Risk management
(→Defination) |
(→Introduction) |
||
Line 1: | Line 1: | ||
− | + | =Definition of risk management= | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
You can find different tools and definition for risk depending on the context in which it is used. A definition from Oxford English Dictionary sounds like “the possibility that something unpleasant or unwelcome will happen” [3]. This is more general and related more to your every day. In decision theory, Luce and Raiffa relate risk to make decisions under known probabilities of the states of nature [4] and Frank Knight define the risk in economic theory as “risk arises when the decision maker can assign probabilities to possible outcomes”. A well-known definition of the risk in the domain of project management considers the risk as “an uncertain event or condition that, if it occurs, has a positive (opportunity) or negative (threat) impact on project objectives” [5] | You can find different tools and definition for risk depending on the context in which it is used. A definition from Oxford English Dictionary sounds like “the possibility that something unpleasant or unwelcome will happen” [3]. This is more general and related more to your every day. In decision theory, Luce and Raiffa relate risk to make decisions under known probabilities of the states of nature [4] and Frank Knight define the risk in economic theory as “risk arises when the decision maker can assign probabilities to possible outcomes”. A well-known definition of the risk in the domain of project management considers the risk as “an uncertain event or condition that, if it occurs, has a positive (opportunity) or negative (threat) impact on project objectives” [5] |
Revision as of 21:22, 25 November 2014
Contents |
Definition of risk management
You can find different tools and definition for risk depending on the context in which it is used. A definition from Oxford English Dictionary sounds like “the possibility that something unpleasant or unwelcome will happen” [3]. This is more general and related more to your every day. In decision theory, Luce and Raiffa relate risk to make decisions under known probabilities of the states of nature [4] and Frank Knight define the risk in economic theory as “risk arises when the decision maker can assign probabilities to possible outcomes”. A well-known definition of the risk in the domain of project management considers the risk as “an uncertain event or condition that, if it occurs, has a positive (opportunity) or negative (threat) impact on project objectives” [5] Frank Knight defines the uncertainty and risk as “...Uncertainty must be taken in a sense radically distinct from the familiar notion of Risk, from which it has never been properly separated. … The essential fact is that "risk" means in some cases a quantity susceptible of measurement, while at other times it is something distinctly not of this character; and there are far-reaching and crucial differences in the bearings of the phenomena depending on which of the two is really present and operating. … It will appear that a measurable uncertainty, or "risk" proper, as we shall use the term, is so far different from an un-measurable one that it is not in effect an uncertainty at all." [6] To minimize the uncertainty and reduce the risks on the project, you may regularly look back to your risk analysis, because most of the projects fail due to lack of risk management, in many projects the risks are not proactively identified, analyzed and mitigated or even in some projects the risk is a part of projects planning process, The projects fail because they do not invest their resources completely and do not pay attention to it. Risk management is the most important part of the project planning process. It is a management tool, which project manager uses to analyses the risk factor within a project group or projects. Project group must be informed of the main risks and how they will deal with those risks. Often it requires extra resources to eliminate risks; these resources must allocate the project group. Many studies have pointed as well that the risk management has a big role in projects success [7]. The report by Jacob and Kwak highlights the positive contribution of risk management to improve the project selection, review and resource allocation of new product development projects. It used in many areas such as public debate, research, danger of disease, death or accidents, threatening environmental problems in terms of risk of climate changes, CO2 , pollution and so on. It is also used in many other projects such as customer needs and price, new technology and resources, construction and delivery projects, research projects and interests and other tasks.
What is risk
Risk is the uncertainty, which is associated with any kind of the action and projects in organization's context that must understand and effectively manage during the project's process and improve the results[9]. Different types of risk management definitions can be found and the choice of definition depends on how big a concept of risk is used in order to which risks are covered by the definition. There is not a complete tool or solution that fits in every project, creating a new or changes the existing risk management process according to the project's goal is always helpful and flexible process that will ultimately result in a solution to the individual organization or project. Risk is always based on imagination of how the project will be completed. It can be defined on the basis of an existing plan, for example, the project must be completed in 6 months. The risk of delay is bigger than if the project must be completed in one year. If the new technologies are a part of the project plan, that you have to use the new technologies is the risk bigger than use the known technologies. Therefor the risk is based on an existing plan; the same project may have very different risks, if you change the project’s plan. [10].
