Let us first define what project risk is, project risk is an uncertain event that, if occurs, has a positive or a negative effect on at least one project objective. A risk may have one or more causes and, if it occurs, one or more impacts. Over here we will define what are the risks associated with a new project, how to define, measure and control those risk. This combine process is called risk management.
For any effective identification of the risk involved in a project, there has to be certain corporate culture: (Young-Hoon Kwak, 2005)
- The managers should support honest and realistic risk assessment, even if they indicate problems with the project.
- The managers should be encouraged to talk openly about the risk involved without any fear of reprurcussions.
- Create an atmosphere where, talking about any kind of risk is allowed.
- Other key factor in risk assessment is collecting realistic and high quality data.
Creating the right kind of atmosphere is only the first step in risk identification (Paul C. Dinsmore et al, 2005)Overall risk identification is a process to identify various potential risks in a project. Ideally a project manager would create a project risk register, where he would include all the identified risk, he would also earmark the nature of each risk, the step in which it may occur, the kind of effect it may have on the project and the solution for it. (Paul C. Dinsmore et al, 2005)This risk register is not static in nature but is dynamic and keeps on changing with each new step in the project. Risk identification is continuous process, new risks may come to light as the project progresses and previously-identified risks may drop out. Another key to risk identification is involving the right kind of people in risk identification process. Some of the key person that should be involved in all the risk identification process are risk management team, project team (they should be involved in the process so that the project team can develop a sense of ownership of responsibilities for the risks involved) members, project manager, experts both from the project and from outside the project team, customers, end users, other project managers, stakeholders(Stakeholders outside the project team may provide additional objective information), and risk management experts.(Dennis Lock, 2007) While these personnel are often key participants for risk identification, all project personnel should be encouraged to identify risks. The potential risk can be identified using:
- A risk break down structure, over here various risk are identified according to the stages of project cycle.
- Managers own knowledge of the previous projects and by cross referencing similar projects done by others.
- Consulting experts from the same field.
After proper identification of the risk, the next important step would be to determine the cause of the risk involved its impact on the project objective. The project risk register should ideally contain the identified risk followed by cause of the risk, the condition under which it may occur, the impact it may have on the project and finally the solution for it. Also it is important to note here that all type of risk should be identified, even the risk that can’t be tackled with like risk of project delay due to weather conditions. Some of the risks that may occur are:
This type of risk arise due to design of the project, some of the design risk are design incomplete, Inaccurate assumptions on technical issues in planning stage, surveys incomplete, hazardous waste site analysis incomplete, unforeseen design exceptions, Incomplete quantity estimates etc.
This type of risk generally arise due to factors which are not directly related to the project, some example are landowners unwilling to sell land, local communities pose objections, threat of lawsuits, stakeholders request late changes, political factors or support for project changes etc.
Risk arising due to environmental factors like environmental analysis incomplete, environmental clearance for staging or borrow sites required, historic site, endangered species, riparian areas, wetlands and/or public park present etc
The risk arising due to company’s policies and structure, like inexperienced staff assigned, internal “red tape” causes delay getting approvals, decisions, priorities change on existing program, funding changes for fiscal year, Overlapping of one or more project limits, scope of work or schedule etc.
Project Management Risks
Risk inherent to the project due to poor management like project purpose and need is not well-defined, project scope definition is incomplete, no control over staff priorities, unresolved project conflicts not escalated in a timely manner etc.
Risk in projects where construction is involved like: inaccurate contract time estimates, change requests due to differing site conditions, temporary construction easements expire, dewatering is required due to change in water table etc.
Engineering Services Risks
These are risk involved in projects where engineering work is done, like: hazardous materials in existing structure or surrounding soil; lead paint, contaminated soil, asbestos pipe, asbestos bearings and shims, Special railroad requirements are necessary including an extensive geotechnical report for temporary shoring system adjacent to tracks etc.
Risk due to unforeseen financial problems like Capital budgeting problem, price rise of raw materials, delay in funding, currency fluctuations, interest rate fluctuations etc.
