Managing Project Risks
Risk management in a project is the process used by project managers to minimise any
potential problems that may negatively impact a project's time table.
Risk management is defined as, "the process of identifying, analysing and then responding to
any risk that arises over the life cycle of a project, so that, the project manager is able to
mitigate the project risk and to keep the project
remain on track to meet its goals."
A project manager has to perform various activities to minimise the project risks which are given
as follows:
1. Planning: Plan how to determine and execute the risk management tasks
2. Identifying the risk: Identify various risks relevant to the project and determine its
characteristics.
3. Assessment: Assess the probability of occurrence and the impact for each risk.
4. Estimation: Estimate the effects of identified risks on project objectives.
5. Action Plan: Develop action plan to maximise opportunities and minimising threats from the
identified risks.
6. Proper Monitoring: Regular monitoring of risks, implement risk response plans and evaluate
the effectiveness of risk management system.
Principles of Risk Management
1. Risk Estimation and Contingency Plans: The risks that may arise in the future should be
estimated and contingency plans should be prepared.
2. Open Communication System: An open communication system should be there so that
project team members and stakeholders can inform risks relating to the project.
3. Risk consideration: The risk management plan should consider the existing and future risks.
4. Sharing: The risk management team members should share their knowledge, skills and
experience among themselves.
5. Integral part: Risk management should be an integral part of the decision making process
6. Responsive: The risk management system should be responsive to change.
7. Proper monitoring: The environment should be properly monitored to identify and mitigate
risks.
8. Transparent and systematic: The risk management process should be a transparent and
systematic process.
Risk Management Process
1. Risk Identification
Project Risk Identification refers to recognising and picking out all the risks that could affect the
project at its different stages of initiation, planning, execution and conclusion.
Risk identification is defined as, "the process of listing potential project risks in a Risk Register
along with their sources, potential risk responses, risk categories and their characteristics"
Risk Identification Techniques
i. Interviews: Under the method, interviews are conducted among selected stakeholders of the
company to gather information and form optimistic and pessimistic risk scenarios.
ii. Brainstorming: Brainstorming is a technique by which a group of people related to a specific
problem attempts to find a solution to it by amassing ideas spontaneously. It is the process of
free thinking and generating ideas without being bound by restraints.
�iii. Delphi Technique: The Delphi Technique refers to a systematic forecasting method used to
gather opinions of the panel of experts on the problem being encountered through
questionnaires, often sent through mail.
iv. SWOT Analysis: SWOT is a strategic planning tool used evaluate the Strengths,
Weaknesses, Opportunities, and Threats to a project. The use of SWOT analysis helps the
project manager to improve the whole project or individual task, where better efficiency can be
gained.
V.Cause and Effect Analysis: This technique was developed by Prof. Ishikawa in 1960. Project
managers can use this simple method to help to identify causes and facts that give rise to risks.
If the causes are addressed, risk can be reduced or eliminated.
vi.Checklists:In project risk identification, checklist is developed based on historical information
and knowledge that has been accumulated from previous similar projects and from other
sources of information.
vii. Assumption Analysis: The assumption in a project are the factors that are considered to be
true, real, or certain without any proof. The assumptions are sources of riska that the project
managers should collect from the stakeholders.
2. Risk Analysis
Risk analysis refers to the process of evaluating the nature and scope of expected and
unexpected set-backs that may derail or destroy the achievement of investment goals.
Risk analysis is defined as, "a component of risk management, which evaluate the nature and
scope of expected and unexpected set-backs that might derail the achievemen of investment
goals.
Types of risk analysis
i.Qualitative Risk Analysis: Qualitative Risk Analysis is the method of prioritizing individual
project risks for further analysis by assessing their probability of existence and impact as well as
other characteristics.
ii.Quantitative Risk Analysis: Quantitative Risk Analysis is the method of numerically
investigating the combined impact of identified single project risks and other sources of
uncertainty on over all project objectives.
Objectives of Risk analysis
a.To decide whether a project should be accepted or rejected.
b. To take steps to avoid, minimise and manage risks.
c. To minimise the liabilities of the project and ensure its path to successful completion.
d. To create awareness of hazards and risk.
e. To identify the persons who may be at risk i.e, employees, public, etc.
f. To complete the project and fulfill the performance objectives within the scheduled time,
project cost, etc.
3. Risk Assessment
Risk assessment refers to the evaluation of the potential impact of risks on the projec which
helps to update and enhance the project risk criteria and risk treatment plans.
Risk assessment is defined as, "the determination of quantitative or qualitative value of risk
related to a concrete situation and a recognised threat to the project".
