Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. PROJECT RISK MANAGEMENT Vincent Ho, PhD, RPE Safety Specialist Group The Hong Kong Institution of Engineers ABSTRACT of the original budget; for the Great Belt Link between Germany and Denmark an overrun of Traditional project management that relies on 55% had been incurred three years before the reactive measures to manage project crises is planned completion of the project. often ineffective to prevent project failure. Knowing the risks that can potentially cause Projects can fail in various ways. Without a harm to a project but without a mechanism to comprehensive, systematic approach, it is not prioritize the risks, project management possible for a project management team to would also face difficulties in allocating realize the dominating factors that lead to the adequate resources to prevent the occurrence failure of a particular project and apply or mitigate the consequence of project failure. resources effectively and timely. Once a Thus, a tool that can aid project management problem reveals itself, it is often too late for to proactively identify and assess risks, and the project team to react and mitigate the applying the appropriate Risk Control consequence. Thus, a tool that aids the project techniques to mitigate the risks can help team to proactively identify and mitigate the assure project success. risks to projects would be valuable to management in controlling the risks of project Project Risk Management is a structured failure. Project Risk Management is such a approach that focuses on the systematic tool that has been gaining recognition of its identification, evaluation and control of potential to improve the odds of project project risks. Integrating Project Risk success. Management into day-to-day project activities, project management can gain Project Risk Management significant insights to increase the chance of project success and raise risk awareness Project Risk Management is not a measure of amongst project staff. This paper provides an the risks posed to the worker, the public, or overview of the principles and elements of the environment. Project Risk Management, and discusses the benefits of applying Project Risk Every project requires a deliverable, a delivery Management. date, a budget, a set of acceptable criteria, and a nominated person to receive it; Project Risk INTRODUCTION Management is a measure of the risks in a project’s ability to meet these requirements. It On time, on budget and meeting users is a management technique that focuses on the requirements have traditionally been the very identification and control of the probabilistic objectives for project success. However, the occurrence that can have a potential to cause complexity of today’s project environment harm to a project. often makes it more difficult than ever to ensure projects meeting their objectives. Project Risk Management is not only about Project performance statistics show that nearly adjusting the project plan to maximize the 50 percent of infrastructure projects cannot probability of meeting the project goal. meet schedule or are over budget, 25 percent Project Risk Management is a structured fails completely, and only 25 percent actually approach that can guide a project team in succeed (Tilk, 2003). A recent research identifying the risk levels of threats, the reveals that cost overruns of 50-100% are severity of potential failures and the common for major infrastructure projects uncertainties. To apply Project Risk (Bruzelius, Flyvbjerg & Rothengatter, 2002). Management effectively and, it should be For instance, the cost overrun for the Channel embedded in nearly every facet of the planning Tunnel project is estimated at more than 100% and implementation of a project. Project Management International Conference, December 2003 Page 1 of 5
  2. 2. Project Risk Management MANAGEMENT Definition of Risk The key steps of Project Risk Management are It goes without saying that risk is a natural - part of any business enterprise and project. However, it is often difficult for persons from • Risk Identification different backgrounds to have a meaningful • Risk Assessment discussion of “risk” as there is no consensus • Risk Control on the definition of risk. To date, there is still • Risk Communication not one single universal recognized definition of risk. Risk Identification There have been many attempts to define risk. The key to a successful project is to know the For engineering applications, early attempts risks. Risk Identification, perhaps, is the most conceptually defined risk as hazard/safeguard. important step of Project Risk Management, This approach addresses the essence of risk: as the scenario that has not been identified can No matter how much safeguards are in place, be the one that drives a project to failure. No risk would not be zero unless the hazards have control measure can be implemented on a risk been eliminated. However, quantifying risk that has not been discovered. The question is using this approach met with great difficulties. how do you do it in a “smart” and effective way? The most popular definition views risk as a numerical value that is a product of probability One common misperception is that the project and consequence. Although easy to manager is best equipped to identify project comprehend by most, this definition often risks, and others should not be involved obscures much of the information that is (Stump, 2000). Some project managers do not potentially of interest to the decision makers. appreciate discussion of project risks; such As an example, this approach leads one to discussion is often viewed as a sign of equate a low-probability-high-consequence