Risk identification techniques and mitigation techniques in the present dynamic scenario of the industry is described here. Also, the recent research area and probable topics that one could choose as a Ph.D. topic are described briefly.
2. What is Risk?
A risk is anything potentially that could impact your
project’s timeline, performance or budget.
A dictionary definition of risk is “the possibility of loss
or injury”.
Project risk involves understanding potential
problems that might occur on the project and how
they might impede project success.
Risk management is like a form of insurance; it is an
investment.
3. Project Risk Classification
According to the nature of risk-
PURE RISK
BUSINESS RISK
According to the impact of risks on a project are
classified as-
Positive risk
Negative risk
4. WHAT IS PROJECT RISK MANAGEMENT?
Project risk management is the art and science of
identifying, assigning, and responding to risk
throughout the life of a project and in the best
interests of meeting project objectives.
The goal of project risk management is to minimize
potential risks while maximizing potential
opportunities.
5. The Importance of Project Risk Management
Well-run projects appear to be almost effortless, but a
lot of work goes into running a project well.
Project managers should strive to make their jobs look
easy to reflect the results of well-run projects.
6. Risk Tolerance - Risk tolerance defines the attitude or
approach that the organisation or project manager has towards
the risk.
There are three types of risk tolerance-
Risk averse- With the Risk-Averse Approach, the
organisation or project manager has an avoidance
mentality.
Risk seeker- With this approach, the Risk seeker is
actively looking for risk and is willing to take risk.
Risk neutral- In this approach, the Risk neutral person is
willing to take the risk but only if it favours them.
7. Risk Register
A document that is created in the identifying risk process.
It is a living document that needs continuous updates.
It contains the following information:
Major risks that may occur on the project.
Triggers that help identify when a risk event may occur
Results from risk analysis
Responses of these risk events should they occur
Risk owners or people who have to take action when risk
events occur
8. RISK REVIEWS
The purpose of this review during the execution phase
of the project is two folds:
Check for the risk outlined in the risk register. It is to
ensure that their probabilities, impact and responses
are still valid and accurate.
Look out for new risks that were not identified
previously.
10. BRIANSTORMING
Brainstorming is a situation where a group
of people meet to generate new ideas and
solutions around a specific domain of interest
by removing inhibitions.
People are able to think more freely .
They may suggest many spontaneous new
ideas as possible.
11. Interviews and self-assessments
Interviewing your staffs about the recent ongoing
projects and collecting their hindrance and problems of
work will help you to formulate new ideas.
Also evaluate yourself for the progress of schedule and
prepare the contingency plan for smooth transition and
completion of project.
12. Risk surveys
A basic risk survey is undertaken in order to evaluate
physical risks at a site and identification of areas where
the risk may be reduced.
A comprehensive survey
report is, including photographic
evidence and recommendations,
where appropriate.
13. Event inventories or loss data
Track and report on loss events, perform main cause
analysis and establish accountability across your
enterprise.
Manage the loss event lifecycle to understand where
and how your risk management program needs to be
strengthened.
Automate the review and analysis workflow of loss
events.
14. Facilitated workshops
Facilitated Workshops are a process in
which a neutral facilitator, with no
stake in the outcome of the workshop,
enables a group to work together to
achieve an agreed goal, whether that
be solving a problem, building a plan,
gathering requirements or making a
decision.
15. Root cause and Checklist analysis
It is designed to help you methodically identify the root
cause of a given problem or issue, by asking a series of
questions, and by considering the problem from different
angles.
It allows you to challenge
first-reaction thinking and
to consider issues and
problems in light of current
business realities.
16. SWOT ANALYSIS
SWOT analysis is a process that identifies an
organization's strengths, weaknesses,
opportunities and threats.
17. Influence diagrams
This simple influence diagram
depicts a variable describing the
situation:
A decision - What do we do?
A chance variable - What's the outcome?
A final valuation - How do we like it?
It depicts the key elements, including decisions,
uncertainties, and objectives as nodes of various shapes
and colours.
18. EXPERT JUDGEMENT
It’s a technique in which judgment is
made based upon a specific set
of criteria and/or expertise that has been
acquired in a specific knowledge area or
product area.
Typically expert judgment requires an
expertise that is not present within
the project team.
It is common for an external group or
person with a specific relevant
knowledge base to be brought in for a
consultation.
19. Assumption Analysis
Used by project team members to minimize risks
involved in making assumptions during the process of
planning a particular project.
The process in which this analysis takes place is fairly
straightforward, yet is essential to minimizing risk.
Assumptions analysis is a process that likely should be
repeated throughout a project’s life.
