Managing Uncertainty and Risk on the Project
One of the most challenging aspects in projects is to manage the risk and the uncertainty. Yet with the knowledge we possesses, it is a topic, which for many is difficult to handle. Many stakeholders are involved in the projects and therefore might have different opinions of what is the best solution approach is. The majority of people tends to think in deterministic terms of an optimal solution instead of probabilistic terms of a robust solution. This article will highlight the main differences of the risks and the uncertainties, which relates to project management. The risk management processes will be clarified in its four stages, where the identification of the problem, assessment of the risks, how to respond to the risks and lastly how to control the risks. To assess the risks, a risk-management process tool will be utilized and further explained and management a tool, impact/probability matrix, will be applied to be a part of the process.
Contents |
Definition
Risk and uncertainty has many different definitions and can be hard to settle down to only one way to define it. Risk management had their origins in the insurance industry in USA in the 1940s. (Project management) can be explained as a discipline where projecting or planning, organizing, motivating and controlling resources to achieve specific goals and meet the specific criteria’s. When talking about risk, people often link it together with uncertainty, while others refer to it as opportunity. Risk can also be defined as a combination of the probability of an event and its consequences. There is a relationship between risk, uncertainty and opportunities. This is illustrated in Figure 1. [1]
The definition of uncertainty is:
“An unexpected event, if it occurs, may have either no effect or a good or bad effect on at least one of the project’s objectives and success.“[1]
And risk is defined as:
“An uncertain event or situation, if it occurs, may have threat(s) or bad effect(s) to at least one of the project’s objectives and success”[1]
Risks and uncertainties has a big role in projects. The uncertainty is by definition the lack of the information that is available to take a decision at a given time. In Figure 2 it is illustrated the difference between the information required and the actual information available. Uncertainty have two sources and the first source is the complexity, which is where the information is available, but is too costly to collect and analyse. Second is the predictability, which is where you are able to predict uncertainties, based on previous experiences.
In the beginning of the a project the uncertainty is very high and depending on the size of the project and to decrease the mission uncertainty it can some extend be used e.g. standardised components and solutions etc. As a project moves forward more information will become available and therefore the dynamic uncertainty will be decreased since some parts of the project will be finished and therefore has less impact on the actual uncertainties. To understand the relation between risk and uncertainty, Figure 3 illustrates the risk sources which is an element that is alone or in combination with others to rise to risk. [3] The management team can respond to the risk source and can plan to respond when or if the risk event occurs. The risk event is an occurrence or change of the circumstances. An event can be one or more occurrences and have several causes and can be referred as an incident or accident, but can also be without consequences. That can be a near miss, incident, a near hit or close call. The model explains in short terms how you can deal with the risk sources and events.
The relationship between risk source is thus the dimensions of the risk source, the impact of the risk and to which extent the management team can respond to the risk source and events. The understanding of risk in relation the probability is divided up into four terms:
- The objectivist believes that a sample of previous observations can be used for predicting the future risk sources. The predictions rely therefore on statistics inferred from experience.
- The logical could be an engineer who is solving problems with an engineered system. Engineers’ understanding of the design and the scientific properties they might be able to identify risk sources and therefore possible risk events. It rely closely up against the basis of (Failure mode and effects analysis).
- The subjectivist rely mostly on subjective decisions. That means that despite from the information available, the observer might consider other factors than just historical facts. Therefore might there not be a clear result from two different subjectivists in the same situation unless it is an obvious decision.
- The behavioural has focus on the actual behaviour with the decision-making under uncertainty. Therefore it is relied on how decisions are made in practice.
When managing risks and uncertainties, the four different terms is important when looking at decision-making. There is a difference between the definition of uncertainty and risk where there is probability of a risk event could occur. The reason is the subjective term where the decision-maker has an impact on the outcome where the decision is not relied on historical event and statistics. When trying to understand the underlying definition of risk and uncertainty can be divided into four different stages of knowledge of the risk and uncertainty, which is defined as the cognitive standpoint. They are stated as follows:
- Known knowns is the condition of the risk where the risk source has been identified and a probability can be assigned to certain risk event. This is the standpoints which has most concentration because many advocates the use of subjective probabilities.
- Known unknowns is where the uncertainty plays its role where a risk source has been identified but cannot be assigned to the risk event.
- Unknown knowns is a condition where the uncertainty appears because somebody knows about the risk source and its chances to appear. Therefore, the information is kept private instead of sharing the information.
- Unknown unknowns is the uncertainty where the risk source has not been identified and therefore the risk event cannot because of that be known. That phenomenon has been called the ‘black’ swan.
The four different standpoints are illustrated in Figure 4.
When looking at the figure, the y-axis illustrates occurrence of any future events is either certain, impossible or in between the two. It happens rarely that a proper data set is available and is not possible to make any changes in the data set so that the objectivist only have a point between certainty and impossibility. [2]
Practice of managing risk and uncertainty
When you have the knowledge and insight of what you are dealing with regarding the potential uncertainties and risks in a project there is several protocols of how to manage them in a proper way. When looking at known unknowns, it can without problem be managed proactively and also be able to mitigate the impact of unknown unknowns. One of the basic models describing the risk management process is illustrated in Figure 5, which has four main elements. This is not a tool in its self, but a process of the procedure when handling with risks.
