See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/235285015

A review of techniques for risk management in projects

Article  in  Benchmarking An International Journal · March 2007

DOI: 10.1108/14635770710730919

CITATIONS READS
134 1,497

3 authors, including:

Ammar Ahmed Sataporn Amornsawadwatana

University of Technology Sydney University of the Thai Chamber of Commerce
17 PUBLICATIONS   277 CITATIONS    10 PUBLICATIONS   183 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Engineering Vulnerability Project View project

All content following this page was uploaded by Ammar Ahmed on 05 August 2014.

The user has requested enhancement of the downloaded file.

 The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1463-5771.htm

BIJ
14,1 A review of techniques for risk
management in projects
Ammar Ahmed, Berman Kayis and Sataporn Amornsawadwatana
22 School of Mechanical and Manufacturing Engineering,
The University of New South Wales, Sydney, Australia

Abstract
Purpose – This paper aims to provide a review of techniques that support risk management in
product development projects using the concurrent engineering (CE) philosophy.
Design/methodology/approach – The Australia/New Zealand risk management standard
AS/NZS 4360:1999 proposes a generic framework for risk management. This standard was adapted
for product development projects in the CE environment. In this paper, existing techniques were
reviewed for their applicability to processes in risk management; namely, techniques for establishing
context, risk identification, risk assessment and treatment.
Findings – Risk management is an activity within project management that is gaining importance due
to current business environment with a global focus and competition. The techniques reviewed in this
paper are used on an ad hoc basis currently. A more risk focused approach is likely to result in an
integration of several of these techniques, resulting in an increased effectiveness of project management.
Practical implications – The techniques reviewed in this paper can be used for the development of
risk management tools for engineering and product development projects.
Originality/value – This paper provides a gist of techniques categorized in the form that they are
applicable for implementation of risk management functions in product development projects using
CE philosophy.
Keywords Risk management, Project management, Product development, Risk assessment
Paper type General review

Benchmarking: An International
Journal
Vol. 14 No. 1, 2007
pp. 22-36
q Emerald Group Publishing Limited
1463-5771
DOI 10.1108/14635770710730919
Introduction
Projects are managed through the concurrent engineering (CE) philosophy for faster
time to market and to achieve project objectives through a shorter iterative process. CE is
the development of product and process through simultaneous functions that aims at
reducing time to market, overall development cost and achieve a high product quality
(Salamone, 1995; Caillaud et al., 1999). Owing to the multi-functional nature of teams in
CE, product and process information is shared and a quick overall understanding of the
product and process is developed. This leads to an achievement of the right design in the
first attempt and helps attaining a clarity for the issues in the implementation phase of
the project, resulting in an overall lower developmental cost and a quicker response to
market as compared to a traditional over the wall approach (Jo et al., 1993).
The design process determines product geometry, materials, functional
specifications, machining processes, assembly sequences, tools and equipment
necessary to manufacture a product. Production plans, control tools such as inventory
controls, resource allocations and job scheduling are other important outputs of the
design process. Hence, it can be asserted that design influences to a great extent,
the quality and the cost of the product (Salamone, 1995; Jo et al., 1993). Short comings in
the product design process results in extra costs generated through project delays,
penalties, excess of materials used, labour, additional operations, resource
reallocations, rescheduling and rework. Hence, risk management in product design is Techniques for
beneficial and should complement project management activities, especially in a CE risk management
environment. This paper describes a framework for the risk management process, as
proposed by the Australian Risk Management Standard (Risk Management Standard in projects
AS/NZS 4360, 1999) and reviews the techniques that can be used for each process
within risk management so that a framework can be evolved for designing tools for
risk management. 23
The risk management process
In general, unexpected events occur in projects and may result in either positive or
negative outcomes that are a deviation from the project plan. Positive outcomes are
opportunities while negative outcomes generate a loss. Risk focuses on the avoidance of
loss from unexpected events (Williams, 1995). Several definitions of risk are available
in the literature and risk is usually referred to as an exposure to losses in a project
(Webb, 1994; Chapman and Ward, 1997) or as a probability of losses in a project (Risk
Management Standard AS/NZS 4360, 1999; Larson and Kusiak, 1996a; Remenyi and
Heafield, 1996; Jaafari, 2001; Kartam and Kartam, 2001). In this paper, the later definition
of risk has been used because this definition implies that risk is quantifiable and lends
itself to assessment and analysis through computational methods. A situation where it is
not possible to attach a probability of occurrence to an event is defined as uncertainty
(Clemen, 1996; Taha, 1997). While uncertainty is not measurable, it can be estimated
through subjective assessment techniques (Raftery, 1994).
The risk management process refers to uncovering weaknesses in methods used in
product development through a structured approach so that timely mitigation actions
are initiated to avoid risk, transfer risk, reduce risk likelihood or reduce risk impact (Risk
Management Standard AS/NZS 4360, 1999). The risk management process proposed by
the Australian Standard for Risk Management is shown in Figure 1. It is composed of
seven iterative sub-processes of establishing the context of risk, identifying risks,
analysing risks, evaluating risks, communication and consultation across stakeholders
and monitoring and controlling risk events. The risk management process blends itself
to CE product design and development, as changes and iterations in the design stage
cost less than changes initiated in the implementation phase (Salamone, 1995; Jo et al.,
1993). Hence, early discovery of risk events leading to downstream losses is much more
preferable than treating losses when they cannot be prevented.

