Available online at

www.icesba.eu

Procedia of
Economics and Business
Administration
ISSN: 2392-8174, ISSN-L: 2392-8166

Risk Identification in Project Management

Ungureanu Anca, Braicu Cezar, Ungureanu Adrian,
1
USH Bucuresti, Romania
Email: [email protected], [email protected],
[email protected]

Abstract: Project risk is an uncertain event, provided that, if it occurs, will have a
positive or negative effect on one or more of the objectives of the project, such as
scope, schedule, cost and quality. Risk conditions could include aspects of the
project or organization, years of ongoing risk environment that contributes to the
project such as practice immature project management, lack of integrated
management systems, competing projects, or dependency on external participants
who are direct control over project. Literature Project management plays different
definitions of project risk. The variety of definitions for project management risk is
caused by the fact that each project (eg in IT projects, construction projects, etc.)
may have specific types of risks that may affect project results in different
proportions. However, the nature of risks in a project is the same for each type of
project, so you should create a common definition of risk.

Keywords: risk management, project management, plan, evaluation, analysis,

control

JEL classification: G32

Introduction
The risk in project management refers to a range of probabilities that cause an adverse
event and therefore the results prior to the event. Risks in project management can be
identified, estimated, assessed and controlled risk management activities of the project.
Management of project risk management can be described as a complex process of
planning, identification, analysis, evaluation and control of project risks. [1 A Guide to the
Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p. 488-489].

1 USH Bucuresti, Romania, Email: [email protected], [email protected],

[email protected]

259
1. Risk Identification in Project Management - Determining Processes and
Tools
Efficient organization of a project means the existence of clear lines of command.
Moreover, also because each project participant knows what to do to ensure success of
the work. [2 Lock D., 1996].
The organization of risk management in project management is an important process; it
entered the project manager's responsibility. The process is composed of several sub-
processes:
1. Planning Project Risk Management - includes a series of activities taken into
account when building risk management plan project management.
2. Identification of the major risks in project management is the process of the
implementation of strategies for identifying and managing major risks that may
affect a project and describing the characteristics of these types of risks.
3. Risk analysis is a trial project which aims to analyze the influence of identified
risks on the project.
4. Risk Assessment Project is a process that enables the creation of risk profiles. A
risk profile is a format that plays all risk frameworks and provides a basis for
complex data and information from risk prioritization and rapid identification of
strategies for reducing and / or eliminating the risks.
5. Risk control project involves the implementation of risk mitigation agendas and
draft action plans to minimize / eliminate the risks, developed during meetings
of project management.
Identifying risks in a project is a basic step in the management of project risk
management. Through special tools to identify risks, all data collected and analyzed with
the aim to identify risks is an essential basis for risk analysis projects, risk assessment and,
moreover, for an accurate survey of the future potential risks [3, McNeil, Frey, Embrechts,
2005].
Attitudes to risk, both the organization and stakeholders can be influenced by a number of
factors, which are broadly classified into three groups [4, PMBOK, 2013]
1. The risk appetite is the uncertainty of an entity that is willing to take the risk in
anticipation of a reward.
2. Risk tolerance is the degree, amount or volume risk for an organization or an
individual will exhibit resistance.
3. Risk Threshold refers to measures relating to the impact of risk on the project,
stakeholders in this situation may have an interest. Below this threshold of risk,
the organization will not accept the risk. Above this threshold of risk, the
organization will tolerate risk.
Risk identification is the process of determining which risks may affect the project and
documenting their characteristics.
The key benefit of this process is documentation of existing risks and the knowledge and
skills offered by the project team anticipate risk events. Inputs, tools, techniques and
results of this process are described in the following figure.
Participants in activities to identify risks include: project manager, project team members,
team management risk (if assigned), customers, and experts from outside the project
team, end users, other project managers, stakeholders, and risk management experts.
Risk identification is a complex process because new risks may evolve or become known
project that arose. Format risk situations should be consistent, to ensure that every risk is

260
understood clearly and unequivocally in order to support effective analysis and develop
the right answer. Statement of risk [6, PMBOK, 2013] should be supplemented so that the
information recorded to provide the ability to compare the relative effect of risk against
other hazards on the project. The process should involve project team, so as to develop
and maintain a sense of ownership and responsibility for the risks associated risk and
actions.

