Risk tolerances
Risk tolerance is an amount of risk that a project driven organization can withstand. This element in project management indicates the willingness of organization and it's people to avoid or accept risks. Risk tolerance can be analyzed from three different perspectives: company, project manager, and stakeholder. The company risk tolerance depends on the financial stability and project diversification. A project manager’s risk tolerance is affected by job security and corporate culture. The stakeholder’s risk tolerance is influenced by project objective. The project success depends on agreeable level of risk tolerance and early risk management planning.
Contents |
Big idea
In project management, risk tolerance is the measure of the degree of uncertainty that a stakeholder accepts in respect of the project risk assessment. The three major stakeholders are the project organization, the customer or the owner of the project and the project manager. Risk is intangible, or invisible, therefore stakeholders have different perceptions of what constitutes risk and subsequently its tolerance. Hence these three stakeholder groups rarely have the same view on the possible outcomes of a project. The attitude towards risk tolerance varies depending on risk characteristics and project’s internal and external environment. Therefore, it is important to first define “risk” and “risk tolerance” and how it relates to project management in a technology-driven organization.
According to classical decision theory, risk is generally understood to be the distribution of possible outcomes, their probability and impact. In project management, this definition can be applied to time, cost, quality, and other factors that can affect these three concerns. It can be concluded, that a risk can either be an opportunity or a threat. An opportunity has positive effect on project objectives, while a threat possess a negative impact. The objective of risk management is to increase the probability of positive risks, and reduce the probability of negative risks.[1]
Risk tolerance is the degree, volume or amount of risk that an organization can withstand. It indicates how sensitive organizations, stakeholders, and people are towards risks. High tolerance often means that organizations welcome high risks while tolerance tells otherwise. Risk tolerance is still a developing area of research because of its human dynamics. A simple conception of risk tolerance can be expressed by claiming that individual decision-makers are risk averse. However in reality many other circumstances shape attitudes toward risk, and thus risk tolerance is a complex topic demanding a more complex definition.[2]
It should be noted, that risk is not only a probability of success, but is also always a probability of failure given a set of premises. The decision maker’s risk tolerance must always be coupled with the established definition of risk.
Application
Risk tolerance application leads to more efficient use of resources because the project team has a better understanding of how to respond to threats and how to exploit opportunities. It is important to prioritize risks and address the most crucial ones, to know which should be avoided, reduced, transferred or accepted. In the same manner, opportunities can be exploited, enhanced, shared or ignored.
In addition to that, risk tolerance provides the project team a better understanding of how far down the list of prioritized risks it should go. This can result in improved decision-making that leads to lower costs, better performance, and a shorter delivery of the project. The following steps should be taken in order to reap benefits of risk tolerance.
First of all, a detailed risk management plan should be put in place. It should include definition of risk tolerance levels. It should address risk tolerance not only from the company perspective, but also with regard to the key stakeholders of project. Early assessment should improve decision maker making process as the project progress over time and issues become more complex.
Secondly, a firm should review its compensation policies for project managers and other employees. People weigh the possible rewards in making decisions that impact projects. By initiating a compensation structure where a portion of a remuneration is at risk or based on performance, organization influences employees likelihood of taking risks. This is a tool that firms can use to either increase decision-makers risk-taking ability or increase risk aversion.
Thirdly, it is important for companies to exercise an organizational culture that which promotes calculated risk-taking and innovation. Risk taking should be well thought out and measured. Project managers must be trained and prodded to quantify risks. Upper management should lend a hand in getting functional managers involved in the risk management process to help improve their decision making ability. It is recommended as part of risk training for project managers to ask four questions:
- Am I a risk-taker or avoider?
- What about my project sponsor?
- How much will the project benefit my organization?
- What is the project team’s experience and expertise?
By going through the process of addressing these issues, a project manager should improve evaluation of the personal risk tolerance level as well as that of the project team and the company as a whole.
Additionally, comprehensive performance reviews of project managers are another important component for maintaining a shared understanding and vision of risk tolerance. In reviewing the project manager’s performance, the upper management should critique the project manager’s apparent level of risk aversion. By doing so, the project manager receives formal guidance for future decisions.
A clear communication strategy is paramount and steps should be taken to ensure its effectiveness. First, the organization handling the project should identify who it is they need to establish channels of communication with, through which good and bad news can be delivered. The second step is to identify whose opinion, positions, and interests the firm should be aware of. This enables the firm to manage issues accordingly and more readily exploit opportunities. If the project manager does not receive input from the appropriate representatives of the stakeholder, or the messages are not cohesive, the project performance will suffer and accepted risk levels will not be met.
