Thursday, September 20, 2012

Lecture 28 - Risk Management


Figure 1: Risk Management
In the long run, we get no more than we have been willing to risk giving.

As stated by Ibc (2012) "Risk management ensures that an organization identifies and understands the risks to which it is exposed. Risk management also guarantees that the organization creates and implements an effective plan to prevent losses or reduce the impact if a loss occurs.
A risk management plan includes strategies and techniques for recognizing and confronting these threats. Good risk management doesn’t have to be expensive or time consuming; it may be as uncomplicated as answering these three questions:
  1. What can go wrong?
  2. What will we do, both to prevent the harm from occurring and in response to the harm or loss?
  3. If something happens, how will we pay for it?"

Learning from class:

Lecturer started off the lecture by stating that anyone who doesn't like to take risk will work under person who willing to take risk. All the entrepreneurs are can be considered as risk takers. Since they took some kind of risk before been successful. Basically successful people up to some extent are risk takers.

What is a Risk?

Some activity that results positive outcome or negative outcome

Then lecturer stated that risk is a part of human endeavor and every major advance in human civilization, from the caveman’s invention of tools to gene therapy, has been made possible because someone was willing to take a risk and challenge the status quo basically to change from the current standards. Ex:- Shops normally open 9.00 am - 7.00 pm. If a shop open 24/7 which means it has gone beyond the status quo and someone has taken a risk.

Then lecturer noted what is Uncertainty and the ways of addressing a risk. According to him Uncertainty is peoples mind set of not sure about the outcome relating to an activity . 

4 Ways of addressing Risk,
  • Risk Detection/Identification - Identify the risk. Ex:- Smoke detectors for detect a fire
  • Risk Avoidance - Protecting from the risk up to certain extent or completely. Ex:- air bag, seat belt for human protection in accident
  • Risk Accepts - Consequence that result in minimal impact. Ex:- Tsunami - Cannot avoid the Tsunami because it is a natural disaster
  • Risk Reduction - Reduce the probability of risk occurrence,  reduce the impact of risk event 
And Uncertainty avoidance means precautions that take before any risk happen and its a standard to reduce uncertainty. As an example in certain cultures they want to alter these uncertainty as whole based on statistics in Germany there is a reasonable high uncertainty avoidance (65) compared to countries as Singapore (8) and neighboring country Denmark (23). Germans are not to keen on uncertainty, by planning everything carefully they try to avoid the uncertainty. In Germany there is a society that relies on rules, laws and regulations.        

Then lecturer moved the lecture into risk management concept align into projects.

Risk management is important because,
  • Projects are, by definition, risky enterprises
Project success relies on complication within the time frame and the budget when there are uncertain situations come across and if there are no measures placed it will  affect to the entire project timeline and the success. Anyway the projects meant to be risky since people trying to achieve a goal by catering to ever changing customer requirements/expectations. Because of that project are called risky business.
  • Implications of project ‘failure’
This happens mainly because of improper requirement identification. The other problem is unable to address project plan properly due to risks.
  • Use of estimates/assumptions
The budget and the time is realized based on estimation and forecast. These both variables are not accurate since it based on predicted calculation where it involves some uncertainty risk in it.


After stating above artifacts lecturer said Project Risk can be categorized in to two aspects. They are, 
  • Strategic Risk
Project Abandonment - Clients can close down the company. Because of that development company need to bare the cost. This can eliminate to some extent by out sourcing some components of the project to another company.

Massive over-run/over-spend - After failure it takes some time to recover from that in financially. Since it takes time to recover it will inquire new cost that takes over the budget.

Loss of client confidence/future business - System that provided will not satisfy customers expectation that results in restricting further business with the company.            
  • Operational Risk
Constant change/replanning/inefficiency - In the middle of the project new requirements need to be included (feature creep). This is a risk because need to change the entire project plan. The best way to handle this by negotiating with the customer.

Over-run/over-spend - Extending the time period and budget known to be an operational risk.

Low morale/unacceptable working conditions - Employees may dissatisfy with working environment and company policies.

Figure 2: Risk Continuum
Then lecturer driven the lecturer into Risk Continuum.
According to lecture as stated in the above Figure 2 dagram illustrated the spectrum of risks and its 3 stages of risk continuum.

Total Risk - No any clue about what the outcome is.

Uncertainty - Outcome may compromise with many consequences

No risk - Outcome can clearly define

After that lecturer stated about Risk Management Process.

Disaster recovery plan (DRP) helps companies for over come or reduce the negative impact from a disaster. After the huge  9/11 attack many organizations started implement DRPs for their companies.

Risk planning
               adopt risk management approach/policy
               identify  mechanisms to identify risk factors

Risk identification
               identify tasks
               predict effect on baseline plan

Risk analysis
                assess likelihood of specific risks 
                assess impact of specific risks

Risk response
                plan possible responses to risk occurrence
                develop contingency/fallback measures

Risk action
                implement risk reduction measures
                monitor risk factors

Process should be part of 'Project office'

The reason is project office consisted of experienced employees. As an example project manager. Project manager is a one who has more experience of risk an can well cater to risk that can rise in the process of a project.

