lecture notes

Done

•The British Standards Institution (BSI) defines project as a unique process, consisting of a set of
coordinated and controlled activities with start and finish dates, undertaken to achieve an objective
conforming to specific requirements, including constraints of time, cost and resources.
•Kerzner (2009) defines project as a temporary endeavor used to create something that we have not done
previously and will not do again in the future.
•Because of this uniqueness, risk management is set up as continuous, disciplined process of planning,
identifying, analyzing, developing risk responses and monitoring and controlling which in turn will
supplement other processes such as planning, budgeting, cost control, quality and scheduling.
Risk
•Risk is an uncertain event or set of circumstances that, should it occur, will have an effect/impact on
achievement of one or more project objectives.
•Thus risk is a measure of the probability and consequence/impact of not achieving a defined project
goal.
Risk elements
1. Risk involves the notion of uncertainty e.g

•can the new product launch date be met?

•Can the computer be produced within budgeted cost?
For example, the probability of not meeting the new product introduction date is 0.15. However, when risk
is considered, the consequences or damage associated with the event occurring must also be considered.
•Goal ‘A’ with a probability of occurrence of only 0.05 may present a much more serious risky situation
than goal ‘B’ with a probability of occurrence of 0.2, if the consequences of not meeting goal A are in this
case more than four times more severe than the inability to meet goal B.
Thus risk has two primary components for a given event:

ØA probability of occurrence
ØImpact (consequence) of the event occurring (amount at stake)
Risk = ƒ (probability, consequence)

•In general, as either the probability or consequence increases, so does the risk. Thus both probability and
consequence must be considered in risk management.
2. Risk constitutes lack of knowledge of future events. Typically, future events (outcomes) that are
favorable are called opportunities whereas unfavorable events are called risks.

3. Another element of risk is its cause. Something or lack of something can induce a risky situation. We call
this source of danger as the hazard.

Certain hazards can be overcome to a great extent by knowing them and taking action to overcome them.
This leads to the second representation of risk:

Risk = ƒ (hazard, safeguard)

•Thus risk increases with hazard but decreases with safeguard. The implication of this equation is that
good project management should be structured to identify hazards and to allow safeguards to be
developed to overcome them.
Risk Management’s Benefits
•A proactive rather than reactive approach.
•Reduces surprises and negative consequences.
•Prepares the project manager to take advantage
of appropriate risks.
•Provides better control over the future.
•Improves chances of reaching project performance objectives within budget and on time.
External Vs Internal Risk
1. Internal risks originate inside the project. Project managers and stakeholders usually have a measure of
control over these.

Two main categories of internal risks are the market risk and the technical risk.
•Market risk is the risk of not fulfilling either market needs or the requirements of particular customers.
Sources of market risk include:
•Incompletely or inadequately defined market or customer needs and requirements
•Failure to identify changing needs and requirements
•Failure to identify newly introduced products by competitors etc.
•Technical risk is the risk of not meeting time, cost or performance requirements due to technical
problems with the end item or project activities.
Technical risks to the project may involve:

•The financial solvency of the company,

•The ability for the company to have required equipment and other resources on hand in time to support
the project.
•Personnel issues such as the sickness or unanticipated termination of a key team member
•Infrastructure problems such as the availability of servers, software, and IT support
•Technical risk can best be expressed by rating it as being high, medium or low according to the following
features:
(i) Maturity:An end-item or process that is preexisting, installed and operational or based on experience
and preexisting knowledge entails less risk than an end item or process that is in the early stages of
development.

(ii) Complexity: how many steps, elements, or components are in the product or process and what are
their relationships? An end item or process with numerous interrelated steps or components is more risky
than one with few steps or components that have few, simple relationships.

(iii) Quality: how producible, reliable and testable is the end item or process? In general, an end item or
process that is known to be completely producible, reliable or testable is less risky than one that has not
yet been produced or has low reliability or testability.

