Risk-based Learning

Figure 1: Key Success Factors for Risk Management (own figure, based on ^[1])

These key success factors include:

• Recognizing the value of risk management. Project, program, and portfolio risk management is acknowledged as a valued discipline that offers a significant return on investment by organizational management, team members, and stakeholders. ^[1]

• Individual commitment/responsibility. Participants and stakeholders in the project, program, and portfolio assume responsibility for performing risk-related actions as needed. Everyone is responsible for risk management. ^[1]

• Open and honest communication. It is critical not to hinder risk communication since this may limit the effectiveness of risk management. ^[1] Creating a governing structure can be beneficial. Governance encourages cultural honesty and openness while requiring responsibility from every employee, operating unit, and support function. ^[6]

• Organizational commitment. It is critical to establish a culture that values risk management in order to achieve this. Only when risk management is integrated with the organization's goals, values, and ERM policies can organizational commitment develop. Risk management decisions may need approval from people at a higher level than the project, program, or portfolio manager. ^[1] Risk management is an integral component of the framework for project, program, and portfolio management. Risk management needs to be practiced, acknowledged, and supported within the organization. A risk management culture fosters the identification of risks rather than ignoring them, as well as the discovery of possibilities through the promotion of a positive mentality inside the organization. ^[6]

• Tailoring risk effort. Risk management operations are compatible with the organization's value of the activity, as well as it's level of risk, scale, and other restrictions. ^[1]

• Integration with organizational project management. Risk management does not operate separately from other organizational project management procedures. ^[1] Distribute best practices throughout your organization. For this to happen, your organization's culture must be one of openness, with managers acting as co-dependent participants in the risk environment. Workers from the operational side of the business, as well as employees whose input is often ignored, such as the audit, finance, human resource, and risk management teams, must be included in this partnership. ^[6]

Risk assessment in Project Management

There are five main factors that need to be considered when evaluating potential risks in project management: ^[5]

1. Risk Identification

The risk identification activity identifies which risks may have an impact on the project, program, or portfolio and analyzes their characteristics. Risks should be recognized and addressed as early as possible in the project. Risk identification occurs throughout the project life cycle, with a focus on major milestones. Some risks will be obvious to the project team while others will require more effort to identify, but will still be predictable. ^[5] Participants in risk identification activities might include the program manager, program sponsor, program team members, risk management team, stakeholders, outside subject matter experts, customers, risk management experts, and external reviewers as needed. New risks may emerge or become identified as the process develops. The frequency of iteration and the engagement of participants may vary, but the structure of the risk statements should remain similar. The identification activity should offer enough information to analyze and prioritize the risk. ^[7]

Identifying risk sources and categories is one method of identifying risks. The fundamental causes that produce risks in a project or organization are referred to as risk sources. Risk sources identify potential sources of risk. ^[5] Specific factors inside a project or organization that might go wrong during the preparation or execution of an activity are referred to as risk categories. It identifies locations that are vulnerable to risks. Category types include:

• External risks: Governmental, regulatory, environmental.

• Organizational risks: Service, budget, quality, resources.

• Technical risks: Risks with software, hardware, or any manuals or other process documents related to the project.

• Project management risks: How the team working on the project operates. ^[8]

2. Risk Analysis

Risk analysis entails evaluating how project goals and objectives may alter as a result of the risk event's influence. Successful organizations should be able to effectively and efficiently identify the risks that have a direct impact on their goals and objectives. Once the risks have been identified, they are analyzed to determine the qualitative and quantitative impact of the risk on the project so that suitable measures may be performed. It might be difficult to identify the most significant risks. To analyze risks, it is essential to address both the probability and impact of the risks within an organization, project, program, and portfolio risk management processes. ^[1]

To analyze risks, the following guidelines are employed: ^[5]

Figure 2: Impact-Probability Matrix (own figure, based on ^[5])

Probability:
Probability refers to the likelihood of a risk occurring.

• High probability – (80 % ≤ x ≤ 100%)
• Medium-high probability – (60 % ≤ x < 80%)
• Medium-Low probability – (30 % ≤ x < 60%)
• Low probability (0 % < x < 30%)

Impact:
Risk analysis entails determining how the risk event's impact will affect project outcomes and objectives.