Techniques for context establishment

Context establishment in the risk management process involves representation of
project units (functional, process, data, etc.) and their inter-relationships (Ahmed et al.,
2003a, b). This enables in representing project status in several forms such as resource
usage, equipment requirements, budget availability, stakeholder involvement, contract
deliverables, strategic goals and schedule, depending on the desirable aspect of the
project that is important for any particular purpose.
Project modelling tools and techniques are in general, are also the techniques for
context establishment for risk management. These are project network diagram,
precedence diagramming method (PDM), generalized activity networks (GANs), design
structure matrices (DSM), IDEF3 process modelling and IDEF0 functional modelling.
These are described in detail in the following paragraphs.
BIJ
14,1
Establish the context

24
Identify risks

Communicate and consult

Monitor and Review

Analyze risks

Evaluate risks

Assess risks

Treat risks
Figure 1.
Representation of the risk
management process as
per AS/NZS 4360:1999

Project network diagrams

Project network diagramming is a graphical technique used for representing project
tasks and precedence relationships (Webb, 1994; Russell and Taylor, 2000; Tavares,
2002). Project tasks or activities are modelled as arrows or nodes through two different
methods – activity on node or activity on arrow. A project network diagram provides a
simple visual display of tasks in a project, with difficulty in representing complex
relationships. Alternative and overlapped activities are also not accommodated in
project network diagrams. Critical path method (CPM) and program evaluation and
review technique (PERT) are then used for analysis of critical path for the project,
identification of critical tasks and estimation of the total project duration.
A combination of project network diagramming, CPM and PERT techniques lend
themselves into simple schedule focused management of projects (Larson and Kusiak,
1996a).

Precedence diagramming method

PDM is an extension of the project network diagramming technique where
overlapped content between two dependent activities can be represented through
lead-lag requirement relationships (Wiest, 1981; Badiru, 1993; Badiru, 1996). Lead-lag
relationships usually depict that there is overlapping time duration between the
completion time of an activity and the starting time of the subsequent activity.
Lead-lag relationships are divided into four types:
 (1) start-to-start; Techniques for
(2) finish-to-finish; risk management
(3) start-to-finish; and in projects
(4) finish-to-start.

The overlapping of activities means that the estimation of project duration is usually
compressed and results in a shorter completion time when compared to PERT. However,
25
manual computations are tedious, especially for large networks (Badiru, 1996).

Generalized activity networks

A GAN is a graphical representation of the probabilistic branching of activities
(Dawson and Dawson, 1994, 1995, 1998). Uncertainty is represented as alternative
paths with a probability attached to it, providing an illustration of all possible paths or
scenarios that can be described for a project, including loops. GAN also becomes very
complicated when the number of nodes increase, with an added difficulty of
quantification of branching probabilities as an output from every activity node.

Design structure matrices

A design structure matrix (DSM) represents precedence relationships of project tasks on
a square matrix containing equal number of rows and columns representing the number
of tasks (Steward, 1981; Kara et al., 1999; Eppinger et al., 2001). Existence of a precedence
relationship between two tasks is represented through a binary code, with a mark “X”.
Absence of the mark means that no precedence relationship exists between the two
tasks. DSM depicts three different types of precedence relationships between tasks.
A sequential relation indicates that the precedent task must be completed before the
subsequent task commences. A parallel relationship indicates that two tasks are carried
out independently, while a coupled or a circuit relationship indicates that the two tasks
are interdependent, requiring input from each other (Steward, 1981; Kara et al., 1999;
Eppinger et al., 2001). DSM provides a capability of representing task relationships in a
complex system and lends itself to analysis through matrix manipulations leading to the
isolation of group of coupled tasks. However, decision points are not represented into
the DSM structure and alternative paths are not realized.

