Wednesday, March 28, 2018

Risk Management in Projects

In projects, things often pan out differently than expected. Sometimes the unexpected works in favor of the project team but often the opposite is the case. To anticipate these events or keep them in check a proactive stance is needed. Risk management refers to the universe of activities and measures aimed at dealing with risks in order to keep a project under control.

What is Risk? 
Risk is defined as "The possibility of suffering harm or loss; danger." Even if we're not familiar with the formal definition, most of us have an innate sense of risk. We are aware of the potential dangers that permeate even simple daily activities, from getting injured when crossing the street to having a heart attack because our cholesterol level is too high. Although we prefer not to dwell on the myriad of hazards that surround us, these risks shape many of our behaviors. Experience (or a parent) has taught us to look both ways before stepping off the curb and most of us at least think twice before ordering a steak. Indeed, we manage personal risks every day.

Risk management helps the uninterrupted flow of activities in a project by hedging against undesirable events. This in turn creates confidence in the project, in third parties affected by the project and in the project team itself. Risk management activities require information; therefore they promote communication within the project and improve effectiveness of team efforts. Finally, risk management improves decision making in the project.


There are two types of unexpected events in the course of a project

  • Known risks: these are identified potential problems such as the possibility of a strike when labor contracts expire. The exact consequences are unknown but the potential to harm project outcomes is evident.
  • Unknown risks: these are problems arising unexpectedly but seasoned project managers do expect them.

Risk Management Techniques
  • Identify Weaknesses: Risk analysis begins with identifying all potential weaknesses. Weaknesses are internal. One example is a product or service that does not meet the needs of the customer. Other examples include staffing shortages, unreliable employees and ineffective leadership. After an organization examines these and other areas for potential weaknesses, it can examine more closely different parts of the organization such as systems, finances, and human resources . Communication with other people may also bring to light some potential weaknesses within the organization.

  • Identify Threats : Threats are external factors that can negatively affect an organization. Identify all potential threats by looking into the parent company, the organization itself and the industry. Determine how threatening each could be to the organization and how vulnerable the organization is to an attack from competitors. Other examples of external threats include natural disasters, war, disclosure, hackers, theft, errors in data entry and changes in the economy.
  • Estimate Risks : After each threat and weakness has been identified, the next step is to determine how damaging they are or could be. These threats and weaknesses may or may not negatively impact the organization. To calculate the value of one of these risks, take the probability of the threat taking place and multiply it by the cost of fixing the damage caused by the threat.
  • Manage Risks:  An organization must manage the risks once it knows the value of each risk. To be cost-effective, spend less money eliminating a risk than the amount it would cost to resolve the aftermath if the event occurs. If the event occurs, and it will not cost much to resolve, it may not even be worth the time and money spent eliminating it. Managing risks can be done by using existing assets to improve methods, transfer responsibilities or improve internal controls. In addition, a contingency plan can manage risks by creating a plan that will reduce the effect of the risk, should it occur. Investing in new resources is another way to manage risks.
  • Critical Path : The critical path refers to specific tasks in a project that are necessary for the successful completion of the project. The tasks are displayed in flow chart or diagram along with the amount of time it should take to complete each one. The tasks must be completed in the correct order; if one task does not get complete, it could hold up the entire project and risk missing the completion date. Manage the risk by ensuring the tasks get completed in order and on time, and prepare a contingency plan.


The risk management framework comprises four processes:

  1. Identify risks: Risk management starts with identifying potential problems in the course of the project. Since "all possible problems" can be a large number, it is necessary to prioritize and focus on the most disruptive ones.
  2. Develop response plans: Every risk response attempts to reduce the probability and/or the impact of risks. The outcome of this phase is a risk log. A risk log is the full list of risks the project team will actively manage and the tasks associated with managing each risk.
  3. Establish reserves: Usually a project budget contains some reserves for dealing with risks. With detailed risk planning done, a much more accurate assessment of how much money to allocate for known risks and unknown risks can be done.
  4. Continuous risk management: Continuous risk management is the conscious repetition of risk identification, response development and risk planning. At regular intervals known risks are reassessed and the team searches for new risks

Risk management is not a separate function in the project management process; it complements all management functions: definition, planning and control. The first risks surface in the project definition phase. Tackling risks requires reserves, hence risk management has an important feed into the planning function. The control function tries to keep the project on track, therefore risks that can disrupt the flow of activities are of prime concern.

Despite the benefits of risk management, it is not used in every project. First, the project team may not be familiar with risk management and its associated benefits. Second, some people do not relish acknowledging the existence of risks because of the ostrich mentality. Also some mangers think if risks turn up in their project, it would be considered a sign of their poor management. Third, risk management is costly and its yield is not easy to determine. Fourth, some companies claim they do not have the time and capacity to indulge in risk management.