OROMIA STATE

UNIVERSITY

MA IN PROJECT MANAGEMENT
PROJECT RISK MANAGEMENT
1
PROJECT RISK
MANAGEMENT
Muluneh H. (PhD)
[email protected]
Oromia State University

2
 LEARNING OBJECTIVES

• UNDERSTAND RISK AND THE IMPORTANCE OF GOOD PROJECT RISK

MANAGEMENT
• LIST COMMON SOURCES OF RISKS ON PROJECTS
• DESCRIBE THE PROCESS OF IDENTIFYING RISKS AND CREATE A RISK
REGISTER
• DISCUSS QUALITATIVE RISK ANALYSIS AND EXPLAIN HOW TO
CALCULATE RISK FACTORS, CREATE PROBABILITY/IMPACT
MATRIXES, AND APPLY THE RISK ITEM TRACKING TECHNIQUE TO
RANK RISKS
3
• DISCUSS HOW TO CONTROL RISKS
 THE IMPORTANCE OF PROJECT RISK
MANAGEMENT

• PROJECT RISK MANAGEMENT IS THE ART AND SCIENCE OF

IDENTIFYING, ANALYZING, AND RESPONDING TO RISK
THROUGHOUT THE LIFE OF A PROJECT AND IN THE BEST
INTERESTS OF MEETING PROJECT OBJECTIVES

• RISK MANAGEMENT IS OFTEN OVERLOOKED IN PROJECTS, BUT IT

CAN HELP IMPROVE PROJECT SUCCESS BY HELPING SELECT
GOOD PROJECTS, DETERMINING PROJECT SCOPE, AND
DEVELOPING REALISTIC ESTIMATES

4
 PROJECT MANAGEMENT MATURITY BY
INDUSTRY GROUP AND KNOWLEDGE AREA*
KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING

Engineering/ Telecommunications Information Hi-Tech

Knowledge Area Construction Systems Manufacturing

Scope 3.52 3.45 3.25 3.37

Time 3.55 3.41 3.03 3.50
Cost 3.74 3.22 3.20 3.97
Quality 2.91 3.22 2.88 3.26
Human Resources 3.18 3.20 2.93 3.18

Communications 3.53 3.53 3.21 3.48

Risk 2.93 2.87 2.75 2.76
Procurement 3.33 3.01 2.91 3.33

*Ibbs, C. William and Young Hoon Kwak. “Assessing Project Management Maturity,”
Project Management Journal (March 2000).
5
BENEFITS FROM SOFTWARE RISK
MANAGEMENT PRACTICES*

*Source: Kulik and Weber, KLCI Research Group

 GLOBAL ISSUES
• MANY PEOPLE AROUND THE WORLD SUFFERED FROM
FINANCIAL LOSSES AS VARIOUS FINANCIAL MARKETS
DROPPED
• ACCORDING TO A GLOBAL SURVEY OF 316 FINANCIAL
SERVICES EXECUTIVES, OVER 70 PERCENT OF
RESPONDENTS BELIEVED THAT THE LOSSES STEMMING
FROM THE CREDIT CRISIS WERE LARGELY DUE TO
FAILURES TO ADDRESS RISK MANAGEMENT ISSUES
• THEY IDENTIFIED SEVERAL CHALLENGES IN
IMPLEMENTING RISK MANAGEMENT 7
 CHAPTER I

THE NATURE OF RISK AND RISK

MANAGEMENT

1.1 Definition of Risk

• The Guide to the Project Management Body of Knowledge (PMI, 2000)
states that a project risk is:
“an uncertain event or condition that, if it occurs, has a positive or
negative effect on a project outcome"
8
 RISK

• A GENERAL DEFINITION OF PROJECT RISK IS AN

UNCERTAINTY THAT CAN HAVE A NEGATIVE OR POSITIVE
EFFECT ON MEETING PROJECT OBJECTIVES.
• NEGATIVE RISK INVOLVES UNDERSTANDING POTENTIAL
PROBLEMS THAT MIGHT OCCUR IN THE PROJECT AND HOW
THEY MIGHT DELAY PROJECT SUCCESS
• POSITIVE RISKS ARE RISKS THAT RESULT IN GOOD THINGS
HAPPENING; SOMETIMES CALLED OPPORTUNITIES