IDEF0 functional modelling

IDEF0 is a graphical representation of a system through a functional perspective
(Colquhoun et al., 1993; Sarkis and Lin, 1994; Malmstrom et al., 1999). In IDEF0, a box
represents an activity or a function while arrows represent inputs, outputs, controls
and mechanisms operating on activities and on the project as a whole (Colquhoun et al.,
1993; Sarkis and Lin, 1994; Malmstrom et al., 1999; Ang and Gay, 1993; Kusiak et al.,
1994). An input is a requirement that a functional unit needs to perform, while an
output is the outcome of that function or a combination of functions. Controls are
constraints that dictate functions such as regulatory environment and budget, while
mechanisms are supports that advocate performance of that function such as people,
computer systems and machines. IDEF0 provides an overall view of the project at the
top level and successively more details deeper into subsequent levels. This provides a
model that is relevant to all functional levels in the organization.
BIJ IDEF3 process modelling
14,1 IDEF3 is a graphical method used for modelling sequence of tasks in a system through
process or object-oriented perspectives. Process-cantered view emphasizes process
flow and relationships between tasks, while object-cantered view highlights change in
states of objects as a process flows (Larson and Kusiak, 1996a, b; Mayer et al., 1995). In
a system, tasks are defined as units of behaviour (UOB); relationships are represented
26 as links and logical branching as junctions. Logical branches or junctions are usually
decision points in the system and they could be of – AND, OR, or EXCLUSIVE OR
types. An AND junction means that all UOB connecting this junction must be
performed, an OR junction means that at least one UOB connecting this junction needs
to be performed while, an EXCLUSIVE OR junction indicates that only one UOB
connecting this junction can be performed. Fan-in and fan-out junctions indicate
multiple paths in the process flow with fan-in junctions indicating convergent paths,
while fan-out junctions indicate divergent paths in the process flow.
IDEF3 allows greater flexibility in modelling alternatives in design processes and is
suited for the CE environment and lends itself as a foundation for further risk analysis
(Kusiak and Zakarian, 1996). Since, processes can be represented in layers with the top
layer providing the overall view, an IDEF3 model could be as simple as it is desired to
be or dig down into details in each subsequent lower layers.

Techniques for risk identification

Risk identification is studying a situation to realize what could go wrong in the product
design and development project at any given point of time during the project. Sources
of risk and potential consequences need to be identified, before they can be acted upon
to mitigate. Experts in their own domain have intuitive methods of recognizing a risk
situation. As such, the identification tools presented in this section are more general in
nature and need a collaborative approach so that all aspects of the project are examined
for risk situations.

Checklists
Checklists are a trivial method of risk identification where pre-determined crucial
points are examined for symptoms of potential risk situation (Webb, 1994; Duncan,
1996; Kumamoto and Henley, 1996; Cross, 2001). These are simple to use and usually
evolve over time through contributions from various functional experts and collective
experiences (Chapman and Ward, 1997; Ward, 1999).

Influence diagrams
An influence diagram is graphical representation of the structure of the decision context
such that decisions, uncertain events, consequences and their interrelationships are
graphically enumerated (Clemen, 1996; Clemen and Reilly, 2001). Owing to the visual
display, cause-and-effects of risk situations are described and can be used for identifying
risk situations before they eventuate.

Cause-and-effect diagrams
A cause-and-effect diagram or a fish bone diagram is a graphical representation of root
causes of quality problems, where major causes of the ultimate problem are grouped and
broken down into detailed sources (Russell and Taylor, 2000). Though, cause-and-effect
diagrams are easy to use, they do not provide a foundation for further analysis such as Techniques for
relative importance of individual causes of a problem. Hence, cause-and-effect diagrams risk management
are used for deterministic problems in a very specific domain.
in projects
Failure mode and effect analysis
Failure mode and effect analysis (FMEA) provides a structure for determining causes,
effects and relationships in a technical system. FMEA is used to determine failures and 27
malfunctions through exploration of failure modes, consequences of a system
component failure so that solutions for rectifying these problems can be visualized
(Risk Management Standard AS/NZS 4360, 1999; Kumamoto and Henley, 1996; Cross,
2001).

Hazard and operability study

Hazard and operability study (HAZOP) is an extension of FMEA where check words
are applied to process parameters in order to identify safety and operational problems,
usually in new systems (Cross, 2001; Lawley, 1974; Roach and Lees, 1981; Kletz, 1985).
Check words create other perspectives to the overall process and focus attention on
unforeseen areas in the process. In risk management for projects, HAZOP can be
applied by considering project parameters such as strategy, budget and schedule to
identify risk situations.

Fault trees
Fault tree analysis is a visual technique for breaking down failure in the system into
source events (Kumamoto and Henley, 1996; Cross, 2001; Kletz, 1985; Dhillon, 1982;
Birolini, 1993). Fault trees use event and gate symbols to structure cause and effect
relationships of a failure. It is a simple technique and helps in reflecting on logical
sequences that lead to failure. In project risk analysis, this technique is complicated
due to the large number of events and gates; however, it could be used in a smaller
domain to analyse a particular failure.

