Risk Management and Response Planning for Successful Project Execution

Developed by David Rühmkorf

In a time of growing global competition, project outcomes are crucial to an organization's business results. Despite this, many projects still suffer postponements, scope changes, failures, and cancellations. These issues can stem from inadequate risk management practices in projects, such as risk identification and decision-making.^[1] The objective of project risk management is to enhance the likelihood of favorable outcomes and reduce the probability of potential risks to increase the chances of project success. The PMBOK® Guide describes that unhandled risk can result in deviations from the project strategy and hinder the accomplishment of the project goals. As a result, the outcome of a project is closely linked to the effectiveness of project risk management.^[2]

One method that has already served as an adequate tool in various areas for identifying risks is the FMEA (Failure Modes and Effects Analysis). By applying an FMEA, the project team can detect potential risks before they occur, assess their impact on the project outcome, and implement appropriate measures to reduce or prevent them.^[3] For an enhancing assessment of the measures and proper risk responses, a cost-benefit analysis can be carried out along with the FMEA. By conducting this additional method, it can be checked to what extent the execution of the measure makes sense from an economic point of view with regard to the respective project.^[4] Overall, it can be crucial for companies to combine these methods and integrate them into their project risk management processes in order to ensure the implementation of appropriate measures and thus achieve project goals and business results. For this reason, the following article will present the current state of the literature regarding risk management and response planning and exemplify this by utilizing the two methods mentioned.

Contents 1 Overview of methods 1.1 FMEA 1.2 Cost-benefit analysis 2 The importance of risk management in project success 3 Application of the tools 4 Limitations 5 Annotated bibliography 6 References

Overview of methods

FMEA

FMEA is a systematic, qualitative method of risk management that is suitable for identifying, analyzing and evaluating risks. Its application aims to detect and prevent defects at an early stage in order to optimize product and process risks. Depending on the application area, several different methods can be used in practice. The different types include design, system and process FMEA. A total of seven steps are considered for performing an FMEA. Each step helps further develop and understand the risk profile of a product or a process. All seven stages are illustrated in Figure 1.

With the help of the FMEA, the identified risks can be evaluated and assessed. For the evaluation, the severity(s), occurrence(o) and detection(d) of the failures are considered.^[3]
FMEA is a globally recognized method and has been applied for years in various fields, such as the automotive industry. Its use in multiple areas can help connect fields and increase the use of engineering tools, leading to reduced labor, time, and financial costs. By prioritizing defects based on reliable data, FMEA methods can enable efficient planning that maximizes improvement with reduced resource use. Proper use of FMEA can also significantly minimize the risk on a project, promote team ownership in risk planning, and serve as a valuable resource for knowledge management and lessons learned on future projects.^[1]

Cost-benefit analysis

A cost-benefit analysis is a method of data-driven decision-making. It serves as a tool to weigh the expected costs and benefits of a project decision to assess whether it is reasonable from an economic point of view. Therefore it is a method mainly used in the business environment by both large companies and start-ups. However, the fundamental principles and structure can be utilized in nearly any decision-making process, regardless of its commercial or non-commercial orientation.
If the analysis shows that the expected benefits exceed the projected costs, it can be argued that the decision has a positive impact. However, if the costs surpass the benefits, a company may want to reconsider the decision or the overall project. There can be potential promising benefits from an economic perspective to performing such analysis before relevant organizational decisions are made. Conducting analysis can highlight important information, such as the organization's value chain, the ROI of a project, or the transparency of decisions.

The cost-benefit analysis consists of the following four steps:

• Step 1: Definition of the framework: Determination of the aims and objectives the analysis tries to achieve. To be able to compare the two factors in an appropriate way, it is essential to use similar units.
• Step 2: Identification of cost and benefit: For the identification and a better understanding of the costs and benefits, these can be subdivided into sub-areas, such as direct or indirect.
• Step 3: Estimate values for costs and benefits: In order to compare the costs with the benefits, a value is calculated or assigned in the previously defined unit. In most cases, this is a monetary value.
• Step 4: Comparing values and determining conclusions: In the last step, the values are compared to determine which decision makes sense from an economic point of view.^[4]

The importance of risk management in project success

Successful projects are of paramount importance for the long-term existence of companies and organizations. Indeed, statistics show that successful projects tend to be the exception. The Standish Group reports that of approximately 30,000 IT projects in the U.S., only 28% are on schedule and budget, while nearly 63% are late and 49% are more expensive than planned. Moreover, the cost of failed projects amounts to $38 billion. This shows how much potential for the implementation and execution of projects exists.^[5]