• High – Catastrophic (Rating A – 100)
• Medium – Critical (Rating B – 50)
• Low – Marginal (Rating C – 10)

3. Risk Exposure

Risk Exposure, also known as Risk Score, is calculated by multiplying the Impact Rating by the Risk Probability. The colors signify the amount of urgency in risk response planning and are used to establish reporting levels as is shown in Figure 2. ^[5]

4. Risk Occurrence Timeframe

The timeframe in which this risk will have an impact is identified. A timeframe is evaluated for each identified risk. Risks with a "near" timeframe of occurrence need more attention than those with a "far" timeframe. Defining the risk severity and using it to prioritize the risk is one way of identifying the most significant and impactful risks. Because risk is often related to project milestones, the timeframe for exposure might shift as the schedule evolves. ^[9]

5. Risk Response Planning

There is rarely a simple fix that can be used to minimize or eliminate all of the risks associated with a project. Action plans should be developed to minimize these risks. These action plans should include a description of the steps that must be followed to reduce that risk. Some risks might have to be handled and decreased in a calculated way over a longer period of time. When choosing an action plan, it is critical to determine the time and cost of the action plan as accurately as feasible. It helps in choosing a response plan among the options, as well as determining if the action plan is more expensive or has a greater impact on one of the project objectives than the risk itself. All risk action plans should be assigned to the individual who will carry them out, and the project manager is responsible for that. ^[5]

The risk manager oversees establishing the risk reduction strategy, which includes identifying options and deciding steps to reduce risks to the project. Risk-reduction strategies often include one or more of the following:

• Transfer: Involves transferring the responsibility of a risk along with the ownership of the response to a third party. ^[9]
• Mitigate: Action is performed in risk mitigation to lower the likelihood of occurrence and/or effect of a threat to an acceptable threshold. An early mitigation action is frequently more successful than attempting to restore damage after the threat has happened. ^[1]
• Avoid: When the project, program, or portfolio team moves to eliminate the threat posed by the adverse risk/issue it is referred to as risk avoidance. It is most suitable for a high-priority threat with a high likelihood of occurrence and a significant negative impact. ^[1]

Figure 3: Average quiz scores as overall scores and separated into gender. (own figure, based on ^[10])

Study on Risk-Based Learning Games

In 2014, undergraduate students conducted a study in which they designed a risk-based learning game for students in order to explore if such learning games may increase later memory of information. Undergraduate neuroscience students led 90-minute scientific workshops for 9-10 year old students (n = 448) separated into 'Risk,' 'No Risk,' and 'Control' groups. During the workshops, 'Risk' groups were given multiple choice questions (MCQs) that required small groups of students to allocate tokens to the answer(s) they thought were right. ^[10]

The group received the tokens and an equal amount back as a prize if they answered correctly, but they lost the tokens if they answered incorrectly. The group at the end of the workshop that had the most tokens won a price. MCQs without the risk component were given to the 'No risk' group, whereas no MCQs were given to the 'Control' group. At the end of the workshop, the students were given a neuroscience test based on the workshop material. Students in the 'Risk' group remembered material considerably better one week later than students in the 'No Risk' and 'Control' groups. This is reinforced by responses from students in 'Risk' classes, who stated that the 'Risk' workshops were more interesting than the 'No risk' and 'Control' workshops. ^[10]

Average quiz scores on the day of the workshop and a week later are illustrated in Figure 3. These findings show that risk has a role in the classroom and can be used to interest students and motivate them to improve engagement in the classroom. It suggest that the higher the risk factor involved, the more likely it is that the students will prepare for it, learn from it, and hence remember it better. The evaluation is taken more seriously when there is risk involved. It also indicates that there is a connection between the degree of risk around us and our memory. ^[10]

Limitations and conclusions

The main limitation of the application of risk management is the uncertainty factor. Uncertainty is a key concept when it comes to risk management. The uncertainty makes it difficult to analyze risks and collect enough data to be able to anticipate hazards as accurately as feasible. Furthermore, risk management requires complex calculations that must be performed by a qualified practitioner and, if not done properly, can severely limit risk identification and analysis. ^[11]

Identification of risks might also provide a false sense of security. Identifying the risk is not enough if the required actions are not taken to reduce the possibility of the risk occurring. Risk identification is never complete since risks are continuously changing and evolving. New risks might appear at any time, therefore risk identification should be repeated. What is a risk at one time may not be a risk at another.

Risk assessment and management is becoming the most challenging aspect of managing a project, program, and portfolio. While we can never forecast the future with certainty, we can apply risk assessment methods to increases the likelihood of successful project completion and decreases the risks associated with it. ^[5] Management should be aware of the concept of risk-based learning and utilize it to encourage their employees to apply risk management effectively and productively.

Annotated bibliography

1. The Standard for Risk Management in Portfolios, Programs, and Projects. (2019).

A book about the practice standard for Project Risk Management. It addresses the fact that certain events or conditions may occur with impacts on project, program, and portfolio objectives. Risk Management processes allow for the consideration of events that may or may not happen by describing them in terms of likelihood of occurrence and possible impact.

