ECM557

PROJECT RISK AND MANAGEMENT

CHAPTER 1
BASIC OF RISK MANAGEMENT

LECTURER’S:
TS. DR. MUSMULIADI BIN KAMARUDING
DR. SYAHRUN NEIZAM BIN MOHD DZULKIFLI
 LEARNING OUTCOME

At the end of this class, students will be able to:

Distinguish the differences between risk, certainty and uncertainty

(CO1-PO2)

https://www.youtube.com/watch?v=dcdxzqq84pu
HTTPS://WWW.YOUTUBE.COM/WATCH?V=DCDXZQQ84PU
 BASIC OF RISK AND RISK MANAGEMENT

 What is risk?
 What is hazard?
 What is uncertainty?
 What is certainty?
 What is uncertainty management?
 What is risk management process?
 WHAT IS RISK?
 Many researchers believe that every human activity involves risk
 Risk (pure risk) normally refers to a negative perception or threats that arise
from human activity
 Risk is the probability or likelihood of failing to achieve a particular cost,
performance or scheduled objective (Convrov and Shishido, 1997; Baldry,
1998; Faber and Stewart, 2003; Ray, 2003).
 Risk is a combination of the likelihood and severity of a specified hazardous
event.
 CCTA (1995) defines risk as the chance of exposure to the adverse
consequences of future events
 AS/NZS 4360 (1999) defines risk as ‘the chance of something happening
that will have an impact upon the selected objectives
 According to Oxford Advanced Learner’s dictionary, risk is the possibility
of something bad happening at some time in the future.
 WHAT IS RISK?

 A risk is a potential problem – it might happen and it might not

 Conceptual definition of risk
 Risk concerns future happenings
 Risk involves change in mind, opinion, actions, places, etc.
 Risk involves choice and the uncertainty that choice entails
 Two characteristics of risk
 Uncertainty – the risk may or may not happen, that is, there are no 100% risks (those,
instead, are called constraints)
 Loss – the risk becomes a reality and unwanted consequences or losses occur
 The risk is the outcome of an action taken or not taken, in a particular situation which may
result in loss or gain
 It is termed as a chance or loss or exposure to danger, arising out of internal or external
factors, that can be minimized through preventive measures. (Surbhi S, 2016)
 RISK IN HUMAN ACTIVITY

Risk (pure risk) normally refers to a negative perception or threats that

arise from human activity
 RISK CATEGORIZATION – APPROACH #1

 Project risks
 They threaten the project plan
 If they become real, it is likely that the project schedule will slip and
that costs will increase
 Technical risks
 They threaten the quality and timeliness of the software to be produced
 If they become real, implementation may become difficult or impossible
 Business risks
 They threaten the viability of the software to be built
 If they become real, they jeopardize the project or the product
 Known risks
 Those risks that can be uncovered after careful evaluation of the
project plan, the business and technical environment in which the
project is being developed, and other reliable information sources
(e.g., unrealistic delivery date)
 Predictable risks
 Those risks that are extrapolated from past project experience (e.g.,
past turnover)
 Unpredictable risks
 Those risks that can and do occur, but are extremely difficult to
identify in advance
 Sub-categories of Business risks
 Market risk – building an excellent product or system that no one
really wants
 Strategic risk – building a product that no longer fits into the overall
business strategy for the company
 Sales risk – building a product that the sales force doesn't understand
how to sell
 Management risk – losing the support of senior management due to a
change in focus or a change in people
 Budget risk – losing budgetary or personnel commitment
RISKS CAN BE CLASSIFIED INTO FOLLOWING 13
CATEGORIES

Cont’…
Risks can be classified into following 13 categories

Cont’…
RISKS CAN BE CLASSIFIED INTO FOLLOWING 13
CATEGORIES

Cont’…
RISKS CAN BE CLASSIFIED INTO FOLLOWING 13
CATEGORIES

Cont’…
ASPECTS SHOULD BE CONSIDERS WHEN DEALS WITH
RISK:

 The probability that an event will occur

 The event and its nature
 The consequences of that event
 The period of exposure to the event ( and to its consequences )
WHAT IS HAZARD?
CLASSIFICATION OF HAZARD
 PHYSICAL HAZARD
• Mainly hazard that can cause physical harm.
• Examples :

Loud noise and vibration

Frayed cord

Light
 CHEMICAL HAZARD

• Any hazard that comes from a solid, liquid or gas element, compound or
mixture that could cause health problems or pollution.
• Examples :

Cleaning product Pesticides Welding fumes

 BIOLOGICAL HAZARD

• A living or once-living organism that have a potential to poses a threat

to human health.
• Examples :

Bacteria Blood or other blood Fungi

fluids
 ERGONOMIC HAZARD
• Hazard that can create physical and psychological stress because of
repetitive work, improper work techniques or poorly designed tools &
workspaces.
• Examples :

Repetitive work Poor lighting Poor posture

 PSYCHOSOCIAL HAZARD
• Aspects of the work environment and the way that work is organized that
are associated with psychiatric, psychological and/or physical injuries or
illness.
• Examples :

Stress Bullying Sexual Harassment

SOURCES OF HAZARDS
METHODS OF IDENTIFYING HAZARD
 WHAT IS UNCERTAINTY?