weakness and unwillingness to carry out the event with a trivial but frequent event. established plan. A more sensible approach is to view risk as an Risk Identification should be a project team’s answer to the following questions: responsibility. The people who are likely to have a good insight into risk are often the • What can go wrong? people who have to deal with it at the working • What is the likelihood? level. Risk Identification requires a divergent • If it happens, what are the consequences? thinking on the part of the project team to identify potential risks at all stages of a Thus, risk can be thought to be consisting of project. A commonly used process for Risk three elements: Scenarios, likelihood, and Identification is brainstorming. consequence. A scenario should encompass the information of the source of threat, the Brainstorming is a useful tool for Risk vulnerability, the transfer mechanism, the Identification when properly applied, but progression of the situation, failure or success frequently it is not. To make brainstorming of existing countermeasures, possibility of more effective, the following guidelines have common failures, and the final outcome. Each been suggested (Stump, 2002): scenario is assumed to be independent. • No criticism of any risk ideas To address risks in project management, it is • No evaluation of risks during therefore, necessary for one to postulate brainstorming project failure scenarios of what can go wrong, • Let everyone in the session free-wheel and estimate the likelihood and the consequence of the scenarios in a • Go for quantity of ideas, not quality comprehensive, systematic manner. • Record every idea • Incubate the ideas for a few days, then OVERVIEW OF PROJECT RISK screen them for quality Project Management International Conference, December 2003 Page 2 of 5
  3. 3. Project Risk Management • Prioritize the identified risks Brainstorming is by far the most popular tool • Compare the risks in Risk Identification because it is easy to • Conduct cost/risk-benefit analysis apply and does not require an expert level training. Due to its popularity, brainstorming Risk Assessment assigns an index, a rating or is often mistaken to be the only, or the best a numerical value to the identified risks. By approach in Risk Identification. However, the far, the most popular approach is the brainstorming method has many qualitative risk ranking approach using risk shortcomings. For instance, it often only cross-reference matrices, wherein the captures the trivial, seriously perceived risks identified risks are characterized by risk but can easily overlook the rare, complex or classes such as “negligible,” “minor,” “major,” multiple failures events. Brainstorming is also and “crisis” according to the estimated often considered as a once-off activity; thus, likelihood and consequence of the risk making it difficult for project management to scenarios. continuously update and monitor project risks. Similar to the choices of the Risk For Project Risk Management professionals, Identification methods, the most popular Risk more robust and structured tools are used. In Assessment method is often the one that is addition to brainstorming, many commonly easiest to use but have many shortcomings. used Risk Identification tools in engineering Typical weaknesses of the risk ranking applications have been applied to identify approach are: project risks: • One cannot compare risk scenarios within • Checklists the same risk class • Basis or process review • Due to the discrete nature, it is difficult to • Event sequence diagrams assign risk class for borderline cases • Consequence and criticality analysis • Because it does not explicitly require • Threat and vulnerability analysis detailed modeling to support the ranking, • Fault trees the results might be dominated by • Event trees perceived risk, rather than assessed risk • It is not possible to assess the total risk of A detailed description of these tools is beyond a project because scenarios in different the scope of this paper. References to these risk classes cannot be directly summed tools are readily available in the literatures together such as Ayyub (2003), Chapman & Ward • The subjective nature and the lack of (2002) and Koller (2000). detailed documentation of the risk ranking approach makes it difficult for reviewers Once a risk has been identified, it is natural to to verify the findings ask how “critical” it is. Thus, in practice, the choice of a particular Risk Identification tool Project Risk Management professionals often depends very much on the Risk Assessment look for quantitative methods to explicitly tools to be used. Thus, the concept of assess risks, either with a most likely impact integrated Risk Identification and Assessment to cost, schedule, or both, coupled with a models has gained much attention in recent probability, or perhaps a range, or a years. probabilistic distribution of the likelihood. In this approach, the risks are often expressed in Risk Assessment numerical values or probability distributions. The integrated event tree/fault tree approach “What doesn’t get measured doesn’t get has been favored by engineering projects due managed.” The identified project risks must to its popularity in engineering safety be measured, either qualitatively or analyses. quantitatively, for the management to appreciate the magnitude or criticality of each Obviously, the quantitative approach will take risk scenario. The common objectives of Risk more resources than the qualitative ranking Assessment are: approach in assessing risks. One must bear in Project Management International Conference, December 2003 Page 3 of 5
