Project Management - Risk management


Published on

Paper about Risk Management and its process

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Project Management - Risk management

  1. 1. Maria Gomez Aguirre | 1Risk ManagementGray (2010, 211) defines Risk as “an uncertain event or condition that, if it occurs, has a positive ornegative effect on project objectives”, where uncertain means something that could happen but weare not sure about it.Dealing with these uncertain events is what is called Risk Management and the Project Manager isthe one responsible for it. Meredith (2010, 205) quoted the PMBOK Guide and define riskmanagement as “the systematic process of identifying, analysing and responding to project risk”.Having a well prepared risk management plan is one of the factor that help a project to endsuccessfully. In every projects life cycle we can find situation where the reality was not even closeof what the plan says, and the project manager must be able to deal with the situation and/ormitigate the consequences where possible.Risk Management processIdentificationThis phase is intended to identify and list the risks (as many as possible) that can be found in aparticular project. A project is such an independent and unique entity there is no literature or pastexperiences (although they always help) that can provide the project manager with a list of “mostcommon” risks (Maylor, 2010, 218-232). Therefore it is necessary to hold some kind ofbrainstorming meeting involving teams members, clients and/or stakeholders to identify potentialrisks.Some of the tools use during these meetings are: • Risk Breakdown Structures (RBSs): this model is based on the Work Breakdown Structure (WBS), used in the planning stage to organized the work to be done in order to success in the project. Following the same structure, a RBS would define all the areas where risks are likely to appear from a general point of view and going down as many levels as necessary increasingly detailing these areas (Hillson, 2002). These approach is more useful and easier to implement when the project has been planned used a WBS, as consulting the latter will help avoiding a risk event to be missed (Gray 2010, 212-234). Jan 2011
  2. 2. Maria Gomez Aguirre | 2 • Risk Profile: this is defined as a list of question to be hand in to the stakeholders that are based in previous experiences and refer to common areas of a project where risk are more likely to appear. These questions came normally from a Risk Management Data Bank, “a permanent record of identified risks, methods used to mitigate them, and the result of all risk management activities” (Meredith 2010, 207).AnalysisIn this stage the Project Manager has to analyse and prioritise the list of risks produced in theprevious stage. Normally a good place to start is by assessing for each risk: • How likely the event to occur • What the impact would be if the event occurs.There are quite a few methods or techniques to do this. Maylor (2010, 223-232) divided them intotwo different approaches:Qualitative ApproachAnalysing every risk in terms of the two elements cited before (likelihood and impact) is the firststep to take. The scale for each of them may vary and be specific for each project, but in generalthese tend to be numeric, going from 1 (very low probability / impact”) to 5 (very high probability /impact) . One way of representing is known as “Risk Severity Matrix” (Fig 1). Normally this matrixis generic for each organization, so the Project Manager only needs to allocate each event in theircorrect cell. Figure 1: Risk Severity Matrix (NASA, 2009) Jan 2011
  3. 3. Maria Gomez Aguirre | 3As an extend of this method we have Failure Mode and Effect Analysis (FMEA), where we need toinclude to the above data a new variable: Detection difficulty, which can be defined as “the abilityto detect a failure associated with each cause” (Meredith, 2010, 208). This new parameter needs tobe scale as the other two. Once we have all the number, we can calculate the Risk Priority Number(RPN) for each event by using the equation: Severity x Likelihood x Difficulty.Quantity ApproachWe are talking here about statistical techniques that help by assessing the projects risk. Thistechniques may be mandatory for some project before they start as some companies or publicorganizations tend to decide if a project is worth to be execute based on the outcomes of thesetechniques. These techniques normally are executed by using simulation software. One of the mostpopular is called PERT (Program Evaluation and Review Technique) and it can be used to asses theoverall risk of the project (Gray 2010, 219).PlanThe third step in the Risk Management Process is to decide what the response would be for eachrisk. These can be classified in 4 groups (Gray 2010, 219-229):MitigateThere are two strategies to mitigate a risk and these are based on the parameters we have used toidentify the risks: • Reduce the probability of the event to occur • Reduce the impact that the event can have in the projectAvoidThis implies removing the task that may cause the event. Obviously this cannot be the solution forall the risks as some of the tasks causing risks are essential for the project.TransferThis means to outsource the activities involve in the risk. The chosen third party will assume theresponsibility of the risk if it occurs so it will not necessary mean that the risk will disappear. Jan 2011
  4. 4. Maria Gomez Aguirre | 4RetainThis involves accepting the loss or gain when the risk occurs. It is although necessary to have acontingency plan to be implemented when the risk falls into this category. This plan should includea detailed list of actions to be taken. Examples of this can be having a list of alternative suppliers orhaving a contingency fund.MonitoringFinally and once the project has started the Project Manager needs to constantly monitor the taskswhere the risks are likely to occur and update the plan with new risks or any modification on theexisting ones. It is useful to have what it is called a Risk Register which normally contains a list ofthe risks with description and the rest of the data that have been collected and calculated in theprevious steps (likelihood, impact, response plan, etc.) (Maylor 2010, 222). Jan 2011
  5. 5. Maria Gomez Aguirre | 5References- Gray, C., 2010. Project management : the managerial process 5th ed., Dubuque Iowa ;London:McGraw-Hill Contemporary Learning; McGraw-Hill [distributor].- Hillson, D., 2002. Use a Risk Breakdown Structure (RBS) to Understand Your Risks. Available at: [Accessed January 22, 2011].- NPR 8553.1B - NASA Environmental Management System - Chapter3: Planning. Available at: [Accessed January 23, 2011].- Maylor, H., 2010. Project management 4th ed., Harlow England; New York: Financial TimesPrentice Hall.- Meredith, J., 2010. Project management : a managerial approach 7th ed., Hoboken N.J.: Wiley. Jan 2011