Article compiled by: Omyya Akram
Student of MBA Class of 2010
What is ‘Risk’?
Risk is any event which has not occurred yet but is expected to happen in future or there is a possibility that it will occur. Normally when we talk about risk we take it as an unwanted event leading to negative consequences only but PMBOK® takes risk as an event which if occur can lead to positive or negative consequences. But formally risk is defined as a probability that an adverse or unwanted event occurs. Risks are present in all projects and project managers realize their importance and impact on the project success.
What is ‘Risk Management’?
It is basically a managerial process as its name shows. Risk management is all about managing risks which includes the following major courses of action.
o Identification of everything that can go wrong,
o what can be done to avoid it or at least lessen its impact, and
o when something goes wrong what corrective measures should be taken or what strategies to be used to handle it.
The details of this process are given below in risk management processes.
What is the goal of Risk management?
There is a beautiful quote that “Enthusiasm without knowledge is like running in the dark”. The goal of risk management is to enhance the mission or goal effectiveness and without adequate knowledge of risk events, it’s not possible. Every project is carried out with some goal or objective but during the accomplishment of goal some unwanted events can occur, blocking the path of reaching the goal and constraints are also present, constraints my include time, cost, schedule etc. So due to these risk events and constraints project objectives might not be accomplished. Risk management is the process which encompasses all the issues related to unfavorable events and helps achieving the project’s goal. The goal of risk management is to effectively and essentially reduce the different risks which are linked with reaching any specific goal.
Who is responsible for risk management?
Project Management is quite often the duty and responsibility of an individual project manager. The project manager not often participates directly in the activities that produce the end result, but rather tries hard to sustain the progress and joint interaction and duties & tasks of different parties in such a way that decreases the risk of overall breakdown or stoppage of project and makes the most of the benefits.
What is the need for Risk Management?
Risk management is essential for projects because certain key information about project is known but can fluctuate over time due to uncertainties related to future events. Potential risk events that are identified early in the project can impact the project later and can be alleviated with a good project management process and for those issues which are further than the vision of the project team, a proper risk management process can assist to realize the risk’s impact and make sound plans for reducing its impact. In risk management the main concern is the outcome of future events, whose exact outcome is not known and the course of action to deal with such events. Risk management is the art and science of dealing with uncertain events and this process is pro-active in nature. Risk management is an important process in an era of downsizing, changing technology, shorter development times and shrinking budgets etc, risk management can provide helpful insights to assist project team plan for risks, alert and warn them for potential risks, analyze the risk and develop, implement and monitor the actions plan to cope with the risk long before it creates major problems and affect the project deliverables. In case risk management is not carried out, unfavorable events without proper remedy can get worsen and can result in failure of project.
Processes of Risk management:
Risk management process consists of following major components;
1. IDENTIFICATION OF RISK SOURCES:
Introduction:
Risk identification involves what might happen that could affect the end result of the project and how they happen. Fundamentally, risk identification begins by creating a list of all areas that might be the root cause of project postponement or failure and their particular effects. In this exercise the whole management team should take part. Once large-scale risks have been identified, risks in specific areas can be checked. There are limitless sources of project risks. Some are external and some internal. External sources include inflation, exchange rates and government rules etc.
Risk identification involves what might happen that could affect the end result of the project and how they happen. Fundamentally, risk identification begins by creating a list of all areas that might be the root cause of project postponement or failure and their particular effects. In this exercise the whole management team should take part. Once large-scale risks have been identified, risks in specific areas can be checked. There are limitless sources of project risks. Some are external and some internal. External sources include inflation, exchange rates and government rules etc.
Aim:
Risk identification process is important and must be ample because if risks are not identified they cannot be assessed and if they occur at some later time they can cause real problem.
Risk identification process is important and must be ample because if risks are not identified they cannot be assessed and if they occur at some later time they can cause real problem.
Techniques:
A number of techniques can be used for risk identification. Brainstorming is often used for generation of wide range of risks. To make certain that all aspects of the project are covered, checklists and questionnaires can be used. The efficient means to identify specific risk is the work breakdown structure (WBS). The chances of omitting risk events can be reduced by using WBS.
A number of techniques can be used for risk identification. Brainstorming is often used for generation of wide range of risks. To make certain that all aspects of the project are covered, checklists and questionnaires can be used. The efficient means to identify specific risk is the work breakdown structure (WBS). The chances of omitting risk events can be reduced by using WBS.
2. ASSESSMENT OF RISK:
Introduction:
Risk assessment is the process of risk analysis and risk evaluation. It is used to determine the magnitude of identified risk and to determine how often such risk can occur.
Risk assessment is the process of risk analysis and risk evaluation. It is used to determine the magnitude of identified risk and to determine how often such risk can occur.
Aim:
Risk assessment tries to calculate the rigorousness of the impact of an identified risk event. Probability and sensitivity of event is also determined.
Risk assessment tries to calculate the rigorousness of the impact of an identified risk event. Probability and sensitivity of event is also determined.
