Figure 1: Risk Management |
As stated by Ibc (2012) "Risk
management ensures that an organization identifies and understands the risks to
which it is exposed. Risk management also guarantees that the organization
creates and implements an effective plan to prevent losses or reduce the impact
if a loss occurs.
A risk management plan includes
strategies and techniques for recognizing and confronting these threats. Good
risk management doesn’t have to be expensive or time consuming; it may be as
uncomplicated as answering these three questions:
- What can go wrong?
- What will we do, both to prevent the harm from occurring and in response to the harm or loss?
- If something happens, how will we pay for it?"
Learning
from class:
Lecturer
started off the lecture by stating that anyone who doesn't like to take risk
will work under person who willing to take risk. All the entrepreneurs are can
be considered as risk takers. Since they took some kind of risk before been
successful. Basically successful people up to some extent are risk takers.
What
is a Risk?
Some
activity that results positive outcome or negative outcome
Then
lecturer stated that risk is a part of human endeavor and every major advance
in human civilization, from the caveman’s invention of tools to gene therapy,
has been made possible because someone was willing to take a risk and challenge
the status quo basically to change from the current standards. Ex:- Shops
normally open 9.00 am - 7.00 pm. If a shop open 24/7 which means it has gone
beyond the status quo and someone has taken a risk.
Then
lecturer noted what is Uncertainty and the ways of addressing a risk. According
to him Uncertainty is peoples mind set of not sure about the outcome relating
to an activity .
4 Ways of addressing Risk,
- Risk Detection/Identification - Identify the risk. Ex:- Smoke detectors for detect a fire
- Risk Avoidance - Protecting from the risk up to certain extent or completely. Ex:- air bag, seat belt for human protection in accident
- Risk Accepts - Consequence that result in minimal impact. Ex:- Tsunami - Cannot avoid the Tsunami because it is a natural disaster
- Risk Reduction - Reduce the probability of risk occurrence, reduce the impact of risk event
And
Uncertainty avoidance means precautions that take before any risk happen
and its a standard to reduce uncertainty. As an example in certain cultures
they want to alter these uncertainty as whole based on statistics in Germany
there is a reasonable high uncertainty avoidance (65) compared to countries as
Singapore (8) and neighboring country Denmark (23). Germans are not to keen on
uncertainty, by planning everything carefully they try to avoid the
uncertainty. In Germany there is a society that relies on rules, laws and
regulations.
Then
lecturer moved the lecture into risk management concept align into projects.
Risk
management is important because,
- Projects are, by definition, risky enterprises
Project
success relies on complication within the time frame and the budget when there
are uncertain situations come across and if there are no measures placed it
will affect to the entire project timeline and the success. Anyway the
projects meant to be risky since people trying to achieve a goal by catering to
ever changing customer requirements/expectations. Because of that project are
called risky business.
- Implications of project ‘failure’
This
happens mainly because of improper requirement identification. The other
problem is unable to address project plan properly due to risks.
- Use of estimates/assumptions
The
budget and the time is realized based on estimation and forecast. These both
variables are not accurate since it based on predicted calculation where it
involves some uncertainty risk in it.
After
stating above artifacts lecturer said Project Risk can be categorized in to two
aspects. They are,
- Strategic Risk
Project
Abandonment - Clients can close down the company. Because of that development
company need to bare the cost. This can eliminate to some extent by out
sourcing some components of the project to another company.
Massive
over-run/over-spend - After failure it takes some time to recover from that in
financially. Since it takes time to recover it will inquire new cost that takes
over the budget.
Loss
of client confidence/future business - System that provided will not satisfy
customers expectation that results in restricting further business with the
company.
- Operational Risk
Constant
change/replanning/inefficiency - In the middle of the project new requirements
need to be included (feature creep). This is a risk because need to change the
entire project plan. The best way to handle this by negotiating with the
customer.
Over-run/over-spend
- Extending the time period and budget known to be an operational risk.
Low
morale/unacceptable working conditions - Employees may dissatisfy with working
environment and company policies.
Figure 2: Risk Continuum |
Then
lecturer driven the lecturer into Risk Continuum.
According
to lecture as stated in the above Figure 2 dagram illustrated the spectrum of
risks and its 3 stages of risk continuum.
Total
Risk - No any clue about what the outcome is.
Uncertainty
- Outcome may compromise with many consequences
No
risk - Outcome can clearly define
After
that lecturer stated about Risk Management Process.
Disaster
recovery plan (DRP) helps companies for over come or reduce the negative impact
from a disaster. After the huge 9/11 attack many organizations
started implement DRPs for their companies.
Risk planning
adopt risk management approach/policy
identify mechanisms to identify risk factors
Risk identification
identify tasks
identify tasks
predict effect on baseline plan
Risk analysis
assess likelihood of specific risks
assess likelihood of specific risks
assess impact of specific risks
Risk response
plan possible responses to risk occurrence
plan possible responses to risk occurrence
develop contingency/fallback measures
Risk action
implement risk reduction measures
implement risk reduction measures
monitor risk factors
Process should be part of 'Project office'
The reason is project office consisted
of experienced employees. As an example project manager. Project manager is a
one who has more experience of risk an can well cater to risk that can rise in
the process of a project.
