I.Introduction: What is Project Risk?

Define project risk.

Projects operate in an environment composed of uncertainty. There is uncertainty regarding proj- ect funding, the
availability of necessary resources, changing client expectations, potential tech- nical problems—the list is
seemingly endless. This uncertainty forms the basis for project risk and the need to engage in risk management.

* Risk management (Quản lí rủi ro), which recognizes the capacity of any project to run into trouble, is defined as
the art and science of identifying, analyzing, and responding to risk factors throughout the life of a project and in the
best interests of its objectives. Risk management consists of anticipating, at the beginning of the project unexpected
situations that may arise that are beyond the project manager’s control.

*Project risk (Rủi ro dự án) as “an uncertain event or condition that, if it occurs, has a positive or negative effect
on one or more project objectives.”

=> This definition is important because, unlike in the past when project risk was automatically assumed to lead to
negative consequences, it is now recognized as the source of either opportunities or threats.

The difference between projects that fail and those that are ultimately successful has nothing to do with the fact that
one lacks problems the other has. Rather, the key lies in the plans that have been made to deal with problems once
they arise.

*For the manager the process of risk management includes asking the following questions:

• What is likely to happen (the probability and impact)?

• What can be done to minimize the probability or impact of these events?
• What cues will signal the need for such action (i.e., what clues should I actively look for)? • What
are the likely outcomes of these problems and my anticipated reactions?

*Project risk is based on a simple equation:

Event Risk = (Probability of Event)(Consequences of Event)

=> All risks must be evaluated in terms of two distinct elements: the likelihood that the event is going to occur, and
the consequences, or effect, of its occurrence.

* Risk and opportunity are opposite sides of the same coin—opportunity emerges from favor- able project
uncertainties, and negative consequences from unfavorable events. Early in the life of a project, both risk and
opportunity are high. The concept may be thought valuable, and the opportunities are strong, as are the negative
risks. This result is due to the basic uncertainty early in a project’s life cycle. Until we move forward into the
development phases, many unanswered questions remain, adding to overall project uncertainty. On the other hand,
the severity of negative consequences (the “amount at stake”) is minimal early in the project’s life. Few resources
have yet been committed to the project, so the company’s exposure level is still quite low. As the project progresses
and more budget money is committed, the overall potential for negative consequences ramps up dramatically. At the
same time, how- ever, risk continues to diminish. The project takes on a more concrete form and many previously
unanswered questions (“Will the technology work?” “Is the development time line feasible?”) are finding answers.
The result is a circumstance in which overall opportunity and risk (defined by their uncertainty) are dropping just as
the amount the company has at stake in the project is rising.

II.Risk Management: A Four-Stage Process

*Recognize the four key stages in project risk management and the steps necessary to manage risk.
Systematic risk management comprises four distinct steps:

 Risk identification—the process of determining the specific risk factors that can reasonably be expected to
affect your project.

+) Risks commonly fall into one or more of the following classification clusters:

- Financial risk—Financial risk refers to the financial exposure a firm opens itself to when developing a
project.
- Technical risk—When new projects contain unique technical elements or unproven technology,they are
being developed under significant technical risk.
- Commercial risk—For projects that have been developed for a definite commercial intent (profitability), a
constant unknown is their degree of commercial success once they have been introduced into the
marketplace. Commercial risk is an uncertainty that companies may willingly accept, given that it is
virtually impossible to accurately predict customer acceptance of a new product or service venture.
- Execution risk— a broad category that seeks to assess any unique circumstances or uncertainties that
could have a negative impact on execution of the plan.
- Contractual or legal risk—This form of risk is common with projects in which strict terms and conditions
are drawn up in advance. Many forms of contracted terms (e.g., cost-plus terms, fixed cost, liquidated
damages) result in a significant degree of project risk. Companies naturally seek to limit their legal
exposure through legal protection, but it is sometimes impossible to pass along contractual risk to other
parties.

+) Some of the more common forms of risk in projects:

- Absenteeism
- Resignation
- Staff being pulled away by management
- Additional staff/skills not available
- Training not as effective as desired
- Initial specifications poor or incomplete
- Work or change orders multiplying due to various problems
- Enhancements taking longer than expected

 Analysis of probability and consequences—the potential impact of these risk factors, determined by how
likely they are to occur and the effect they would have on the project if they did occur.
 Risk mitigation strategies—steps taken to minimize the potential impact of those risk factors deemed
sufficiently threatening to the project.

+) In risk management is the development of effective risk mitigation strategies. There are four possible
alternatives a project organization can adopt in deciding how to address risks: (1) accept risk, (2) minimize
risk, (3) share risk, or (4) transfer risk.

- ACCEPT RISK: One option that a project team must always consider is whether the risk is sufficiently
strong that any action is warranted. Any number of risks of a relatively minor nature may be present in a
project as a matter of course. However, because the likelihood of their occurrence is so small or the
consequences of their impact are so minor, they may be judged acceptable and ignored. In this case, the
decision to “do nothing” is a reasoned calculation, not the result of inattention or incompetence.
- MINIMIZE RISK (?)
- SHARE RISK : In addition to partnerships that pool project risk, ameliorating risk through sharing can be
achieved contractually. Many project organizations create relationships with suppliers and customers that
include legal requirements for risk to be shared among those involved in the project. Host countries of large
industrial construction projects, such as petrochemical or power generation facilities, have begun insisting
on contracts that enforce a “Build-Own-Operate-Transfer” provision for all project firms. The lead project
organization is expected to build the plant and take initial ownership of it until its operating capacity has
been proven and all debugging occurs, before finally transferring ownership to the client. In this way, the
project firm and the host country agree to jointly accept financial (risk) ownership of the project until the
project has been completed and its capabilities proven.
- TRANSFER RISK : In some circumstances, when it is impossible to change the nature of the risk either through
elimination or minimization, it may be possible to shift the risks bound up in a project to another party. This option,
transferring risk to other parties when feasible, acknowledges that even in the cases where a risk cannot be reduced, it
may not have to be accepted by the project organization if there is a reasonable means for passing the risk along.
Companies use several methods to transfer risks, depending upon their power relative to the client organizations and
the types of risks they face. For example, if our goal is to prevent excessive budget overruns, a good method for
directly transferring risk lies in developing fixed-price contracts. Fixed-price contracts establish a firm, fixed price for
the project upfront; should the project’s budget begin to slip, the project organization must bear the full cost of these
overruns. Alternatively, if our goal is to ensure project functionality (quality and performance), the concept of
liquidated damages offers a way to transfer risk through contracts. Liquidated damages represent project penalty
clauses that kick in at mutually agreed-on points in the project’s development and implementation.

 Control and documentation—creating a knowledge base for future projects based on lessons learned.
 Other mitigation strategies