Tools and
Imputs Outputs
techniques
Risk Management Plan
Cost management plan Guest documentation

Management Plan Program

Techniques of collecting
information
Quality management plan

Human Resources Management Analysis Checklist

Plan
Field Reference analysis assumptions
Estimated costs of activity
Risk register
The schedule Diagramming Techniques
Registration stakeholders
project documents SWOT analysis
Procurement Documents
Environmental factors of the Expert Opinion
company

Figure 1: The process of determining risk

Source: Personal processing after Cercetări privind normele metodologice și procedurile de pregătire,
implementare și evaluare a rezuultatelor proiectelor – thesis Ungureanu A. author, ASE , Bucharest 2014

Global emerging risks affect both Governments and stakeholders from all sectors of
business. In order to manage them effectively and to develop a resistance to cope with
their impact, we have to understand, to measure and to forecast the interdependence of
these emerging global risks by expanding and diversifying the traditional instruments of
risk management. [7, Gurgu E, Savu C. S., 2014]
The problem of identifying risks in a project and how to find the solution of solving them
can be treated successfully if the project manager and management team know how to
identify risks and apply the correct reduction or elimination risks. Such a process can be
addressed when the project manager establishes a system of risk identification and
mitigation, which includes the following elements:
1. Project management team. The project manager needs to form the team in time
by hiring experts in project
2. Project organization. How is organized a project defines the project's success.
Project organization includes primary documents (graph activities, project budget, project
team, project plan, etc.), communication channels, time management tools, feedback etc.
3. Technical problem. The project manager must anticipate potential risks, to ensure
that equipment is delivered on time, costs are not overstated, implementation
methodology is well chosen, and the team of technical experts knows how to perform risk
analysis and how to implement specific mitigation instruments.
261
 4. The legal problem. The project manager needs to start the project agreement
from the owner of the project in order to start the project.
5. Software tools for identifying risks. Software risk identification allows the project
manager to plan and control the process of risk identification through the use of tools. The
software also allows the creation of checklists project risk and project risk models that
simplify and organize documents contribute to a better recognition of the key risk factors
that may influence the results of the project. [8, PMBOK, 2013].
A project manager must coordinate a range of tools necessary to achieve objectives such
as:
1. Task management tool. The project manager can design tools for identifying
risk and assign tasks in this regard to the project team.
2. The instrument programming. The tasks assigned to the project team,
identifying potential risk associated with the project risk analysis and risk management
solutions should be planned and prioritized so that the project team knows the order and
terms of their realization.
3. Exchange of experience. Members of a project team must collaborate among
themselves and with other project teams within the same organization, in order to
exchange knowledge and methodologies to identify, analyze and manage risks.
4. Reporting tools. The project manager assumes responsibility for creating and
sending reports to identify risks in a project implementation and management of project
risks.
In the software risk identification technical security controls exist [9, Stoneburner,
Goguen, Feriga, 2002], risk mitigation, which can be configured to protect against various
types of data threats.
Technical controls can be grouped into the following categories, depending on the main
goal:
1. Checks support. These are generic and underlie many IT security capabilities.
These controls should be in place in order to implement other commands.
2. Preventive controls. Prevention focuses primarily on preventing security
breaches from occurring.
3. Detection and recovery. These controls focus on detecting and recovering data
and information from a security breach.

2. Risk analysis in Project Management

2.1 Management of risk Analysis in Project Management
Risk analysis phase of a project enables the estimation and evaluation of all potential risks
that may arise during implementation. The risk analysis of the project is an effective way
of ensuring that the strategies used to control potential risks of the project are profitable.
Risk Analysis project involves a series of steps to quantify the impact of uncertainty on a
project. These activities are: risk identification, assessment of the likelihood and impact of
the project estimate. The purpose of risk management analysis is to identify and estimate
potential threats and then choosing the appropriate method to reduce or eliminate
hazards. [10, McNeil , Frey , Embrechts, 2005]
Management risk analysis consists of three coherent activities:
1. Identifying threats;
2. Assessment of their probability of occurrence ;
3. Estimate the impact on the project in terms of working time.
262
 4. In this regard, recourse to create a checklist of risk analysis, list describes a
series of steps to be taken to complete the activities.
5. Identify threats. This activity is to identify all the possible events that appear
to be risky for the project.
6. Probability assessment. It is recommended to investigate each identified risk
to create a database with detailed descriptions of risks, assessing how risks can lead to a
failure of the project, given the budget, the completion date of the project and
performance targets, the methods and analysis techniques (eg, PERT - Program Evaluation
and Review Technique) to identify the probability of risk and assess possible deviations
from the main features of the project.
7. Estimate the impact. One of the best ways to estimate the impact of a risk is
to multiply the likelihood of risk to the amount necessary to reduce costs and / or
eliminate the risk and return of the project on track.
Once the value of project risks were identified and estimated analysis management
process is geared towards finding ways of managing risk.
Managing project risk analysis can be done using:
1. Assets available. The available resources can be used to improve existing
mechanisms and systems, reallocating roles and responsibilities, delegation of tasks to
improve supervision and internal control etc.
2. Emergency Planning. Contingency planning involves accepting risk and
continuing to implement an emergency plan to reduce or eliminate the negative impact of
risk accepted.
3. External resources. The analysis of risk management sometimes requires
additional resources when existing assets are not sufficient to solve problems concerning
the project.
2.1 Risk Management in Project Management
Strategy Risk management refers to the scope and course of action taken by experts
practitioners of project management, in order to take into account the probability of
resulting consequences both positive and negative, in a project due to risk effects [11,
Stephen Coulter, Largton, 2009].
The strategy of risk management for a project is a comprehensive plan that combines
tools and methods to identify , analyze and mitigate negative consequences (so-called
threats ) that may affect the project, and at the same time explores the positive
consequences (so-called opportunities ) that can improve the project's potential. In this
context, any project there are both threats and opportunities.
A risk manager should design a comprehensive action plan, on how risks will be managed
and opportunities in the implementation phase of a project. A risk management strategy is
divided into several stages:
- Risk management plan development and opportunities;
- Taking steps to identify project risks and to reduce the likelihood of them;
- Communication with the project team and the stakeholders to collect and
analyze information risk management project;
- The use of software project risk management, the processing of the information
obtained, creating a risk register and, implicitly, a database project risk management;
- The generation and reporting of project risk under regular meetings with the
project team and other persons of interest.

