DECISION THEORY AND

PROJECT RISK MANAGEMENT

 Chapter One
The concept of Risk
• Many individuals sees risk as a situation involving
exposure to danger.
• In other way risk may be seen as unexpected deviation
from expected objective or goal.
• Risk may mean different in a variety of context but,
‘the probability of an occurrence of unexpected thing is
the common one.’
• In general risk is an event/set of events which will have
an effect an achievement of objective and measured by
a combination of the probability of a perceived threat or
occurring as well as magnitude of its impact on goal.
 Certainty, Risk, and Uncertainty
• In making decisions, alternative events may be categorized
on a continuum ranging from certainty (highly predictable),
through risk (indifferent), to uncertainty (highly
unpredictable).
• Certainty: is a conditions in which objectives are sure and
have accurate, measurable, reliable information about the
outcome of each alternative.
• Risk: Risk occurs whenever we cannot predict an
alternative’s outcome with certainty, but we do have enough
information to predict the probability it will lead to the
desired state.
• Uncertainty: conditions in which little is known about the
alternatives or their outcomes.
• Uncertainty arises from two possible sources.
 First, managers may face external conditions that are partially or
entirely beyond their control
 Second, the manager may not have access to key information
 Peril and Hazard
Peril is defined as the cause of risk/loss.
Perils may be natural or human.
 Natural perils are those over which people have little
control, such as hurricanes, volcanoes, and lightning.
 Human perils, include causes of loss that lie within
individuals’ control, including terrorism, war, theft,
defective products, environmental contamination,
destruction of complex infrastructure, and electronic
security breaches.
We can also divide perils into insurable and non-
insurable perils.
 Cont’d
• A hazard is a condition that creates or increases the
frequency or severity of danger/loss.
• Hazards may increase the probability of losses, their
frequency, their severity, or both.
• Hazard may be:
 Physical Hazard: tangible environmental conditions that
affect the frequency and/or severity of loss.
 Intangible Hazards: attitudes and nonphysical cultural
conditions can affect loss probabilities and severities of loss.
 Morale hazards is an intangible hazard that involves
attitudes of carelessness and lack of concern.
 Moral hazards is an intangible hazard that involves
wrongful behavior or conduct.
 Burden of Risk on Society
• The presence of risk results in certain undesirable
social and economic effects.
• The greatest burden of risk, therefore is loss.
Risk put three major burden on the society:
The creation of adequate contingency
Deprivation of society of needed goods and services
The creation of perpetual state of fear and mental
worry.
 Risk Management
• Risk management is the continuing process to
identify, analyze, evaluate, and treat loss exposures
and monitor risk control and financial resources to
mitigate the adverse effects of loss.
• Loss may result from the following:
 financial risks such as cost of claims and liability
judgments
 operational risks such as labor strikes
 perimeter risks including weather or political change
 strategic risks including management changes or loss
of reputation
 Objectives of Risk Management
• The best risk management programs are proactive
rather than reactive.
Identifies and Evaluates Risk
Reduce and Eliminate Harmful Threats
Supports Efficient use of Resources
Better Communication of Risk within Organization
Reassures Stakeholders
Support Continuity of Organization
 Techniques of Risk Management
• Risk acceptance
• This is a complete acceptance of risk with no action taken to
mitigate it.
• Avoidance
• Avoidance is a method for mitigating risk by not participating in
activities that may incur injury, sickness, or death.
• Reduction
• Taking of actions that minimize the sever of risk.
• Sharing
• Sharing of risk burden with other party on the loss/ benefit
gained from expected risk
• Transferring
• Is the process of shifting the burden of risk to other third party.
 Risk Management process
The Risk Management Process consists of a
series of steps undertaken in sequence and
enable continual improvement in risk related
decision-making.
Step 1. Communicate and consult.
Step 2. Establish the context.
Step 3. Identify the risks.
Step 4. Analyze the risks.
Step 5. Evaluate the risks.
Step 6. Treat the risks.
Step 7. Monitor and review.
 Step 1.Communicate and consult
Communication and consultation aims to identify
who should be involved in assessment of risk
(including identification, analysis and evaluation)
and it should engage those who will be involved in
the treatment, monitoring and review of risk.
communication and consultation will be reflected
in each step of
 Eliciting risk information
 Managing stakeholder perceptions for management of
risk.
 For effective communication and consultation