9
10
11
Project risks are characterized by the fact that:
• they are usually at least partially unknown
• they change with time
• they are manageable, in the sense that action may be taken to change their
impact
• they exist only in the future tense – there are no past risks, only actual
occurrences
• they exist in all project

12
13
 1.2. Certainty, Risk, and Uncertainty

“Uncertainty is an uncomfortable position. But certainty is an absurd

one.” — Voltaire

• What does uncertainty is an uncomfortable position but certainty is an

absurd one mean?
• Voltaire's statement "Doubt is not a pleasant condition, but certainty is
absurd” highlights the idea that certainty can be problematic, while
doubt can be a useful tool for understanding and learning.

14
 1.2. Certainty, Risk, and …
• Uncertainty is a lack of complete certainty.
• In uncertainty, the outcome of any event is entirely unknown, and it cannot
be measured or guessed; you don’t have any background information on the
event.
• Uncertainty is not an unknown risk.
• In uncertainty, you completely lack the background information of an
event, even though it has been identified.
• In the case of unknown risk, although you have the background
information, you missed it during the identify risks process
15
• At first sight the terms ‘uncertainty’ and ‘risk’ seem similar.
• But how similar?
• Are they mere synonyms, able to be interchanged without confusion or
loss of meaning?
• Or is there any real and useful distinction between the two?
‘uncertainty’ and ‘risk’ without resorting to a dictionary.
• Knight (1921) addressed this in the field of economics, separating insurable
risk from true uncertainty.
• His approach drew on basic mathematical theory, that ‘risk’ arises from
randomness with knowable probabilities, whereas
• ‘uncertainty’ reflects randomness with unknowable probabilities
16
• Decision-theorists take a similar approach,
• separating ‘decisions under risk’ where the probabilities of different
outcomes are known (or at least knowable) from
• ‘decisions under uncertainty’ where probabilities are unknown (and
maybe unknowable).

• Some philosophers suggest that as a result ‘uncertainty’ belongs to the

subjective realm of belief, while
• ‘risk’ has an objective component based in fact or truth.

17
 It appears that ‘uncertainty’ is a generic term, while ‘risk’ seems to be more specific.
Dictionary and thesaurus definitions of uncertainty and risk
TERM UNCERTAINTY RISK
Dictionary Lacking certainty; not able to be Possibility of incurring misfortune or loss;
(Collins, accurately known or predicted; not hazard; involving danger, perilous.
1979) precisely determined, established or
decided; liable to variation; changeable.

Thesaurus Ambiguity, ambivalence, anxiety, Accident, brinksmanship, contingency,

(Roget, changeableness, concern, confusion, danger, exposure, fortuity, fortune,
2008) conjecture, contingency, dilemma, gamble, hazard, jeopardy, liability, luck,
disquiet, distrust, doubtfulness, openness, opportunity, peril, possibility,
guesswork, hesitancy, hesitation, prospect, speculation, uncertainty,
incertitude, inconclusiveness, indecision, venture, wager.
irresolution, misgiving, mistrust,
mystification, oscillation, perplexity,
9
qualm, quandary, query, reserve,
scruple, scepticism, suspicion, trouble
uneasiness, unpredictability, vagueness.
 1.3 Peril and Hazard

• The words "peril' and "hazard" may seem virtually synonymous but they mean very
different things in the insurance industry.
• Peril is something that can cause a financial loss, while hazard is any condition
or circumstance that increases the probability of a peril. or
• Hazards merely increase the likelihood of a loss, while perils are the specific
event that causes a loss
• A peril is a potential event or factor that can cause a loss, such as the possibility of a
fire that could engulf a house.
• A hazard is a factor or activity that may cause or exacerbate a loss, such as a can of
gasoline left outside the house door or a failure to regularly have the brakes of a car
checked.
19
Same types of Perils:
• Natural perils are those over which people have little control, such as
hurricanes, volcanoes, and lightning.
• Human perils, would include causes of loss that lie within individuals’
control, including suicide, terrorism, war, theft, defective products,
environmental contamination, terrorism, destruction of complex infrastructure,
and electronic security breaches.
• Economic perils: Though some would include losses caused by the state of the
economy as human perils, many professionals separate these into a third category
labeled economic perils. Professionals also consider employee strikes, arson for
profit, and similar situations to be economic perils.