Steps in Project Risk Assessment
�1. Identifying potential risks: Identifying of risk should be carried out throughout the project
timeline. This dene with the help of a catalogue of risks in the company server that the business
have encountered in completed projects.
2. Analysing risks: This step entails examining the probability of a risk, how a risk event may
impact project objectives and outcomes, and the appropriate steps that can be taken to mitigate
the negative effects of risk.
3. Determining risk response: Effort from project managers is to eliminate the risk. reduce the
probability of the occurrence of risk, and weaken the impact of the risk on the project.
4. Documenting the risks: It is not enough for the project manager to identify, plan for, and solve
risks events.
5. Likelihood: Project Management Institute (PMI) identifies the likelihood of risk occurrence as
high, medium-high, medium-low, and low. Knowing the likelihood of a risk, one will be able to
prepare for it and find any alternative if needed.
6. Impact: An effective project planning will have a project risk assessment matrix of the various
levels of impacts of a risk. It may be categorised as catastrophic, critical, and marginal.
7.Determine probability: The probability of occurrence of each risk has to be determined. Each
risk has to be rated with high, medium, or low profitability
Factors to be considered on project risk assessment
i. Assume risk: The project manager and his team should assume that there is alway risk
attached to any project and it can arise at any time.
ii. Inform stakeholders: The stakeholders should be aware of the expected risk of the project.
iii. Communicate mitigation plans: Risk mitigation is a strategy of preparing a business for all
potential risks and reducing the effects of threats faced by the business.
iv. Clarify ownership: It is important that stakeholders are clear with their ownershi as well as
phase of the project. This should be done at the beginning of the project before a risk occurs.
4. Risk Response
Risk response is the process of developing strategic options and determining actions to
enhance opportunities and reduce threats to the project objectives.
Project risk response is defined as, "the process of controlling identified risks, whereby, the
stakeholders decide the ways of dealing with each risk
Strategies/Techniques of responding to Project Risks
Risks associated with any project may be threats or opportunities.
i. When the project risk is threat or having a negative impact:
a.Risk Avoidance: The risk is avoided by changing the project in someway to bypass the risk.
b. Risk Reduction: The risks cannot be completely avoided, but their impact can be reduced.
This can be done through changes in the project scope and project plan.
C. Risk Transfer: Risk transferring or risk sharing is the strategy of transferring risks to a third
party. It is done through, subcontracting, insurance, warranties, etc.
d. Risk Acceptance: This strategy is adopted when risk is unimportant or has less probability of
occurrence or is not possible to respond to it.
e. Risk Mitigation: This strategy involves reducing or alleviating the probability of impact of risk
to an acceptable level.
ii. When the project risk is an opportunity:
�a.Risk Enhancement: This strategy is adopted, when a risk is expected to provide opportunities
and benefits.
b. Risk Exploitation: This strategy is adopted when a risk provides attractive opportunities and
has high probability of occurrence.
c. Risk Sharing: Under this scheme, an opportunity is shared with a partner to maximise the
benefits through use of shared resource or technology.
d. Risk Response Audit: This is conducted to assess the effectiveness of risk response plans.
e. Risk Rejection: Under rejection plan, no action is taken and the chance to gain from the
opportunity is rejected.
5. Risk Mitigation
Risk mitigation is a strategy of preparing a business for all potential risks and reducing the
effects of threats faced by the business.
Risk mitigation is defined as, "taking steps to lessen the adverse effects of risk on the project by
reducing its negative impacts and minimising the likelihood of its occurring".
Types of Risk Mitigation
i. Risk Avoidance: Certain project risks are avoidable while some are unavoidable. Risk
avoidance usually involves developing an alternative strategy that has a higher probability of
success.
ii. Risk Reduction: Certain risks cannot be completely avoided but their impact can be reduced.
Risk reduction is an investment of funds to reduce the risk on a project.
iii. Risk sharing: Risk sharing strategy is adopted only if risks cannot be avoided or reduced. It
involves partnering with others to share responsibility for the risk activities.
iv. Risk Acceptance: This strategy is adopted if the risk is not important or has leas probability of
occurrence.
v. Risk Transference: Risk transference is the transferring of risk to a third party. It is a risk
reduction method that shifts the risk from the project to another party. The risk is not eliminated,
but its responsibility is shifted.
vi. Risk Limitation: Risk limitation is the most common risk management strategy used by
businesses. This strategy limits a company's exposure by taking some action.
6. Risk Monitoring and Controlling
Once the planning stage is complete and the project is actually set in motion, the project
managers often spend most of their time in monitoring the risks involved. Risk triggers must be
perpetually kept in mind during this phase, while adjustments to the risk register should be
made after each alteration of the project scope.