 Determine at the beginning whether a communication

strategy and/or plan is required or not
 Determine the best method or media for
communication and consultation
 The significance or complexity of the issue can be
used as a guide as to how much communication and
consultation is required:
the more complex and significant to the
organization, the more detailed and comprehensive
the requirement.
 Step 2. Establish the context

 provides a five-step process to assist with establishing the

context within which risk will be identified.
1-Establish the internal context
2-Establish the external context
3-Establish the risk management context
4- Develop risk criteria
5- Define the structure for risk analysis
 Step 3. Identify the risks
• Risk cannot be managed unless it is first identified.
• Once the context of the business has been defined, the
next step is to utilize the information to identify as many
risks as possible.
• The aim of risk identification is to identify possible risks
that may affect, either negatively or positively, the
objectives of the business and the activity under analysis.
• Answering the following questions identifies the risk:
 What will happen
 How it will happen
 Why would it will happen
There are two main ways to identify risk:
1- Identifying retrospective risks
 Retrospective risks are those that have previously
occurred, such as incidents or accidents.
 Retrospective risk identification is often the most
common way to identify risk, and the easiest.
 It’s easier to believe something if it has happened
before.
 It is also easier to quantify its impact and to see the
damage it has caused.
2-Identifying prospective risks
• Prospective risks are often harder to identify.
• These are things that have not yet happened, but
might happen some time in the future.
• Identification should include all risks, whether or not
they are currently being managed.
• The rationale here is to record all significant risks and
monitor or review the effectiveness of their control.
 Step 4. Analyze the risks
During the risk identification step, a business owner
may have identified many risks and it is often not
possible to try to address all those identified.
The risk analysis step will assist in determining which
risks have a greater consequence or impact than others.
Risk analysis involves combining the possible
consequences, or impact, of an event, with the
likelihood of that event occurring.
The result is a ‘level of risk’. That is:
Risk = consequence x likelihood
• Elements of risk analysis
The elements of risk analysis are as follows
1. Identify existing strategies and controls that act to
minimize negative risk and enhance opportunities.
2. Determine the consequences of a negative.
3. Determine the likelihood of a negative
consequence or an opportunity.
4. Estimate the level of risk by combining consequence
and likelihood.
5. Consider and identify any uncertainties in the
estimates.
• Types of risk analysis
 Three categories or types of analysis can be used to
determine level of risk:
 Qualitative
 Quantitative
 Mixed
 In past years the most common type of risk analysis is
the qualitative method.
 The type of analysis chosen will be based upon the area
of risk being analyzed.
 Step 5. Evaluate the risks
• Risk evaluation involves comparing the level of risk found during the
analysis process with previously established risk criteria, and deciding
whether these risks require treatment.
• The result of a risk evaluation is a prioritized list of risks that require
further action.
• This step is about deciding whether risks are acceptable or need
treatment.
• A risk may be accepted for the following reasons:
• The cost of treatment far exceeds the benefit, so that acceptance is the only option
(applies particularly to lower ranked risks)
• The level of the risk is so low that specific treatment is not appropriate with
available resources
• The opportunities presented outweigh the threats to such a degree that the risks
justified
• The risk is such that there is no treatment available, for example the risk that the
business may suffer storm damage.
 Step 6. Treat the risks
• Risk treatment is about considering options for treating risks that
were not considered acceptable or tolerable at Step 5
• Risk treatment involves identifying options for treating or controlling
risk, in order to either reduce or eliminate negative consequences, or
to reduce the likelihood of an adverse occurrence.
• Risk treatment should also aim to enhance positive outcomes.
• Options that may assist in the minimization of negative risk or an
increase in the impact of positive risk.
 Avoid the risk
 Change the likelihood of the occurrence
 Change the consequences
 Share the risk
 Retain the risk
 Step 7. Monitor and review
• Monitor and review is an essential and integral step in the risk
management process.
• A business owner must monitor risks and review the effectiveness of the
treatment plan, strategies and management system that have been set up to
effectively manage risk.
• Risks need to be monitored periodically to ensure changing circumstances
do not alter the risk priorities.
• Very few risks will remain static, therefore the risk management process
needs to be regularly repeated, so that new risks are captured in the
process and effectively managed.
• A risk management plan at a business level should be reviewed at least on
an annual basis.
• An effective way to ensure that this occurs is to combine risk planning or
risk review with annual business planning.
 Classifications of Risk