20
Same type of hazards
• Physical Hazards: is tangible environmental conditions that affect the frequency and/or
severity of loss.
• Examples include slippery roads, which often increase the number of auto accidents;
poorly lit stairwells, which add to the likelihood of slips and falls; and old wiring, which
may increase the likelihood of a fire.
• Physical hazard: actions, behaviors or physical conditions that increase the possibility of a
peril.
• For example, smoking is considered to be a physical hazard that increases the likelihood of
a fire or illness

21
Same type of hazards
• Moral hazard: hazards that occur due to immoral behavior such as dishonesty and
fraud.
• For example, a business owner may burn down his warehouse to collect the
insurance money or an accident victim may exaggerate his injuries.
• Morale Hazard: hazards that result from circumstances that make people or
institutions adopt a careless or reckless attitude, which increases the possibility an
injury or loss.
• For example, having insurance can make a person less careful about avoiding an injury
or loss.
22
 The areas to consider include:

• Car parks, delivery areas, • Public display areas

pedestrian access • Work-in-progress stages
• Reception and waiting areas • Maintenance and repair
• Activities carried out off-site,
• Storage of supplies and materials
including movement between sites
• Movement of goods from stores to • Storage of waste/scrap materials
first process stage
• Packaging and storage before
• Office and administration areas distribution
13
 1.4. Types and Primary Components of Risk

• Primary components of risk are the probability of the incident and its
impact.
• The probability represents the likelihood of accruing, while the impact is the
loss that will result if the risk materialized

• The formula Risk = Probability x Impact

is:

24
 1.4. Types and Primary Components of Risk
The formula is:
Risk = Probability x Impact

• For example, if the likelihood of underestimating getting fire during manufacturing is

30%, and the cost will be 12,000 ETB (i.e. there is a 30% chance of incurring a 12,000
ETB lost), you could assign a risk value of 3600 ETB.

• But what exactly does this number represent?

• It means that if you entered a contingency of 3600 into the project, it will cover the
risk of getting fire during manufacturing if you had many, identical
projects. 25
• Risk can be classified into two main categories: systematic and
unsystematic.
• Systematic risk is the market uncertainty of an investment that affects all
or many companies in an industry or group,
• Unsystematic risk represents asset-specific uncertainties that can affect
the performance of an investment.

26
Risk can be classified into:
• Political/Regulatory Risk – The impact of political decisions and
changes in regulation
• Financial Risk – The capital structure of a company (degree of
financial leverage or debt burden)
• Interest Rate Risk – The impact of changing interest rates
• Country Risk – Uncertainties that are specific to a country

27
• Social Risk – The impact of changes in social norms, movements, and
unrest
• Environmental Risk – Uncertainty about environmental liabilities
or the impact of changes in the environment
• Operational Risk – Uncertainty about a company’s operations,
including its supply chain and the delivery of its products or
services
• Management Risk – The impact that the decisions of a management
team have on a company
• Legal Risk – Uncertainty related to lawsuits or the freedom to
operate
• Competition – The degree of competition in an industry and the
impact choices of competitors will have on a company 28
Types of Project Risks
• At the project level, risks can come from technical, external,
organizational, and project management.
• Within those four types are several more specific examples of risk

29
30
Project Risk Categories: PMBOK
• The Project Management Body of Knowledge (PMBOK) sorts project risk into three
categories: operational risks, short-term strategic risks, and long-term strategic risks.
• We’ve summarized their explanations of these risk categories below:
• Operational Risks: Operational risks are those that relate to the results of the project.
Operational risks are more present in the later stages of a project.
• Usually, they involve the products or deliverables produced, or the inability to produce
them.
• Short-Term Strategic Risks: are those that affect project owners during the project’s
lifetime and in its immediate aftermath.
• They might also affect the people using the project’s results.
• Long-Term Strategic Risks: Long-term strategic risks are those that relate to the
project’s goals and objectives, as well as the problems it is trying to solve.
• Long-term risks may affect users who are far removed from the project’s processes.
31
 1.5.Burden of Risk on Society