Benefit of risk management and why risk management
Risk management helps you to identify your projects strengths, weaknesses, opportunities and threats [14]. By identifying your projects risks, you will be aware of the unexpected events and you can immediately take actions to reduce the losses [15]. There are many reasons for managing risks [16]. Here are some main reasons: First of all, risk management results in an overview and a number of options for an action to avoid known and unknown risk and reduce the impact of those.
- Saving resources: Time, assets, income, property and people are all valuable resources that can be saved if fewer claims occur.
- Protecting the reputation and public image of the organization.
- Preventing or reducing legal liability and increasing the stability of operations.
- Increases the organizations profits and competitiveness and reflects an attractive professional approach to project work.
- Protecting people from harm.
- Protecting the environment.
- Enhancing the ability to prepare for various circumstances.
- Assisting in clearly defining insurance needs.
- By managing the risks, you can increase the quality of the project deliverable
- Protects public image
- Protects people from harm
- Prevents/reduces legal liability
- Protects the environment
Three Levels of operational risk management
The risk management in an organization can be categorized in three levels of operation- [8].
- Strategic level:
At strategic level, operational risk management relates to the vision of the business, expansion planned over a few couple of years, the product position and the target customers in the market. In other words, the strategic operational risk management relates to the implementation of the risk demands. It must be defined at the top management level and must be deployed in a top-down manner through all the levels of the organization.
- Tactical level
At tactical level, the set of operational risk management tools and controls helps to reduce the number and intensity of the events. It provide the risk manager with a second line of defence. The effect of the risk responses deploys at tactical level, such as loss, fines and near misses reductions Tactical operational risk management emphasizes on loss prevention and risk reduction techniques, process control, loss data analysis, key risk indicators, risk self-assessments and business expansion plans are some of the vast array of tools and techniques that have been developed to reduce the frequent occurrence of the risk elements and to reduce their impact on the overall project. Financial service industry is the most developed aspect of operational risk management, today.
- Dynamic level
Dynamic level provides a natural reduction of the operational incidents by redesigning all those processes that were prone to errors, removing any unnecessary tasks and useless controls, standardizing the procedures and improving the productivity. Dynamic risk management targets the operational efficiency and process design. Work flows are redesigned in this level to improve the work speed by eliminating the errors. Staff Operational risk management must spread over all these three levels, in order to be more effective and efficient
How to develop a risk analysis
Risk can develop in two different ways [11]:
- By using the standard risk guidelines such as ISO 31000, which managers can go step by step and identify the risks and analyse the situation of each phase and take an action for each risk, that have negative impact on each situation. In this step more leaders must participate in order to reduce the impact of risks and take care of each situation.
- By using more general analysis or guidelines to define the project's goals and reduce the risks without managing it and less management participation.
In the first option many standard guidelines and analysis can be used such as ISO 31000, IEC/ISO 311010, and ISO 73-2009 and many others. The International Organization for Standard (ISO ) risk management provides principles, general guidelines; framework and a process for managing the risks- It can be used by any project, organization regardless of its size. ISO 31000 summarizes all the central activities and main points, which an organization might go through to manage their risks effectively and increase their chance to reach their goals. It doesn’t contain any specific techniques in order to use, but it mentions that an organization must follow risk identification tools and techniques, that match the projects and its goals. Another ISO standard application is ISO/IEC 31010, Risk Management, which contains of some risk assessment techniques and steps that gives an understanding of the risks, which can have a negative impact on an organization’s achievement of its goals and the adequacy and effectiveness of controls already in place. Risk assessment helps decision makers to take the correct decisions, for example which tools and techniques must be used to treat the risks and how to choose the best opportunities. The following techniques described on ISO 31010
- Risk identification
- Risk analysis - consequence analysis
- Risk analysis– qualitative, semi-quantitative or quantitative probability estimation
- Risk analysis – assessing the effectiveness of any existing controls
- Risk evaluation
- communication and consultation, and monitoring and review
Each step has described in detail on ISO 31010. Compare to M_O_R, and then M_O_R is much extensive application, which provides a detailed guidance on how to implement risk management. It is also a framework for how to make informed decisions about risks respectively strategic, program, project and operational level in order to identify, assess and manage the key risks in order to deliver the expected advantages [12]. It describes deeply both what needs to be done through some principles, activities and roles and how to begin the activities. In some ways, ISO31000 and M_O_R are very similar and use some common definition and methods. M_O_R is designed for practical application of risk management techniques and based on 4 core concepts: principles, approach, process and embedding and review, while ISO31000 is designed more to assess how completely the risk management techniques have been applied [13], The difference is that ISO3100 based on framework, principles and process. It prescribe how an organization should implement risk management and manage the risk by using any tools, that suits its goal and organization, while M_O_R allows it to customize its approach within the guidelines to suit its operating environment and process. Both are useful tools and can be used for managing the risks.
