Risk Management

Desmond Namanja Namangale

 Unknown knowns
• Former US Secretary of State Donald Rumsfeld
popularised the idea of unknown unknowns.
There are known knowns; there are things we know that
we know.
There are known unknowns; that is to say there are things
that, we now know we don't know.
But there are also unknown unknowns – there are things
we do not know we don't know.
The grammar may be rather mangled but there is some logic to Rumsfeld’s comment.
Risk management is all about understanding the nature of risks so that appropriate
action may be taken.

30/09/2024 Risk Management 2

 Unknown knowns

30/09/2024 Risk Management 3

 Definition of Risk
The term risk is defined as a:
"Hazard, danger, chance of loss or injury: the degree of probability of loss:
a person, thing or factor likely to cause loss or danger-to expose to hazard:
to incur the chance of unfortunate consequences by (doing something).“

The above definition implies that a risk can to some extent be

foreseen, and that the probability of a risk event occurring can be
estimated.

Risk should be distinguished from uncertainty, which is defined as:

"Not certain (of, about): not definitely known or decided: subject to doubt
or question.... not to be depended upon...“

Uncertainty probably comes closest to unknown knowns.

30/09/2024 Risk Management 4
 Risks v Opportunities
It needs to be emphasized that every risk also presents an
opportunity. For example if a risk is present, any company who
are better able to manage that risk will have a commercial
advantage. Risk and opportunities should be seen as opposite
sides of the same coin.
Hence those companies who are good at dealing with risk will
have considerable advantages in a high risk environment.
Indeed insurance companies would be out of business if there
was no risk as would a variety of hedge funds and others who
deal with such situations.
Every risk presents an opportunity for someone.
30/09/2024 Risk Management 5
 Risks in Project Management
Risk analysis and risk management policies are particularly difficult
to apply in most projects due to the structure of the projects in
various industries, the nature of the product and the vulnerability to
the state of the economy. The lack of effective strategies over the
years has manifested itself in:

1. failure to keep within the cost estimate

2. failure to complete on time
3. failure to achieve the required quality and operational standards

The above points of cost, time and quality represent the key issues
in project management

30/09/2024 Risk Management 6

 Risk Management
Risk management in many industries is best viewed as three distinct
stages:

Risk identification: This involves the identification of the risks that

may be encountered on a project or process. This process should
lead to a schedule of potential risks liable to affect the project out-
turn or to jeopardize the objectives of the project.

Risk analysis: This in concerned with the assessment and analysis of

the risks identified. This involves the understanding of the likelihood
of occurrence and the possible impact of all potential risks.

Risk response: This is concerned with the action taken to monitor

and control the risks identified and analysed.
30/09/2024 Risk Management 7
 Risk Management Flow Chart

30/09/2024 Risk Management 8

 Risk Management
The flow chart above summarizes the processes involved with risk
management. It may involve coming to terms with the inherent risks
or find some way of eliminating them or at least reducing their
impact until they are acceptable.

Risks can also be transferred to another party for example from client
to contractor or contractor to subcontractor.

A contingency sum will most likely be set to deal with the residual
risks. These are defined as those risks that cannot be eliminated or
transferred to another party or are best retained by the organization.

Good practice is one of continuous risk management culture. Risks

are identified, analysed, monitored, and controlled.

30/09/2024 Risk Management 9

 Risk Management Process

30/09/2024 Risk Management 10

 Risk Identification
Risk identification involves the process of generating a list of potential risk that
could affect a project. This can be based on either examining the source of the
risk (Source Analysis) or the problem itself (Problem Analysis) by looking at the
threats identified.

Source analysis can be either:

o Internal where the risks stem from actions of stakeholders or the project
team or employees of the project. Examples of this might be one of the
investors pulling out of project or a mistake by a member of the design or
construction team.
o

o External where the risk come from outside of the project participants. This
might include such issues and adverse weather conditions or governmental
action or terrorism. These will often relate to economic or political factors
or climatic issues.
30/09/2024 Risk Management 11
 Problem Analysis
Here risks are related to threats to the project achieving its objectives that have been
identified. This could include the threat of cost over-run on the project, the threat of
accidents, the threat of failing to meet revenue targets, etc.

This is looking at this from the viewpoint of the implications of the failure to meet the
objectives of the project.

30/09/2024 Risk Management 12

 Strategies for Risk Identification
Objective-based Risk Identification
This approach involves taking the objectives of the organization or the
project team and examining the factors that could endanger them. Prime
project objectives could be to come in on time and within budget. They
may also include meeting targets for revenue generation. They may also
be project objectives for sustainability, health & safety, etc.

