The term risk management is applied in a number of diverse disciplines. People in the fields of statistics, economics, psychology, social sciences, biology, engineering, toxicology, systems analysis, operations research, and decision theory, to name a few, have been addressing the field of risk management. Kloman summarized the meaning of risk management in the context of a number of different disciplines in an article for Risk Analysis : "What is risk management? To many social analysts, politicians, and academics it is the management of environmental and nuclear risks, those technology-generated macro-risks that appear to threaten our existence. To bankers and financial officers it is the sophisticated use of such techniques as currency hedging and interest rate swaps. To insurance buyers and sellers it is coordination of insurable risks and the reduction of insurance costs. To hospital administrators it may mean quality assurance. To safety professionals it is reducing accidents and injuries." The degree of risk management can vary from project to project, depending on factors such as size, type of project, who the customer is, location of project, corporate culture, etc. Risk analysis is particularly important when the Overall stakes are high and a great deal of uncertainly exists for the project at hand. In this scenario after using a collaborative process for risk identification, analysis, and response the risk management team must clearly inform the stakeholders about the incoming threats on the projects as that will give the organizations time to initiate effective counter measures to control the situation.
Project performance success is based on cross-functional contributions and in such a situation, one of the best way to perform risk identification is collectively and not as individuals. It is important to assign the right people to a project and allocate enough time and resources to clearly define the purpose of the exercise. If people are new to the project, it is important for them to become part of the collaborative process and work together as a team as that will drastically improve the efficiency of the group and their ability to solve the issues at hand. Once the core group for the project has been finalised, project managers need to leverage off the learnings from past projects to inform and educate the team on the likely opportunities and threats for the project at hand. This exercise will provide a good starting ground for the team and will help them generate a list of risk events and issues for the project in question. By coming out with possible risk scenarios at an early stage, teams will find it easier to quantify the risk situations and develop better strategies to mitigate the possible risk factors.
Once a list of risks and issues has been identified, project managers can go ahead with a classification process that will ultimately determine the ideal course of action. While undertaking this process, it is important to remember that risk should never be classified by functional area i.e. engineering risks, manufacturing risks, etc as that could possibly lead to finger pointing and conflict within the organization. The recommended approach is to classify risk as strategic or operational and then take the appropriate level of intervention that is required to rectify the same. A strategic risk concern is one that effects the project selection or the ability of the project to meet the business objectives such as profitability or customer satisfaction while operational risk concerns are those that affect delivery time and associated costs. Another option for effective risk management is to consider using an external person to review the project risks and issues. By following this approach, the team that owns responsibility for project performance gets an unbiased external perspective that could dramatically improve the success chances of the project. The use of an external resource also ensures that factors such as low customer commitments, schedule, urgency, requirement stability, performing organizations capacity and technical maturity are benchmarked against industry realities and experiences. From opportunity perception one must also examine elements like strategic direction, growth potential, new markets, resource utilization, fit with the needs or value added. Once these factors have been considered, it is important to make an overall assessment of each risk event, which can be done by multiplying the probability value by impact value to arrive at an expected value. After this has been completed, the project manager has to prioritise the classified risks and issues while maintaining a balance with stakeholder risk tolerance capacity.
After the risk identification process, comes the response development stage where measures to reduce the threat to the intended project or product outcomes are determined. As part of this process the team takes the prioritised list and begins response planning for the high impact top of the list risks. Internationally, in a project situation, the following four generic risk strategies are considered.
1. Risk avoidance: How could we avoid the risk event? Is the threat associated with the risk event so significant as to justify canceling the project?
2. Risk mitigation: How could we reduce the probability of risk event happening? How could we reduce the impact (project success criteria) of the risk event?
3. Risk transfer: Could another organisation better handle the risk? How best we could contract out the risky work or the risk event?
4. Risk acceptance: If we have to accept the risk, what contingency strategies are available to us?
It is important to remember that while integrating risk response into project programme strategy, stockholders priorities are kept in mind. Some of the questions that need to be answered include- How much buffer should be allocated to each project element (Time, scope and cost)? In most cases it has been found that stakeholders can tolerate reduced product performance but cannot tolerate delays. Therefore the action plan must identify and quantifies the amount of buffer/ management reserve available for use by the project manager.
Some of the typical risks involved with project life cycle phases are:
Project approval phase
- Poor definition of problem
· No feasibility study
- Unclear objectives
Pre & detailed planning phase
· No risk management plan
· Poor specification
· Inexperienced team
· No management support
- Hasty planning
· Material availability
· Unskilled labour
· Labor strikes
· Scope changes
· Schedule changes
- Regulatory requirements
· Poor quality
· In-built changes
· Cash flow problems
- Unacceptability by customer
Risk response executive & control
In the execution stage of the project, the project manager needs to ensure that the team is following the identified procedures and recommendations that were specified in the initial phase. As mentioned, the team should have a prioritised list of risks and issues that will provide a roadmap on how to manage risk (if it occurs).
Lessons learned should be documented, so those future project managers can learn from past experiences. Many organisations develop a risk management plan that identifies the basic approach to handle risk but loose focus of the same while the project is being rolled out. It is important to keep in mind that risks may take a long time to mature into real life problems and attention must therefore be paid at all time to stay on top of possible situations and ensure that projects are completed on time every time as per specifications.