• The presence of risk entails three major burdens on society:

• The size of an emergency fund must be increased,
• Society may be deprived of certain goods and services, and
• Worry and fear are present
• For example, a graduating student whose father has taken a loan to pay
his school fees may be gripped with a feeling of worry and fear if he is
having difficulty in securing employment and set his father free of the
shackles of creditors.
32
Larger Emergency Fund
• It is prudent to set aside funds for an emergency.
• However, in the absence of insurance, individuals and business firms would have to increase
the size of their emergency fund to pay for unexpected losses.
• In any event, the higher the amount that must be saved, the more current consumption
spending must be reduced, which results in a lower standard of living.

Loss of Certain Goods and Services

• Another burden of risk is that society is deprived of certain goods and services.
• Because of the risk of a liability lawsuit, many corporations have discontinued manufacturing
certain products.
• Other firms have discontinued the manufacture of certain products, including asbestos
products, football helmets, and certain birth-control devices because of fear of legal liability.

33
Worry and Fear

• A final burden of risk is that worry and fear are present.

• Numerous examples can illustrate the mental unrest and fear caused by risk
• For example, some passengers in a commercial jet may become extremely nervous and
fearful if the jet encounters severe turbulence during the flight.

34
 1.6. Definition of Risk Management

• Risk has been differently defined by various types of disciplines.

• Dr. Brian A. Burt in his research shortly defines risk as
the probability than an event will occur (Burt, 2001).
• However, this definition ignores the probability that non-occurrence of an event
may also contain risk,
• But a more comprehensive definition of risk would be that risk is a potential of
losing or gaining something of value as a result of an action or inaction
expectedly or unexpectedly (Wekipedia, 2013).
35
 1.6. Definition of …

• This definition encompasses both the positive as well as the negative sides of risk.
• On the other hand, risk management is the process for identifying, analyzing, and
communicating risk and accepting, avoiding, transferring, or controlling it to an
acceptable level considering associated costs and benefits of any actions taken (Beers,
2011).

36
According to the Institute of Risk Management:

• “Risk management involves understanding, analysing and addressing risk to make

sure organizations achieve their objectives.
• So it must be proportionate to the complexity and type of organization involved.
• Enterprise risk management (ERM) is an integrated and joined up approach to
managing risk across an organization and its extended networks.”
• Because risk is inherent in everything we do, the type of roles undertaken by risk
professionals are incredibly diverse.
• They include roles in insurance, business continuity, health and safety, corporate
governance, engineering, planning and financial services.

37
 1.7. Principles of Risk Management
• The ten elements of operation that represent the main risk areas to the
success of a business are considered to be:
• 1. Premises – where the firm is located, type of premises available for use,
amenities, distribution routes, access for customers
• 2. Product – industry sector, features of product or service offered, life cycle and
fashion trends, materials used in production, green issues, quality
• 3. Purchasing – access to supplies, storage and warehouse facilities, stock control,
payment terms, cost
• 4. People – the workers in the organization, skills, training needs,
motivation and commitment, incentive packages available, employment
contracts 38
• 5. Procedures – production procedures, record keeping and reporting
systems, monitoring and review, use of standards, emergency procedures
• 6. Protection – personal protection of workers and others, property and
vehicle security, insurance cover, information systems, data security
• 7. Processes – production processes, waste and scrap disposal, skills,
technology and new materials
• 8. Performance – targets set, monitoring, measurement tools, consistency,
validity of data
• 9. Planning – access to relevant data, management skills, external factors
and levels of control, short- and long-term planning, investment options
• 10. Policy – range of policies that support the strategic plans of the firm.