Event tree
Event tree analysis is a graphical representation of potential consequences arising
from a failure where possible consequences are generated and broken down from an
initial event (Kumamoto and Henley, 1996; Cross, 2001). In project risk analysis its
application is similar to fault tree analysis and works only on small zone of influence of
potentially damaging consequence arising from a risk event.

Techniques for risk analysis

After risk events are identified, their characteristics need to be assessed so that it is
determined whether the risk event is worth further analysis. Once it is decided that a
risk event needs analysis then it needs to be determined whether the risk event
information can be acquired through quantitative or qualitative means. Measurement
metrics for risk also need to be determined so that these metrics can be used for
computation of risk magnitude and risk analysis leading to risk mitigation plans
(Amornsawadwatana et al., 2002).
Risk is measured using two parameters – risk probability and risk consequence
(Risk Management Standard AS/NZS 4360, 1999; Chapman and Ward, 1997;
BIJ Ward, 1999; Boehm and DeMarco, 1997; Conroy and Soltan, 1998; Duncan, 1996;
14,1 Baccarini and Archer, 2001; Patterson and Neailey, 2002; Pyra and Trask, 2002). Risk
probability or likelihood indicates a chance of a risk event occurring while risk
consequence, severity or impact represents an outcome generated from the risk event.
Risk magnitude is the product of risk probability and consequence. To measure risk
magnitude, probability and consequence of a risk event needs to be determined, which
28 constitute the risk assessment function.
In practice, the risk quantities are either quantitative or qualitative in nature. The
quantitative approach to determination of risk parameters requires analysis of
historical data through statistical analysis. In many instances, quantitative data is
hard to achieve and is restricted to very small domain of the problem where historical
trends could be sustained. An example of quantitative data for determining risk
consequence is a historical record of money spent on correcting non-compliance of
tooling usually used in fabrication of the type product being currently developed.
Though, the risk may not eventuate, there is a fair estimate of the cost of the risk
actually eventuating. Quantitative data is not always available when needed or not in
the form required, hence a qualitative approach using subjective assessment
techniques are often more appropriate for risk management. The subjective approach
utilizes mainly the relative measures of human judgments, feelings and opinions in
comparison to ideal situations. Though the subjective approach is influenced by
individual bias, preferences and expertise, it provides a basis for risk assessment
where it is more important to highlight risk events that are possible, rather than an
exact prediction of a catastrophic event. An example of qualitative assessment is that
the impact of the non-conformance of a fabrication tool to be used in the project is very
high, but the chance of such an eventuality is very low. Though, the terms very high
and very low can be represented on a nominal scale, it is not an exact measure.
Organisations employ qualitative assessment techniques to identify risk because an
expert opinion is the best source available, rather than an unreliable quantity.

Techniques for risk analysis

The function of risk analysis is to determine influence of risk factors on the system as a
whole. Risk events form a cumulative effect on one or more aspects of the project and it
is easier to mitigate risk events if they can be bunched in groups and preferably dealt
at a higher level in the long run than focusing on one particular risk event, in which
case the project is likely to be micro-managed. Several techniques in the literature that
are currently applied for project analysis can also be applied for risk analysis.
These are summarized in this section.

Probability and impact grids

Risk events represented on a grid consisting of probability on one axis and impacts on
another are often used to define threshold regions on the grid, which represent high
risk events based on past experience or organizational procedures (Risk Management
Standard AS/NZS 4360, 1999; Chapman and Ward, 1997; Ward, 1999; Pyra and Trask,
2002; Stewart and Melchers, 1997; Royer, 2000). Probability and impact grids provide a
simple format for showing relative importance of risk events. Figure 2 shows an
example of a probability and impact grid (Royer, 2000).
Estimation of system reliability Techniques for
System reliability estimation is technique of determining chance of a system element risk management
such that it is functioning without a failure in a specified time period (Dhillon, 1982;
Birolini, 1993; Henley and Kumumoto, 1991). System elements are integrated together in projects
as having either a serial or a parallel relationship and traditional reliability calculations
are then used to determine the overall reliability of the system, representing its health.
Hence, cumulative effects on the critical components of the project are determined as 29
the system reliability.

Fault tree analysis

Fault tree analysis determines the chance or a failure event occurring in the project
structure represented in a fault tree (Cross, 2001; Dhillon, 1982; Stewart and Melchers,
1997). Further, the top-level chance or a failure is determined from events in lower
levels passing through logical gates. This analysis provides an overview of risk in the
overall project through top-level analysis or specific components of the project through
analysis at lower levels.

Event tree analysis

Event tree analysis determines how likely a particular event represented on an event
tree is likely to happen from an initial event (Cross, 2001; Stewart and Melchers, 1997).
The probability of occurrence of a particular outcome is determined as a product of all
probabilities of occurrence in the associated branch. Owing to this examination of all
failures that are possible for an outcome, event tree analysis leads to a comprehensive
mitigation plan.