Risk can be measured either qualitatively or quantitatively. The measuring technique depends on the nature of the project and risk involved.
Qualitative risk analysis assesses the risks using the probability of occurring of the risk, the corresponding impact on project objectives if the risks do occur, as well as other factors such as the time frame and risk tolerance of the project constraints of cost, schedule, scope, and quality. (Lewis R. Ireland, 2006). Sometimes experts or functional units assess the risks in their respective fields and share these assessments with the team. Across the same project the definitions that will be used for levels of probability and impact should be the same. The organization’s management, project customer or sponsor has an important role in the Qualitative Risk Analysis process. (David I. Cleland, 2006)
- The project sponsor defines for the risk analysis lead and team the levels of impact on time, cost, scope and quality that would qualify a risk as having a very low, low, moderate, high or very high impact on each objective.
- The project sponsor determines the combinations of probability and impact that make a risk low, moderate and high priority for each objective in light of the definitions just mentioned.
Once the definitions are in place, team members assess the identified risks’ probability and impact and then put them into high, moderate, and low risk categories for each project objective (time, cost, scope, quality). They rank risks by degrees of probability and impact, using the definitions in place, and include their assessment rationale.(Lewis R. Ireland, 2006). Team members revisit qualitative risk analysis during the project’s lifecycle. When the team repeats qualitative analysis for individual risks, trends may emerge in the results. These trends can indicate the need for more or less risk management action on particular risks, or whether a risk mitigation plan is working.
Qualitative measurement of risk involves numerically estimating the probability that a project would meets its financial and time objective. Qualitative analysis involves evaluation of all the quantifiable risk and in most cases these risks identified are analyzed simultaneously to determine its affect on the project. The result is a probability distribution of the project’s cost and completion date based on the identified risks in the project. Quantitative risk analysis in general involves statistical technique called Monte Carlo simulation. (Morgen Witzel, 2003). Quantitative risk analysis starts with the model of the project, either its project schedule or its cost estimate depending on the objective. The degree of uncertainty in each schedule activity and each line-item cost element is represented by a probability distribution. The probability distribution is usually specified by determining the optimistic, the most likely and the pessimistic values for the activity or cost element – this is typically called the “3-point estimate.” (Joseph Phillips, 2003) The three points are estimated during an interview with subject matter experts who usually focus on the schedule or cost elements one at a time. The risks that lead to the three points are recorded for the quantitative risk analysis report and for risk response planning. For each activity or cost element a probability distribution type is chosen that best represents the risks discussed in the interview. Typical distributions usually include the triangular, beta, normal and uniform.(Lewis R. Ireland, 2006) A specialized Monte Carlo simulation software program runs (iterates) the project schedule or cost estimate many times, drawing duration or cost values for each iteration at random from the probability distribution derived from the 3-point estimates and probability distribution types selected for each element. The Monte Carlo software develops from the results of the simulation a probability distribution of possible completion dates and project costs. From this distribution it is possible to answer such questions as: (Martin Stevens, 2002)
- How likely is the current plan to come in on schedule or on budget?
- How much contingency reserve of time or money is needed to provide the agency with a sufficient degree of certainty?
- Using sensitivity analysis, which activities or line-item cost elements contribute the most to the possibility of overrunning schedule or cost targets?
Risk Response Planning
Risk Response Planning is the process of developing options, and determining actions to enhance opportunities and reduce threats to the project’s objectives. It focuses on the high-risk items evaluated in the qualitative and/or quantitative risk analysis.(Jennifer, 2005) In Risk Response Planning parties are identified and assigned to take responsibility for each risk response. The project manager identifies which strategy is best for each risk, and then design specific actions to implement that strategy. Some of the strategies are: (Winston W. Royce, 1970)
- Risk Avoidance: In the process of risk avoidance the project is changed so as to avoid the risk all together. In this kind of case the managers feel that it is a better option to change the project than to deal with the risk.