Scenario-based Risk Identification

This involves examining differing scenarios for the project, some
favourable and some unfavourable. The factors that may trigger an
undesired scenario can be classified as risk. For example the commercial
success could be examined in a variety of different types of economic
scenario. This approach also enables ‘doomsday’ events to be appraised.
This could include the likes of complete economic meltdowns

30/09/2024 Risk Management 13

 Strategies for Risk Identification
Taxonomy-Based Risk Identification
This will involve the breakdown of risk sources to produce a classification. A
questionnaire is produced according to best practices and the answers to the
questionnaire will identify the risks involved. This will produce a list of risk classified
into a hierarchical form.

Common Risk Checking

This involves the creation and maintenance of a checklist of standard risks that have
arisen in the past. Each risk on the list can be checked against the project in question
to see if it applies. New risks identified that are not on this list may be added to the
list in for future use if considered appropriate.

Risk Charting
This seeks to combine some of the above approaches by listing the resources at risk.
An approach is to focus on the resources at risk This can start with the threats and
see which resources are affected. Alternatively it can start with the resources and see
what threats effect them.
30/09/2024 Risk Management 14
 Techniques for Risk Identification
Brainstorming
Brainstorming is one technique often employed where ideas are
chewed over and refined in a semi-structured group discussion.
This should involve staff from a variety of levels along with
subject experts but should be led by someone with a good
knowledge of the technique. Problems should be dealt with in
turn and restate in as many different ways as the group members
can think. One of the restatements should be selected and
brainstormed upon.

This should be repeated with other restatements of the problems

for as long as results are generated. The most far-fetched idea
should be selected when ideas are drying up. The leader should
then record the key ideas with the best selected for further
discussion.
30/09/2024 Risk Management 15
 Techniques for Risk Identification
Standard Risk Checklists
Standard checklists of potential risk can also be employed to see which if any are likely to be relevant to the task
or project in question. These checklists will be obtained from past projects with similarities. The checklist should
evolve over time to incorporate risks that have arisen in practice. The objective of the risk identification process is
usually to obtain a register of risks that are likely to apply to the project. The contents of the risk registers from
previous similar projects could form the starting point for the standard risk checklist. This technique will usually
be employed in conjunction with other techniques continue from the risk checklist and add additional risks that
may be encountered.

Interviewing Techniques
This technique suggests that structured review meetings with key staff and risk audit interviews with key staff
could also be used. Face-to-face meetings can be held with project participants and stakeholders plus also
subject experts and those with experience of similar projects in the past.

Root Cause Identification

This is a technique for identifying the essential causes of risk by using data from actual risks in the past to find out
how and why it happened. This will be aimed at identifying a causal chain behind the risk. This indicates how a
change in policy or an intervention could change the outcome. There could be a single cause or multiple causes.

SWOT Analysis
The approach involves examining the Strengths, Weaknesses, Opportunities, and Threats for the project or
organization. Obviously the weaknesses and opportunities will be the relevant items in the context of risk
management. It may be used to increase the breadth of the risk analysis.

30/09/2024 Risk Management 16

 Risk Analysis
Risk Analysis can take two forms:

Qualitative Risk Analysis

Here little is known about the likelihood of the risk other than ‘high probability’ or
‘low probability’ and the only thing known about the implications are ‘high impact or
‘low impact’.

Quantitative Risk Analysis

This applies if there is sufficient knowledge about the probability and impact of the
risk to carry out a numerical analysis.
1. Probability
2. Sensitivity Analysis
3. Simulation.

This excludes situations where there is insufficient information to be able to

undertake a qualitative risk analysis. This will fall under the category of
Uncertainty Reasoning.
30/09/2024 Risk Management 17
 Qualitative Risk Analysis
A qualitative assessment of risk involves the identification of a hierarchy of risks,
their scope, factors that cause them to occur and potential dependencies. The
hierarchy is based on the probability of the event and the impact on the project.
It is in effect a written statement of the relevant information about the potential
risk. A Qualitative Risk Analysis can be used in the following situations:

1. To analyse a risk in the early stages of a project before sufficient information

is available to conduct a Quantitative Risk Analysis.

2. To analyse risks which by their nature are never likely to produce the data for
a Quantitative Risk Analysis.

3. To filter the risks generated for a project down to a manageable number to

avoid resources being spread too thinly in the risk management process.
Elimination of the most improbable risks and those which are likely to have
next to no impact will enable the attention to be focussed on the more
significant risks.

