7. Content of the chapter
1. Basic concepts of risk ,Risk management & project
risk management
2. Importance and objective of project risk
management
3. Project risk considerations
4. Tailoring project risk management in projects
5. Principles of project risk management
6. Project risk management process
Agumas A(PhD)
8. 1. what does it mean risk for you?
2. Can you define what risk management?
3. If you assign as a project manger of AA
project:
A. how can you define project risk management?
B. What is the Importance of risk management?
C. Which Principles of risk management you follow?
D. What are the objectives of your Project Risk
management?
Agumas A(PhD)
11. Project Risk management
Project risk management is the art and science of identifying,
analyzing, and responding to risk throughout the life of a
project and in the best interests of meeting project objectives
Risk management is often overlooked in projects, but it can
help improve project success by helping select good projects,
determining project scope, and developing realistic estimates
A general definition of project risk is an uncertainty that can
have a negative or positive effect on meeting project objectives
The goal of project risk management is to minimize potential
negative risks while maximizing potential positive risks
Agumas A(PhD)
12. Importance of risk management
There are a range of reasons why organizations undertake risk management activities.
I.
Agumas A(PhD)
13. Cont’d
2. Changes in the marketplace
Changing commercial and marketplace environment
Globalization of customers, suppliers and products
Increased competition in the marketplace
Greater customer expectations, often led by competitors
Need to respond more rapidly to stakeholder expectations
More volatile markets with less customer loyalty
Diversification leads to working in unfamiliar areas
Constant need to make bold strategic decisions
Short-term success required, without long-term detriment
Product innovation and continuous improvements
Rapid changes in (consumer) product technology
Threats to world/national economy
Threat of influenza or other pandemics
Potential for international organized crime
Increasing occurrences of civil unrest/political risks
Extreme weather events resulting in population shift
Agumas A(PhD)
14. Principles of risk management
The main principle of risk management is that it delivers value
to the organization.
In other words, risk management activities are designed to
achieve the best possible outcome and reduce volatility or
uncertainty of outcomes.
However, risk management operates on a broader set of
principles, and there have been several attempts to define these
principles.
Many of the lists of principles set out a description of what risk
management activity should be and what it should achieve.
It is important to distinguish between what the risk management
initiative has been set up to achieve and the nature of the
risk management framework that will be put in place.
Agumas A(PhD)
15. Cont’d
It is suggested that a successful risk management initiative
(and framework) will be:
A. proportionate to the level of risk within the organization;
B. aligned with other business activities;
C. comprehensive, systematic and structured;
D. embedded within business procedures and protocols;
E. dynamic, iterative and responsive to change.
This provides the acronym PACED and provides a very good
set of principles that the foundations of a successful
approach to risk management within any organization.
Agumas A(PhD)
17. Cont’d
what should be the characteristics of risk
management, as listed above; and what it should
deliver, as listed below:
I. mandatory obligations placed on the organization;
II. assurance regarding the management of significant
risks
III. decisions that pay full regard to risk considerations;
IV. effective and efficient core processes.
If organizations are to get maximum benefit out of
their risk management activities, the above principles
should be implemented when the risk management
initiative is planned and the risk management
framework is developed.
Agumas A(PhD)
18. Project Risk management objectives
In many ways, the starting point for all risk management activities is
to decide what the organization is seeking to achieve.
The objectives for risk management provide the acronym MADE
(mandatory, assurance, decision making and effective and efficient
core processes )
This confirms that outputs from risk management will lead to less
disruption to normal efficient operations, a reduction of uncertainty in
relation to tactics and improved decisions in relation to evaluation and
selection of alternative strategies.
In other words, a key part of risk management is improved
organizational decision making.
The resources available for managing risk are finite and so the aim is
to achieve an optimum response to risk, prioritized in accordance with
an evaluation of the risks.
Agumas A(PhD)
20. Project risk considerations
Discussion Q??
10mts
If you are assign as a project manager
of XYZ project, what risks your project
risk should consider?
