What is risk?
Risk is an unknown, uncertain future event, that may or may not happen. In project management risk pertains to, but is not limited to, technical drawbacks, interpersonal issues, a change in the scope of the project and finance.
Risk management is a process where potential risks are identified, analysed and a response developed to deal with the risk (should it occur), in an effort to reduce the negative impact that it may have.
There are six sub-processes to risk management, they are:
Risk management planning - putting together a plan for risk management
Risk identification - determining risks that may have an impact on the project
Qualitative risk analysis - assess the severity of the risk and it’s possibility of negatively influencing the project
Quantitative risk analysis - establishing measures for the likeliness of the risk and it’s effects
Risk response planning - seeking out methods to reduce the negative impact on the project
Risk monitoring and control - continuously assessing the sub-processes to ensure the best possible outcomes for the project. Keeping records of the sub-processes.
Risk management planning is a system whereby, how risk is identified, qualitative and quantitative risk analysis carried out and risk response planning is done.
In order for a project manager to identify risks, he/she will need the following:
- information about the product and deliverables
- employee requirements, projected costs and work breakdown structure
- previous experience, historical information and personnel knowledge
Risks may be internal or external. Sources of risks include, but it not limited to:
Client risks
Equipment risks
Staff risks
Scrope risks
Technology risks
Physical risks
Delivery risks
Qualitative risk analysis is the third sub-process in risk management and is an important step in risk management as this is where risks are prioritised based on the possibility of it occurring and it’s impact on the project. Project managers cannot focus on all possible risks and so this is where the risks that are likely to occur will be concentrated on (Harrin, 2021). A list of the most pressing risks must be compiled and reviewed regularly.
There are two conventional methods that can be used for qualitative risk analysis:
1 - Scenario analysis - probable scenarios that may have a negative impact on the project are contemplated. The project manager will mentally walk through these possible scenarios and communicate with others involved with project with regards to their thoughts. The outcomes of such scenarios must be ascertained
2 - Failure Mode and Effect Analysis (FMEA) - this systematised risk assessment tool enables project managers to identify and quantify potential failures. When analysing potential failures, the impact on the outcome of the project, the frequency and cause of the failure and the likelihood of failure is looked at (Copper project, 2018).
©jamasoftware.com
There are six steps to follow when using FMEA:
1 - List potential project failures, at each step of the project
2 - Examine the severity of each risk and look at it’s consequences
3 - The source of each failure must be determined and the probability the failure occurring must be determined
4 - Evaluate the ability to determine each failure identified
5 - The Risk Priority Number (RPN) must be calculated. This can be achieved by multiplying the Severity, Likelihood and Detectability together.
6 - The list of potential failures must be evaluated according to their RPN’s. Methods to decrease such risks must be examined.
Each step is given a numerical value from 1 - 10. 10 indicating certain failure and 1 indicating unlikely failure. These numerical values aid with determining the severity or negligible potential of the risks.
©moresteam.com
Quantitative risk analysis, is the fourth sub-process in risk management and mathematically estimates the entirety of the risk, on project outcomes. The results of such analysis, indicate either project success or project failure (Hall, 2021).
Initially Game theory was developed to predetermine situations where one individual has a better outcome, but, at another individuals expense. This is called zero sum games (BHPM, 2021). On a basic level, the strategy can be explained using the 'Prisoner's Dilemma', as illustrated below:
©britannica.com
This can be applied in project management, when the worst possible outcomes are determined and then the ‘least’ worst scenario chosen. Outcomes that are not as bad as the others are chosen. There is a mathematical formula attached to this process.
The fifth sub-process in risk management is risk response planning. Project managers must decide on which risks to anticipate and how to decrease or eliminate it’s severity, which risks to accept as probable threats and which risks to ignore. A plan must be drawn up.
There are four tools used in risk response plan:
Procurement - move the risk
Alternative strategies - find a different path to reach outcomes
Insurance - lessen the impact of the risk
Contingency planning - how to deal with the risk, should it occur
©corporatecomplianceinsights.com
The sixth sub-process in risk management is risk monitoring and control. The records containing risks identified must be continuously examined and analysed. Risks must be addressed and the results of this must also be recorded, so as to aid in future projects.
There are four control and prevention tools that can be employed:
Remove excuses
Demand visibility
Help people communicate
Plan fallback
Comments