Risk Management System

Table of Contents
Introduction................................................................................................................................2

Risk Management Approach......................................................................................................3

Roles and Responsibilities of Project Team...............................................................................3

Categories of Project Risks........................................................................................................4

Risk Management Process.........................................................................................................5

Communication and consultation...........................................................................................5

Establishment of the Context..................................................................................................5

Determination of Risk Criteria...............................................................................................5

Risk Identification..................................................................................................................6

Risk analysis...........................................................................................................................7

Risk evaluation.......................................................................................................................8

Risk treatment.........................................................................................................................8

Review and monitoring..........................................................................................................9

Application of Risk Management System................................................................................10

Conclusion................................................................................................................................11

References................................................................................................................................12

Page | 1
Introduction
Risk management is very important for all types of organisation. Risk management helps an
organisation identify and manage all of the possible risks effectively. Risk management also
helps an organisation make various decisions confidently. Besides, risk management involves
five stages for managing all types of risks of an organisation. A risk management system for
an organisation to reach at the maturity level of Repeatable in the short-term and at the
maturity level of Managed in the long-term has been developed. Moreover, the effectiveness
of the developed risk management system is also analysed in this report through applying it
in a specific project.

Page | 2
Risk Management Approach
Risk management is very important for an organisation to manage all of the arising
uncertainties. Risks can change the whole planned activities of an organisation. However, all
of the risks are not bad always rather some risks can bring huge reward for an organisation.
So, risks should be managed effectively. Risk management helps an organisation manage all
of the systematic and unsystematic risks properly so that they can’t influence on final
outcome or can influence on final outcome in a little bit. Risk management includes
identification of risks, analysis of their likelihood and potentiality, development of mitigating
the risks and preparation of effective monitoring plan for monitoring the gap between actual
and expected impacts of risks and the possibility of occurrence of these risks in future.
However, project risk management is the management of the risks which has the positive and
negative impacts on the objectives of a project. Project risk management is all about
maximising the positive risks while mitigating the occurrence of negative risks. Finally, the
overall goal of a project risk management is to identify and manage the risks in such way that
makes the final outcome of the project as expectation.

Roles and Responsibilities of Project Team

Project members have some roles and responsibilities in the risk management of a project.
Generally, the project team are headed by a risk manager who leads the whole team towards
achieving the objective of mitigating risks. The whole team is responsible for managing all of
the risks. First, the team members need to identify the risks and they need to understand the
degree of those risks. Second, the team needs to analyse the types of the risks and the
potentiality of the occurrence of those risks. Third, the team need to rank the risks according
to their priority. The team members need to analyse how much impacts the risks may have on
the final outcome of the project. Fourth, the team members need to develop some strategies
for either mitigating the risks or avoiding the risks and implement the strategies properly.
Finally, the team members need to monitor the impacts of the risks and oversee whether the
gap between expectation and final outcome of the risks is low or not.

Page | 3
Categories of Project Risks
There are various types of risks in a project. The activities of a project involve wide variety of
risks. Risk management team needs to identify the associated risks for understanding the
potentiality of the occurrence of those risks. The team also needs to analyse the degree of the
risks. However, the project risks will be discussed below.

Project Risk
External Risk Internal Risks
Local Risks Global Risks
Economic Labour Construction
Physical Plant Design
Political Sub-contractor Financial
Technological change Materials Location
Site Client
Environment

Table 1: Risk breakdown structure

Source: Created by author

The risk breakdown structure categorise the risks according to internal and external risks.
Internal risks are those risks which arise from the internal activities and resources of a
project. On the other hand, external risks are somewhat uncontrollable and arise from
external activities and outside elements. The external risks need continuous scanning and
analysis.

Page | 4
Risk Management Process
To increase the risk maturity level from Ad-hoc to Repeatable in the short-term and Managed
in the long-term of in my organisation, a risk management system is developed in the
following sections.