Agumas A(PhD)
22. Discussion Q??
10mts
As a project manager how can define financial
risk, Physical safety risk, Technical risk &
Contractual risk?
How you are lower the negative occurrence
of these risk?
Agumas A(PhD)
23. Lowering financial risks
In order to lower you're financial risk,
1. you need to thoroughly plan out the project
ahead of time
2. speak in depth with the client to make sure you
know everything they need from the project
before getting started
3. has airtight/strong contracts.
4. Make sure each client signs a contract before
work begins.
Agumas A(PhD)
24. Lowering physical safety risks
1. Make sure anyone who’s going to handle large, heavy
machinery has the proper training and certification to
do so.
2. Everyone on the projects need to know what the
dangers are, so they can be wary of them.
3. You also need to assign team members clear roles and
responsibilities regarding the safety of the worksite.
4. Thoroughly document all safety protocols and ensure
they are readily available for your employees or
contractors to access.
5. Go over it with new hires and make sure that all current
employees are familiar with the policies and
procedures.
6. Deal with any potential hazards quickly before they
become a bigger problem.
Agumas A(PhD)
25. Lowering technical risk
Before you're project begins, you need to work
closely with the client to determine exactly what
the deliverables are and when they are expected.
Be upfront if you don’t have the time, skills, or
resources to complete the project as requested.
Some jobs may allow you to hire outside
contractors.
If that’s the case, make sure you select candidates
thoroughly and ensure they can offer what you're
current team is missing for a project.
Agumas A(PhD)
26. Lowering contractual risk
Insurance and indemnification can help you avoid quite a few
risk factors, both contractual and otherwise.
Different types of insurance also reduce you're project risk.
Cyber insurance covers financial losses due to cyber
attacks, including lawsuits.
If you were working with a client who handled sensitive
information, subsequently fell victim to a cyber attack,
and then sued you because their data was compromised,
cyber insurance could mitigate some of those losses.
Insuring you're heavy machinery can also help prevent
risk.
If something were to happen to one of you're machines,
you wouldn’t has to buy a new one completely out of
pocket, getting you're project back on track faster.
Agumas A(PhD)
27. Tailoring project risk management in projects
Discussion Q??
1. Can you define what tailoring project risk
management mean?
2. Why project managers tailoring project risk
management in projects?
3. What items to consider while tailoring your
project?
Agumas A(PhD)
28. Tailoring project risk management in projects
Due to the uniqueness of each project , we need to make sure that
as we tailor our project's processes and life cycles, we will also be
considering how risk may impact each project individually.
There are several items to consider while tailoring your project, as
follows:
The size of the project
The complexity of the project
How important the project is to the overall organizational significance
The development approach we choose
A project management standard may be customized into a systematic
methodology by a professional body or an organization.
This methodology may provide guidelines to further tailor specific
projects based on their unique nature, like size, complexity, risks, etc.
For example, processes, roles, and terminology may be tailored.
Agumas A(PhD)
29. How is Risk Management used?
There are seven Project risk management
lifecycle/process
The Risk Management processes are a generic
guide for any organisation,regardless of the
type of business, activity or function.
Agumas A(PhD)
Project risk management lifecycle/process
30. • .
The basic processes are:
1. Establish the context
2. Identify the risks
3. Analyze the risks
4. Evaluate the risks
5. Treat the risks
‘Risk’ is dynamic and subject to constant change, so
the processes includes continuing:
7. Communication & consultation
6. Monitoring and review
and
Agumas A(PhD)
31. Discussion Q??
As a project manager how
you are conduct the
seven basic Project risk
management processes?
Agumas A(PhD)
32. • .
The strategic and organizational context in
which risk management will take place.
For example, the nature of your business, the
risks inherent in your business and your
priorities.
Establish the context
Agumas A(PhD)
33. Identifying Risks
Identifying risks is the process of understanding what
potential events might hurt or enhance a particular
project
Another consideration is the likelihood of advanced
discovery
Risk identification tools and techniques include:
A. Brainstorming
B. The Delphi Technique
C. Interviewing
D. SWOT analysis
Agumas A(PhD)
34. Brainstorming
Brainstorming is a technique by which a group
attempts to generate ideas or find a solution for a
specific problem by amassing/build up/ ideas
spontaneously and without judgment.
An experienced facilitator should run the
brainstorming session
Be careful not to overuse or misuse brainstorming.
Psychology literature shows that individuals produce a
greater number of ideas working alone than they do
through brainstorming in small, face-to-face groups
Group effects often inhibit idea generation.
Agumas A(PhD)
35. Delphi Technique
The Delphi Technique is used to derive a
consensus among a panel of experts who make
predictions about future developments
Provides independent and anonymous input
regarding future events
Uses repeated rounds of questioning and written
responses and avoids the biasing effects possible
in oral methods, such as brainstorming.
Agumas A(PhD)
36. Interviewing
Interviewing is a fact-finding technique for
collecting information in face-to-face, phone, e-
mail, or instant-messaging discussions
Interviewing people with similar project
experience is an important tool for identifying
potential risks
Agumas A(PhD)
37. SWOT Analysis
SWOT analysis (strengths, weaknesses,
opportunities, and threats) can also be used
during risk identification
Helps identify the broad negative and positive
risks that apply to a project
Agumas A(PhD)
38. Analyze the risks
How likely is the risk event to happen?
(Probability and frequency?)
What would be the impact, cost or consequences
of that event occurring? (Economic, political,
social?)
Agumas A(PhD)
39. .
Evaluate the risks
Rank the risks according to management
priorities, by risk category and rated by
likelihood and possible cost or consequence.
Determine inherent levels of risk.
Agumas A(PhD)
40. Risk Evaluation cont’d
After identification, assessment and mapping of risks, a company must
have a procedure to rank, categories and anticipate them.
The ranking of risks is guided by the risk size or its impact and the
likelihood or probability of its occurrence.
The anticipation of risks as part of risk evaluation is guided by the
following characteristics.
A. Insight – the ability to identify the root cause of the risk, where there
are multiple causes or root causes that are not immediately obvious.
B. Information – comprehensive information about all aspects of risks
and risk sources especially of financial risks.
C. Incentives – the ability to separate risk origination and risk ownership,
ensuring proper due diligence and accountability.
D. Instinct – the ability to avoid “following the head” when there are
systemic and pervasive risks.
E. Independence – the ability to view the company independently from
its environment.
F. Interconnectivity – the ability to identify and understand how risks are
related, especially when their relatedness might exacerbate the risk.
Agumas A(PhD)
41. Cont’d
The ranking and anticipation of risks can yield the following possible
broad types of risks:
1. Strategic risks – those associated with the planning of the business and
its future strategy.
2. Operational risks – those concerned with the day to day management
of the company, e.g. customer spend being over or lower than
expected, the risk of obsolescence, i.e. producing a product with no
market, and the risk of damage to material and human resources of the
business, etc.
3. Financial risk – the possibility that the company’s financial situation
might turn out to be different from what was expected, e.g.
I. Credit risks – bad debt losses for companies in the lending business.
II. Foreign exchange risk – losses associated with volatile currency rate exchanges.
III. Interest rate risk – losses associated with the rise and fall of interest rates more
pronounced in the banking sector.
IV. Business continuity risk – i.e. insolvency and associated risks.
4. Non-Financial Risk – e.g. sustainability risks focusing on health, social
and environmental issues relevant to the business.
5. Compliance risk – associated with complying with laws, regulations,
and codes of best practices.
Agumas A(PhD)
42. .
Treat the risks
Develop and implement a plan with specific
counter-measures to address the identified
risks.
Consider:
Priorities (Strategic and operational)
Resources (human, financial and technical)
Risk acceptance, (i.e., low risks)
Agumas A(PhD)
43. Document your risk management plan and describe
the reasons behind selecting the risk and for the
treatment chosen.