263
Many articles and books published in describing risk in project management strategy as a
combination of risk management activities opportunities and threats. In this regard, a
strategy for managing project risk can be considered a well-structured, which consists of
two components, such as management analysis of the opportunities and management
managing threats [12, McNeil, Frey, Embrechts, 2005] .
Risk Plan is the development of options and actions to enhance opportunities and to
reduce threats to project objectives. Specialists in project management stresses that a
well-developed risk management can reduce the failure rate of the project as much as
about 60-70 % [13, PMBOK, 2013].
Such a plan, in direct correlation with a strategy of risk management well defined, will help
project managers and stakeholders of project management to identify and resolve most
potential problems and also to anticipate and respond to changes implicitly held
throughout the project life cycle.
Risk management plan is developed and approved during risk management and is
essential to project success, allowing the team to prevent losses and to avoid adverse
reactions, address risks by their priority, as needed.
This document is usually developed by the project manager in collaboration with a team of
experts (analysts, functional managers, etc.) to identify uncertainties to assess their
impact, thus focusing on strategy and exploiting correct answer opportunities.

INPUTS
Tools OUTPUTS
• Risk Management Plan
•Strategies to risks or •Updates to the project
• Risk register
threats / opportunities management plan
•Potential answers •Updated project
Strategies documents
• Expert opinion

Figure 2: Plan of project risk management

Source: Personal processing after Cercetări privind normele metodologice și procedurile de pregătire,
implementare și evaluare a rezuultatelor proiectelor – thesis Ungureanu A author, ASE , Bucharest 2014

2.2 Management of Opportunities in Project Management

Opportunities Project risk management is a set of techniques and tools to help the risk
manager to identify and understand the potential for improvement of the project
objectives. Project management opportunities refer to a process in 4 stages (identification,
analysis, planning and management). The process is following up a plan of management
opportunities. Among the positive opportunities, are: operation, share, consolidate and
acceptance [14, PMBOK, 2013].
The exploitation. This strategy can be selected and applied for risks with positive impacts
where the organization wants to ensure that the probability is possible. This strategy seeks
to eliminate the uncertainty associated with some risk, ensuring certainly can happen. For
examples of the strategy for the operation, management assigns allocating the best
resources of the organization for the project to reduce completion time or the use of new