Sensitivity analysis and simulation

Sensitivity analysis is a what-if type of analysis to reflect on responses by the system
as project conditions change (Clemen, 1996; Clemen and Reilly, 2001; Perry, 1986).
A baseline for the project metrics is generated as a precursor to a what-if analysis and
then project conditions are manipulated to determine their effect on the project metrics.
This leads to an understanding of the system response to changing project situations.
Simulation is used as an extension to the sensitivity analysis (Berny and Townsend,
1993). In simulation, a system model is constructed to reflect actual processes with
project parameters and constraints. Then, the values for the risk parameters and
constrains are randomly selected in a predefined range (Ahmed et al., 2003a, b).
A collation of the effects are tabulated and statistically analysed to provide an insight
into the system behaviour under various conditions (Duncan, 1996). Simulation is a
flexible technique for risk analysis, but requires large simulation runs to provide
sufficient data for statistical analysis.

5
5 1
4
Impact

4
3 3 2
2
1 Figure 2.
Probability and
1 2 3 4 5
impact grid
Likelihood
BIJ Techniques for risk evaluation
14,1 Risk evaluation is the function of risk management where risk events need to be prioritised
so that risk mitigation plans are determined either based on past experience, lessons
learnt, best practices, organizational knowledge, industry benchmarks and standard
practices (Ahmed et al., 2003a, b). In risk evaluation, different aspects of the project –
strategic, budget or schedule may be considered in light of a risk event to determine risk
30 mitigation options and incorporate the most suitable option into a mitigation plan. This
section describes several evaluation techniques that can be applied for risk evaluation.

Decision tree analysis

Decision tree analysis is used to structure a decision process and evaluate outcomes
from uncertain events (Webb, 1994; Clemen, 1996; Taha, 1997; Russell and Taylor,
2000; Duncan, 1996; Clemen and Reilly, 2001; Perry and Haynes, 1985). In decision
trees, decision nodes and chance nodes are represented graphically and expected
monetary values (EMV) are attached to the nodes. EMV is then used to calculate
expected returns from decisions and select the decisions that generate the maximum
returns (Clemen, 1996; Russell and Taylor, 2000; Clemen and Reilly, 2001; Perry and
Haynes, 1985). Figure 3 shows decision tree analysis for an investment. Decision tree
analysis incorporates probability of returns associated with decisions and estimation
of expected returns, which could be misleading in situations that are out of the normal.
As such decision tree analysis should be used with caution for risk analysis.

Portfolio management
Portfolio management compares multiple projects with respect to risk in investment
and returns (DeMaio et al., 1994; Clarke and Varma, 1999; Dickinson et al., 2001).
Projects are positioned on a matrix of risk magnitude and return, with high risk low
return projects being located at a different location to low risk and high return projects.
This enables decisions to be derived for corporate governance, based on the company
strategy and the maximum portfolio value, through calculation of a utility value for a
project (DeMaio et al., 1994). In project risk management, multiple risk events may be
compared by placing them on a matrix of risk magnitude against a return. Mitigation
options are then derived from predefined utility values.

Multiple criteria decision-making method

Multiple criteria decision-making method considers different project attributes
including the negative and the positive factors of a decision (Webb, 1994; Remenyi and

0.6 $120,000

Invest −$50,000
0.4

Figure 3. Do not invest $0

Decision tree analysis
EMV=120,000 (0.6) + [−50,000 (0.4)] = $52,000
Haefield, 1996). Project attributes are weighted according to project predominance of Techniques for
the predefined criteria. The product of the relative weight and the score for an attribute risk management
gives a weighted score for that attribute. The project is then evaluated through a
difference from a standard project attribute. If the total weighted score turns out to be in projects
positive, then the project should be selected; otherwise, the project should be rejected.
This technique can be applied to risk analysis if risk events are compared to standard
events and weighted against them. 31
Risk mitigation
Risk events diminish project objectives when harmful effects realize due to unforeseen
circumstances. Risk management attempts at studying in detail, all aspects of project
management, so that all controllable events have an action plan or a risk mitigation
plan. A reactive approach or a feed back approach refers to risk mitigation actions
initiated after risk events eventuate and can be seen as initiation of contingency plans.
On the other hand, a pro-active approach or a feed forward approach refers to actions
initiated based on chance of a risk event occurring, such as insurance (Kartam and
Kartam, 2001; DeMaio et al., 1994). A combination of these two approaches is applied to
risk management to avoid risk, reduce the likelihood of risk, reduce the impact of risk,
transfer risk, or to retain the risk (Risk Management Standard AS/NZS 4360, 1999).

