This paper gives a comprehensive focus on risk management as an important tool for project management. Every project has its risk and, therefore, there is no way they can be avoided but mitigation measures can be incorporated when these risks are identified early enough. This paper gives a justification why risk management is a critical success factor for a project. It gives a discussion of the process involved in risk management, including risk planning and management, risk identification, qualitative risk analysis, quantitative risk analysis, and risk response planning. In addition, it provides more information to the project managers on good practice to ensure effective risk management. In essence, the paper captures some of the important concepts in previous research in risk management and how they can be applied in a real project.
A project risk can be defined as an uncertain event or condition, whose occurrence may affect the project either positively or negatively. Projects are exposed to a myriad of risks every day and how these are managed determines a great deal on the success of the project. In essence, project risk management encompasses all the decisions about the approach to be used in mitigating the risks and make a plan for managing the risk exposed to the project. It is thus a systematic process of risk identification, analysis and response to the risks likely to affect the project during its execution. In this regard, it involves maximization of those risks that are likely to have a positive impact on the project and minimizing those that are likely to have a detrimental effect. All projects are vulnerable to risks and, therefore, proper risk management should not avoid but rather institute measures that will deal with them for the sake of the success of the project. It is imperative for project managers to careful with the how they manage risks for their projects as this is one of the critical success factors that may spearhead the project to success or render it a total failure. Risk management is a wider field and critical hence requiring experienced and knowledgeable personnel to deal with the challenges that come with managing a project. Risks vary in their magnitude and impact on the project hence the project manager needs to consider all aspects of a project to ensure that no risk is left out (Scott & Vessey, 2002).
2.0 Importance of risk management
In essence, all the project management disciplines in a way cater for project uncertainties and prevent risks from happening or reducing their magnitude. For instance, developing a WBS helps get the definition of the project scope and, therefore, make it possible for the monitoring and controlling of the project. In return, this helps iron out some of the inconsistencies that may come along and reduce uncertainties facing the project. Other aspects that contribute to the reduction of the project risks include the development of an Organization Breakdown Schedule and Cost Breakdown Schedule. However, while each of these disciplines is perceived as reducing uncertainties on the project, it is risk management that has the direct impact on the risks and outcome of the project (Hobday, 2000).
Risk management also enables project managers to identify potential risks to the project and come up with the necessary risk management plan for mitigating these risks accordingly. Planning is an important consideration in risk management and helps project managers to understand the impact of each risk on the project and how these implications affect the progress of the project
Understanding the nature of risks likely to affect a project helps project manager to prepare and communicate to the stakeholders of the impending threats facing the project. By so doing, it becomes possible to assign risks t respective individuals to start managing them right away from the inception of the project till the project is completed.
The outcome of risk management lowers or completely eliminates the occurrence of risks through mitigation measures adopted. This prepares the project early enough and prevents any instance of unplanned for surprises in the course of project execution. In addition, it helps save on time that would have been spent on dealing with the risks after they unexpectedly occur (Miller & Lessard, 2001).
3.0 Risk management process
3.1 Risk management planning
It mainly involves decisions on how risks are to be approached, planned, and executed within a project. This is highly important to the project as it creates harmony between the risks to be faced in a project and the relevance of the project to the organization at large. Prior to the commencement of the project, it is imperative for the project manager to have a clear understanding of the organization’s policies about the risk management and the organization structure adopted. This is because risk decisions follow the protocol set by the organization and prior to planning for the risks; it is important to understand how the decision making structure is likely to affect the project. The project managers also need to understand the roles and responsibilities within the organization that have been predefined by the organization to help in the assigning of risks after they have been identified. In addition, prior knowledge about the stakeholders and their tolerances as well as the project’s work breakdown schedule. This would go a long way in helping identify some of the key risks likely to affect the project (Kumar, 2002).
Some of the documentation required at this stage include the development of a project charter, which gives a summary of the project and provide a skeleton through which issues regarding the project can be identified. A risk management plan is also important at this stage and should encompass the following items (Project Management Institute 2013):
- Provide a definition of the methodology to be used when performing risk management
- Outline the roles and responsibilities about risk management. In this case, it should capture the roles to be played by each member of the team in managing the risks affecting the project.