2. Dikmena, I., Birgonula, M.T., Anacb, C., Tahc, J.H.M. and Aouadd, G. (2008). Learning from risks: A tool for post-project risk assessment. Automation in Construction, 18(1), 42-50.

In this paper, a learning-based approach is proposed for risk management (RM). In order to implement this approach in practice, a tool has been developed to facilitate construction of a lessons learned database that contains risk-related information and risk assessment throughout the life cycle of a project. The tool is tested on a real construction project.

3. Lavanya, N. & Malarvizhi, T. (2008). Risk analysis and management: a vital key to effective project management. Paper presented at PMI® Global Congress 2008—Asia Pacific, Sydney, New South Wales, Australia.

This conference paper describes the structured Risk Management method used by Nokia Siemens Networks to avert crisis situations and incorporate lessons learned from previous missteps. It emphasizes that effective and early risk assessment and management ensures project objectives are met, resulting in lower rework costs.

4. Rael, R. (2012). Smart Risk Management: A guide to identifying and calibrating business risks. New York, NY: American Institute of Certified Public Accountants, Inc.

This book describes organizational risk-taking and lays out a structured risk-management process. It is developed for management accountants to assist them in analyzing their position in the center of the organization. It ensures that they do not take risks that they cannot afford and that they take enough chances to remain competitive in an ever-changing industry. It lays forth six stages for effective risk management.

References

1. ↑ ^{1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13} The Standard for Risk Management in Portfolios, Programs, and Projects. (2019). Retrieved from https://findit.dtu.dk/en/catalog/5de50a6fd9001d00e06d6ccc on March 10th 2022.
2. ↑ ^{2.0 2.1} Pira, P. (2019). Life's Short. Take More Risks. Retrieved from https://www.forbes.com/sites/forbesbooksauthors/2019/08/23/lifes-short-take-more-risks/?sh=62ff41f12ad5 on February 20th 2022.
3. ↑ Cambridge University Press. (2022). risk-based adjective. Retrieved from https://dictionary.cambridge.org/dictionary/english/risk-based on February 13th 2022.
4. ↑ Dikmena, I., Birgonula, M.T., Anacb, C., Tahc, J.H.M. and Aouadd, G. (2008). Learning from risks: A tool for post-project risk assessment. Automation in Construction, 18(1), 42-50. Retrieved on February 13th 2022 from https://doi.org/10.1016/j.autcon.2008.04.008
5. ↑ ^{5.0 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8} Lavanya, N. & Malarvizhi, T. (2008). Risk analysis and management: a vital key to effective project management. Paper presented at PMI® Global Congress 2008—Asia Pacific, Sydney, New South Wales, Australia. Retrieved from https://www.pmi.org/learning/library/risk-analysis-project-management-7070 on February 19th 2022.
6. ↑ ^{6.0 6.1 6.2} Rael, R. (2012). Smart Risk Management: A guide to identifying and calibrating business risks. New York, NY: American Institute of Certified Public Accountants, Inc. Retrieved from https://onlinelibrary-wiley-com.proxy.findit.cvt.dk/doi/pdf/10.1002/9781119449430 on February 19th 2022.
7. ↑ The Standard for Program Management – Fourth Edition (2017). Retrieved from https://findit.dtu.dk/en/catalog/5c45c08ad9001d2f38206ba6 on March 6th 2022.
8. ↑ Bishop, K. (2021). 4 Types of Risk Categories in Project Risk Management. Retrieved from https://www.fool.com/the-blueprint/risk-categories/ on March 20th 2022.
9. ↑ ^{9.0 9.1} Pira, P. (2019). State of California. (2014). Risk/Issue Management Plan. California, USA: Board of Equalization. Retrieved from https://capmf.cdt.ca.gov/pdf/templates/samples/BOE_CROS_RiskManagementPlan.pdf on March 17th 2022.
10. ↑ ^{10.0 10.1 10.2 10.3} Devonshire, I., Davis, J., Fairweather, S., Highfield, L., Thaker, C., Walsh, A., ... Hathway, Gareth J. (2014). Risk-based learning games improve long-term retention of information among school pupils Plos One, 9(7), e103640. Retrieved on March 4th 2022 from https://doi.org/10.1371/journal.pone.0103640
11. ↑ Reddy, C. (n.d.). What is Risk Management: Advantages and Disadvantages Retrieved from https://content.wisestep.com/advantage-disadvantage-risk-management/ on March 20th 2022.