Finally, in performing risk assessment, decision issuing entity should adopt an outside view. This means that a project manager should make forecasts not only on historical figures and facts pertaining to the project at hand, but more on what has happened with similar scenarios outside of the project and even outside of the organization. By doing so, there is less chance the project manager will make overly optimistic forecasts, which lead to failed projects. Project risk tolerance is a crucial part of any risk management plan. Risk tolerance should be analyzed continuously during the life cycle of the project.
Modeling and quantification of risk tolerance
Risk tolerance concerns both the probabilities of risk occurrences taking place and the resulting impact of those risks. Tools and techniques have been developed to quantify risks and how the organization risk tolerance weighs against them. Fig. 1 depicts probability/impact matrix to summarize risk profiles.
Information collected into project risk register during risk assessment process can be used to generate risk tolerance profile, seen in fig.2. The process begins with the company determining the positive or negative impact it is capable to endure a probability. With this information, the risk tolerance line is mapped out. Each risk is plotted according to its perceived likelihood of occurring, as well as the impact it would have. With this information charted out, the firm can identify the individual risks that lie above the firm’s tolerance level and focus resources towards those. The utility curve is another straightforward tool for understanding risk tolerance. A concave utility curve shown in fig. 3 demonstrates a risk averse decision maker while fig. 4 shows a risk-taker. Theoretical tools such as this one can provide some assistance for managers as they define how much risk is acceptable in their project and make decisions accordingly.
When measuring risk and determining acceptable levels for tolerance, it is imperative that projects are viewed as a portfolio. By taking on multiple projects with uncorrelated or negatively correlated outcomes, a firm builds a portfolio of projects whereby the overall level of risk is lower than what one would perceive by looking at projects individually. Project risk can be correlated to investment portfolio theory in this regard.
Company perspective
Risk tolerance of the company usually depends on the extent of financial stability and project portfolio diversification. Organization may lower its overall risk exposure by taking on multiple projects with uncorrelated or negatively correlated outcomes. While this is true for the organization, it is not true for a project manager dedicated to one project. For this reason, upper management must ensure project managers understand their project’s role within the context of the project portfolio.
It can be claimed, that taking risks can be beneficial to a firm that is able to accept them because it enables opportunity. Another aspect of the organizational risk tolerance is, that it depends on the importance of the project within the aggregate project portfolio. For instance, if the project being handled is critical, the organization is willing to take more risks. Alternatively, if it is not critical, then the organization might increase risk tolerance for that one.
Risk tolerance of organizations is dynamic and fluid. Company's acceptance of risk changes throughout the duration of a project. For instance a company’s commitment and investment in the project grows and more is at stake through its progression. Even though the project has fewer risks in towards final stages, the ones that still persist can be more dangerous.
Project manager perspective
The risk tolerance of the project manager and other members of the project team depends on job security and corporate culture. Project manager should have a detailed understanding of the firm’s tolerance level for the possible occurrence of every sizable risk or opportunity. Two categories of risk which concern project manager can be identified. These are project risk and professional risk.
Project risk applies to the uncertainties for a project manager in achieving a project’s goals in terms of time, cost, and quality. These risks are the main subject of risk management as they apply to project management.
Professional risk deals with a project manager’s uncertainties with respect to future job advancement and reward. This type of risk receives less attention, but it can potentially drive a project manager’s decisions and cause those decisions not to be in line with defined risk tolerance levels. Naturally, a project manager weighs credit and blame when making decisions. A project’s visibility and impact heavily influence a project manager’s personal risk tolerance. If the manager possesses a strong drive to climb the corporate ladder, he or she may accept more risk in a highly visible project in an effort to gain accolades should the project come through. In a less visible project, there is less incentive for risk-taking. This can be in contrast with the firm’s risk tolerance profile of a willingness to accept greater risk on smaller projects than larger visible projects.
Stakeholder perspective
The project stakeholder risk tolerance depends on the project objective, which often is different from the organization’s risk tolerance levels. The stakeholder is the customer or client for which a project is being carried out. Risk tolerance levels must be examined by the stakeholder and conveyed to the project team, regardless of whether the tolerance level is high or low. The purposes behind a project and the project’s ultimate goals are generally laid out very early in the relationship between a contractor and client, and risk tolerance levels should be set and defined at the same time.
Limitation
As one of the methods limitations it can be mentioned, that because firms have limited resources and various project proposals competing for them, there is an embedded incentive for overly optimistic estimates and forecasts. Combined with this, any expression of pessimism is often construed as disloyalty to the organization or the project team. These factors lead to serious concerns over whether the risk tolerance levels are defined correctly. This can lead to projects being delivered late, over budget, under quality, out of scope, and without meeting all the initial goals. Due to to size and complexity, some projects can be plagued be plagued with conflicting tolerances of risks. It is difficult for all project stakeholders to agree on risk tolerance levels throughout the life cycle of the project.