(iv) Concurrency or dependency: to what extent do multiple, dependent activities in the project overlap? In
general, risk increases the more that activities overlap one another. Sequential, dependent activities with
no overlap are much less risky than those with much overlap.

2. External Risks includes only risks that stem from sources outside the project. Project managers and
stakeholders usually have little or no control over these. Sources of external risks include changes in:

market conditions, Competitors’ actions, Government regulations, Interest rates beset Customer needs
and behavior, Supplier relations, Weather, Labour availability, Material or labour resources, External
control by customers or subcontractors over project work and resources

Why Manage Risk in Projects?

(i) Uniqueness: Every project involves at least some elements that have not been done before, and
naturally there is uncertainty associated with these elements.
(ii) Complexity: Projects are complex in a variety of ways, and are more than a simple list of tasks to be
performed. There are various kinds of complexity in projects, including technical, commercial, interface or
relational, each of which brings risk into the project.

(iii) Assumptions and constraints: Assumptions and constraints may turn out to be wrong, and it is also
likely that some will remain hidden or undisclosed, so they are a source of uncertainty in most projects.

(iv) Shareholders: These are a particular group of people who impose requirements, expectations and
objectives on the project. Shareholder requirements can be varying, overlapping and sometimes
conflicting, leading to risks in project execution and acceptance.

(v) People: All projects are performed by people, including project team members and management,
clients and customers, suppliers and subcontractors. All of these individuals and groups are unpredictable
to some extent, and introduce uncertainty into the projects on which they work.

(vi) Change agent: Every project is a change agent, moving from the known present into an unknown
future, with all the uncertainty associated with such movement.

Project Risk Management Process

•Risk management is the term applied to a logical and systematic method of establishing the context,
identifying, analyzing, evaluating, treating, monitoring and communicating risks associated with any
activity, function or process in a way that will enable organizations to minimize losses and maximize
opportunities OR
•Risk management is the identification, assessment, and prioritization of risks followed by coordinated
and economical application of resources to minimize, monitor, and control the probability and/or impact
of unfortunate events or to maximize the realization of opportunities.
•Risk management planning: deciding how to approach and plan the risk management activities for the
project
•Risk identification: determining which risks are likely to affect a project and documenting the
characteristics of each
•Qualitative risk analysis: prioritizing risks based on their probability and impact of occurrence
•Quantitative risk analysis: numerically estimating the effects of risks on project objectives
•Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project
objectives
•Risk monitoring and control: monitoring identified and residual risks, identifying new risks, carrying out
risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project
Fundamental Principles of Project Risk Management
i.Aligns with the objectives – Your Risk Management approach should align with your project’s
organizational objectives, focusing only on those uncertainties that have the potential to impact on the
achievement of these objectives.
ii.Fit the context – The Effective identification of the threats and opportunities to your project is
dependent on an understanding of the context of the organization or activity under examination.
•Risk management is often overlooked in projects, but it can help improve project success by helping
select good projects, determining project scope, and developing realistic estimates.
iii. Engage stakeholders – Your Risk Management must engage stakeholders to get their input, and to
factually define each risk to remove different and subjective perceptions of risk, so that the right, collective
decisions are made when allocating resources to mitigate risks, and the right projects are put forward
within the risk capacity of the organization.

iv. Informed decision making – Risk Management is linked to and informs decision-making across the
organization by helping the decision-makers understand the relative merits, threats and opportunities
associated with alternative courses of action and thus make informed choices on which projects to run.
v. Facilitate continual improvement – Risk management must use historical data and facilitate the
continual improvement of risk management.

vi. Create a supportive culture

A supportive culture is one that embeds risk management into day-to-day activities, where senior
management demonstrate through their actions that risk management is important.

Achieve measurable value – Using a structured approach to Risk Management must generate measurable
and justifiable organisational value. To achieve this, baselines and processes to measure performance must
be established.