The reason for the high proportion of failed or sub-optimal projects can be attributed to various factors. One possible factor can be derived from the definition of a project. According to the PMBOK Guide, a project is “a temporary endeavor undertaken to create a unique product, service, or result”.^[6] Due to the fact that a project is defined as something unique, high uncertainties can arise, which in turn can lead to various risks. For this reason, risk management is taking on an increasingly important role within project management.^[7]

It is also stated in the Standard for Risk Management in Portfolios, Programs, and Projects that the inclusion of risk management is an essential component for the successful implementation of projects. To address risks, the standard outlines seven topics, including planning risk management, identifying risks, performing qualitative risk analysis, performing quantitative risk analysis, planning risk responses, implementing risk responses, and monitoring risks. This article will focus primarily on evaluating risks and planning risk responses.^[2]

As outlined above, an FMEA can be used as a tool for identifying and assessing risks and thus serves as a starting point for appropriate risk repsonses. Furthermore, this method considers both the probability and impact of a failure in addition to the detection, which is in line with PMI’s requirements for assessing risks.

After assessing and prioritizing each risk that the project team deems to be sufficiently relevant, the responsible persons have to plan and identify accurate risk responses to minimize the adverse effects on the project and its results. By implementing effective and appropriate risk actions, both individual and general project risks can be reduced. Risk responses should be adequate for the magnitude of the risk, cost-effective, and feasible within the project's context.^[6] The actions for risk response can be divided into five categories escalate, avoid, transfer, mitigate and accept. Considering the five categories can help the team to assess the failures better and thus be able to develop appropriate actions.

The procedure for developing risk responses involves actions to address risks and their attributes and incorporating them into relevant plans and budgets. There are three types of methods that can be used in this process:

• Creative methods for determining possible responses
• Decision-support techniques for identifying the best potential response
• Implementation tools are utilized to execute the risk responses

Each of these categories of techniques can be applied to accomplish different goals. This article focuses on the second part by trying to select the optimal response to align strategy with planning, where the cost-benefit analysis is used as a supporting tool to evaluate the costs and benefits of different risk response options.^[2]

Application of the tools

The application of the tools will focus on evaluating the risks and further on defining and assessing appropriate measures to reduce or prevent identified risks. As previously stated in the first section the FMEA comprises seven different steps, each being fundamental for achieving a successful implementation. Therefore, even though the primary focus of this article is on steps five and six, the significance of each step in the execution process warrants a brief explanation.

The first step, planning and preparation, deals with establishing and defining primary framework conditions that are crucial for applying the analysis. Tasks include developing a project definition, determining the scope of the analysis, and establishing a baseline for subsequent analyses. For the development of a definition, the project to be analyzed, as well as the reason for its implementation, are included.

The second part of the system analysis is the structural analysis. It is a methodology with the help of which the project or system can be divided into elements, action steps, and cause elements. The system elements that have been divided into smaller parts are arranged in a hierarchical tree structure. The element represents the top level of the tree, followed by the individual action steps. The action steps describe the activity that has to be performed to achieve a specific result for the next step. The cause elements follow as the third and lowest level. These specify the previous action step, considering the categories according to Ishikawa.

The functional analysis forms the third level of system analysis and describes the tasks of the different system elements. Thus, one or more functions are assigned to each element, action step, and cause element. These can be derived with the help of information such as activities, environments, or times. To visualize the functional relationships, the determined functions can be represented as a tree or network, similar to the structural analysis.

In the next step, the failure mode, cause, and effect are identified as part of the failure analysis. Based on this, failure mode chains can be created. Each chain consists of the three error types already mentioned. The center point is the failure mode. From there, the cause and effects can be derived. The failure effect describes the possible impact on the internal or external customer, which can occur when the error arises. The failure mode refers to the function of the action step and describes potential negative deviations that can occur during application. The third category to be considered is the cause of the error. Here, the reasons for the occurrence of a failure mode are presented. The causes should be as comprehensive and complete as possible so that appropriate measures can be implemented to eliminate them.