Framework for risk management tools

A framework for risk management tools can be developed in relation to the risk
management process in Figure 1 and is shown in Figure 4. Context establishment
function is accomplished through techniques presented in the third section of this

Risk Model &

Context Query
Establishment Mechanism
Interactive & Collaborative Interface

Prior Risk
Risk Knowledge
Identification
Risk Focussed Project Team

(Repository)

Qualitative &
Risk Analysis Quantitative
Measures

Decision
Risk Support
Evaluation Systems

Risk
Treat Risks Mitigation Figure 4.
Planning Framework for risk
management tools
BIJ paper and the result is an establishment of a risk structure that will facilitate the
14,1 subsequent functions in the risk management process. For example, in process
focussed risk management context, the risk model could be a process model. Then,
information features such as technical, financial, schedule, organisational, etc.
aspects may be tagged to the process units to provide a relevance for risk
assessment. A risk query mechanism may then be formulated through techniques
32 presented fourth section and imposed on the process model through interactive or
collaborative interfaces to collect quantitative and qualitative data as described in
fifth section. The risk evaluation consists of decision support systems using
techniques presented in sixth section of this paper. Risks worth investigating
further due to their high chance of occurring or high potential impacts or
leading to new opportunities are then pursued leading to being treated. This whole
process of risk management is collaborative and requires incremental contributions
from all participants within the organization and supplementing project
management approach, which is more proactive.