- Risk Transfer: Risk transference requires shifting the impact of the risk, along with ownership of the response, to a third party. An example would be the team transfers the financial impact of risk by contracting out some aspect of the work or taking out insurance in anticipation of a risk.
- Risk Mitigation: Risk mitigation is a process of reduction in the probability and/or impact of an adverse risk event to an acceptable threshold. Taking early action to reduce the probability and/or impact of a risk is often more effective than trying to repair the damage after the risk has occurred.
- Exploit: This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the opportunity definitely happen. Examples include securing talented resources that may become available for the project.
- Share. Allocating ownership to a third party who is best able to capture the opportunity for the benefit of the project.
- Acceptance. A strategy that is adopted because it is either not possible to eliminate that risk from a project or the cost in time or money of the response is not warranted by the importance of the risk.
Monitoring and Control of Risk
Risk monitoring and control keeps track of the identified risks, residual risks, and new risks. It also monitors the execution of planned strategies on the identified risks and evaluates their effectiveness. Risk monitoring and control continues for the life of the project.(Roland Gareis, 2006) The list of project risks changes as the project matures, new risks develop, or anticipated risks disappear. Periodic project risk reviews repeat the process of identification, analysis, and response planning. Risk ratings and prioritization commonly change during the project lifecycle.
If an unanticipated risk emerges, or a risk’s impact is greater than expected, the planned response may not be adequate. Risk control involves: (Bjarne Kousholt, 2007)
- Choosing alternative response strategies
- Implementing a contingency plan
- Taking corrective actions
- Re-planning the project, as applicable
The individual or a group assigned to each risk (risk owner) reports periodically to the project manager and the risk team leader on the status of the risk and the effectiveness of the response plan. The risk owner also reports on any unanticipated effects, and any mid-course correction that the manager must consider in order to mitigate the risk.
- Paul C. Dinsmore et al (2005) The right projects done right! John Wiley and Sons, 2005. ISBN 0787971138. p.35 and further.
- Lewis R. Ireland (2006) Project Management. McGraw-Hill Professional, 2006. ISBN 007147160X. p.110.
- Joseph Phillips (2003). PMP Project Management Professional Study Guide. McGraw-Hill Professional, 2003. ISBN 0072230622 p.354.
- Dennis Lock (2007) Project management (9e ed.) Gower Publishing, Ltd., 2007. ISBN 0566087723
- Young-Hoon Kwak (2005). “A brief history of Project Management”. In: The story of managing projects. Elias G. Carayannis et al. (9 eds), Greenwood Publishing Group, 2005. ISBN 1567205062
- Roland Gareis (2006). Global project management handbook. “Chapter 1: “The evolution of project management”. McGraw-Hill Professional, 2006. ISBN 0071460454
- Martin Stevens (2002). Project Management Pathways. Association for Project Management. APM Publishing Limited, 2002 ISBN 190349401X p.xxii
- Morgen Witzel (2003). Fifty key figures in management. Routledge, 2003. ISBN 0415369770. p. 96-101.
- David I. Cleland (2006). Global project management handbook. McGraw-Hill Professional, 2006. ISBN 0071460454. p.1-4 states: “It was in the 1950s when project management was formally recognized as a distinct contribution arising from the management discipline.”
- 10. Booz Allen Hamilton – History of Booz Allen 1950s
- Bjarne Kousholt (2007). Project Management -. Theory and practice.. Nyt Teknisk Forlag. ISBN 8757126038. p.59.
- F. L. Harrison, Dennis Lock (2004). Advanced project management: a structured approach. Gower Publishing, Ltd., 2004. ISBN 0566078228. p.34.
- Winston W. Royce (1970). “Managing the Development of Large Software Systems” in: In: Technical Papers of Western Electronic Show and Convention (WesCon) August 25-28, 1970, Los Angeles, USA.
- Jennifer (2005). Applied Software Project Management. O’Reilly Media. ISBN 978-0-596-00948-9. http://www.stellman-greene.com/aspm/.
Cite This Work
To export a reference to this article please select a referencing stye below: