This document provides an overview of risk and crisis management. It discusses key concepts like what risk is, the steps of risk management which include identifying, assessing, treating and monitoring risk, and different types of risk assessment. It also covers risk space and defines different categories of risks based on observability and controllability. The document is intended to teach about risk management processes and how to characterize and evaluate risks.

1. Risk and Crisis
Management
2023/2024

2. Risk and Crisis Management Lesson 1
▪ What is Risk?
▪ Steps of Risk Management
▪ Risk Space

3. What is Risk?
Definition
Risk refers to uncertainty about and severity of the events and consequences
(or outcomes) of an activity with respect to something that humans value (Aven &
Renn, 2009).
Risk is measurable uncertainty, while uncertainty is immeasurable.
The possibility of a hazard actually causing harm. Risk refers to the uncertainty
that something may result in a loss or injury.

4. Steps of Risk Management
1.Identify the risk.
2.Assess the risk.
3.Treat the risk.
4.Monitor and Report on the risk.

5. Identify The Risk
▪ The first step in the risk management process is to identify all the
events that can negatively (risk) or positively (opportunity) affect the
objectives of the project:
• Project milestones
• Financial trajectory of the project
• Project scope

6. Identify The Risk
▪ A risk (or opportunity) is characterized by its description, causes and
consequences, qualitative assessment, quantitative assessment
and mitigation plan. It can also be characterized by who is
responsible for its action. Each of these characteristics are
necessary for a risk (or opportunity) to be valid.
▪ In order to be managed effectively, the Risks and Opportunities
(R&O) identified must be as precise and specific as possible. The
title of the risk or opportunity must be self-explanatory and clearly
defined.

7. Identify The Risk
▪ All members of the project can and should identify R&O, and the
content of these is the responsibility of the Risk (or Opportunity)
Owners.
▪ Risk Managers are responsible for ensuring that a formal process
for identifying risks and developing response plans are conducted
through exchanges with risk owners.

8. Identify The Risk
Examples of tools to help identify R&O:
• Analysis of existing documentation
• Interviews with experts
• Conducting brainstorming meetings
• Using the approaches of standard methodologies – such as Failure
Modes, Effects and Criticality Analysis (FMECA), cause trees, etc.
• Considering the lessons learned from R&Os encountered in previous
projects
• Using pre-established checklists or questionnaires covering the different
areas of the project (Risk Breakdown Structure or RBS).

9. Identify The Risk

10. Assess The Risk
There are two types of risk and opportunity assessments: qualitative and quantitative.
A qualitative assessment analyzes the level of criticality based on the event’s probability and impact.
A quantitative assessment analyzes the financial impact or benefit of the event. Both are necessary for a
comprehensive evaluation of risks and opportunities.
Qualitative Assessment
The Risk Owner and the Risk Manager will rank and prioritize each identified risk and opportunity
by occurrence probability and impact severity, according to the project’s criticality scales.
Evaluating occurrence probability (P):
This is determined preferably based on experience, the progress of the project, or else by speaking to a
risk expert, and is on a scale of 1 to 99%.
For example, suppose the risk that: “the inability of supplier X to conduct studies on a modification Y by the
end of 2025” is 50% probable. This could be determined from feedback and analysis of the supplier’s
workload.

11. Assess The Risk
Evaluating impacts severity (I):
To assess the overall impact, it is necessary to estimate the severity of each of the impacts defined at the
project level. A scale is used to classify the different impacts and their severities. This ensures that the
assessment of the risk and opportunity is standardized and reliable.
The criticality level of a risk or opportunity is obtained by the equation:
Criticality = P x I
The purpose of the qualitative assessment is to ensure that the risk management team prioritizes the
response on critical items first.

12. Assess The Risk
Quantative Assessment
In most projects, the objective of the quantitative assessment is to establish a financial evaluation of a
risk’s impact or an opportunity’s benefit, should it occur. This step is carried out by the Risk Owner, the
Risk or the management controller depending on the organizational set up in the company. These
amounts represent a potential additional cost (or a potential profit if we are talking about an opportunity)
not anticipated in the project budget.
For this, it is therefore necessary:
To evaluate the additional costs incurred by financially reviewing:
• Hours of internal engineering
• Hours of subcontracting
• Additional work to do
• Amendments and/or claims made to contracts
• Etc.
To calculate the cost of the undesired event’s consequences by adding these values.
This step will make it possible to estimate the need for additional budget for risks and opportunities of the
project.

13. Assess The Risk

25. Risk Space
Unobservable Risks
Uncontrollable Risks
Controllable Risks
Observable Risks

26. Uncertainity Spectrum