 The state of being uncertain; doubt; hesitancy: His uncertainty gave

impetus to his inquiry.
 An instance of uncertainty, doubt, etc.
 Unpredictability; indeterminacy; indefiniteness.
(http://dictionary.reference.com/browse/uncertainty)
 The effects of uncertainty 
 Uncertainty is uncomfortable and creates tensions that motivate us,
although not always in the right direction.
 WHAT IS CERTAINTY?

 When we are certain about the world around us, we feel that we understand
things, can predict what will happen, and are in control such that we can
sustain our safety. We will thus seek to understand and control in order to
achieve certainty. Predictions which come true provide proof that we can
continue to be certain about what we know.
(http://changingminds.org/explanations/needs/certainty.htm)
 Certainty is a lack of doubt about some state of affairs.
 Something that is clearly established or assured
 UNCERTAINTY AND RISK
C A U S E S

Complexity Non-linearity Scale Opacity Capacity

Uncertainty

Risk

Source: Oades, 2007

Time
 THE RELATIONSHIP

CERTAINTY RISK UNCERTAINTY

Knows Does not know May not know what

what to exactly what are the resources,
expect resources will be constraints or
available objectives will be
 CERTAINTY, RISK AND UNCERTAINTY

 Certainty means when you are 100% sure about the outcome. E.g.
Square root of 81. It's like when you check the answer at the back of the
book.
 Uncertainty means when you don't know about the result or you are
doing a question for the first time and you are completely unaware of the
information.
 Risk means you have partial information. And some of the information is
missing.
 Risk comes in between the two extremes of certainty and uncertainty.

http://www.blurtit.com/q331673.html
 WHAT IS RISK MANAGEMENT?

 According to The Association of Project Management (2006), risk management as

‘initiation step to define scope and objectives, after which risks can be identified’
(APM, p.26).
 The British Standard Guide defines risk management as “the process whereby decisions
are made to accept a known or assessed risk and/or the implementation of actions to
reduce the consequences or probability of occurrence” (BS 6079: 1996. p3).
 Williams et al., (1995) explained risk management in the insurance industry where the
process comprises five elements: mission identification, risk and uncertainty
assessment, risk control, risk financing, and program administration.
 The concept of risk management is applicable to various industries.
 Insurance, finance, software engineering and others industries are enjoying the benefit
of using risk management practice to improve their business (Ranasinghe, 1998)
 The most important point is how to make risk management effective in
any activity
 The awareness and the check and balance during the implementation are
important
 The need for flexibility in controlling the risk should be there to make
sure the industry keeps on enjoying the benefits of the risk management
concept.
 According to Ward et al., (1991) and Carr (1997), many organizations are
unable to manage their risks effectively because of one of the following
reasons:
o A risk-averse culture
o Negative attitudes
o An inadequate management infrastructure to support effective risk
management
o Lack of a systematic and repeatable method to identify, analysed, plan
risk mitigation
o Mistrust of risk analysis.
 Main Aspects Risk Elements Tools and Techniques
Checklists
Decision-driver analysis
Risk identification
Assumption analysis
Decomposition
Decision analysis
Risk Assessment Cost models
Risk analysis
Quality factor analysis
Performance analysis
Risk exposure
Risk prioritisation Risk reduction leverage
Compound reduction
RISK Buying information
Risk avoidance
MANAGEMENT Risk management
Risk reduction
planning
Risk element planning
Risk plan integration
Prototypes
Simulations
Risk Control
Risk resolution Benchmarks
Analysis
Staffing
Milestone tracking
Top 10 tracking
Risk monitoring
Risk assessment
Corrective action
Boehm’s risk management framework
(Source: Boehm, 1991)
 RISK

NATURAL RISK HUMAN RISK

CLIMATE /WEATHER SOCIAL POLITICAL CULTURAL HEALTH

GEOLOGICAL ECONOMIC FINANCIAL TECHNICAL

BIOLOGICAL
MANAGERIAL
EXTRA-TERRESTRIAL

Source: Edwards & Bowen, 2005

 RISK MANAGEMENT STANDARDS

A number of standards have been developed worldwide

Its help organizations implement risk management systematically and effectively.
These standards seek to establish a common view on frameworks, processes and
practice, and are generally set by recognized international standards bodies or by
industry groups.
Risk management is a fast-moving discipline and standards are regularly
supplemented and updated.
The different standards reflect the different motivations and technical focus of their
developers, and are appropriate for different organizations and situations.
Standards are normally voluntary, although adherence to a standard may be required
by regulators or by contract.
Commonly used standards include:

ISO 31000 2009 – Risk Management Principles and Guidelines

A Risk Management Standard – IRM/Alarm/AIRMIC 2002 – developed in 2002
by the UK’s 3 main risk organizations. 
ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
COSO 2004 - Enterprise Risk Management - Integrated Framework
OCEG “Red Book” 2.0: 2009 - a Governance, Risk and Compliance Capability
Model
END FOR TODAY