Master of Business Administration-MBA Semester 4 Project Risk Management – PM0016 Assignment Set - 1Q 1. Describe the five phases of risk management processAns: Figure 1: Risk Management ProcessThe five phases of risk management process are:Establish the context: It establishes the boundaries within which risks will be evaluated and develops astructure for rest of the risk management process.Establishing the context is categorised into the following: Strategic Context. Organisational Context. Risk Management Context. Project Context. Risk Appetite.Strategic context: This context is usually operated by the company. The elements that support or weaken theability of risk management must be determined by the company. Few areas that will help to activate thestrategic context are: Identify the strengths and weaknesses of the organisations. Identify the objectives of internal stakeholders. Identify the objective of external stakeholders. Establish communication between stakeholders. Specify the relationship between the organisation and its environmentThe strategic context consists of financial, political, social and legal aspects of the organisations functions.Organisational Context: It is necessary to recognise the organisation’s structure, functions and goals and findout the ways to achieve it. These goals help to determine whether risk is acceptable or not as well as provideoptions to handle it.To establish organisational context, you must: Determine relationship between service delivery and government outcomes. Find out whether legislative and statutory requirements are fulfilled. Determine conformance to Whole-Of-Government policy and to the agency policy. Thereasons to establish the organisational context are:
Risk management occurs within the structure of company’s objectives, goals and strategies. Manage the set of risks which is due to failure to accomplish certain target or specific activity. The company policy helps in determining criteria, which in turn help you to decide whether a risk is tolerable or not. This also forms an option for treatment of risk.Risk management context: The activity to be examined is defined in this context. The objectives, scope andboundaries involved is also included in it. The risk management process establishes boundaries of activitywhich involves: Defining parameters and scope of project risk. Defining project risk extent in terms of time and location. Identifying the need for any studies or resources. Identifying the need for risk budget to balance costs and benefits. Determining any issues related to special roles and responsibilities or any risk project dependences.The analysis in risk management context is done on the basis of type of risk and the information that need tobe communicated and the methods of communication. Analysis required can be determined by thecombination of the following: Level of complication in the activity. Interaction with stakeholders to convey required information. Type of project risks. Activities which are important to achieve project goal.Project context: The business need of the proposed project must be clearly outlined. To understand theproject context the below mentioned areas must be evaluated, that are: Relationship between risk project and government outcomes. Relationship between risk project and company output. Changes in business process, management teams and any other related procedures.Risk appetite: Before taking any actions that you find necessary to handle the risk, you must first determinethe amount of risk the company will be ready to tolerate.The risk that is considered as tolerable depends on the perceived significance of particular risks. For example,the tolerable financial loss in an organisation depends on a range of features which include budget, source ofloss and other risks related to poor publicity or image issues. This particular risk can cause number of effects.An effect of financial loss may tolerable, however, the associated effect that is related to harm to health ordamage to safety may not be tolerable.Identify risks: After establishing the context the next step is to identify the possible risks. This step helps youto identify the sources of risk in an organised way. There are two levels to risk identification process, whichinclude: Risk Stage Risk RegisterRisk stages: To undertake a project, there are several stages. For example, stages for an asset will include: Validate extra sites Identify extra assets Approval to dispose assets Register sites in Government Land Register (GLR) Find out methods of disposal Contract and negotiation Maintenance and settlement.Risk register: Records all the risks present in each project. These risks can be due to natural disaster, politicalissues, commercial and legal issues, technical issues or issues raised due to economic circumstances.Experts’ knowledge helps to easily identify risks in a project. The primary goal of risk identification is to have adetailed list of risks that affects the organisations objectives.Analyse risks: Risk analysis helps to distinguish minor risks from the major risks. It also helps in evaluationand treatment of risks. Analysing risks involves finding out sources of risks, possibility of risks and theoutcomes.The probability and effects of the risk are combined to produce a level of risk. Statistical analysis andcalculations are use to find out the probability and effects of the risk. If no past record is available to determinethe possible outcomes, then an estimate is made about a particular event and its outcome.There are three types of risk analysis, they are:
