projects including ERP-SAP implementation at PTCL
with SIEMENS , establishment of PVC project at District Chakwal with Virtual University of Pakistan, Billing and Customer Care TOT
Project with ZTE NANJING-CHINA, ISO 9001:2015 Quality Management system implementation of 18 business units of PTCL
nation-wide.
His research area of interest pertains to ERP systems implementations, Project Management, Project Quality Management and
Project Risk Management. He got the opportunity to teach Quaid-e-Azam university, University of Lahore, International Islamic
university, PTCL ICT academy etc. He is the author of various renown national and international impact factor research journals.
He has presented his works in various conferences as a keynote speaker. He can be contacted at umarmalik.128@gmail.com
� “effect of uncertainty on objectives”.
���ISO 31000 is an international standard published in 2009 that provides principles and guidelines for
effective risk management. It outlines a generic approach to risk management, which can be applied to
different types of risks (financial, safety, project risks) and used by any type of organization.
������PMI- Project Management Insitute
�PMI
�PMI Risk Management Professional (PMI-
RMP) ®
�PMI Risk Management Professional (PMI-RMP) ®
������� Uncertainty about Effects/implications of an activity
Risk is neither defined as solely a good or bad thing. Risk is simply an event which has the potential to impact on your objectives. What would
impact you greater on your project: doing a mistake and losing a $1000 or making an improvement and gained a $1000? The majority of people
will be more emotive at the thought that they lost money than gained money.
���������� Residual-leftover- According to ISO 27001, residual risk is “the risk remaining after risk treatment” it is the dangers that
remain after you have exhausted all efforts to identify and eliminate or mitigate a risk.
�Residual risk management
Once you find out what residual risks are, what do you do with them? Basically, you
have these three options:
1.If the level of risks is below the acceptable level of risk, then you do nothing – the
management needs to formally accept those risks.
2.If the level of risks is above the acceptable level of risk, then you need to find out
some new (and better) ways to mitigate those risks – that also means you’ll need to
reassess the residual risks.
3.If the level of risks is above the acceptable level of risk, and the costs of decreasing
such risks would be higher than the impact itself, than you need to propose to the
management to accept these high risks.
�Let’s assume an organization is expecting to expand in a different country. The present net worth of the organization is close to
$800 million. The entity could bear the risks until the bar of $400 million, but as decided by the management, the degree of risk
accepted by the company should not exceed beyond $240 million. Thus the entity has set to the level of 30% of the net worth, and
no business heads are allowed to decide a story that impacts the business more than its stated level.