- Establish an estimate of the budget for implementing the risk management plan
- Show the frequency within which risk assessment of the project shall be conducted
- Provide a risk scoring matrix to capture the different risk magnitudes
- Properly illustrate the threshold upon which the risk is to be considered a threat to the project hence included in the risk management plan
- Show how responses to risks are to be carried out for the project to ensure no delays
3.2 Risk identification
It involves the determination of the risks that are likely to affect the project and enlisting some of their characteristics. Some of the key players in the identification of risks to include the project team, the stakeholders, client, and other external parties. This is a crucial stage of risk management and should be considered more carefully as it will determine whether or not the project is to capture all the risks involved. Analysis of identify the risks to a project must be done in an unbiased way in order to uncover all the likely risks accrued to the project. Some of the basic aspects that are instrumental in effective risk identification include the use of a risk management plan alongside the project charter, WBS, project description, costing estimates, procurement plans, and all the constraints likely to affect the project. With the availability of this information, it is possible for the project team to identify all the sources of risks and the appropriate measures to mitigate them accordingly (Project Management Institute 2013).
For successful risk identification, the project manager and the project team should put the risks into categories to make it possible to identify as many risks as possible. This will be to the advantage of the project because the higher the number of risks the safer the project because there will be enough buffers to prevent their occurrence or lower their impact on the project to an appreciable extent. Some of the techniques that can be used for identifying risks include brainstorming, conducting interviews on experts, using Delphi analysis, and carrying out an SWOT analysis among other numerous options available to facilitating this exercise. Risk identification cannot be complete without the incorporation of experts to assist in carrying out the exercise in a thorough and efficient manner. Historical information regarding the project can also help in the formulation of the checklist to be used for identifying risks within the project (Schimdt, Lyytinen, Keil, & Cule, 2001).
Risk identification cannot be complete without the identification of the triggers for each risk to make it possible for proper planning. Triggers act as better indicators that show when there are signs for the occurrence of a particular risk hence raise the attention of the project team and enable them tackle the issue either by accepting the occurrence of the risk, or by transferring the responsibility to another party or working to reduce the impact of the risk on the project progress.
3.3 Qualitative risk analysis
It involves a series of procedures for evaluating the impact and the likelihood of occurrence of the identified risks for the project. The main consideration is the project objectives, which form the backbone of the project and give an overview of what the project is bound to encompass. Therefore, it gives priority to the risks in accordance to the potential of their impact on the project. Risks vary from one project to the other depending on the critical issues to be handled. For instance, in a project where time is limited, time becomes the critical factor whereas where the budget is constructed; cost becomes an issue of major concern. To arrive at this, it is imperative to assess and evaluate all the risk using the available information and in connection to the project objectives. This will go a long way in ensuring that those risks with higher probability of occurrence are given more consideration compared to the risks with a lower probability of occurrence (Project Management Institute 2013).
Some of the tools that may be used in this case include the determination probability and impact. This scale helps rank risks dependent on their likelihood of occurrence and their impact on the project outcome. In addition, a probability or impact risk rating matrix should be applied based on the scale of very low, low, moderate, high, and very high. All this is in a bid to ensure there is a better background upon which to rank risks and develop mitigation mechanisms early enough before they have an impact on the project. Normally, the probability scale ranges from 0 to 1.
It is also imperative that during the assessment, all the project assumptions are evaluated in terms of their stability against the probable impact on the project. In addition, other alternative assumptions must be identified and tested to ensure that the chosen assumptions do not put the project at stake. The diagram below gives a better illustration of the risk rating matrix (Del Caño & De la Cruz, 2002).
It is a process that encompasses numerical analysis of the probability of occurrence of each risk identified for the project and their consequences, as well their extent. Monte Carlo simulation technique is one of the most commonly used approach in determining the probability of achieving all the objectives of the project, quantifying the risk exposure, identifying critical risks that need to be focused more, and providing an overall assessment of the costs and schedules for the project to ascertain whether or not they are realistic and achievable (Project Management Institute 2013).
3.5 Risk response planning
It is a process that involves the development and determination of the actions that are deemed to create opportunities and adequately reduce threats to the achievement of the project objects. It involves identifying the risks and assigning individuals in charge of managing these risks. This is also a critical process in risk management as the action taken by the project team about the risks identified for the project shall determine whether or not these risks will have a detrimental effect on the project success. The risk response should promote efficiency and cost effectiveness in the running of the project. The individual assigned to every risk should have the capacity to managing the risk appropriately and sound an alarm in the case where there are indicators to the occurrence of the risk early enough for proper measure to be adopted. In essence, competence is a factor to be considered prior to the assignment of risks to individuals. Some of the responses that could be chosen for each risk include (Project Management Institute 2013; Chapman & Ward, 2003);
Where the risk is deemed uneconomical to accept and detrimental to the project, the best alternative is to do away with the activity related to the risk where possible. This may require reassessment of the project strategies and developing of alternative design solutions or if possible redesign the entire project. This is possible for the risks that can be perceived at the beginning of the project to allow for the necessary changes to be adopted prior to the commencement of the project.