Qualitative analysis: Use descriptive scales to draw a level of possible effects of risks. The scale can also be adjusted to the extent most suitable to the circumstances. Semi-quantitative analysis: It provides more detailed prioritisation of the risks that is obtained in qualitative analysis. Quantitative analysis: Using information from a variety of sources, the effects and probability of risk is represented using numeric value.Below are some ways, which you can use for risk identification:Based on objective: The event which prevents you from achieving an objective completely or partially isidentified as risk and every project and organisations have these objectives.Based on scenario: The scenarios are usually the ways to achieve an objective or to analyse the interaction offorces. Any scenario that activates an undesired event is identified as risk.Based on taxonomy: This risk identification is done by breaking down all possible sources of risk. Based oncommon-risk checking: Many industries list out their known risks and share them. Each and every risk in thelist can be evaluated for an application to suite a specific situation.Based on risk charting: This risk identification is done by listing resources at risks and combining the aboveapproaches. In this method of identification you can start with threat and identify the resource that will beaffected or you can examine the consequences and then determine the combination of threat and resource.Evaluate risks: Risk evaluation can be done by comparing approximate level of risks against pre-establishedcriteria. Once the level of risks is estimated then you can decide whether or not these risks require treatment.The risks with low priority can be monitored regularly without any treatment. However, high priority risks mustbe dealt immediately.Treat risks: The risks can be reduced by handling it effectively with proper treatment option. Avoiding,transferring and retaining the risks can also be considered as risk treatment options.The risk treatment plan must identify roles and responsibilities of project team and the results obtained fromthe treatment of the risk. It must also perform budgeting and reviewing of process.Q 2. Describe in brief the basic principles followed by the GMP principlesAns: Good manufacturing practice (GMP) is considered as part of quality assurance. It enables you to meetoverall project quality, timeline, and cost objectives. This helps to consistently produce the products andmaintain the quality standards, suitable to their specific use, as per the market authorisation. It helps themanufacturing organisations to compete effectively in the world market. GMP mainly focuses on reducing therisks present in production.Below are a few basic principles followed by the GMP guidelines, which are adopted by most of themanufacturing companies in the world:• Validation of critical manufacturing processes is made to ensure that these processes are consistent with specifications. Evaluation of the any changes in the manufacturing process is made in order to have less impact on the quality of the product. Instructions are well-written in an unambiguous language. Documentation of procedure and operator training are carried out. A detailed record of manufacture, which includes distribution, is maintained in a comprehensible and accessible form. Systems are configured for recalling of any manufactured product from sale or supply. Investigation of causes of defect in quality of manufactured products and examination of complaint received about the marketed products are undertaken to prevent re-occurrence. If the above guidelines are not correctly implemented by the manufacturing companies, then there will be the risks of poor quality products or defects in the products, which will result in gaps in the services.GMP guidelines do not provide any instructions on how to manufacture a product; instead they provide aseries of basic principles, which must be noted during manufacturing process. When a company decides formanufacturing process, there are many ways to meet the GMP requirements. The company must takeinitiative to determine the most efficient quality process.Q 3. Write short note on the following risk categories:
a. Operational risksb. Schedule risksc. Budget risksd. Business riskse. Technical environment riskAns:a. Operational risks: Improper process implementation, system failure and other external risks can lead to risks of loss. For example, loss can be due to insufficient resource, improper subject training, inability to deal with high priority conflicts and improper resource planning.b. Schedule risks: Schedule is a plan for an activity or event. If the project schedule is not addressed properly, then it gives rise to schedule risk which affects the project and its economy and may also lead to project failure. For example, delay in the project schedule is due to wrong estimation of project time, inability to track individual skills, unforeseen expansion in the project scope and failure in identifying complex functionalities and estimating the time required to develop those functionalities correctly.c. Budget risks: Budget is a sum of money allocated for a particular purpose. Budget risk is mainly due to incorrect budget estimation. This risk is also due to project scope expansion. For example, unresolved issue results in redoing the work within the given timeframe. The changes must be maintained within the scope of the project and any additional changes would require additional funding.d. Business risks: Business risks are mainly due to delay in obtaining proper inputs from the customers and business analyst. The non-availability of contracts and purchase order at the beginning of the project also lead to business risks.e. Technical environment risk: This risk relates to the environment, where the client as well as the customer works. For example, the technical environment risk can arise due to constant changes in a development, or production or testing environment.Q 4. Describe Risk assessment cycle.Ans: Risk assessment consists of many different stages. These stages are explained in a simple step-by-stepprocess.The risk assessment cycle has the following seven stages:• Set the limits / scope of the AnalysisThe results of assessment are collected, analysed and reported to the management by the risk assessmentteam. Thus assessment team identifies the scope of the project objectives, the responsibilities of eachmember in the team, standards to be used, documents to be reviewed and operations to be noticed.• Identify tasks and hazardsHazards can be in form of violence, noise or any kind of pressure system. The identified hazards must not beignored as this can lead to many associated unknown risks. A task-based approach is found to be the mosteffective method to identify the hazards.• Assess risk (Initial)This risk assessment helps to find out the initial risks in the project. Risk scoring system is used to rate risk atthe initial stage of risk assessment process. It helps to describe how risks are measured.• Reduce riskThe main aim of risk assessment is to minimise the risks to a tolerable level. The efforts to gain tolerable riskmust work within the constraint of practicality and cost. Costing is the main factor to obtain tolerable risk.Accessing risks of a project is worthless if an appropriate plan is not made to reduce it. As risk reduction hasalready brought to an acceptable level, there is no need to further reduce the residual risk. This shows thatrisk reduction is an important part of risk assessment process.• Assess risk (Residual)Assessing any residual risk is necessary to complete risk assessment process. This process helps to mitigateany possible risks in the project. It must be noted that the risk scoring system used is different for differentapplication. As the risk scoring system describes the possible ways to assess risks, the risk assessmentprocess continues to improve.• Subjective judgementSubjective judgement is considered as the essential part of risk assessment process. Decision maker must becomfortable with the subjective nature of risk assessment. Basically uncertainty enters risk