39
• Figure below shows how the different elements impact on each other, and
although these 10 principles cover the main elements comprehensively, it is
hardly a nice easy number to remember!
• They have, therefore, been broken down into four distinct groups of:
• 1. Physical properties – premises/product/purchasing supplies
• 2. People elements – people/procedures they follow/protection
• 3. Actions or processes – processes/performance against targets
• 4. Management issues – policy and strategy/planning and organizing

40
41
1.8.Objectives of Risk Management

42
• Projects do not exist in isolation within an organization.
• Properly understood, a project is part of the delivery mechanism for the overall
strategic vision of the organization.
• Defining the desired vision, required change and ultimate business benefits is
the realm of strategy, whereas projects and their deliverables describe the
tactics by which the strategy is achieved.
• Project (and programme) objectives sit between the strategic and tactical levels,
since they are defined in relation to the strategic vision, and they in turn define
the requirement for projects (top arrow in Figure below).

43
• Objectives are also used to measure the value of project deliverables (bottom arrow in
below).
• Many projects fail because of a disconnect between strategic vision and tactical
deliverables, often as a result of poorly defined project objectives.
• This space between the two levels of strategy and tactics requires careful and proactive
management if projects and programmes are to succeed in delivering the required benefits
to the business.
• Yet it is precisely in this area that businesses are most at risk

44
45
• Project objectives provide the link between the overall vision and the
projects which are established to implement that vision (Figure below, top
arrow).
• They also define the acceptance criteria for project deliverables which
provide the capability to realize business benefits (Figure below, bottom
arrow).
• Project objectives are however affected by the uncertain environment
within which projects and business are undertaken, resulting in a level of
risk exposure.

46
• Project risk management exists to address this risk exposure, and should lead
to an acceptable and manageable level of risk in each project.
• This increases the chance of meeting project objectives, which in turn
maximises the likelihood of achieving the required business benefits.
• As a result, there is a clear link between project risk management and business
performance: effective risk management at project level should lead to realised
business benefits, as illustrated in Figure below.
• More commonly a hierarchy of objectives exists within the organisation,
progressively elaborating the vision into more and more detailed objectives,
eventually reaching the project level.

47
48
 1.9. Characteristics of Effective Risk
Management
• Some say that risk management is effective when all the principles in
their favorite guidance are present and functioning.

• ISO talks about its “set of principles that organizations must follow to
achieve effective risk management.”
• The principles are (from a consultant’s site that provides a high-level view
of the standard):

49
 - Creates and protects value;
- Is an integral part of all of the organisation’s processes;
- Forms part of decision making;
- Explicitly expresses uncertainty;
- Is systematic, structured and timely;
- Is based on the best available information;
- Is tailored to the organisation;
- Takes human and cultural factors into account;
- Is transparent and inclusive;
- Is dynamic, iterative and responsive to change; and
- Facilitates continual improvement of the organisation.

50
• Some say that risk management is effective when activities are compliant with the
organization’s related policies and standards.

• But are those policies and standards adequate?

• Some will say that risk management is effective when the board, operating and
executive management believe it adds value and are satisfied that it provides the
information they require.
• I believe that has merit but they may be satisfied with less than mature risk
management (that seems to be the case with many current organizations who are
satisfied with enterprise list management, until they are caught short).

51
• Some will say that risk management is effective when an independent
assessment/audit/examination is performed and the report says so.

• The trouble is that the people who do such audits generally rely on one of the
above criteria (components present, principles in operation, etc.)

52
 1.10. Drivers of risk management–
why manage risk?
• It is undoubtedly true that projects are risky as a result of their
common characteristics, by deliberate design, and because of the external
environment within which they are undertaken.
• It is impossible to imagine a project without risk. Of course some projects
will be high-risk, while others have less risk, but all projects are by
definition risky to some extent.
• The ‘zero-risk project’ is an oxymoron and a logical impossibility – it
does not and cannot exist.
• But the link between risk and reward makes it clear that not only is a
project without risk impossible, it is also undesirable. 53
• Why organizations should have risk management?
• It’s NOT because laws and regulations mandate it in many cases. It’s NOT
because people say you need it.
• It’s because effective risk management provides a level of assurance that an
organization will not only achieve its objectives (or exceed them) but will
set the best objectives.
• Quoting from ERM:
“Enterprise risk management helps an entity get to where it wants to go and
avoid pitfalls and surprises along the way.”
• Effective risk management enables:
“A greater likelihood of achieving business objectives”
“More informed risk-taking and decision-making”
54
• Irish guidance on the ISO 31000:2009 risk management standard says:

“The purpose of managing risk is to increase the likelihood of an

organization achieving its objectives by being in a position to manage
threats and adverse situations and being ready to take advantage of
opportunities that may arise.”