It involves the shifting of the risk burden to another party. It may be from the client to the designer, from the client to the contractor, from the contractor to the subcontractor, or from the client, designer, contractor, and subcontractor to an insurer. In most cases, the risk is shifted to the party who has better capacity to handle the risk. In most cases, those risks that require transference are financial risks. When transferred to an insurer, it should be accompanied by regular payment of premiums.
It involves the adoption of proper measures aimed reducing the probability of occurrence of the risk and its impact on the project. This may involve a number of actions that will appreciably reduce the impact of the risk. Where the risk is deemed to happen, mitigation measures may lean towards reducing the resultant impact of the risk on the project.
It involves the project team deciding to manage the risk to the advantage of the project by focusing more on the positive impact of the risk on the project and trying to contain the negative implication. It is usually an option where the project team cannot transfer the risk to a third party or where it is difficult to avoid the risk from occurring.
3.6 Risk monitoring and control
This is a process that runs from the beginning throughout the life of the project till its completion. It involves tracking the identified risk, keeping track of the residual risks, identifying new risks that come up in the course of execution of the project, and assessing the effectiveness of the risk mitigation measures adopted. It also encompasses adopting effective contingency plans for dealing with the risks to ensure achievement of better results. Effective monitoring and control would provide important information for managing risks better and efficiently. Risk monitoring and control aims at the following:
- Ensuring the risk responses have been adequately and appropriately implemented
- The adopted risk responses are as effective as expected and where this is not the case, new responses are developed
- Ascertaining the validity of the project assumptions
- Monitoring the occurrence of the risk triggers to develop better ways of dealing with them
- Ensuring that there is best practice in the way risks are being managed by following implementing proper policies and following the required procedure
- Developing alternative approaches through which risks can be properly managed.
4.0 Effective risk management
The success of a project is partly dependent on how its risks are being managed. In risk management, there are two most critical elements that need to be considered carefully, to ensure efficiency; risk assessment and risk control (Cervone, 2006)
4.1 Risk assessment
It comprises of three major elements; identifying uncertainties in the project, analysing the project risks, and prioritizing the risks. In this regard, all the three elements are important and need to be given consideration.
4.1.1 Identifying uncertainties and constraints
The project team must explore the project plans to unveil all the uncertainties likely to have an impact on the project. This should be done in a more specific way and avoid too many generalities. In this regard, the project manager should ensure that all the specific uncertainties are identified. Some of the common uncertainties affecting project include task uncertainties, market uncertainties, weather uncertainties, organization uncertainties, cost related uncertainties, resource uncertainties, subcontractor performance uncertainty, litigation uncertainties, contracting uncertainties, letting or sale uncertainties, and interest rates uncertainties. When all these areas are evaluated and brainstormed, it is possible that all the uncertainties critical to the project shall be identified and dealt with
4.1.2 Analysing the risks
Effective risk management should ensure that all the identified risks are analysed on the basis of the likelihood of their occurrence and the magnitude of their impact on the project. This will make it possible to identify those risks that are most likely to occur and those with the highest severity on the project. By so doing, risks can then be classified as
- High probability, high impact
- Low probability, high impact
- High probability, low impact
- Low probability, low impact
4.1.3 Prioritizing risks
Priority should be given to those risks with the highest probability of occurrence and highest impact on the project. If possible, better actions should be adopted to neutralize their impact on the project. In addition, the project team should ensure that such risks are mitigated early enough before they take a sever effect on the project progress. Those risks with low probability and high impact on the project should also be carefully monitored to ensure they do not interfere with the progress of the project. It is also imperative that those risks with the high probability of occurrence are carefully watched although not stringently. However, risks with low probability of occurrence and low impact on the project can be ignored because they are likely not to happen and even if they happen, they will not have a major impact on the project (Raz & Michael, 2001).
4.2 Risk control
4.2.1 Mitigating risks
After the risks have been identified and analysed, it is imperative for the project team to brainstorm and explore better ways through which they can be effectively mitigated.
4.2.2 Planning for emergencies
After a thorough assessment, it is possible to know the areas that are critical to the project. Best practice would require that proper measures are put in place to ensure the project does not fail in case the worst case scenario where the most dreaded risks occurs.