assessment as subjective judgments. Uncertainty must be accepted as the part of the risk assessmentprocess.• Document the resultsTo have good and continuous improvement in risk assessment process there is need for documenting the riskassessments. It is recommended in every guideline to document the risk assessment process. This helps togain access to the previous process results (history information) for the future reference and use. Thusupcoming projects find benefits from this document.Q.5. Describe in brief the major risk handling strategies.Ans: Risk handling simply means risk treatment. This involves identifying various options for treating risk,analysing the different options for treating the risk, preparing risk treatment plans based on the assessmentsmade, and implementing the plans.Retaining/accepting riskWhen organisations identify potential risks, they put effective measures to eliminate them. However, anelement of risk can be retained if it is deemed acceptable to the organisation after putting controls in place.Retaining/accepting risk is a good strategy only when it is impossible to transfer the risk. Depending on anevaluation of the economic loss, it is determined that a very small value placed on the risk can be safelyabsorbed. Another situation where you can retain a risk is when the probability of loss is so high thattransferring the risk would cost as much as the cost due to the worst loss that can occur. So to say, if there isa high probability of loss, it may be best to retain the risk rather than transferring it to other involved party.Now let us discuss the aspect of the organisation retaining/accepting a risk with an example. G. K services area service provider in telecom who had signed on many projects which had to be completed in a short span oftime. Initially, G.K services planned to outsource the projects. It was found that outsourcing would cost themmuch more than the income generated from the project. So they decided to retain the risk of a delayeddelivery rather than outsourcing the same.Risk abatementRisk abatement can be used as a process for combining loss prevention or loss control to minimise a risk.Organisations may include any one of the following plans to reduce the risk. Those plans include risk policiesand procedures, testing, technical controls, training of staff, preventative maintenance, supervision, contractconditions, quality assurance programs, audit compliance programs and so on. This strategy helps to reducethe loss potential and decrease the frequency or severity of the loss. Risk abatement is preferably used inconjunction with other strategies, since using this risk management method alone will not totally eliminate therisk.Mitigating consequences of risk occurrenceIt is important to mitigate the consequences of the risk occurrence if it cannot be eliminated altogether. Someof the risk mitigating measures include effective contingency plan, disaster recovery and business continuityplans, off-site back-up, public relations, emergency procedures and staff training and so on.Transferring riskOrganisations can distribute the perceived risks to another involved party by the use of contracts, insurance,outsourcing, joint ventures or partnerships and so on.Avoiding riskOrganisation can avoid risks completely, wherever practically posible, by deciding not to proceed with theactivities which are likely to throw risks. For example: following the review of a contract, if a client determinesthat a project is just too risky then the client may decide not to bid the work at all, or remove that element ofthe work from their bid, sometimes using an alternate deduct to describe the exclusion. Risk avoidance isstrictly a business strategy, and sometimes an astute strategy if supporting documents are unclear,ambiguous or incomplete.There are various factors that must be considered in choosing a risk handling strategy. Some of the factorsinclude: Payoff (or gains) for undertaking the risk Costs of risk management. Extent of the impact of risk.Q 6. Define change and the various types of changesAns: Change in organisations demands changes in skills, and many feel that they will not be able to make theconversion very well. As pointed out by behavioural scientists, people cannot accept
change, since it is a fear that they seldom like to admit. This fear makes them resist the change consciously orsubconsciously. In many cases, their fears are baseless, for change brings about progress. Indeed, asuccessful change campaign to accept change through an effective motivator, efficient new training programsis necessary. Training programs must be planned and executed in phases. In this way, you can reduce theearly fear of a lack of personal capability to embrace change by showing how competence can solve the fearof acceptance.One popular model of change management is the ADKAR model which is developed by Hiatt (2006) whoseobservation is that the individual‟s acceptance to change is the key to success of change. The elements(ADKAR) here include the following:Awareness, (knowing the need for change)Desire, the individual‟s eagerness in the change processKnowledge (understanding)Ability (to implement one‟s skills and attitude) R-Reinforcement (to sustain the change).Organisational change management is an important aspect of almost every project. The attributes of thischange management include the following: A change control policy which is a set of guidelines should be developed to streamline the change management process. The workflow of change is set by breaking the difficult activities of change to smaller elements. The resource requirements including the cost estimates, infrastructure and human are identified. Where necessary, outsourcing possibilities are also considered. Roles and responsibilities of change