An example of how to identify your project’s risks
To identify the projects risk, you can start with brainstorming, the first step is to list the main categories such as technologies, goal, stakeholder, communication, cost, environmental, resources, reliability, which is indicated with blue color in below figure. The next is to identify the risks, which is associated to the main categories. By brainstorm the risks, you can find 50-100 risks, depending to the projects size, therefore the third step is to estimate what the potential impact could be by using the Risk Matrix.
Each high priority or high impact risk should be assigned to a group member after their experience and skills, so they could study and evaluate the risks. Cost risks might for example assign to someone in the finance department than one from IT- department. The new technology might assign to someone from IT- department. The project manager should be assign for all the risks process, the most important part of risk process is the schedule with deadline and the risks list, which should only edit, added, re-prioritized and control by the project manager during the project. To reduce the risks, the project manager should communicate the risks list to all the project stakeholders regularly, at least once a week. All the changes should be registered to the risk map and at the end of the project the results can be used to do a retrospective. What did you learn from it, what should be different in next project and how to control the risks from the beginning?
Reference
[1] Why projects fail: Avoiding the Classic Pitfall, An Oracle White Paper, October 2011 and Calleam Consulting LTD 2014: Why Projects Fail. And Tom Carlos, PMP: Reasons Why Projects Fail.
[2] Oehmen et. al.2012 and Zwikael and Ahn 2011, Oehmen, J., et al., Analysis of the effect of risk management practices on the performance of new product development programs. Technovation (2014),
[3] Oxford English Dictionary
[4] Product Management Innovation 2008
[5] Frank Knight: Imperfect competition through Risk and Uncertainty, Part III, Chapter VII
[6] Ariane Chapelle: The three levels of Operational risk management, May 2012
[7] Tara Duggan, Demand Media: Project Management Risk Identification
[8] Risikosamfundet: 1997, Tara Duggan, Demand Media: Why Is Risk Management Important to Project Success?
[9] Luce and Raiffa, 1957
[10] Risk Management, concepts and methods: Club De La Securite De L’information Francais
[11] Best Management Practice: Management of Risk.Guidance for practitioners and the international standard on risk management, ISO 31000:2009 of Michael Dallas, Dictor, APM Group Ltd.
[12] http://www.rovsingmanagement.dk/kurser/m_o_r%C2%AErisikostyring/?gclid=CM21qKLRjsICFeXUcgodGqEARQ
[13] Best Management Practice: Management of Risk.Guidance for practitioners and the international standard on risk management, ISO 31000:2009 of Michael Dallas, Dictor, APM Group Ltd.
[14] Jacob and Kwak (2003) and Raz et al.2002
[15] Article: Overview of risk management Henrik K. Søndergaard
[16]. Power in projects & portfolio of Mette Lindegaard, and John Ryding Olsson
[17] Jacob and Kwak (2003) and Raz et al.2002
http://www.chapelleconsulting.com/the-three-levels-of-operational-risk-management/.
http://strikingprojectmanagement.com/qualitative-risk-analysis/
http://projectmgmt-annualwarehousesale.blogspot.dk/
http://smallbusiness.chron.com/risk-management-important-project-success-56920.html
http://tcgen.com/risk-mapping/#.VGidavnF-oO
http://www.vlv.dk/downloads/Artikel_RM1_Risk_Management.pdf
http://www.vlv.dk/downloads/Artikel_RM1_Risk_Management.pdf
http://www.clearrisk.com/what-is-risk-management/
http://www.vlv.dk/downloads/rm1.htm
http://klk.kl.dk/PageFiles/156494/Projekth%C3%A5ndbogen.pdf
http:///C:/Users/Samira/Downloads/Projekth-ndbog%20(1).PDF
http://smallbusiness.chron.com/risk-management-important-project-success-56920.html
http://dx.doi.org/10.1016/j.technovation.2013.12.005i
http://smallbusiness.chron.com/risk-management-important-project-success-56920.html