Conclusions
Project risk management endeavours to supplement project management practices
by investigating project structure, organizational environment, external
environment, products, processes and procedures in detail. It further, supplements
the existing knowledge with lessons learnt, best business practices, industry
benchmarks and case studies such that risk mitigation plans are in place when risk
events do eventuate. This prevents crisis situations and also provides future
avenues for opportunities.
This paper presents techniques that are commonly used in project management
and elsewhere, outlining their usefulness to project risk management, especially in
CE projects. These techniques add to an understanding of risk management
functions and build on team communication and collaboration, not necessarily
completely dependent on a collaborative computer network or a computer
application. All the techniques presented in this paper have their own
characteristics and a specific realm of application. As such, a combination of these
techniques is likely to fulfil most needs for risk management by a project team and
evolve tools that are tailored for their needs but are generic in structure. Several
software tools are also commercially available for risk management, but they address
only a specific aspect of risk management using limited number of techniques
presented in this paper. The framework for risk management tools presented in this
paper provides an integrated approach to risk management in projects that can be
used for development of risk management tools that suit specific domain but are
generic in structure and may or may not be in the form of computer applications.
Current state of development in hardware and software technology enables
integration of applications for the techniques presented in this paper. There are many
risk management tools commercially available to support project management but
tend to address either a limited scope of application or limited processes in risk
management. Future developments in integrated and generic tools will lead to
widespread use of risk management principles in project management, retain
organisational knowledge and provide a competitive business edge.
References Techniques for
Ahmed, A. et al. (2003a), “A conceptual framework for risk analysis in concurrent engineering”, risk management
(R1.6 Paper No. 86), Proceedings of the 17th International Conference on Production
Research, 4-7 August, Blacksburg, Virginia, USA. in projects
Ahmed, A., Amornsawadwatana, S. and Kayis, B. (2003b), “Application of ARENA simulation to
risk assessment in concurrent engineering projects”, Proceedings of the 9th International
Conference on Manufacturing Excellence - ICME, 13-15 October, Melbourne, Australia. 33
Amornsawadwatana, S. et al. (2002), “Risk mitigation investment in concurrent design process”,
Proceedings of the International Conference on Manufacturing Automation – ICMA, Hong
Kong, China, Professional Engineering Publishing Ltd, Suffolk.
Ang, C.L. and Gay, R.K.L. (1993), “IDEF0 modelling for project risk assessment”, Computer in
Industry, Vol. 22, pp. 31-45.
Baccarini, D. and Archer, R. (2001), “The risk ranking of projects: a methodology”, International
Journal of Project Management, Vol. 19 No. 3, pp. 139-45.
Badiru, A.B. (1993), “Scheduling of concurrent manufacturing projects”, in Parasaei, H.R. and
Sullivan, W.G. (Eds), Concurrent Engineering: Contemporary Issues and Modern Design
Tools, Chapman & Hall, London, pp. 93-109.
Badiru, A.B. (1996), Project Management in Manufacturing and High Technology Operations,
Wiley, New York, NY.
Berny, J. and Townsend, P.R.F. (1993), “Macrosimulation of project risks – a practical way
forward”, Risk Management, Vol. 11 No. 4, pp. 201-8.
Birolini, A. (1993), “Design for reliability”, in Kusiak, A. (Ed.), Concurrent Engineering:
Automation, Tools, and Techniques, Wiley, New York, NY, pp. 307-47.
Boehm, B.W. and DeMarco, T. (1997), “Software risk management”, IEEE Software, Vol. 14 No. 3,
pp. 17-19.
Caillaud, E. et al., (1999), “A framework for a knowledge-based system to risk management in
concurrent engineering”, Concurrent Engineering: Research and Applications, Vol. 7 No. 3,
pp. 257-67.
Chapman, C.B. and Ward, S.C. (1997), Project Risk Management: Processes, Techniques and
Insights, Wiley, Chichester.
Clarke, C.J. and Varma, S. (1999), “Strategic risk management: the new competitive edge”, Long
Range Planning, Vol. 32 No. 4, pp. 414-24.
Clemen, R.T. (1996), Making Hard Decisions: An Introduction to Decision Analysis, Druxbury
Press, New York, NY.
Clemen, R.T. and Reilly, T. (2001), Making Hard Decisions with Decision Tools, Druxbury
Thomson Learning, Toronto.
Colquhoun, G.J., Baines, R.W. and Crossley, R. (1993), “A state of the art review of IDEF0”,
International Journal of Computer Integrated Manufacturing, Vol. 6 No. 4, pp. 252-64.
Conroy, G. and Soltan, H. (1998), “ConSERV, a project specific risk management concept”,
International Journal of Project Management, Vol. 16 No. 6, pp. 353-66.
Cross, J. (2001) Lecture Notes for SESC9211: Risk Management, School of Safety Science,
The University of New South Wales, Sydney.
Dawson, C.W. and Dawson, R.J. (1995), “Generalised activity-on-the-node networks for managing
uncertainty in projects”, International Journal of Project Management, Vol. 13 No. 6,
pp. 353-62.
BIJ Dawson, R.J. and Dawson, C.W. (1994), “Clarification of node representation in generalised
activity networks for practical project management”, International Journal of Project
14,1 Management, Vol. 12 No. 2, pp. 81-8.
Dawson, R.J. and Dawson, C.W. (1998), “Practical proposals for managing uncertainty and risk in
project planning”, International Journal of Project Management, Vol. 16 No. 5, pp. 299-310.
DeMaio, A., Verganti, R. and Corso, M. (1994), “A multi-project management framework for new
34 product development”, European Journal of Operational Research, Vol. 78 No. 2, pp. 178-91.
Dhillon, B.S. (1982), Reliability Engineering in Systems Design and Operation, Van Nostrand
Reinhold Company, New York, NY.
Dickinson, M.W., Thornton, A.C. and Graves, S. (2001), “Technology portfolio management:
