Risk and Opportunities Management

In project management, uncertainty is a common parameter, given that projects are unpredictable and only an estimate of a future situation. In order to prevent uncertainties, project risks are identified, managed and addressed throughout the project life cycle. Risk management is a central concept and plays an important role in maintaining projects stability and success throughout the project. Risk management identifies potential obstacles that may arise and hinder the project team from achieving expected goals. Identifying risks is a repeatable process since new risks become known and others become unknown. Noteworthy risks are not only downsides, referred to as threats, but also upsides, referred to as opportunities. Opportunities may arise as a result of unexpected turns and have a positive impact on the project. Risk management is highly relevant and therefore present in all projects.

By using qualitative and quantitative risk management approaches, uncertainties are identified, assessed and mitigated in a structured way that helps projects stay on track. This article focuses on Rumsfeld’s unknown unknowns and the risk management process, including the probability impact matrix.

The risk management process may be divided into seven process steps: communication and consultation, establishing the context, risk identification, risk analysis, risk evaluation, risk treatment and monitoring and review. This process aims to ensure that risk is managed effectively, efficiently and coherently across an organization ^[1]. At last, this article will outline and discuss the risk management process' limitations and advantages in a project management aspect.

Introduction

Defining Risks

In all projects there is indistinctness, which leads to assumptions being made. These assumptions are uncertain and can affect the project’s cost, scope, time or resources ^[2]. Risks can be defined as An uncertain event or condition that, if it occurs, has a positive or negative impact on one or more project objectives such as scope, schedule, cost or quality ^[3]. Due to the negative consequences of uncertainties, risks are highly relevant and should be managed carefully.

Risk management is a beneficial concept applicable in every project. The concept aims to improve decision-making processes by identifying, assessing and mitigating relevant uncertainties in a structured way ^[4].

Donald Rumfeld's Unknown Unknowns

The American politician and businessman, Donald Rumfeld, distinguishes between four categories of risk. The first category is identified as known knowns describing the things we know we know. Examples could be a project’s location, the type of project etc. The second category is defined, as known unknowns describing the things we know are uncertain. Examples could be how many workers are needed to complete a particular task or unpredictable weather conditions. The third category is defined as the unknown unknowns. This category describes uncertainties that we could not have known in advance and let alone foresee their consequences, e.g. natural and manmade cataclysms. The last category is defined as unknown knowns describing risks that cannot be identified precisely due to multiplicity, but whose total negative impact on the project appears certain. An example of this risk category could be the Russian Winter Olympic Games in Sochi in 2014. The games in Sochi experienced significant cost overruns at 289% ^[5]. Another example in connection to Russia is the widespread corruption of local officials. The risk is known to everyone in Russia but not officially recognised and can therefore be perceived as an unknown known.

Risk Perception

The practice of risk management is to minimize negative impacts or threats to the project and maximize the upside impact of opportunities. To be a successful project manager it is therefore essential to understand what could possibly go wrong, assess risks’ probability and impact and thereby plan how to mitigate risks optimally.

Risk management involves planning and prioritising risks before they occur, handling emerged risks and control and monitor risks, by using quantitative or qualitative approaches. By using quantitative approaches including mathematical models, it is possible to calculate and estimate potential negative and positive outcomes. However risk management activities are primarily based on qualitative data ^[6]

Qualitative data include subjective perceptions since people value risks differently and therefore also value potential consequences differently. Gathering different viewpoints could be challenging when representing different project stakeholders. Obtaining viewpoints and ratings for each risk is a matter of unifying opinions. A method used for assessing low-high risks is the so-called probability impact matrix. Figure1 shows the positioning of identified risks. It is important to remember, that Figure1 is an example of a potential matrix and therefore the matrix can change dependent on different projects.

Risks placed within the red boxes hold extreme or high risks and need to be managed and avoided since they have the potential to greatly impact project quality, time or cost performance. Risks placed within the orange boxes hold moderate risks and can be mitigated or reduced. This category has the potential to slightly impact cost, quality and time performance. Risks placed within the green boxes hold low risks and can be ignored or accepted since they have a relatively little impact on cost, quality and time performance.

From Figure1 it has been identified that not all risks can be eliminated, but mitigation and plans can be developed to lessen their potential impact. The risk management process focuses on identifying, analyzing and evaluating risks. This process is an iterative process that begins in the early project phases and is conducted throughout the project’s development. The practice of risk management process is systematically thinking about all possible outcomes even before they occur and outline procedures to accept, mitigate and avoid the impact of emerged risks.