55
• The Australian mining company, BHP Billiton, has a risk management policy signed
by its CEO. It includes:
“Risk is inherent in our business. The identification and management of risk is central
to delivering on the Corporate Objective.
- By understanding and managing risk we provide greater certainty and
confidence for our shareholders, employees, customers and suppliers, and for the
communities in which we operate.
- Successful risk management can be a source of competitive advantage.
- Risk Management will be embedded into our critical business activities, functions
and processes. Risk understanding and our tolerance for risk will be key
considerations in our decision making.

56
• As stated previously that risk is involved in all walks of life and imposes different types
of
threats to every aspect of human life.
• Therefore, we study risk management to be able to identify, assess, prioritize,
analyze, measure, mitigate risks, as well as evaluating and revising our approaches to
risk management.
• Dr. George L. Head in his book (Risk Management Why and How) describes that we
have to study risk management for three main purposes;
• (1) safeguarding the resources,
• (2) preparing for opportunities
• (3) and limiting uncertainty (Head, 2009).
57
• Risk management is applicable in every dimension of human existence. Thus,
we have to study risk management because:
• Risk Management is critical for human survival: Throughout human history it
can be observed that risk and survival accompanied each other. Therefore, the art
of managing risks is not only vital to other areas, but also to human survival as
well.
• Risk is an Integral Part of an Organization: It is obvious that organizations
face various types of internal and external risks which affect the organization in
many ways. Therefore, risk management is required to help the organization stay
on track and avoid losses.

58
Business Establishment & Growth Depends on Risk Management:
• Business is a risk and without risk business is not possible.
• Therefore, we study risk manage to be able to do business or manage businesses
of other people.

Risk Management Plays a Pivotal Role in Project Management:

• Risk management is very important to a great deal of projects, because a
number of essential information about project cost, performance, schedule and
etc. are most of the time uncertain.
• Therefore, potential risks will be involved in the project implementation, but
in order to implement projects effectively and efficiently then, risk
management becomes a must.
59
 1.11. Techniques for Managing Risk

• First obligation of corporate managers is maximization of owner’s wealth

but at the same time insuring them from unwanted risks.
• There are five different techniques you can use to manage risk:
• Avoiding Risk,
• Retaining Risk,
• Spreading Risk,
• Preventing and
• Reducing Loss, and
• Transferring Risk.
60
Avoidance:
• Many times it is not possible to completely avoid risk but the possibility should not
be overlooked.
• For example, some buildings on campus have had repeated water problems in
some areas.
• By not allowing storage of records or supplies in those areas, some water damage
claims may be avoided.

Retention:
• At times, based on the likely frequency and severity of the risks presented,
retaining the risk or a portion of the risk may be cost-effective even though other
methods of handling the risk are available.
• For example, the University retains the risk of loss to fences, signs, gates and light
poles because of the difficulty of enumerating and evaluating all of these types of
structures
• When losses occur, the cost of repairs is absorbed by the campus maintenance
budget, except for those situations involving the negligence of a third party.
61
Spreading:
• It is possible to spread the risk of loss to property and persons. Duplication
of records and documents and then storing the duplicate copies in a
different location is an example of spreading risk.

Loss Prevention and Reduction:

• When risk cannot be avoided, the effect of loss can often be minimized in
terms of frequency and severity.
• For example, Risk Management encourages the use of security devices on
certain audio visual equipment to reduce the risk of theft.
62
Transfer:
• In some cases risk can be transferred to others, usually by contract.
• When outside organizations use University facilities for public events, they
must provide evidence of insurance and name the University as an
additional insured under their policy, thereby transferring the risk of the
event from the University to the facility user.
• The purchase of insurance is also referred to as a risk transfer since the
policy actually shifts the financial risk of loss, contractually, from the insured
entity to the insurance company

63
WHAT ARE THE ESSENTIAL TOOLS OF RISK MANAGEMENT?

• Identify the tasks associated with the program or activity.