Techniques:
Ratio/Range Analysis, Non-quantitative Scenario Analysis, Semi-quantitative Scenario Analysis, Sensitivity analysis.
Ratio/Range Analysis, Non-quantitative Scenario Analysis, Semi-quantitative Scenario Analysis, Sensitivity analysis.
3. PRIORITIZING RISKS:
Introduction:
This process is used to rank the identified risks according to their relative importance and frequency of occurrence. Basically this process is used to determine which risk is most important and needs to be dealt promptly and which risk is least important and can be dealt later with no serious consequences.
This process is used to rank the identified risks according to their relative importance and frequency of occurrence. Basically this process is used to determine which risk is most important and needs to be dealt promptly and which risk is least important and can be dealt later with no serious consequences.
Aim:
The aim is to manage and deploy resources according to the risk needs and provide resources to those risks which are most threatening and are supposed to be resolved first. Some risks have a higher impact than others. Therefore, it’s better to spend time on the risks that can cause the biggest losses and gains. So according to the rank of the risks, they are managed from most- to- least critical. So highly critical issues are resolved first and less critical later
The aim is to manage and deploy resources according to the risk needs and provide resources to those risks which are most threatening and are supposed to be resolved first. Some risks have a higher impact than others. Therefore, it’s better to spend time on the risks that can cause the biggest losses and gains. So according to the rank of the risks, they are managed from most- to- least critical. So highly critical issues are resolved first and less critical later
Techniques:
Probability analysis. Non-quantitative Scenario Analysis etc
Probability analysis. Non-quantitative Scenario Analysis etc
4. RESPONDING TO RISKS:
Introduction:
This process is all about that once a risk is acknowledged; a decision must be made regarding how to respond to the identified risk event.
This process is all about that once a risk is acknowledged; a decision must be made regarding how to respond to the identified risk event.
Aim:
The aim of this process is to determine what to be done with a risk which has been identified. A management plan is made for each identified risk. These management plans include what actions are needed to cope with the identified risk, when risk treatment is to be completed and who is responsible for risk treatment.
The aim of this process is to determine what to be done with a risk which has been identified. A management plan is made for each identified risk. These management plans include what actions are needed to cope with the identified risk, when risk treatment is to be completed and who is responsible for risk treatment.
Techniques:
Fundamentally, there are three known responses. Reducing or Retaining Risk, Transferring Risk, Sharing Risk; Reducing or Retaining Risk: the first alternative that is typically considered is reducing the risk. A risk can be prevented by influencing the causes or decreasing the negative effects that could result. In some cases it is required to retain the risk. And some risks are so great that it is not practicable to transfer or reduce the risk, for example natural disasters like flood or earthquake. Transferring Risk: Transferring of risk do not change the risk, in this response risk is just passed to another party. And generally a premium is paid for its release to the other party. Sharing Risk: Risk sharing distributes fractions of risk to dissimilar parties and it is shared by a number of parties
Fundamentally, there are three known responses. Reducing or Retaining Risk, Transferring Risk, Sharing Risk; Reducing or Retaining Risk: the first alternative that is typically considered is reducing the risk. A risk can be prevented by influencing the causes or decreasing the negative effects that could result. In some cases it is required to retain the risk. And some risks are so great that it is not practicable to transfer or reduce the risk, for example natural disasters like flood or earthquake. Transferring Risk: Transferring of risk do not change the risk, in this response risk is just passed to another party. And generally a premium is paid for its release to the other party. Sharing Risk: Risk sharing distributes fractions of risk to dissimilar parties and it is shared by a number of parties
5. Monitor the Progress:
Introduction:
This process is used to determine that the action plans are implemented properly and effectively.
This process is used to determine that the action plans are implemented properly and effectively.
Aim:
Continuous monitoring and review of risk management ensures that risks are managed properly and according to the risk management plan. Communication with the project stakeholders is very important in good project management undertaking
Continuous monitoring and review of risk management ensures that risks are managed properly and according to the risk management plan. Communication with the project stakeholders is very important in good project management undertaking
Techniques:
Checking risk watch list of the major risks that have been identified for risk treatment and comparing it with the actual practice of risk responding. Register project risk should also be used. Maintaining a risk log enables project team to view progress and make sure that no risk is forgotten. It is also a perfect communication tool that informs team members and stakeholders what is going on.
Checking risk watch list of the major risks that have been identified for risk treatment and comparing it with the actual practice of risk responding. Register project risk should also be used. Maintaining a risk log enables project team to view progress and make sure that no risk is forgotten. It is also a perfect communication tool that informs team members and stakeholders what is going on.
6. Reevaluate Risk:
Introduction:
In this process new risks are identified and continuous effort is carried out to see what type of new risks project can face and also existing risks are reviewed.
In this process new risks are identified and continuous effort is carried out to see what type of new risks project can face and also existing risks are reviewed.
Aim:
The aim is to determine risks which were not present in the beginning of the project but occurred during execution and are new to project.
Techniques: The aim is to determine risks which were not present in the beginning of the project but occurred during execution and are new to project.
Scenario analysis can be used to determine which events can happen in the near future.