Must be applied to each Project
individual objectives/features of project
‘ownership’ of risks by project team members
Maintain a risk database
Include all the risks that face during projects. So in future project teams can
go through and avoid the risks that can happen in the projects. Risk database
include followings,
Identifier
keyed to task etc. on WBS by reference
keyed to task etc. on WBS by reference
Title/description
of risk and to what task(s) it could apply
of risk and to what task(s) it could apply
Potential impact(s)
in quantifiable terms (time/cost/quality) if possible
in quantifiable terms (time/cost/quality) if possible
Risk owner
tracks/protects against risk
tracks/protects against risk
Risk actions
what actions planned
what actions planned
Action log
record of avoidance/reduction/acceptance actions taken
record of avoidance/reduction/acceptance actions taken
Link(s) to quality/monitoring process
Use milestones and ISO files in risk management and
get the feedback to project plan.
And lecturer spoke about
Procedures/Steps of Risk Identification
- Must be a precise definition - Need to be clear on what the risk is.
- Must be capable of being measured - Able to measure the risk basically impact or the outcome of the risk.
- Must have measurable impact - The impact can be measure to protect from it.
Risk
Identification
- Must be a precise definition
- Must be capable of being measured
- Must have measurable impact
There
are certain things to look in risk identification they are,
Weak
commercial background
- uncertain funding/justification
- too much competition
Imprecise
objectives/charter
- uncertain objectives/deliverables/acceptance criteria
- penalties for delay/under-performance
Unhelpful
clients/users
- too powerful client(s)
- uninvolved/uncommitted client(s)
unfamiliar/innovative
technology
external
dependencies
all
tasks on critical or near-critical paths!!!
What
need to watch out in risk identification...
- key member(s) of staff on many critical tasks
- project manager(s) on critical path
- ‘external’ dependencies without good contracts
- responses which take to long to ‘ramp up’
- unfounded assumptions about threshold resources
- reliance on ‘silver bullets’ & ‘white knights’
After
risk identification lecturer discussed about Silver Syndrome.
Silver
syndrome occurs when the project team too much reliance on methodologies or
technology and this too much of reliance of methodologies and technology leads
to a risk. Because project team cannot fully depend on the methodology or
technology to solve all the problems that identifies in the project.
Analyzing Risk
There
are three types of question need to ask when analyzing a risk. They are,
- Primary question
- Secondary factor
- Tertiary factor
Primary
questions are the ones or aspects which depend on the successfulness of the
project. Secondary and tertiary factors are which encounter from the primary
question.
Risk
Assessment
In risk
assessment seek for the which have high probability of occurring and
which have large impacts if those risk occur
These
risk can be measured as followed.
-Probability
of risk occurring
-Impact
on project
-Urgency
of the risk
To
identify or measure risks project team can use risk assessment map.
Below has showed the risk assessment map.
From
above mentioned risk assessment map can identify which have more probability of
risk occurring, which have high impact and which risk need to take urgent
actions. As example risks that are categorized into high like hood
of occurrence and larger probable scale of impact are the risks that
need to take actions as soon as possible.
Risk
Ownership
Risk owners are
the ones who take responsibility of a particular risk.
Risk
owners need to have,
- Sufficient task knowledge/expertise- The knowledge to solve a particular risk because risks are vary from the situation that take place.
- Necessary resources/time to monitor risk- Able to gather necessary resources in-order to solve the risk
- Sufficient authority to carry out risk action- Need to have permission to solve the risk.
Risk
owners responsible of ,
- Contributing data to risk assessment exercise
- Reporting status of risk
- Preparing responses & actions for risk
Risk
Plan
- In risk plan need to define the scope of the project and mention the risks that can be occur during the process of the project
- Need to mention different types of actions if a risk took place in the project in-order to reduce the negative impact on the project
- Deliverable of risk management in a descriptive way
- Theses situations can arise in projects,
-Risks
arise, are ‘managed’, monitored & ‘archived’
-Some
predicted risks never arise & are ‘cancelled’
-Unpredictable risks
arise, are assessed & added to plan
Reality of the Lecture:
From
this lecture I understood how Risk Management helps project teams and companies
to overcome successfully from the potential risks that they face. In Industrial
level most of the risk that faces need to to be properly manage. For accomplish
those tasks effectively in many companies there is a role for Risk Managers.
Risk Managers specialized in the area of risks and try to reduce the negative
impact that courses from those activities. When this apply to project
dimensions risk need to be eliminated because project need to be completed
within budget and a time frame. When more risk involves it go beyond those
consequences and end up with a project failure. Where customer surely shift to
another company to accommodate their requirements that result the project
development company a total lost. If a
problem comes during the project it affects to the whole process of
the project. I understood that risk assessment map as very useful component in
risk management as it helps to identify the risks that have high impact and the
risks that need to take quick actions. I also understood the role of risk owner
like what he need to do if risk occur in the project or how to avoid the risk
and the responsibilities of the risk owner. In
personal content this topic helped me to clearly identify various types of risk
that can occur during my final year project and the consequences that I can
take to overcome from those risk by clearly stating risk management techniques
before the start of my first final year project milestone.
References:
Ibc. (2012). Risk Management.
[Online]. Available at: http://www.ibc.ca/en/Business_insurance/risk_management/
[Accessed 20th September 2012]