The purpose of the risk analysis is to evaluate the errors according to the severity(s), occurrence(o) and detection(d). Tables with a rating scale of 1-10 are used to assess the three categories.
Based on the risk assessment, the risk priority number (RPN) can be formed to analyze the risk. The RPN is calculated by multiplying the three categories s, o, and d between 1 and 1000. This means that the higher the RPN, the more necessary it is from a risk management point of view to consider a measure to improve the number. The RPN alone, however, is not a sufficient technique to draw conclusions for evaluating the risks due to the equal weighting of the categories. For the following reason, the FMEA Handbook has additionally introduced the action priority (AP). This method was created to assign different weights to the categories. In this case, severity is given the highest priority, followed by occurrence and, finally detection. Furthermore, to evaluate individual risks, an AP table (Figure 2) was created with ratings of high, medium, and low. Especially in the case of an increased rating, the team should consider implementing measures to reduce the risk. The involved participants can make better decisions to prevent future problems based on this change.^[3]

An example will be presented to illustrate steps five and six for better comprehensibility further. In the scenario, the introduction of a new software tool into an invented company is considered. It is important to emphasize that both the errors and evaluations are only estimates and can vary depending on the company and the area of application. Due to the high volume of potential risks, the example contains only one risk, as can be seen in Table 1. This risk was assessed in accordance with categories s, o, and d and classified as high.

Table 1: Example of applying an FMEA from

Failure Mode	Severity	Failure Cause	Failure Effect	Occurrence	Detection	RPN	AP	Preventive Action	Detection Action
Performance error	9	New software tool leads to slowdown in work processes	Incompatibility with existing systems	7	6	378	H

The final step of failure analysis and risk reduction is Optimization. It involves implementing measures aimed at minimizing risks and improving the overall project. Furthermore, the measures introduced are checked for their effectiveness as part of the optimization process. For this purpose, actions must be defined that are specific, quantifiable, and feasible. Once the review is complete, it is vital to re-evaluate the occurrence and detection categories.^[3] Additionally, the project team should not take action based solely on the FMEA risk analysis. Instead, various tools should be used to find the best potential solution. To support the optimization process, a cost-benefit analysis is performed for the multiple measures in this example. Further tools to improve risk response can be found in the Standard for Risk Management in Portfolios, Programs, and Projects.^[2]
As part of the optimization process for the exemplary scenario, the following three preventive action measures were developed.

1. Compatibility tests with existing systems should be performed before introducing the new software tool.
2. Specific performance requirements should be defined before introducing the new tool.
3. Training employees to ensure the tool can be used effectively and efficiently.

In the next step, a cost-benefit analysis can be carried out for the three measures to identify the best solution from a business perspective. To perform the analysis, values are assigned to the different costs and benefits, as shown in Tables 2 and 3. All assumptions for costs and benefits made in the following are only estimates and cannot be transferred to other organizations. By comparing the costs to the benefits, the ratio can be determined. In this case, measure two has the best cost-benefit ratio with 1.44 compared to measure one with 1.17 and measure three with 1.3. While all three measures are profitable, implementing measure two is the most economically viable option to prevent the occurrence of the error. Thus, the cost-benefit analysis supports the project team in evaluating measures in a neutral and evidence-based way. It can also help to identify hidden costs and benefits and to include them in the evaluation. However, since the tool solely considers the economic aspect, the project team must also consider the extent to which the measure reduces risk in order to make an appropriate selection.^[4]

Table 2: Costs

Costs	1	2	3
Direct costs	7,000 €	5,000 €	13,000 €
Indirect costs	2,000 €	1,000 €	3,000 €
Intangible costs	1,000 €	2,000 €	0 €
Opportunity costs	2,000 €	1,000 €	4,000 €
∑	12,000 €	9,000 €	20,000 €

Table 3: Benefits

Benefits	1	2	3
Direct benefits	5,000 €	6,000 €	8,000 €
Indirect benefits	2,000 €	3,000 €	5,000 €
Intangible benefits	5,000 €	3,000 €	10,000 €
Competitive benefits	2,000 €	1,000 €	3,000 €
∑	14,000 €	13,000 €	26,000 €

Once the analysis has been completed, the team can decide to implement a measure as part of the FMEA optimization process. To further support the team, in addition to a cost-benefit analysis, a scenario analysis can be conducted to better understand the potential outcomes and impacts of various uncertain factors. This approach can contribute to a more comprehensive and robust decision.^[2]

The last step of the FMEA is the documentation of results. The following step deals with the creation of a report. The aim of the documentation is to record the knowledge gained from the analysis for future decisions, discussions, or applications. The report should contain the framework defined at the beginning, as well as the general approach. In addition, descriptions of the derivation of the functions, the risk assessments, and the newly introduced measures.^[3]

Overall, using FMEA in conjunction with other tools, such as cost-benefit analysis, can enable the team to identify potential risks in the early stages of a project and to determine and implement appropriate measures to mitigate or prevent errors. This can ultimately enhance the likelihood of project success.