  4. 4. Project Risk Management mind that Risk Assessment should be a quantitative Risk Assessment. scalable activity. For minor, straightforward projects, the risk rank approach is probably Risk Communication good enough. But for major, complex projects where millions of dollars are at stake, the “Turning over a stone may reveal more than quantitative approach can be very helpful what you wish to see.” Traditionally, project (Stump, 2000). risk management, when practiced at all, has been a "top down" activity involving mostly Risk Control senior project management. The proactive participation of project teams was rarely Risk Control mitigates the identified risks to sought. increase the chance of project success or decrease the impact of failure, using the To apply Project Risk Management effectively information from the previous described Risk and efficiently, it should be embedded in Identification and Assessment activities to nearly every facet of planning and make rational decisions. implementing a project for every one to participate in the process. The process and Risk Control includes failure prevention, results of Project Risk Management should be threat reduction, vulnerability reduction, disseminated to all relevant project staff. The failure probability reduction, and consequence risk communicator must be fully aware of the mitigation. Theoretically, a project team strengths and limits of the methods used to could go directly from Risk Identification to generate the information to be conveyed to the Risk Control, skipping Risk Assessment by project staff. In particular, the risk addressing all identified risks. In reality, it is communicators need to understand the basis simply not possible to mitigate all risks of any for and assumptions in Risk Assessment and project. The limitation on time and resources Risk Control (Slovic 2000) so that the dictates the need to intelligently prioritize the information can be presented in a meaningful mitigation activity; i.e., the risks. Once the manner to the laymen. risks are identified and assessed, Risk Control strategies can be applied accordingly to Typically, to aid Risk Communication, a risk control or manage the risks that hurt the management plan that addresses the Project project the most. Risk Management activities should be developed at the earliest stage of a project to The following are the major principles in risk map out the key risk elements. The plan management: should be readily available to project personnel so that each person can provide • Risk avoidance/elimination; e.g., cease the input to the plan and put it in practice. The activities that create risk plan should be continuously reviewed and • Risk reduction; e.g., reduce the likelihood revised throughout the life of a project to or consequence of the risk factors, apply ensure all aspects have been considered. redundancy • Risk transfer; e.g., acquire insurance, BENEFIT OF PROJECT RISK contract out activities MANAGEMENT • Risk absorption; develop contingency plan, enhance emergency preparedness There are many misperceptions about Project and emergency recovery Risk Management. Some project managers have misgivings about doing it: “We don’t One must realize that some project risks might have time for that,” and some are uncertain be extremely resistant to mitigation. The cost what to do. of mitigation may far exceed any possible savings, or mitigation may not be possible at When applying properly, Project Risk any cost. Thus, a cost/risk-benefit analysis is Management activities normally cost much often required to demonstrate the effectiveness less than the recovery costs from project of Risk Control measures. This, in turn, failures. The return on that investment is echoes the importance of a comprehensive usually at least five to one, and may be much Risk Identification and the application of a higher (Stump, 2000). In addition to its Project Management International Conference, December 2003 Page 4 of 5
  5. 5. Project Risk Management potential to save money, the typical benefits of Project Risk Management are: • Proactively address project risk factors • Ensure risk management and crisis management plans are in place • Promote rational, risk-informed thinking and risk awareness among project staff • Customer and job satisfaction CONCLUSION One must realize that Project Risk Management cannot predict when the next project failure would take place but Project Risk Management can allow project management to avoid making the wrong decision, or making the right decision but at a wrong time. The “bottom line” of Project Risk Management is preventing project failure and increasing the likelihood of project success. The decision to do Project Risk Management, and the breath and depth of it, must be made on the merits for each project. When applying diligently and correctly, the efforts spent in conducting Project Risk Management will be well compensated. REFERENCES 1. David Tilk (2003), Project Success Through Project Risk Management, Pricewaterhouse Cooper, BS-HT-03-0027- A. 2. Nils Bruzelius, Bent Flyvbjerg and Werner Rothengatter (2002), Big Decisions, Big Risks. Improving Accountability in Mega Projects, Transport Policy, Vol. 9 Issue 2. 3. Evin J. Stump (2000), Project Risk Management: Perception and Reality, Galorath Incorporated Internet. 4. Bilal M. Ayyub (2003), Risk Analysis in Engineering and Economics, Chapman &Hall/CRC. 5. Chris Chapman and Stephen Ward (2002), Managing Project Risk and Uncertainty, Wiley & Sons, Ltd. 6. Glenn Koller (2000), Risk Modeling for Determining Value and Decision Making, Chapman &Hall/CRC. 7. Paul Slovic (2000), Perception of Risk, Earthscan Publications Ltd. Project Management International Conference, December 2003 Page 5 of 5