20. RISK MANAGEMENT STRATEGIES
SHARE
Transfer all or part of the opportunity to a third party using outsourcing experts
in this field.
Exploit
Make sure to achieve this risk or opportunity and invest it to increase
institution revenues and developing performance, and make sure it happens by
editing some of the project’s activates.
Enhance
Increase the possibility of making the opportunity happens or increasing its
effect.
Acceptance
Which is a strategy that can be followed in both positive and negative risk
situations, the error is accepted and there is no action until it happens. This
strategy is applied as a final option.
POSITIVE RISK MANAGEMENT STRATEGY
21. Negative Risk Response Strategies
Escalate:
when you identify a risk and
find that you cannot manage it
on your own .
Contact to your PMO or Top
management to take necessary
action.you lack the authority, resources or
knowledge required for a response.
22. AVOID
It is done by changing the project management plan, by
changing the project scope, or by changing the
schedule.
This is a desired risk response strategy mainly used for
critical risks. This is the best technique for all risks;
however, it cannot be used most of the time.
23. Mitigate
This strategy decreases the severity of the risk.
lessen the gravity of risk.
Example
You find that a team member may
leave for a certain duration during
the peak of your project. This is a
negative risk.
To minimize the impact of his
absence, you find another employee
with similar qualifications from your
organization
24. TRANSFER
You use this strategy when you are lacking skills or resources to
manage the risk or you are too busy to manage it.
In the transfer risk response strategy, you transfer the risk to a
third party to manage it.
Transferring a risk can cause a secondary risk. For example,
although you have given a third party the responsibility of
managing the risk, you are responsible for the guarantee with the
client.
25. Accept
Here you take no action to manage the risk except
acknowledging it.
You use this strategy when the risk is not critical, if it is not
possible or practical to respond to the risk through the
other strategies, or if a response is not warranted by the
importance of the risk. Passive acceptance you do nothing
except note down the risk in the risk register.
26. PROJECT RISK MANAGEMENT AREAS FOR
FUTURE IMPROVEMENT
Integration of Risk Management
Risk management should become fully integrated at
both operational and strategic levels.
Risk management must be seen as an integral part of
doing business rather than being conducted as an
optional additional activity.
27. Increased Depth and Breadth
The depth of analysis could be improved by-
Development of better tools and techniques with
improved functionality.
Advanced information technology capabilities to
enable effective knowledge management and learning
from experience.
Development of existing techniques.
28. The breadth analysis is enhanced by:
Inclusion of opportunity within the definition of “risk”,
and ensuring that the risk process covers both threats
and opportunities.
Measurement of impact against all types of objectives,
including performance, quality, compliance,
environmental or regulatory and “soft” objectives.
Expansion of the scope of risk processes to include
program risk management and business risk
assessment.
29. Behavioural Aspects
Human behaviour implementation in risk management for both in
generating input data for the risk process, and in interpreting
outputs.
Also consider risk attitudes and their effect on the validity of the
risk process.
A reliable means of measuring risk attitudes needs to be
developed, to identify and counter potential bias among
participants in the risk process.
Building of risk-mature and emotionally-literate teams of people
who can understand and modify their risk attitude.
30. Risk Monitoring and Control
Monitoring risks involves knowing their status.
Controlling risks involves carrying out the risk
management plans as risks occur.
Workarounds are unplanned responses to risk events that
must be done when there are no contingency plans.
The main outputs of risk monitoring and control are
corrective action, project change requests, and updates to
other plans.
Notas del editor
PURE RISK
This is risk which can be transferred to another party, thereby reducing the impact if it occurs. This is risk for which insurance can be purchased.
For example: Automobile collision insurance.
BUSINESS RISK
This is risk that any business takes by just being in business. It is typically not insurable and cannot be transferred to a third party.
For example: Trying to buy insurance that will help you if you do not get any customers for your business product.
There are a variety of techniques that organizations will use during the identification process to establish solid risk management strategies.
All the ideas are noted down and are not criticized and after brainstorming session the ideas are evaluated.
Manage and report on issues and remediation plans associated with loss events.
From the initial conception of a project to identification of a defect or bug within the eventual solution, root cause analysis can be used to get to the source of the problem.
Why its Useful Root cause analysis is helpful to ensure that valuable time is not wasted by solving the wrong problem, or by developing and implementing solutions to symptoms rather than causes
SWOT is a basic, analytical framework that assesses what an entity can and cannot do, for factors both internal (the strengths and weaknesses) as well as external (the potential opportunities and threats). Using environmental data to evaluate the position of a company, a SWOT analysis determines what assists the firm in accomplishing its objectives, and what obstacles must be overcome or minimized to achieve desired results: where the organization is today, and where it may be positioned in the future.