Record allocated responsibilities, monitoring or
evaluation processes, and assumptions on residual
risk.
Treat the risks
Agumas A(PhD)
44. Risk Management Responses
After mapping, ranking, anticipating and identifying risks, a company should have a
framework within which to respond to the identified and categorized risks, bearing in
mind that risks could have outcomes which are either bad (peril side of risk or
downside risk) or good (the opportunity side of risk or upside risk) and responses
opted for may include the following:
A. Avoid the risk – by not starting the activity that creates exposure to the risk.
B. Treating, reducing or mitigating the risk – through improvements to the
control environment such as the development of contingencies and business
continuity plans. Risk treatment may include methods, procedures, application
and management systems and the use of appropriate resources that reduce
the probability or possible severity of the risk.
C. Transferring the risk exposure – usually to a third party better able to manage
the risk, e.g. insurance companies or outsourcing.
D. Tolerating or accepting the risk - where the level of exposure is as low as
reasonably practicable or where there are exceptional circumstances.
E. Exploiting the risk – where the risk exposure represents a potential missed or
poorly realized opportunity – the upside risk or opportunity side of risk.
F. Terminating the activity – that gives rise to the intolerable risk.
G. Integrating some or all of the risk responses outlined above.
Agumas A(PhD)
45. • .
Risk Management policies and decisions
must be regularly reviewed.
Monitor and review
In identifying, prioritizing and treating risks,
organizations make assumptions and decisions
based on situations that are subject to change,
(e.g., the business environment, trading
patterns, or government policies).
Agumas A(PhD)
46. Risk Managers must monitor activities and
processes to determine the accuracy of planning
assumptions and the effectiveness of the
measures taken to treat the risk.
Methods can include data evaluation, audit,
compliance measurement.
Monitor and review
Agumas A(PhD)
47. Risk Control Measures and Review
After mapping, ranking, anticipating and categorizing risks and coming up
with an appropriate regime of responses thereto, companies should have
control measures to monitor and review such identified risks in the
context of the distilled responses to the risks.
Control measures are provided through a system of internal control.
An internal control system consists of a control environment on one hand
and control procedures on the other.
A control environment encompasses corporate culture, management style
and employee and other stakeholder attitude to control procedures – it is
a critical stakeholder awareness of and attitude to, internal controls of the
company.
Control procedures and policies are those devised and enforced to ensure
the orderly and efficient conduct of the company’s business such as –
Safeguarding the assets of the business.
Preventing and detecting fraud and error.
Ensuring the accuracy and completeness of accounting records and timely
preparation of reliable information.
Compliance with laws, regulations and best practice codes on corporate
governance.
Agumas A(PhD)
48. Risk Monitoring and Control
Monitoring risks involves knowing their status
Controlling risks involves carrying out the risk
management plans as risks occur
Workarounds are unplanned responses to risk
events that must be done when there are no
contingency plans
The main outputs of risk monitoring and control
are corrective action, project change requests,
and updates to other plans
Agumas A(PhD)
49. Risk Response Control
Risk response control involves executing the risk
management processes and the risk management
plan to respond to risk events
Risks must be monitored based on defined
milestones and decisions made regarding risks and
mitigation strategies
Sometimes workarounds or unplanned responses
to risk events are needed when there are no
contingency plans
Agumas A(PhD)
50. Communicate and consult
Communication and consultation aims to identify who
should be involved in assessment of risk (including
identification, analysis and evaluation) and it should
engage those who will be involved in the treatment,
monitoring and review of risk.
As such, communication and consultation will be
reflected in each step of the process described here.
As an initial step, there are two main aspects that should
be identified in order to establish the requirements for
the remainder of the process.
These are communication and consultation aimed at:
A- Eliciting risk information
B-Managing stakeholder perceptions for management of
risk
Agumas A(PhD)
The end of chapter 1