• Identify the hazards associated with each task.
• Evaluate and select risk management techniques.
• Assess the risks associated with the program or activity with the selected
risk controls or transfers in place.
• Determine whether to modify or proceed with the program or activity based
on the risk assessment.
• Implement the selected risk management techniques and monitor the
results.
• "Frequency" and "severity "are used to measure the risk remaining after
64
appropriate risk management techniques have been implemented
 1.12. Benefits of Risk Management

• Risk management is a significant expense for any company.

• There are several skilled professionals that need to be recruited and
maintain in order to ensure that the risks inherent in the business are being
mitigated efficiently.
• The expense can be significant.
• This expense is often a deterrent for smaller firms to not implement risk
management.
• However, the larger firms understand that the value created by risk
management activities far outweighs the costs
65
 1.12. Benefits of Risk …

Forecasts Probable Issues:

• One of the benefits of risk management is that it changes the culture of a business
organization.
• Companies that extensively use risk management have fewer business
disruptions as such issues are foreseen and taken care of at an early stage.
• The proactive approach is very helpful since it helps companies to identify failed
projects at an early stage.

66
• Avoiding Catastrophic Events: Risk management prepares the companies
for all kinds of shocks. Risk managers try to foresee the small shocks which
affect the day-to-day business of any firm. However, they also try to focus
on catastrophic events. Such events have a very low probability of
occurring. However, if they do occur, then companies need to be prepared
to deal with them without going bankrupt.

67
• Enables Growth: Risk management sounds like a defensive business
activity. It has a negative connotation and the assumption is that the activity
is performed to avoid losses. When new products have to be launched or
when new markets have to be entered, companies have a ready framework
that can be deployed in order to avoid these risks. Hence, in a way, risk
management ends up enabling companies to take calculated risks and
expedite their growth. Extensive risk management processes mean that
the company has a lot of data. This data can be mined in order to gain
meaningful insights which ultimately leads to better decisions.

68
• Helps to Stay Competitive: Risk management helps companies to minimize their
losses at critical times. These are the times when poorly managed companies
struggle to stay afloat. On the other hand, companies that have risk management
processes in place tend to minimize their loss. Hence, the competitiveness of such
companies stays constant. In fact, it may improve also.
• Business Process Improvement: The day-to-day processes of risk management
force companies to collect more and more information about their processes and
operations. As a result, companies are able to identify the parts of the process
which are inefficient or where there is scope for improvement.
• Enables Better Budgeting: Companies that have risk management processes in
place have better control of their finances as opposed to other companies. This is
because they often have a close look at their financial numbers and try to trim any
waste. The end result is that these companies have a better knowledge of their
processes. As a result, these companies also have a better knowledge of their
budgets.
69
 1.13. Personal Risk Management

• The personal values understanding are essential because they include the beliefs
that the individual has on a subject, a course of action or the desirability of a
future situation. The personal values are responsible for most of the
unconscious choices (NAUMES, et al., 1994)
• Personal risk management (PRM) is the process of applying risk
management principles to the needs of individual consumers and families.
It involves identifying, measuring, and treating personal risk, including insurance,
followed by implementing the treatment plan and monitoring changes over
time.
70
• Personal risk management (PRM) helps individuals and families live
their lives by proactively managing the risks associated with their
lifestyle.
• It includes defining objectives, lifestyle risk analysis, identifying and
selecting risk management techniques such as insurance policies,
implementing the chosen risk management techniques, and monitoring the
risk management program to ensure it continues to meet the identified
goals and objectives.
71
• A personal risk management plan helps individuals and families “live their lives”
by proactively managing the risks associated with their lifestyle. Risk must be
carefully identified and the solutions used to cover those risks will vary from the
placement of insurance policies to the execution of risk mitigation techniques,
such as catastrophe preparedness plans, low temperature monitoring and water
shut-off valves
• Lifestyle Risk Analysis
One of the most important steps is to systematically identify risks and analyze loss
exposures by evaluating an individual’s lifestyle. This can be effectively conducted
by assessing the following four categories: people, places, things and structure.
72
People:
• Who are the people in their lives that impact their loss exposure or have information to assist in the diagnosis?
• These people can include: spouses / partners, children, parents, employees, tenants, financial planners, attorneys
Places:
• What places do they own and where do they like to go? What do they have at those residences? (cars, boats, horses,
etc.)
• Where do they like to travel? (domestic and/or international)
• How do they get there? (commercial or private plane/boat; owned, rented )
Things
• What types of “things” do they like to do? What are their passions and hobbies?
• Are they collectors? (art, cars, antiques, etc.)
• Recreational activities – boating, skiing, hunting, etc.
• Do family members actively engage in social media?

