Risk Management

Agenda

• The Presentation will familiarize and gives an overview of “Risk management”

and how to identify and manage risks in projects.

• This presentation gives an insight of risk events occurred with examples and
covers main aspects of risk management.

Before going to Risk Management let's understand what is a risk?

People often tend to think that the word “Risk” means negative consequences but it is not
correct.

The Term Risk Means “Any uncertain/possible/potential event or condition” which will affect
on project objective (A guide to the project management body of knowledge (PMBOK Guide),
2008).

Do all projects associated with the term “Risk” has negative consequences?

No, any potential or uncertain event could be either positive or negative consequence.

So, what are the positive and negative consequences associated with the term “Risk”?

Positive risks-

Positive risks or consequences are nothing but opportunities which could be taken as an
advantage and exploit the opportunities.

Example: Servers crash due to an increase in a sudden demand for a project, which can be
taken as an opportunity (Bridges, 2019).

Negative risks-

Negative risks or consequences are nothing but threats which could affect the project, they
should be avoided by trying to eliminate them and protect from its impact (Bridges, 2019).
Generally, we should be more concerned about threats which are negative risks.
Generally, risks can be classified into several categories

• Environmental risks – Natural calamities, Floods, Earthquakes, Pollution etc.

• Financial risks – Under budget, Overestimation, Market instability etc.
• Technology risks - Data loss, Security issues, Data quality, website crash etc.
• Innovative risks – Chances of Data failure, resource availability etc.
• Health and safety risks - Accidents in construction sites etc.
• Contractor/vendor/Resource risks – Delays in delivery, product availability etc.
• Organizational Risks: Ignoring issues,
• - Etc.

Example of Risk Event:

The United Carbide, India can be considered as an example to know the importance of risk
management.

It was a very successful startup in the 1970s owned by Union Carbide USA and operated in
Bhopal.

In the year 1984, 42 tons of Methyl Isocyanate gas was leaked due to water entering into the
tanks where MIC was stored at the Union carbide’s plant, India which is considered as
biggest catastrophic industrial peril ever experienced in the world, injuring and harming over
five hundred thousand people in Bhopal city ("THE BHOPAL DISASTER: HOW IT HAPPENED",
2019).

Reasons for Leakage of gas:

Quality, Communication and Technological risk events occurred:

Poor maintenance, lack of training, Switching of safety systems, Instrument malfunction.

("THE BHOPAL DISASTER: HOW IT HAPPENED", 2019).

Organizational risk events occurred:

J Mukund, Work manager sent a telex message to Union carbide, USA, stating or advice
about coating the gas pipes, the company representative replied after 15 days saying that the
finest materials for coating would be expensive would also be difficult to acquire
("'Don't blame me for Carbide's faulty design' : J Mukund | Bhopal News - Times of India",
2019).

This example alone shows us the importance of risk management in a project.

Other sample risk events in general,

• Outdoor Event Management – Transportation and logistics issues, climatic

conditions etc.
 • Internet or mobile banking – Data loss, software issues etc.
• Construction of a building – Site access, safety, changes of equipment failure etc.

Risk Management

Key terms in risk management:

Risk Management:

Risk management can be described as “Applying strategies, skills, knowledge, tools and
techniques to reduce threats to a satisfactory level while amplifying opportunities for a
project”(Heldman, 2005).

Risk owner: An individual who is accountable for ensuring the risk is overseen suitably and
managed appropriately or not ("Definition of Risk Owner | Office of the Chief Risk Officer",
2019).

Risk management plan:

The risk management plan is a document which helps to foresee risks and impacts on the
project, it includes methodology, budget, risk categories, duration, stakeholder tolerance,
roles and responsibilities etc.

Risk Management Process

Generally, Risk Management consists of the following stages,

• Identifying risks
• Analyze risks
• Respond risks
• Monitor, Control and Review risks

Identify Risks – How, When, What?

How to identify risks?

Within the project context, identifying what can happen and what factors can affect the
project and documenting them for further assessment

When to identify risks?

During project initiation and early in the project in an iterative manner and when changes are
made and performed in a project ("7 Ways to Identify Risks", 2019).

What ways to Identify Risks?

There can be multiple ways to identify risks, some of the ways to identify risks are

Interviews - Conducting Interviews with important Stakeholders to understand the risks

involved ("7 Ways to Identify Risks", 2019).