optimizing interdependent projects over multiple time periods”, IEEE Transactions on
Engineering Management, Vol. 48 No. 4, pp. 518-27.
Duncan, W.R. (1996), A Guide to the Project Management Body of Knowledge, Project
Management Institute, Newtown Square, PA, pp. 111-21.
Eppinger, S.D. et al. (2001), “DSM tutorial”, available at: http://web.mit.edu/dsm/Tutorial/
tutorial.htm
Henley, E.J. and Kumamoto, H. (1991), Probabilistic Risk Assessment: Reliability Engineering,
Design and Analysis, IEEE Press, New York, NY.
Jaafari, A. (2001), “Management of risks, uncertainties and opportunities on projects: time for a
fundamental shift”, International Journal of Project Management, Vol. 19 No. 2, pp. 89-101.
Jo, H.H., Parasaei, H.R. and Sullivan, W.G. (1993), “Principles of concurrent engineering”,
in Parasaei, H.R. and Sullivan, W.G. (Eds), Concurrent Engineering: Contemporary Issues
and Modern Design Tools, Chapman & Hall, London, pp. 3-23.
Kara, S., Kayis, B. and Kaebernick, H. (1999), “Modelling concurrent engineering project under
uncertainty”, Concurrent Engineering: Research and Applications, Vol. 7 No. 3, pp. 269-74.
Kartam, N.A. and Kartam, S.A. (2001), “Risk and its management in the Kuwaiti construction
industry: contractors’ perspective”, International Journal of Project Management, Vol. 19
No. 6, pp. 325-35.
Kletz, T.A. (1985), “Eliminating potential process hazards”, Chemical Engineering, Vol. 92 No. 4,
pp. 48-68.
Kumamoto, H. and Henley, E.J. (1996), Probabilistic Risk Assessment and Management for
Engineers and Scientists, IEEE Press, Piscataway, NJ.
Kusiak, A. and Zakarian, A. (1996), “Reliability evaluation of process models”, IEEE
Transactions on Components, Packaging and Manufacturing Technology – Part A, Vol. 19
No. 2, pp. 268-75.
Kusiak, A., Larson, T.N. and Wang, J. (1994), “Reengineering of design and manufacturing
processes”, Computers & Industrial Engineering, Vol. 26 No. 3, pp. 521-36.
Larson, N. and Kusiak, A. (1996a), “Managing design processes: a risk assessment approach”,
IEEE Transactions on System, Man and Cypernetics – Part A: Systems and Humans,
Vol. 26 No. 6, pp. 749-59.
Larson, N. and Kusiak, A. (1996b), “System reliability methods for analysis of process models”,
Journal of Integrated Computer-Aided Engineering, Vol. 3 No. 4, pp. 279-90.
Lawley, H.G. (1974), “Operability studies and hazard analysis”, Chemical Engineering Progress,
Vol. 70 No. 4, pp. 45-56.
Malmstrom, J., Pikosz, P. and Malmquist, J. (1999), “Complementary roles of IDEF0 and DSM for Techniques for
the modelling information management process”, Concurrent Engineering: Research and
Applications, Vol. 7 No. 2, pp. 95-103. risk management
Mayer, R.J. et al. (1995), “Information integration for concurrent engineering (IICE)”, IDEF3 in projects
Process Capture Method Report, Human Resources Directorate Logistics Research
Division, Armstrong Laboratory, Wright-Patterson AFB, OH.
Patterson, F.D. and Neailey, K. (2002), “A risk register database system to aid the 35
management of project risk”, International Journal of Project Management, Vol. 20 No. 5,
pp. 365-74.
Perry, J.G. (1986), “Risk management – an approach for project managers”, Project Management,
Vol. 4 No. 4, pp. 211-6.
Perry, J.G. and Haynes, R.W. (1985), “Risk and its management in construction projects”,
Proceedings of Institution of Civil Engineers, pp. 499-521.
Pyra, J. and Trask, J. (2002), “Risk management post analysis: gauging the success of a simple
strategy in a complex project”, Project Management Journal, Vol. 33 No. 2, pp. 41-8.
Raftery, J. (1994), Risk Analysis in Project Management, Chapman & Hall, London.
Remenyi, D. and Heafield, A. (1996), “Business process re-engineering: some aspects of how to
evaluate and manage the risk exposure”, International Journal of Project Management,
Vol. 14 No. 6, pp. 349-57.
Risk Management Standard AS/NZS 4360 (1999) Risk Management Standard AS/NZS 4360,
Standards Association of Australia, Sydney.
Roach, J.R. and Lees, F.P. (1981), “Some features of and activities in hazard and operability
(Hazop) studies”, The Chemical Engineer, October, pp. 456-62.
Royer, P.S. (2000), “Risk management: the undiscovered dimension of project management”,
Project Management Journal, Vol. 31 No. 1, pp. 6-13.
Russell, R.S. and Taylor, B.W. III (2000), Operations Management, Prentice-Hall Inc.,
Upper Saddle River, NJ.
Salamone, T.A. (1995), What Every Engineer Should Know About Concurrent Engineering,
Marcel Dekker, New York, NY.
Sarkis, J. and Lin, L. (1994), “An IDEF0 functional planning model for the strategic
implementation of CIM systems”, International Journal of Computer Integrated
Manufacturing, Vol. 7 No. 2, pp. 100-15.
Steward, D.V. (1981), Systems Analysis and Management: Structure, Strategy and Design,
Petrocelli Books Inc., New York, NY.
Stewart, M.G. and Melchers, R.E. (1997), Probabilistic Risk Assessment of Engineering Systems,
Chapman & Hall, London.
Taha, H.A. (1997), Operations Research: An Introduction, Prentice-Hall, Upper Saddle River,
NJ.
Tavares, L.V. (2002), “A review of the contribution of operational research to project
management”, European Journal of Operational Research, Vol. 136 No. 1, pp. 1-18.
Ward, S.C. (1999), “Assessing and managing important risks”, International Journal of Project
Management, Vol. 17 No. 6, pp. 331-6.
Webb, A. (1994), Managing Innovative Projects, Chapman & Hall, London.
Wiest, J.D. (1981), “Precedence diagramming methods: some unusual characteristics and their
implications for project managers”, Journal of Operations Management, Vol. 1 No. 3,
pp. 121-30.
BIJ Williams, T. (1995), “A classified bibliography of recent research relating to risk management”,
European Journal of Operational Research, Vol. 85 No. 1, pp. 18-38.
14,1
Further reading
Klein, J.H. and Cork, R.B. (1998), “An approach to technical risk assessment”, International
Journal of Project Management, Vol. 16 No. 6, pp. 345-51.
36
Corresponding author
Ammar Ahmed can be contacted at: [email protected]

To purchase reprints of this article please e-mail: [email protected]

Or visit our web site for further details: www.emeraldinsight.com/reprints

View publication stats