73
• Structure
What is the ownership structure of the identified assets? Are
assets individually owned jointly or in the name of a trust?
Ownership structures can change over time. It is important to
continually
assess and understand the ownership entity to ensure that all parties
are properly protected by risk management solutions.
• Red Flags
When it comes to high net worth clients, pay close attention to the
typical
red flags that can help identify risk issues.

74
Personal qualities for project risk management
• Listening: A project manager needs to be able to listen effectively when it comes to managing risk.
• Team work: Work together to come up with a solution to mitigate your project risks.
• Composure: To be really good at project risk management you should be able to keep your cool.
• Communication: Once you have established the options and your recommendation for dealing with
this risk you can go ahead and talk to people about it.
• Reliability: People need to be able to trust your plans so the more reliable they think you are, the
easier it will be for them to work with you as they’ll believe that you have thought through the
options and are presenting them with the best
• Detail-orientated: Risks are often complicated to understand and their solutions more so. Having the
time and patience to focus on what is being presented and understanding the detail of the solution

75
 1.14. The Changing Scope of Risk Management

• The Changing Scope of Risk Management is a study that examines the

impact of the scope of risk management and ethical environment on
internal audit activities and the quality of accounting control
procedures. The scope of a risk management system is to protect
workers from work-related hazards and eliminate work-related injuries, ill-
health, diseases, accidents, and deaths. It is the duty of an employer to
ensure the health and safety of all persons who may be affected by the
work carried out

76
• Very few projects are ever completed in line with original plans and
budgets. Unforeseen changes are inevitable in project management. But
putting proper change control processes in place can drastically minimize
their impact.
• Poorly managed or uncontrolled changes can harm your project severely,
leading to missed deadlines, budget overruns, and even project failure.
Adding extra work and requiring extra budget and resources may impact
your ability to deliver on target.
77
Defining Your Project:
• Defining a project scope that is specific, clear, and attainable while ensuring any
scope changes are carefully controlled is key to capital project management success
• Project scope management includes the processes required to ensure that the project
includes all the work required – and only the work required – to complete the project
successfully. Failure to define what's part of the project, as well as what's not, may
result in unnecessary work being performed that can negatively impact your schedule
and budget.

78
• Change Control:
• When changes occur, for whatever reason, a tight change control process can help you
keep the project on track. Once the changes are made, there is almost always an
accompanying increase in the budget and/or extension of the schedule.

• Scope changes can come from internal or external sources, but if requests for change are
frequent and numerous, it can be a clear indicator of a poorly-defined project scope and
an inaccurate project baseline

79
• Timing of Scope Changes:
• Everyone knows that the further into the project life cycle or phases, the costlier the
scope changes get. The financial impact of even a small scope change late in the project
can be large because it may involve reversing previous decisions, making completed work
obsolete.
• For this reason, ensuring your project scope is accurate at the outset is always the best
option. If scope changes do occur, try to ensure they come early in the project to
avoid unnecessary budget overrun.

80
• Haunted by Scope Creep?
• Scope creep happens when changes are included in the project scope of work without a proper
change control process in place. Unfortunately, for many project managers, scope creep is still a real
issue. To avoid scope creep and stay on schedule, follow these tips:

• Ensure the scope of work is well defined.

• Verify scope and project execution plan with all stakeholders.
• Set the project baseline at the planning stage and measure performance against it.
• Set up a proper change control process. Ensure that scope, resource requirements, and schedule
impact is assessed and improved before including new activities into the schedule.
• Any change in work should be accompanied by funds in resources and budgets.
81
_The end_

82