• Risks may be classified in several ways

according to their cause, their economic effect,
or some other dimension.
• However, there are certain distinctions that are
particularly important for our purpose stated
hereunder.
 Financial Versus Non Financial Risk
• Financial risks are the risks where the outcome of an
event (i.e. event giving birth to a loss) can be measured in
monetary terms.
• The losses can be assessed and a proper money value can
be given to those losses.
 Material damage to property arising out of an event.
 Theft of a property (kind or cash).
 Loss of profit of a business
• The losses can be replaced, reinstated or repaired or even
a corresponding reasonable financial support can be
thought about.
 Cont’d
• Non-Financial risks are the risks in which the outcome
of which cannot be measured in monetary terms.
• There may be a wrong choice or a wrong decision giving
rise to possible discomfort or disliking or embarrassment
but not being capable of valuation in money terms.
 Choice of brand, color.
 Career selection, whether to be a doctor or engineer etc.
 Choice of bride/bridegroom
• Since the outcome cannot be valued in terms of money,
we shall call these non-financial risks as uninsurable.
 Pure Risk and Speculative Risks
• A pure risk exists when there is a chance of loss
and no loss but no chance of gain.
• We cannot think about a gain-gain situation.
Cyclone damage possibility to the factory building,
Fire damage possibility to stock,
Machinery breakdown possibility to Machinery,
Theft possibility to removable items,
Personal accident possibility of factory workers etc.
 Cont’d
• A speculative risk exists when there is a chance of
gains as well as a chance of loss.
• Speculative risk is voluntarily accepted because of
its two dimensional nature, which includes the
possibility of gain and loss.
Expansion of an existing plant involves a chance of
loss and chance of gain.
• In a situation involving a speculative risk, society
may benefit even though the individual is hurt.
 Fundamental Risk versus Particular Risks

• Fundamental risks involve losses that are impersonal

in origin and consequence.
• They are group risks caused by nature or economic,
social, and political phenomena, although they may
also result from physical occurrences.
• They affect large segments or even all of the
population.
• Since these are group risks, impersonal in origin and
effect they are at least for the individual
unpreventable.
 Cont’d
• Particular risks are risks which usually arise
from actions of individuals or even group of
individuals.
• Particular risks are considered to be the
individual's own responsibility, inappropriate
subjects for action by society as a whole.
• The individual through the use of insurance, loss
prevention or some other technique deals them
with.
 Objective Risks versus Subjective Risks

• Objective risks, or statistical risk, applicable

mainly to groups of objects exposed to loss, refer
to the variation that occurs when actual losses
differ from expected losses.
• It may be measured statistically by some concept in
variation, such as the standard deviation.
• Objective determined by the long-run relative
frequency of an event based on the assumption of
number of observations and change in the
underlying conditions.
 Cont’d
• Subjective risk on the other hand, refers to the
mental state of individual who experiences doubt
or worry as to the outcome of a given event.
• It is a psychological uncertainty that stems from
the individual's mental attitude or state of mind.
• Subjective risk has been measured by means of
different psychological tests, but no widely
accepted or uniform tests of proven reliability
have been developed.
THANKS!