Brainstorming – discussing and brainstorming about risks that might affect project
objectives and tasks ("7 Ways to Identify Risks", 2019).

Checklists – understanding the risks which were identified in previous projects and
developing a checklist or make a list of most common risks and conduct a post review so that
most significant risks are captured ("7 Ways to Identify Risks", 2019).

Experts judgement – Meeting experts who dealt and have experience with similar projects
and conducting surveys with them can help in identifying risks ("7 Ways to Identify Risks",
2019).

These are some of the ways to identify risks and after Identifying, the identified risks are
documented.

The document and list of identified risks are called "Risk Register”.

Once the risks are identified, Risk breakdown structure (RBS) is developed where the risks
are categorized based on different factors.

For example,

Implementation of a new IT
system in hospitals

Technical Resources
 Chances of Data Resource availability
data loss Security on time

Analyze Risks

Once the risks are identified, identify the consequences like how and who might be harmed
(View all posts Rob Burgon, 2019).

After identifying perform a qualitative risk analysis

The purpose of qualitative risk analysis is to organize and prioritize the project risks and to
focus more on high priority one.

For example –

• During constructions, site access and soil conditions are given high priority than
climatic condition.

• Project client is given more priority than Project supplier.

After identifying perform a quantitative risk analysis

The purpose of quantitative risk analysis is to prioritize project risks, identifying the likelihood
of accomplishing project objectives and quantitative risk analysis is a procedure of analyzing
the consequence of identified risks numerically.

Respond risks

After risk analysis and assessment, risk response plan which is also known as the risk register
is developed to decide what actions can be taken to reduce the risks.

For example – For industrial projects like manufacturing of crackers, buying an insurance
policy can help in minimizing the risks.

Monitor, Control and Review risks

In monitor, control and review risks,

• The risk response plan is implemented.

 • Identified risks are monitored and responded as they occur.
• Risk management cycle continues when new changes are implemented from the
identification of risks to monitor and control of risks.

Conclusion

"Risk management was found to be one of the top contributing factors for project success" as
per the PMI's survey in 2012. (PMI Global Congress 2012--EMEA, 2012)
and a project can be failed easily by ignoring the potential risks and wait for the problems to
happen. (Heldman, 2005), and the examples given in the presentation illustrates the importance
of “Risk management” and covers main aspects of risk management which includes
identification, analyze, respond, monitor, review and control of risk in a project.
References:

7 Ways to Identify Risks. (2019). Retrieved 25 August 2019, from

https://projectriskcoach.com/7-ways-to-identify-risks/

Bridges, J. (2019). Positive vs. Negative Risks on Projects - ProjectManager.com. Retrieved

23 August 2019, from https://www.projectmanager.com/training/positive-vs-negative-risks-
on-projects.

Definition of Risk Owner | Office of the Chief Risk Officer. (2019). Retrieved 25 August 2019,
from https://ocro.stanford.edu/erm/risk-owner

'Don't blame me for Carbide's faulty design' : J Mukund | Bhopal News - Times of India. (2019).
Retrieved 25 August 2019, from https://timesofindia.indiatimes.com/city/bhopal/Dont-blame-
me-for-Carbides-faulty-design-J-Mukund/articleshow/52700401.cms

Eckerman, I. (2005). The Bhopal Saga—Causes and Consequences of the World's Largest
Industrial Disaster. Prehospital And Disaster Medicine, 20(S1), 92-92. doi:
10.1017/s1049023x00014102

Heldman, K. (2005). Project management jump start, 2nd ed. San Francisco: Sybex.

Jordão, B. and Sousa, E. (2010). Risk management. New York: Nova Science Publishers

THE BHOPAL DISASTER: HOW IT HAPPENED. (2019). Retrieved 22 August 2019, from
https://www.nytimes.com/1985/01/28/world/the-bhopal-disaster-how-it-happened.html

Project Management Institute. (2012). PMI Global Congress 2012--EMEA. Newtown Square,
Pa.

Project Management Institute. (2008). A guide to the project management body of knowledge
(PMBOK Guide). Newtown Square, Pa.

View all posts Rob Burgon, M. (2019). The Five Step Guide to Risk Assessment. Retrieved 25
August 2019, from https://rospaworkplacesafety.com/2013/01/21/what-is-a-risk-assessment/