Communication and consultation

At the initial stage of a risk management process, the risk management team needs to
communicate with various stakeholders of a project for getting their approval and opinions
about the project and its risk management system. The team should consult with top
management to determine whether the developed risk management approaches will be
sufficient for managing the risks. The views and opinions of stakeholders should be identified
and recorded for making effective risk management decisions.

Establishment of the Context

The objectives of a company and its overall activities should be considered while identifying
and managing the risks. Moreover, the external and internal parameters also influence the risk
management process of a company. The external and internal parameters are discussed
below.

 External context: External environment where a company wants to operate activities

and achieve objectives is considered as the external context. The social, political,
legal, financial, technological, economic and regional or national factors should be
considered effectively for managing the risks of a project.
 Internal context: The internal environment involves organisational culture, structure
and strategies. The project team should assess the organisation's internal resources
and capabilities for identifying the risks. The organisational commitment, value and
ethics also influence the risks of an organisation. Besides, these activities also
influence the risks of a project.

Determination of Risk Criteria

For making effective analysis of the risks, some risk criteria should be developed by the
project team. The nature and types of risks, likelihood of the risks, timeframe of the
occurrence of the risks and organisation's capacity are the key factors to be considered while
determining the risk criteria. Besides, the views pf stakeholders also should be considered in
the determination of risk criteria.

Page | 5
Risk Identification
Risk identification is the process of finding and listing the risks which can impact the
potential outcome of a project. This identification needs to consider the sources of the risks,
the types of the risks and impacts of those risks. Moreover, risk identification needs to focus
on the consequences of the risks. An organisation that is in the Ad-hoc stage of maturity level
should consider this step effectively. The risk management team should consider this step
properly and list the risks in detail because a risk which is not identified clearly can impact
the outcome of a project easily and cannot be mitigated with proper management. Besides,
the aim of risk identification is to mark the potential risks and uncertainties of a project which
can delay, change or prevent the outcome of that project. Risk identification should involve
all of the risks whether their sources and causes identified immediately or not. Besides, the
possible reasons and consequences of the should be determined critically in the risk
identification stage.

Generally, risk identification involves relevant and up-to-date information to be identified

clearly. So, the team of risk identification stage should have proper knowledge and skills and
should be informed about the background information of the risks. Moreover, the aim of the
risk identification also differs at various phases of a project. At the early stage, risk
identification includes identification of high level and fatal flaws risks that can alter the
process of a project. In addition, at the later stage of a project, risk identification includes
specific risks more effectively. However, there are some methods which help a risk
management team to identify the associated risks.

 Expert opinion: Risk management is very crucial thing in a project management

team. Moreover, risk identification stage of risk management process needs more
focus for finding and listing all of the risks. If the risk management team can’t
identify the risks properly, all of the procedures of the team will be destroyed. So, risk
identification needs experts' opinion. Experts can help the team to identify and list the
risks. This method is very helpful for a new company which wants to develop risk
management system.
 Interviews and questionnaires: This is another method of risk identification. A risk
management team can develop some questionnaires for finding the associated risks
with a project. Then it can take interviews from various stakeholders of the project for
getting the opinions from them. This process is also effective for a new company with
is at the stage of Ad-hoc maturity level.
Page | 6
  Historical data: Historical data also helps a risk management team for identifying the
risks of a project. These data shows the potential uncertainties of past events.
 Testing and modelling: This is also a good process for finding the risks of a project.
A risk management team can test all of the risks sequentially and make a model for
each of the risk.

For my organisation, the experts' opinion and interviews and questionnaires will be the best
option for identifying the risks. This identification will help my organisation to make a good
risk management which can help it reach Repeatable stage of maturity level in the short-term
and Managed stage of maturity level in the long-term.