264
technologies and upgrades of technology to reduce costs and the time required for project
goals.
Improving. The strategy is used to increase the probability and/or positive effects of
opportunities. Identification and maximization of key factors with a positive impact of
these risks may increase the likelihood of their occurrence. Examples of consolidation
opportunities include adding more resources to complete a task earlier.
Exchange. It is a positive risk strategy involving resource allocation of some or all of the
project owner or a third party who is involved, and capture opportunity to benefit from
the project. Examples of sharing actions include forming partnerships to share risk, teams,
special purpose companies in risk sharing or joint ventures that can be established with
the express purpose of taking advantage of the opportunities at risk.
Acceptance. It is an opportunity to seize the opportunity when it arises, but not
specifically seeking it.
2.3 Managing Threats in Project Management
Managing threats involving the use of risk management resources project to describe the
risks, to analyze their characteristics to assess the likelihood, ending with adding all
information obtained in the risk register. Manage all threats refers to a process consisting
of four stages (identification, analysis, planning and management). A project risk manager
is responsible for organizing a team to follow a treatment plan risk, finishing with
reporting on progress made in the strategy for managing project risks.
Avoid. Avoiding risk is the risk response strategy, the project team is working to eliminate
the threat or protect project impact. This strategy involves changing the project
management plan to eliminate the threat altogether. Some risks that arise at the
beginning of the project can be avoided by request clarification, obtaining information,
improving communication or an expert in the project.
Transfer. Risk transfer is a risk response strategy that the project team transferred the
impact of a threat to a third party, together with ownership of the effect. The transfer
does not mean denial of transfer risk through this process as risk transfer almost always
involves payment of a risk premium to the acquirer risk. [15, Jorion 2007] The transfer of
responsibility for risk is most effective method in relation to the risk exposure.
Alleviation. Reducing risk is a response strategy to a risk that the project team is working
to reduce the likelihood or impact of a risk. This strategy involves a reduction in the
probability and / or impact of an adverse risk to be within the predetermined acceptable
limits. Taking preventive measures to reduce the probability and / or impact of a risk,
which may arise during the implementation of a project, is often more effective than
trying to repair the damage after it has occurred risk.
Acceptance. Accepting risk is a risk response strategy that the project team decided to
recognize the risk and take no action. This strategy is adopted if it is not possible in terms
of cost-effectiveness to address a specific risk in any other way. This strategy indicates that
the project team has decided not to change the project management to face a risk or is
unable to identify any other suitable response strategy to risk retention. This strategy can
be active or passive. Passive acceptance requires no action except documentation
strategy, leaving the project team to face risks as they occur, periodically review the threat
and to ensure that it will not change significantly. The most common active acceptance
strategy is to establish a contingency reserve, including amounts of time, money or
resources to cope with risks.

265
Measures of risk management in projects should avoid negative deviations from the
establishment of the project objective, namely to reduce their consequences through
preventive measures. On the other hand, have encouraged the emergence of positive
deviations or their consequences. Policy measures should be planned and carried risks.
[16, Gareis R., Happy Projects!, 2.Auflage, 2006]

Conclusion
The risk analysis of the project is an effective way of ensuring that the strategies used to
control potential risks of the project are profitable. A risk analysis of the project initiation
phase is the starting point for developing a risk management plan. Following the steps and
activities to be performed in the model of risk analysis project, the project manager can
create the foundations for implementing risk management strategy applied throughout
the project life cycle.
Once the analysis is completed and potential risks are identified and estimated, the
project manager must work also to form a risk management team that will take
responsibility for addressing the risks and implement mitigation strategies.

References
[1] A Guide to the Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p. 488-489
[2] Lock, D. (1996), Project Management, 6th edition, Gower Publishing
[3] A. J. McNeil; R. Frey; P. Embrechts, Risk Management, Concepts Techniques Tools, Princeton University
Press, New Jersey, 2005, p. 74-75
[4] A Guide to the Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p. 107
[5] Ungureanu A., Cercetări privind normele metodologice și procedurile de pregătire, implementare și
evaluare a rezuultatelor proiectelor, Teză de doctorat ASE , București 2014
[6] A Guide to the Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p. 277
[7] Gurgu E., Savu C. S., Global Risk Management- A Necessity in a World of Vulnerabilities and of Eco-
Economy and Eco-Bio-Economy Needed by Eco-Sano-Genesis, Journal of Economic Development,
Environment and People - JEDEP- quarterly, Online Journal, 2015
[8] A Guide to the Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p.284
[9] G.Stoneburner; A. Goguen; A. Feriga, Risk Management Guide for Information Technology System,
National Institute of Standards and Technology, 2002, p. 268-269
[10] A. J. McNeil; R. Frey; P. Embrechts, Risk Management, Concepts Techniques Tools, Princeton University
Press, New Jersey, 2005, p. 311
[11] Stephen P., Robbins Mark Coulter, Nancy Largton, Management, 9th Edition, Ed. Person Education,
Canada, 2009, p. 60
[12] A. J. McNeil; R. Frey; P. Embrechts, Risk Management, Concepts Techniques Tools, Princeton University
Press, New Jersey, 2005, p. 144
[13] A Guide to the Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p. 453-454
[14] A Guide to the Project Management Body of Knowledge(PMBOK), Fifth edition, Project Management
Institute, Pennsylvania, USA, 2013, p. 276
rd
[15] P.Jorion, Value at risk the new benchmark for managing financial risk, 3 Edition, McGraw-Hill
Companies, New York, USA, 2007, p. 276
[16] Gareis R., Happy Projects!, 2.Auflage, Editura ASE, București, 2006

266