- Identify and classify the what risks sources that has to be managed
- Assess the risks so that you have a fully understanding of the risks and how they can affect each other.
- Respond to the risks sources and decide what to do about them if they occurs.
- Control the risks throughout the whole project, so that they have minimum impact on the project.
The process is like a loop learning model, where it is a process through time.
Application
The purpose of impact/probability matrix is used to rank the risk sources, risk events and the treatments based on the level of the risk. [4] It is a common tool when screening a project for many risks which makes it is easier for the management team to plan how and when to handle the risk sources and risk events. The tool is also a great tool when it comes to communication. It helps the organization with the decision about the risk appetite on the specific project. The impact/probability matrix is used for a bigger purpose. It is used for a criticality analysis in FMECA or to set priorities in HAZOP. The tool is also an effective way to handle risks when the available data is not good enough or when there the resources available cannot fulfil qualitative analysis. (Reference til ISO 31010). Many of the risks have different outcomes and have different level of consequence. It is therefore important to some projects to distinguish between unlikely catastrophic risk events and the common problems, which has a more serious impact and therefore a threat. (reference til ISO 31010)
Identify and classify the risk sources
This is one of the crucial elements in the model to actual succeed in being able to discover the risk sources. However, it is one of the less formalized elements in risk management, which in itself can have consequences. Normally this area is done by experienced employees within the actual field, which can be a problem when you thinking in e.g. knowledge sharing. It can also be done by workshops etc. and when the information gathering is done, a risk register is made with all the knowns, which is a document or a log where all the available information is accessible.
Assess the risk sources
When the risk sources has been identified, there is a large number of tools for assessing them. A tool to get an easy overview of the known risk source is the probability/impact matrix. The matrix is illustrated in Figure 7, and the model is divided up in four different areas.
The different risk sources are identified and is classified in terms of their probability of occurrence and the magnitude of their impact on the project. The model can be used for assessing known unknowns whether it has high impact or probability when it occurs. Hence, it will be possible for the managers to prioritize the risk sources and schedule the risk sources.
Respond to the risk sources
When the risk sources has been identified the next task is what to do with each of them. In addition, the options to do that when using the tool in Figure 7 are as follows:
- Accepting the risk as it is, and plan to respond to the risk. Since it is bad luck, there is not much to do.
- Externalise the risk down the supply chain by subcontracting. This is only done when the subcontractor is in a better position than the principal. When externalising the risk, the subcontractor has to have better managerial capability otherwise it can have fatal consequences and in extreme cases is when the subcontractor is bankrupted because of a risk event. The general rule is to communicate with the actors who is closest to the risk source and motivate them to manage them effectively so that they have as small as possible impact.
- Mitigating the risk by changing the project mission or scope to minimise the probability for the risk to happen. When mitigating the risk a systematic reduction of the risk and also called a risk reduction. This kind of risk can also be associated with e.g. the choice of technology etc. and as mentioned earlier if using the technique like FMEA, then would make the solution more robust.
- Rare catastrophes cannot be controlled of the actors, such as fire on construction projects and therefore insurance is a normal way to solve that. By mitigating the risk, it will almost be possible to avoid the risk event. A classic way is an indemnity insurance and if that is not an option, then mitigation is preferable. The last option will only be suitable if the magnitude of the risk event would not bring the company down.
- Delay the decision until the needed information is available. This will make as mentioned earlier more secure and will make the risks more known. This is crucial for high-impact risks.
Plan to respond to the risk event
If the risk has been accepted in the assessment or a residual of the management responses to the risk source, the plans will also be laid out to be ready to respond to the risk events. On way to do it is to put in a slack in the time schedule in case if the event will delay the project and have higher expenses than first assumed. Control and monitor the risk source The final phase is to monitor the risk source throughout the whole project life cycle, so the information becomes available and when the probability and impact can be reassessed once the point where risk event could have been occurred has passed it can be removed from the risk document. To monitor risk sources a risk owner has to be selected to do the supervision. The rest of the management team has to have full engagement since this is the phase where the unknown unknowns will grow. The job is not a desk job, and this will include following:
- The management team has to be visible on sight noticing what is going on the be able to identify both threats to schedule and budget, but also see opportunities to do things better if possible.
- Do routine informal meetings to freely exchange views without take any minutes or recordings. This can help reveal potential problems that would be there to discover and can have a potential progress for the project.
- Spotting behavior that might be improper and interpreting the correctly. [1]
Process to manage risk in project portfolio
Another but similar way to look at risks in project portfolio is like in Figure 8
The construction is like in the Figure 6 but have two really important aspects which is not included in the previous model. The first thing which separates this model is to understand the portfolios strategic and business objectives and each project’s or program’s objectives. Secondly, the last stage is summarize of the process of the risk management, and record risks and response of them in risk database. This is a very important aspect since this is part of learning, knowledge sharing and therefore people who work with this every day can over time develop a more systematic way of reaching out to these projects. [1]
Conclusion
Will be added
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 Yu Shiwang, Guo Na (2013) Lecture Notes in Electrical Engineering, Vol.218 PP.815-822
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 Winch Graham M. (2010) Managing Construction Projects” An Information Processing Approach, Second edition, PP. 3-8 and PP. 346-366
- ↑ (2009) “ISO Guide 73” – Risk management Vocabulary
- ↑ (2009) “ISO 31010” – Risk Assessment Techniques, Edition 1.0