Limitations

When performing an FMEA and cost-benefit analysis, due to its versatile applicability, various limitations may arise depending on the organization or external circumstances. In FMEA, the analysis's precision and correctness depend on the team's subjective assessment, experience, and knowledge. Due to this fact, imprecision in the execution can lead to errors in the further process. In addition, the quality and availability of data have a strong impact on the accuracy of the analysis. Incomplete or incorrect data can lead to misleading conclusions, which in turn can lead to wrong decisions. Similarly, external aspects such as Regulatory modifications, market changes, or unforeseen developments may affect the reliability of the analysis by changing the assumptions made during the analysis.^[8][9]
In a cost-benefit analysis, predicting all variables in various cases can be complex, especially in markets subject to frequent changes such as cost fluctuations and environmental influences. Furthermore, inaccuracies may arise when a project has a long time horizon, for instance, it may be challenging to make accurate predictions for the future, such as accounting for inflation. In addition, some decisions may be made for non-monetary reasons, in such cases, cost-benefit analysis is inappropriate. For these reasons, it is important to consider other tools besides cost-benefit analysis when defining organizational strategies.^[4]

Annotated bibliography

Project Management Institute (2019). Standard for Risk Management in Portfolios, Programs, and Projects.

The following standard from PMI serves as a guide for applying the principles of risk management to the areas of portfolio, program and project management. It also provides detailed insights into how companies can identify, analyze and manage risks in different contexts. For this purpose, various tools for assessing risks are presented and explained. In addition, the standard shows how organizations can establish a proactive approach to managing risks and enhance their ability to deliver successful projects.

AIAG & VDA (2019). FMEA Handbook. 1st Edition.

The FMEA manual provides a comprehensive framework for applying the FMEA methodology in the context of risk management. It offers a step-by-step guide for minimizing defects in products and processes at an early stage, as well as several best practice scenarios for successful application in various contexts. Additionally, the manual covers the application of FMEA in the context of project risk management. It also addresses potential sources of errors when performing FMEAs and provides guidance on how to avoid them.

Stobierski, Tim (2019). How to Do a Cost-Benefit Analysis & Why It’s Important. Harvard Business School Online.

The article shows the concept of cost-benefit analysis and how it can help companies to make the right decisions from an economic perspective. In addition to explaining the individual steps of the procedure, the article also highlights important aspects of its implementation. In addition, the advantages and disadvantages of cost-benefit analysis are presented in detail to provide a comprehensive basis for decision-making.

References

1. ↑ ^{1.0 1.1} Bahrami, Mahdi et al. (2012). Innovation and Improvements In Project Implementation and Management; Using FMEA Technique. Elsevier Ltd.
2. ↑ ^{2.0 2.1 2.2 2.3 2.4} Project Management Institute (2019). Standard for Risk Management in Portfolios, Programs, and Projects.
3. ↑ ^{3.0 3.1 3.2 3.3 3.4 3.5} AIAG & VDA (2019). FMEA Handbook. 1st Edition.
4. ↑ ^{4.0 4.1 4.2 4.3} Stobierski, Tim (2019). How to Do a Cost-Benefit Analysis & Why It’s Important. Harvard Business School Online. https://online.hbs.edu/blog/post/cost-benefit-analysis.
5. ↑ Gomes, Cleber Willian et al. (2012). FMEA to Improve the Project Management. SAE International.
6. ↑ ^{6.0 6.1} Project Management Institute (2021). The Standard for Project Management and A Guide To the Project Management Body of Knowledge (pmbok® Guide). 7th Edition.
7. ↑ Pritchard, Carl (2000). Advanced risk - how big is your crystal ball?. Paper presented at Project Management Institute Annual Seminars & Symposium, Houston, TX. Newtown Square. Project Management Institute. https://www.pmi.org/learning/library/advanced-risk-organizations-role-management-561.
8. ↑ Dai, Wei et al. (2011). Decision-making in product quality based on failure knowledge. Paper presented at International Journal of Product Lifecycle Management (pp. 143-163).
9. ↑ Stamatis, Dean (2003). Failure Mode and Effect Analysis - FMEA from Theory to Execution. American Society for Quality. 2nd Edition.