30/09/2024 Risk Management 18

 Conducting a Qualitative Risk Analysis
A qualitative risk analysis will normally rank the risk on a four-point scale reflecting the probability and impact
of the risk. The risks will be classified as high probability and low probability and as high impact and low impact.

The most important risk will be Grade 1 that is high probability and high impact. The least important will be
Grade 4 risks that are low probability and low impact. Grade 3 risks are low probability high impact while a
Grade 3 risk is high probability low impact. The matrix below illustrates classification.

The qualitative risk classification approach allows the most important risks to be identified without enough
information to undertake a qualitative analysis. It should focus on the causes and effects of potential risks
especially in the early project stages.

This will end with the summarizing the material on a single sheet of paper as below:

30/09/2024 Risk Management 19

 Qualitative Risk Proforma

30/09/2024 Risk Management 20

30/09/2024 Risk Management 21
30/09/2024 Risk Management 22
30/09/2024 Risk Management 23
 Task 1

Edmond’s campus is to be developed into a community hospital. The

development of the campus will also necessitate the development of the
surrounding land which is to an extent of 50 hectares. This land shall be
developed by the local council. However, the land/site to be developed
used to be a site for chemical works, gasometer, an alkali works, a forge,
Clayton Analine works and other industrial works before its closure in
2007. The site was also used for mining and a number of fireclay and
coal seems were worked right on the site. All these factors pose risk to
the impending development.

a) Using a risk proforma sheet, identify 2 major risks associated with the
project
30/09/2024 Risk Management 24
 Risk Response
Having computed the impact of the various types of risk affecting a
project, the following responses are possible:
1. Attempt to reduce or eliminate the risk.
2. Insure against the risk.
3. Transfer all or part of the risk to another party.
4. Retain all or part of the risk.

Ultimately, the project must be able to sustain all costs associated with
risk no matter whether the risk is reduced, retained, or transferred to
other parties. Effective risk management during the design and
construction stages aimed at keeping the project within budget may
involve setting a higher contingency and increasing the budget costs.

This may increase the risk of financial failure for the project by increasing
capital costs and hence debts. The general rule remains that risks are best
left with the party best able to control them.
30/09/2024 Risk Management 25
 Risk Reduction
Reduction (or avoidance) of the risk may be accomplished by re-
design, changing the materials used to avoid untried technology,
or to change the project plan. This will generally be worthwhile
unless it results in an unacceptable increase in the base estimate.
The likely increase in the base estimate can be partially offset by a
reduction in the contingency.
1. Avoid innovative technology. Being at the cutting edge of
technology can carry a price tag.
2. Reduce reliance on imported components. Changes in currency
exchange rate can have a major impact.
3. Alternatively use some sort of currency hedge to reduce exposure
of the project to changing exchange rates.
4. Use Value Management techniques.

30/09/2024 Risk Management 26

 Risk Transfer
Transfer of the risk from the client to the contractor or
from contractor to subcontractor will make sense if the
party to whom the risk is transferred is better able to
control that risk.
By and large the risks are best left with the parties best
capable of controlling or at least understanding the
problem. General risks outside of the control of all parties
are best left with the client or covered by insurance.
These issues are covered in the figure below:

30/09/2024 Risk Management 27

 Categories of Risk

30/09/2024 Risk Management 28

 Insurance
Insurance is a form of risk transfer. In this case the
risk is transferred to a third party, the underwriter,
in return for payment of a premium. The base costs
will increase by the amount of the premium.
Insurance will be available for certain risks.
However the decision to take out insurance or not
will have to take account of the levels of premium
charged. High premiums will probably indicate that
insurance in not the appropriate way to deal with
that risk.
30/09/2024 Risk Management 29
 Risk Retention
It may be a perfectly rational decision to retain certain risks but the consequences of
this need to be covered. Carrying risks implies that there is a distinct likelihood that
the budget cost will be exceeded. A contingency can be built into the contract sum to
cover some of those risks and there may have to be a tolerance to exceed the revised
contract sum in certain circumstances.

The contingency is the sum built into the budget price or tender sum to cover the
impact of risk variables. A contingency cannot be expected to cover all possible risk
factors. It is generally restricted to bridging the gap between the situation where no
risk variables impinge on the cost and the best estimate for the outcome. The
contingency should therefore be adequate 50% of the time.

The allowance for contingency may arise from confidence interval identified by the
quantitative risk analysis.

The worst case (maximum effect) ‘pessimistic’

The best estimate (most likely effect) ‘neutral’
The most favourable case (minimum effect) ‘optimistic’

30/09/2024 Risk Management 30

 THANK YOU

FOR

YOUR ATTENTION

30 September 2024 31