Risk analysis
Risk analysis involves understanding of the sources and consequences of the risks and the
possibility of the occurrence of those risks. This analysis also acts as input for risk evaluation
process and risk treatment process. The types of risk treatment depend on the decision
received from risk analysis. Risk analysis generally involves analysis of the risks identified in
the risk identification stage. This analysis also involves analysis of the negative and positive
consequences of the risks and the likelihood of the occurrence of those risks. Risk analysis
also helps a risk management team identify the potential factors which can impact the
consequences and the possibility of the occurrence of the risks. Moreover, the level of risks
and their potentiality of happening should be also considered effectively in the risk analysis
stage. For an organisation to reach maturity level of Repeatable, risk analysis plays very vital
role. It helps the organisation analyse all of the risks properly and make good risk treatment
decision to deal with the potential risks.

Risk analysis also provides a basis for the organisation to make good business decisions to
mitigate the intense of the risks. The risk analysis stage also helps the organisation to make
all of the business activities smoother so that it can prevent or reduce the occurrence of those
risks identified at the risk identification stage. Risk analysis involves determining the
possibility of the occurrence of the risks and analysis of available data and resources for
getting better information about the analysis. Besides, a risk management team should
reconsider the risk identification stage for understanding the types and strengths of the risks.
However, risk analysis can be both qualitative and quantitative. Qualitative analysis is very
effective for the initial stage of a project. This analysis helps the strategic decisions and

Page | 7
activities of an organisation. In contrast, quantitative analysis helps at the later stage of a
project and it helps in the cost, budget and time management of a project.

Risk evaluation
Risk evaluation stage is helpful in making good decisions based on the outcomes of a project.
Risk evaluation also helps the risk management team compare the outcomes of the risks
based on the risk criteria. Risk evaluation also involves evaluating the positive and negative
outcomes of the risks. Moreover, the evaluation process includes the comparison of various
types of risks and ranking all of the risks according to their weight. This process is very
helpful for making risk treatment decision based on the outcome of risk evaluation. This
stage is also important for a developing company because effective evaluation process helps
the company make better avoidance or mitigation decision based on the outcome of the risk
evaluation process.

Risk treatment
This is very important step for a risk management team. After identifying, analysing the types
of risks and ranking the risks based on their weight, a risk management team needs to make
good treatment process for the project. Risk treatment helps the risk management team decide
and select one or several treatment options for either mitigating the intense of the risks or
avoiding or modifying the risks. However, risk treatment process has a lot of treatment
options. The treatment options will be discussed in the following paragraphs.

 Avoiding the risks which have negative impacts on the outcome of the project. This
activity also involves eliminating the actions that reproduces the potentiality of this
types of risks.
 Doing those activities which can benefit the risk management team with those types
of risks that generate positive outcomes for the project.
 Enabling those types of activities that prevent the possibility of occurrence of the risks
and reduces the impacts of negative impacts.
 Enabling other parties to take the responsibilities of managing risks. This sharing of
risks can include risk contract, risks financing and insurance.

However, the risk treatment options should be consulted with stakeholders for getting better
opinions from them. Risk treatment options may involve various process which may impact
on the rights and interests of the stakeholders. So, the risk management team needs to
communicate with the stakeholders for making good decisions. However, my organisation

Page | 8
needs to develop some actions for mitigating and avoiding the possibility of occurring the
identified risks clearly.

Review and monitoring

A risk management team needs to monitor all the activities of risk management system for
identifying whether the risks actually impacts the project after making good treatment options
or not. A good review and monitoring plan includes the activities which enables a risk
management team to determine the gap between expected impacts and actual impacts of the
risks and analyse the risks according to risk criteria. Review and monitoring also help the
team get a lot of information from assessing the risks. This information will help the team for
developing good strategies in the next time. Moreover, the success and failure of the risk
management system also helps the team learn a lot of lessons about why the system became
failed after making good treatment options or why the system became successful. The review
and monitoring process also helps an organisation reach at the maturity level of Managed in
the long-term through learning various lessons from its risk management activities. These
lessons make the organisation more informed about various aspects of risks and management
options.

Page | 9
Application of Risk Management System

Page | 10
Conclusion

Page | 11
References

Page | 12