Must be applied to each Project

                 individual objectives/features of project
                 ‘ownership’ of risks by project team members

Maintain a risk database
                       
               Include all the risks that face during projects. So in future project teams can go through and avoid the risks that can happen in the projects. Risk database include followings,

Identifier
keyed to task etc. on WBS by reference 
Title/description
of risk and to what task(s) it could apply
Potential impact(s)
in quantifiable terms (time/cost/quality) if possible
Risk owner
tracks/protects against risk
Risk actions
what actions planned
Action log
record of avoidance/reduction/acceptance actions taken

Link(s) to quality/monitoring process
                           
                Use milestones and ISO files in risk management and get the feedback to project plan.

And lecturer spoke about Procedures/Steps of Risk Identification 
    
  • Must be a precise definition - Need to be clear on what the risk is.
  • Must be capable of being measured - Able to measure the risk basically impact or the outcome of the risk.
  • Must have measurable impact - The impact can be measure to protect from it. 
Risk Identification
  • Must be a precise definition
  • Must be capable of being measured
  • Must have measurable impact
There are certain things to look in risk identification they are,

Weak commercial background
  • uncertain funding/justification
  • too much competition
Imprecise objectives/charter
  • uncertain objectives/deliverables/acceptance criteria
  • penalties for delay/under-performance
Unhelpful clients/users
  • too powerful client(s)
  • uninvolved/uncommitted client(s)
unfamiliar/innovative technology
external dependencies
all tasks on critical or near-critical paths!!!

What need to watch out in risk identification...
  • key member(s) of staff on many critical tasks
  • project manager(s) on critical path
  • ‘external’ dependencies without good contracts
  • responses which take to long to ‘ramp up’
  • unfounded assumptions about threshold resources
  • reliance on ‘silver bullets’ & ‘white knights’ 
After risk identification lecturer discussed about Silver Syndrome.

Silver syndrome occurs when the project team too much reliance on methodologies or technology and this too much of reliance of methodologies and technology leads to a risk. Because project team cannot fully depend on the methodology or technology to solve all the problems that identifies in the project.

Analyzing Risk
There are three types of question need to ask when analyzing a risk. They are,
  • Primary question
  • Secondary factor
  • Tertiary factor
Primary questions are the ones or aspects which depend on the successfulness of the project. Secondary and tertiary factors are which encounter from the primary question.

Risk Assessment
In risk assessment seek for the which have high probability of occurring and which have large impacts if those risk occur
These risk can be measured as followed.
-Probability of risk occurring
-Impact on project
-Urgency of the risk
To identify or measure risks project team can use risk assessment map. Below has showed the risk assessment map.

Figure 3: Risk Assessment Map
From above mentioned risk assessment map can identify which have more probability of risk occurring, which have high impact and which risk need to take urgent actions. As example risks that are categorized into high like hood of occurrence and larger probable scale of impact are the risks that need to take actions as soon as possible.

Risk Ownership
Risk owners are the ones who take responsibility of a particular risk.
Risk owners need to have,

  • Sufficient task knowledge/expertise- The knowledge to solve a particular risk because risks are vary from the situation that take place.
  • Necessary resources/time to monitor risk- Able to gather necessary resources in-order to solve the risk
  • Sufficient authority to carry out risk action- Need to have permission to solve the risk.
Risk owners responsible of ,
  • Contributing data to risk assessment exercise
  • Reporting status of risk
  • Preparing  responses & actions for risk
Risk Plan
  • In risk plan need to define the scope of the project and mention the risks that can be occur during the process of the project
  • Need to mention different types of actions if a risk took place in the project in-order to reduce the negative impact on the project
  • Deliverable of risk management in a descriptive way
  • Theses situations can arise in projects,
-Risks arise, are ‘managed’, monitored & ‘archived’
-Some predicted risks never arise & are ‘cancelled’
-Unpredictable risks arise, are assessed & added to plan
 

Reality of the Lecture:

From this lecture I understood how Risk Management helps project teams and companies to overcome successfully from the potential risks that they face. In Industrial level most of the risk that faces need to to be properly manage. For accomplish those tasks effectively in many companies there is a role for Risk Managers. Risk Managers specialized in the area of risks and try to reduce the negative impact that courses from those activities. When this apply to project dimensions risk need to be eliminated because project need to be completed within budget and a time frame. When more risk involves it go beyond those consequences and end up with a project failure. Where customer surely shift to another company to accommodate their requirements that result the project development company a total lost. If a problem comes during the project it affects to the whole process of the project. I understood that risk assessment map as very useful component in risk management as it helps to identify the risks that have high impact and the risks that need to take quick actions. I also understood the role of risk owner like what he need to do if risk occur in the project or how to avoid the risk and the responsibilities of the risk owner. In personal content this topic helped me to clearly identify various types of risk that can occur during my final year project and the consequences that I can take to overcome from those risk by clearly stating risk management techniques before the start of my first final year project milestone. 
 

References:

Ibc. (2012). Risk Management. [Online]. Available at: http://www.ibc.ca/en/Business_insurance/risk_management/ [Accessed 20th September 2012]

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)