An influence diagram is an intuitive visual display of a decision problem. It depicts the key elements, including decisions, uncertainties, and objectives as nodes of various shapes and colours. It shows influences among them as arrows.
These four node types are the building blocks of decision problems. The influence diagram gives a high-level conceptual view on which you may build a detailed, quantitative model.
This knowledge base can be provided by a member of the project team, or multiple members of the project team, or by a team leader. However, typically expert judgment requires an expertise that is not present within the project team and, as such, it is common for an external group or person with a specific relevant skill set or knowledge base to be brought in for a consultation.
The project team members must identify and document all of the assumptions being made during the project planning process, and then on a one by one basis, identify the risks that exist as a result of each assumption to the project based on the potential inaccuracies or inconsistencies that the assumptions may exhibit.
Like everything else on a project, you’re going to strategize and have the mechanisms in place to reap the rewards that may be seeded in positive risk. In his section we are going to discuss the techniques to respond of positive risk.
Example: Having an opportunity to inter the market by developing a new product, but it needs to be quick process, in this case a contract should be signed with companies or experts to make this product as soon as possible.
Exploit-Example: some of team members have the knowledge to use a new technique that could reduce delivering time to this project by 20%, they train there other members to use this technique.
Example: The allocation of additional sources of tasks, earlier negotiating with stakeholders to get the best price.
Example: If this possible threat could happened with a damage of 1000$ when can be avoided by losing 5000$, in this case it would be worth it not to take any action and deal with it as a positive or negative risk.
For example, you know that the government is planning to announce a regulation and if it is approved it could impact your project negatively. You have no legal advisor and other resources to manage this risk, so you will approach your superiors to handle the risk.
you won’t take any further action except to note it down in the risk register.
It is easy to use this strategy if you identify the risk in a very early stage, otherwise it is difficult to adopt this strategy because in a later stage changing scope or schedule is a costly affair.
In this way, you have transferred the responsibility of the whole task to a third party, and now it is their responsibility to complete the task within the agreed time and cost.
For example, in your project there is a task to install some equipment and you have little experience with this task. The task is complex and few contractors have successfully installed it. Therefore, you find a contractor and ask them to install it and sign a fixed price contract.
For example, you are digging to construct a building and there is a risk that you may find artefacts, though the chances are low. So you note it down and take no action as a response plan may cost you a lot with no guarantee of finding an object of interest.
Without such integration, there is a danger that the results of risk management may not be used appropriately (or at all), and that project and business strategy may not take proper account of any risk assessment.
Development of better tools and techniques, with improved functionality, better attention to the user interface, and improved integration with other parts of the toolset.
Use of advanced information technology capabilities to enable effective knowledge management and learning from experience, for example using artificial intelligence, expert systems or knowledge-based systems to permit new types of analysis.
Development of existing techniques from other disciplines for application within the risk arena, for example from value management, system dynamics, safety and hazard analysis, financial trading etc.
Inclusion of opportunity within the definition of “risk”, and ensuring that the risk process covers both threats and opportunities (see Hillson 2003).
Measurement of impact against all types of objectives, including performance, quality, compliance, environmental or regulatory, “soft” objectives such as human factors issues, and the business benefits.
Expansion of the scope of risk processes to include program risk management (addressing risks to portfolios of projects, considering inter-project issues) and business risk assessment (taking account of business drivers).
There is general agreement on the importance of human behaviour in determining performance (Hillson & Murray-Webster, 2007).
Future developments in risk management must take more account of these issues, both in generating input data for the risk process, and in interpreting outputs. This should include the area of heuristics, to identify the unconscious rules used when making judgments under conditions of uncertainty.
It should also consider risk attitudes and their effect on the validity of the risk process. A reliable means of measuring risk attitudes needs to be developed, to identify and counter potential bias among participants in the risk process. The impact of risk attitude on perception of uncertainty should be explored to allow the effects to be understood and managed.
This would also permit building of risk-mature and emotionally-literate teams of people who can understand and modify their risk attitude as appropriate between taking risks and being cautious, in order to ensure that risks are taken safely.
It’s good to include risk management as part of and as a requirement on the project. A project manager should have to identify the risks as early as possible on the project and include all those who need to be part of the process and prioritize and analyse risks so that one can focus only the critical ones. In this way we can mitigate threats but we should be careful to exploit opportunities. Risk planning should be a dynamic process to look out for new risks and plan appropriate responses to the critical risks.