Risk Management Process

The risk management process can be divided into seven steps: communication and consultation, establishing the context, risk identification, risk analysis, risk evaluation, risk treatment and monitoring and review. The seven process steps will be outlined and described below.

Communication and Consultation

This process comprises communication and consultation with external and internal stakeholders and should take place throughout the seven risk process steps. This first step should especially focus on the exchange of relevant information and coordination of stakeholders’ perceptions. Communication and consultation between the stakeholders should mainly focus on the following criteria: the objectives, scope and criteria. Last-mentioned include risk sources, consequences, analysis method, evaluation and suitable treatments, se more in the process step Establishing the context ^[7]

Establishing the Context

This step includes defining the objectives and scope for the risk management process and furthermore determines criteria against which risks will be assessed. Establishing the context does not only address the company internal but also external. Internal factors include the role of the risk management process within the organization as well as the basic criteria used to evaluate risks throughout the following process steps. Establishing the context also include the integration and implementation of risk management processes during other processes in the organization comprising methods, roles and responsibilities of the people involved in the risk management and the outlined goals of the risk management process.

Risk Identification

The third process step consists of identifying sources of risk, potential impact and outlining consequences. The risk identification step is an iterative process that is managed throughout the project’s life cycle. This step aims to develop a comprehensive list of potential risks implied their impact and likelihood. This list is normally used in the following step, the risk analysis.

Risk Analysis

The risk analysis is mainly concerned around prioritizing and classifying risks. This could be done by using the earlier mentioned probability impact matrix, see Figure1. Identified risks are analyzed to achieve a better understanding of the treatment needed either to avoid or mitigate the analyzed risk. The analysis may also identify unforeseen opportunities that may be pursued to provide additional benefit.

Risk Evaluation

The risk evaluation focuses on prioritizing and deciding appropriate treatments for risks holding extreme, high or moderate risks, defined in the probability impact matrix, see Figure1. These risks will continue to step 6 Risk Treatment while low impact risks will be ignored or controlled.

Risk Treatment

The purpose of treating risks is to develop options and determine actions to enhance opportunities and reduce threats to project objectives (ISO 21500). Different treatment opportunities are analyzed regarding cost-benefit tradeoffs and normally one or more options are developed and transferred to the project management for implementation (Handbook). Risk treatment includes measures and plans to avoid the risk, to mitigate risks, to deflect the risk or develop plans to handle unforeseen risks if they occur. Decided treatments, expected benefits and the re-evaluated risks are transferred to the last step of the risk management process: Monitoring and Review.

Monitoring and Review

This step oversees both situational risks within the organization as well as the risk management process itself (Handbook). The purpose of monitoring and controlling risks is to minimize disruption to the project by determining whether the risk responses have the desired effect (ISO 21500). This is done by identifying and analyzing new risks, monitoring trigger conditions for contingency plans and reviewing progress on treated risks while evaluating the effectiveness of the chosen treatment. The risk management process should be applied when new risks arise or when project milestones are reached.

Discussion

The following section will describe the risk management process’ limitations and disadvantages and highlight potential advantages by using the method.

Limitations and Critical Reflection

When using the risk management process there are some aspects that need to be taken into consideration. E.g. it is important for the project manager to know what kinds of people are handling and doing the assessment of potential risks. The cultures of different companies and countries can have very different positions in the valuation of consequences and what can be accepted. Therefore it is important to have in mind that people’s perceptions of risks and addressing risks can be fundamentally diverse.

Advantages

Conclusion

Bibliography

1. ↑ Geraldi, Joana, Thuesen, Christian, Oehmen, Josef. How to Do Projects, 29. January 2016. Version 0.5. Annotation:
2. ↑ Ottosson, Hans. Practical Project Management - For Building and Construction, 23. July 2012. Auerbach Publications. Annotation:
3. ↑ PMI. A Guide to the Project Management Body of Knowledge,5th. Edition 2013. Project Management Institute.Annotation:
4. ↑ Dansk Standard. ISO 21500 - Guidance on Project Management, 27. September 2009.
5. ↑ ' Flyvbjerg, Bent, Stewart, Allison, Budzier, Alexander. The Oxford Olympics Study 2016 - Cost and Overrun at the Games, 20. July 2016.
6. ↑ ' Maylor, Harvey. Project Management, 4th. Edition. 2010. Pearson. Annotation:
7. ↑ Cite error: Invalid <ref> tag; no text was provided for refs named .5B.5BHow_to_Do_Projects.5D.5D