personnel are identified. An environment of acceptance of change is built with their support. Analysis of the various dependencies of the project based on the type of change is carried out and the approval process is set in. The steps are clearly documented and also communicated to the affected departments. Risk assessment based on the scope of the effects of change is well-defined. Change management should also provide emergency change mechanism. Metrics should be defined and reported to the board of management. They help in the performance analysis of change.Types of ChangesDifferent types of change require different strategies and plans to effectively gain employee engagement andacceptance of change. According to Ackerman (1997), there are three types of change that occur mostfrequently in organisations, they are: developmental, transitional, and transformational. Organisational changemanagement theories effectively support how to deal with developmental and transitional change, but are lesseffective at dealing with successfully implementing transformational change. The organisation is firstevaluated on the type of change it is experiencing. Then accordingly, the change approach is employed toovercome resistance.Types of changes are:Developmental change It is a method applied to maintain a competitive edge in business. It enhances or corrects existing aspects of an organisation, often by focusing on the improvement of a skill or process. This type of change could be either planned or emergent (unplanned) or incremental (continual). When an organisation decides to improve its processes, methods or performance standards, then this process is considered. This type of change should cause little stress to current employees as long as the rationale for the new process is clearly conveyed and the employees are educated on the new technique. The key focus here is to strengthen or correct what is already present. There is no change in the culture, values or mindset of the organisation.Transitional change It replaces existing processes or procedures of the organisation with a new one. This type of change could be planned, episodic or radical. It is, therefore, more intrusive than developmental change. The process involves dismantling of an old state and a clear new state being created. This is carried out over a period of time and is called the transition state. Few examples of transitional change are: corporate reorganisation, merger, acquisition, creating new products or services, and implementing new technology. This model can be episodic, planned and second order.
It creates a level of discomfort in employees because the outcome of the change is unknown. Employees may feel insecure about their job but proper training given to employees on the new policies and procedures will motivate them to be a part of the change thereby reducing the resistance to change.Lewin (1951) coined changes as a three-stage process which involves: Unfreeze - Move – refreeze approach. Here he explains how people are frozen to their existing organisational equilibrium and have to be unfrozen(made ready to change), move to the change journey and finally refreeze (have to stabilise themselves to change) Schein in 1987 suggested that the unfreeze approach involved the provision of psychological safety, moving needed a cognitive restructuring and finally refreeze involves total integration of the change with the self.Transformational change• Organisations sometimes face emergence of radically different technologies, significant changes in supply and demand, unexpected competition, and lack of revenue or other major shifts in business. Developmental or transitional change may not offer the solution they need to stay competitive. Instead of methodically implementing new processes, the organisation would prefer to radically transform the existing process, structure, culture, mindset or strategy. It may involve both developmental and transitional change. Also referred as quantum change. It is common for transitional and transformation change to occur in turns. Business process reengineering is an example. Transformational change requires competent leaders to manage and is one of the most complex changes.Categorising changeThere are a number of ways in which change can be categorised. Most of them are related to the extent of thechange.Planned versus emergent changeSometimes change is intentional with reasons that support it. This type of change is called planned change. Incontrast, change could happen in an apparently spontaneous and unplanned way. This type of change isknown as emergent change. Emergent change results in the following cases: Managers make decisions which are not planned. However these decisions are based on unconscious hypothesis about the organisation, its environment (Mintzberg 1989) and the future and are, therefore, not as unrelated as they initially seem. External factors such as the economy, competitors‟ behaviour, and political climate or internal features such as the relative power of different interest groups, distribution of knowledge, and uncertainty influence the change in directions beyond the control of managers. Even the most carefully planned and executed change programme can have some emergent impacts. Thus the two important aspects of managing change are to identify, explore and if necessary challenge the assumptions that underlie managerial decisions.Episodic versus continuous changeAnother difference between episodic and continuous change is:• Episodic change, according to Weick and Quinn1 (1999), is „infrequent, irregular and intentional‟. Occasionally termed „radical‟ or „second order‟ change, episodic change often engross replacement of one strategy or programme with another. Continuous change, in comparison, is „ongoing, developing and cumulative‟. Also referred to as „first order‟ or „incremental‟ change, constant change is characterised by people constantly adapting and editing ideas they acquire from different sources. The difference between episodic and continuous change helps clarify thinking about an organisation‟s future development and evolution in relation to its long-term goals. Few organisations decide unilaterally that they adopt an exclusively continuous change approach. They can, however, capitalise upon many of the principles of continuous change by being elastic to contain and experiment with everyday contingencies, breakdowns, exceptions, opportunities, and unintended consequences that interrupts organisational life