Project Risk Management – PM0007

SET-1

Q.1 Explain risk management process and its each steps in details.

Ans:

Projects face many risks. Managing these risks is therefore an integral part of any project
management. Risk management helps you to identify and address the risks facing your business and
in doing so you achieve your businesses objectives. There is a wide convergence and international
consensus on the various elements for risk management process. The risk management process is:

 Supported by growing range of capable tools and techniques

 An accepted process worldwide
 A research base for academics
 Implemented across many organisations

A Risk Management Process describes the steps you need to take to identify, monitor, and control
risk. Risk management process helps you:
 Identify critical and non-critical risks
 Quantify the impact of the risk
 Document each risk in depth by completing Risk Forms
 Log all risks and notify management of their severity
 Take action to reduce the likelihood of risks occurring
 Reduce the impact on your business, should risk eventuate

Risk management becomes even more significant if your project aims to enter into new business
areas such as launching a new service or targeting a new market. In such scenarios, your standard
risks are:
 Emergence of new technologies that make your product redundant.
 Competition following your suit.

Generally, a risk management process involves following five phases that are depicted in Figure 1.
This Risk management process shows you all the steps you need to take to implement Risk
Management in your organisation. Using this risk management process to monitor and control risk,
you can ensure you meet your team objectives
1. Risk Identification: Risk Identification is a process of identifying the risks associated with
your business activities – in a methodical manner. Risk identification starts with the problem
source or with the problem itself. So after establishing the context the next step is to identify
the potential risks.

2. Analysis of Source: The target of risk management is the internal or external risk sources in
the system. The stakeholders in a project, the employees in a company or the weather in the
airport may be the best examples for risk sources.
3. Analysis of Problem: Risks are deviation from assumption, it is essential to identify risks
related to threats. The best examples are the accident and casualty threat, private
information abuse, or money losing threat. The government legislative bodies, shareholders,
and customers are few threats with various entities.

4. Culture, industry practice, and compliance depend on the chosen method for identification
of risks. There are number of ways by which you can go about identifying risks:
 1. Risk identification by Objective-based: The event which prevents you from achieving an
objective completely or partially is identified as risk and every project and organisations
have these objectives.
2. Risk identification by Scenario-based: The scenarios are usually the ways to achieve an
objective or to analyse the interaction of forces. Any scenario that triggers an undesired
event is identified as risk.
3. Risk identification by Taxonomy-based: This risk identification is a breakdown of possible
risk sources.
4. Risk identification by Common-risk checking: Many industries list out their known risks
and share them. Each risk in the list can be checked for application to a particular situation.

5. Risk identification by Risk charting: This risk identification is done by listing Resources at
risks and combining the above approaches. In this method of identification you can start
with threat and identify the resource that will be affected or you can examine the
consequences and then determine the combination of threat and resource.
After the risk identification, it becomes essential to assess the risks so that the right actions
can be planned for the same. In the case of value of building loss or in the case of probability
of an unlikely event occurring, it is easier to arrive at these quantities.
But statistical information is not accessible in all kinds of risks that might have occurred in the past,
thus project managers are faced with this difficulty in assessing risks. To evaluate the rigorousness of
the impact of risk is often difficult for immaterial assets. However, assessment of risk must produce
information such that the information can be used by the management in an organisation to identify
risks and prioritise risk management decisions. There are several theories for quantifying risk
attempts. Out of the many different risk formulas that exist, the most accepted formula for
quantification of risk is:
Risk = Rate of Occurrence x Impact of the event
The financial benefits of risk management are independent of the formula used, although they are
more dependent on frequency and how the risk assessment is executed.

2. Risk Probability: Assessing the probability of the occurrence of the risk is known as Risk
Probability. The first problem in assessing the probability of project risks is the term itself.
“Probability” has an accurate numerical meaning. The best method for assigning probability is
measuring the relative frequency or likelihood of occurrence of an event, where the values lie
between impossibility (zero) and certainty (one). The uncertainty dimension such as “frequency”,
“likelihood” or “chance” is the major component of risk probability.
3. Risk Response: Being prepared on how to respond to the occurrences of risk is called as Risk
Response. There are a few things you can do about a response to any risk, and the strategies are:
Avoidance of Risk: The risk has to be avoided, do something to remove the risk. For example use
another supplier. Avoiding risks also means loss in the potential gain for the organisations that retain
or accept the risks which have been allowed. Possibility of earning profits is also avoided by not
entering a business that may avoid the risk loss.
Transfer of Risk: Risk has to be transferred, someone will be responsible. Possibly a vendor will be
made responsible for a particularly risky part of project, a third party by outsourcing or an insurance
company. The original risks are likely to still revert to the first party if the insurance company or
contractor goes bankrupt or end-up in court. So practitioners and scholars alike, the insurance
contract purchased is often called as a “risk transfer”
Mitigation of Risk: The risk has to be mitigated. You need to take measures to reduce the impact or
chance for the risk to occur. If the risks are related to availability of resources, make an agreement
and sign-off for the available resource.
Prevention of Hazard: Prevention of risks in an emergency refers to the hazard prevention.
Elimination of hazards is the most effective stage of hazard prevention. If this is too long, too costly,
or impractical then the second stage is mitigation of hazards which prevents hazards from occurring.
Reduction of Risk: This method involves the reduction of likelihood of the loss of occurrence, or the
severity of the loss. For example, sprinklers are designed to put out a fire to reduce the risk of loss by
fire. This is not suitable because of the greater loss by water damage. By developing and delivering
software incrementally, the modern software development methods reduce the risk.
Retention of Risk: Involved the acceptance of loss. True self insurance falls in this category. Strategy
for small risk is viable in risk retention, in which the cost of against risk insuring is greater over time
than the sustained total loss. By default, all risks are not transferred or avoided. This includes risks
which are very large can either be feasible or insured.
A response in risk planning includes the approach and the strategy addressed by items. The actions
include when it should be finished, who is going to do it, and what needs to be done.

4. Risk Measures: This is a process by which an organisation initiates measures to effectively

deal with the consequences when the risk actually occurs. To understand this in a better
way, you can use the two dimensional table given on page 8 wherein the risk is quantified.
The impact and the probability of the risk must be evaluated in a simple scale of 1 to 4. The
greater the number, the higher is the intensity and impact.

If the probability is more, and the impact is less, it is a medium risk. So, if impact is more,
and probability is less, it is a high priority risk. Using this method, risk can be quantified to a
certain extent.

5. Risk Tracking: Tracking and monitoring the effectiveness of your risk management approach
is a very important process. To track risks, project managers should hold regular risk reviews
to identify actions which are outstanding, probability of risks, and the impact of risk. This
process helps in removing the risks that are no more valid and the new risks can be
identified and added. This continuous monitoring of risks to determine any changes in its
status, or if they turn into any issues is an essential part of risk management process.
 Any risk management process also requires running risk reviews regularly to identify and
quantify risks. This enables you to track risks that have occurred and build mitigation plans
thereby curbing their recurrence to the bare minimum. As a result the process of risk
management will be useful in:
 Improving the decision-making, prioritisation, and planning.
 Helps you in allocating the capital and resources effectively.
 Anticipating what might have gone wrong and minimising the amount of fire-fighting that
you may want to do.
 Preventing disaster and even serious financial loss in a difficult case scenario.
 Delivering your business plan on time and to budget it significantly improves the
probability.