4.2.3 Measuring and controlling
It is difficult to control something that is immeasurable. In this regard, it is imperative that after risks have been measured, individuals are assigned to manage them. This will help in keeping track of the risk and getting early warnings in time in order to prevent the risks from having an impact on the project (Kumar, 2002).
Cervone, H. F. (October 01, 2006). Project risk management. Oclc Systems & Services, 22,4, 256-262.
This article seeks to develop a familiarization of the aspects associated with risk management in digital library project and recommending better approaches relevant for mitigating these risks. It provides important information on some of the issues project managers may face when managing projects and how to go about them.
Chapman, C. & Ward, S. (July 08, 2003). Transforming Project Risk Management into Project Uncertainty Management. International Journal of Project Management. 21(2), 97-105. (http://dx.doi.org/10.1016/S0263-7863(01)00080-1)
This article raises an argument that advocates for project uncertainty as an appropriate way of managing risks in a project. In the discussion, the paper suggests the use of uncertainty instead of ‘risk’ on the grounds that the later majorly points towards events and not general terms. In essence, the paper provides an alternative perspective for risk management and suggests modifications that can be done on the risk management processes to ensure success
Del, C. A., & de,. C. M. P. (December 01, 2002). Integrated Methodology for Project Risk Management. Journal of Construction Engineering and Management, 128, 6, 473 485. (http://dx.doi.org/10.1061/(ASCE)0733-9364(2002)128:6(473))
This article approaches risk management from the perspective of construction and engineering projects with a focus. It presents a discussion of s typical risk management process in complex construction projects. In addition, factors affecting risk management are identified and recommendation provided for project managers to ensure success implementation of risk control strategies.
Hobday, M. (January 01, 2000). The project-based organisation: an ideal form for managing complex products and systems?. Research Policy, 29, 871-893.
This paper provides a wide discussion of how complex projects can be managed and goes ahead to identify some of the critical success factors. Risk management is among these factors and the discussion goes on to state how important risk management can be to a project and some of the approaches that can be used in dealing with project risks.
Kumar, R. L. (January 01, 2002). Managing risks in IT projects: an options perspective. Information and Management, 40, 1, 63-74. http://dx.doi.org/10.1016/S0378 7206(01)00133-1
This paper approaches the issue of risk management by drawing a distinction between those risks that can be mitigated by action and those that can be mitigated through hedging. The framework presented in this paper is aimed at providing sufficient information to the project managers and gives a justification of the project management decisions
Miller, R. & Lessard, D. (December 02, 2001). Understanding and Managing Risks in large Engineering Projects. International Journal of Project management.
This paper provides a classification of risks into three categories namely; market related, completion, and institutional. In addition, it gives a comprehensive discussion of how risks can be adequately dealt with to the advantage of the project
Project Management Institute. (2013). A guide to the project management body of knowledge (PMBOK guide). Newtown Square, Pa: Project Management Institute.
It is a guide developed specifically for the project managers and gives a discussion of all the important elements in a project. One of the issues discussed in the book includes project risk management. The guide provides basic information for the project managers regarding risk management and what they are expected to in order to deal with the risk that projects face on a daily basis
Raz, T. & Michael, E. (October 01, 2001). Use and Benefits of Tools for Project Risk Management. International Journal of Project Management, 19(1), 9-17.
This article gives a reflection of the criticality of risk management to the success of the project and offers findings from a study conducted on project managers from software and high tech industrial projects. It further gives a discussion of project risk management processes and how each contributes to the success of the project
Schimdt, R., Lyytinen, K., Keil, M & Cule, P. (January 01, 2001). Identifying Software Project Risks: An International Delphi Study. Journal of Management Information Systems. 17(4), 5-36. (http://mesharpe.metapress.com/app/home/contribution.asp?referrer=parent&ba kto=i ssue,2,10;journal,53,56; linkingpublicationresults,1:106046,1)
Approaches risk management in software projects through the analysis of threats to the success of the project. In addition, it gives a discussion of the steps involved in risk management and how each step relates to the project. It is also imperative to state that this paper mainly dwells on the first step of risk management; identifying potential risks to the project. It then identifies potential risk factors and engages in a comprehensive analysis of these risks using the Delphi techniques of risk assessment.
Scott, J.E. & Vessey, I. (January 01, 2009). Managing Risks in Enterprise Systems Implementations. ACM, 45(4), 74-81
The paper approaches project success from the perspective of risk management. In this regard, it provides a discussion of some of the critical factors that put a project at stake and how project managers can manoeuvre around them.