Every project has a risk. Risk is defined as "the possibility of suffering harm or loss; danger". Even if this definition is too formal, most of us have innate sense of risk. We are aware of potential dangers that present in everyday activities and these risks shape many of our behaviors. The risks in project management are uncertainties that threaten goals and timetables of a project. The uncertainties may include different questions, like material and parts quality; delays in delivery of sufficient materials to meet project needs; budgetary and personnel changes; etc. These risks can lead rapidly to delays in delivery dates and budget overages. They also can severely undermine confidence in the project and in the project manager. In order to cope with such uncertainty effectively within framework of project planning and, more generally, within framework of project management, risk analysis of project management is increasingly recommended. This analysis, also known as risk management plan, can be superficial or deep, qualitative or quantative, depending on the nature of the project and the requirements of its managers (Klein, 1994).
A first step in risk management plan is risk assessment/identification. Risk assessment can take a place at any time during the project, but sooner is better. A risk assessment is also the most difficult process in risk management. As it was said before, risks in project are uncertainties that threaten goals and timetables. Although word “risk” and “uncertainty” sometimes used interchangeably, they are in fact quite different notions. The risk of a project is frequently known and can be analyzed and managed. Uncertainty, on other hand, is situation where is little or even no knowledge of what outcome might be. Lets no forget constrains that manager have to deal with. Constraints are difficult to remove, though they are important to understand. For example, project needs to be finished in time to reflect a new legislation is easy to understand. Manpower and budgetary constraints are more uncertain.
There are several methods that can help identify risks. First of them is determining risk categories. Risk categories provide a way for you to organize the risks your project into logical groupings (Heldman, 2005). According to Guide to the PMBOK, at least four categories of risk exist:
· External – risks that come outside of the project;
· Technical, quality or performance – risks that associated with technical aspects of the project and risks that impact the quality of the project;
· Organizational – risks associated with organization itself;
· Project management – risks associated with project management process, organizational maturity and ability.
Now when risks categorized, project manager (PM) needs to answer next question – where to look? The one question you should always be thinking about when looking for risks is what would happen if …? and then fill the blank (Heldman, 2005). The important thing for PM to remember is that he’s not looking for obvious answers. While majority of the risk can be identified thanks to previous experiences, a few of them are unique to current project. In that case it’s useful to listen to other opinions. Each team member and stakeholder brings a unique view to the project, and their perspective on what can happen is exactly what you want (Heldman, 2005). Involving other team members to assist helps PM with risk management action steps and ensure response plans are thorough and effective.
In order to manage risks, leadership needs to build risk management culture. Building a risk management is a primarily process of developing people in organization who think and plan project effectively, and who are supported by company systems that encourage them to think and plan effectively (Barkley, 2004). The biggest challenge in establishing risk management culture is to teach and train project leaders and members to think in terms of risk and to embed the risk management process into their daily routine. The assumption behind this approach is that risk management is “something I want my people to do in the normal course of work”, not something I want specialist to do later in the project as separate audit exercise (Barkley, 2004). In other words, successful risk management is usually the product of a successful organization that has instilled into its people the importance of careful planning. According to Barkley (2004) the successful risk management organization has five basic competencies:
Active training and development in risk planning and management; · Strong linkage between corporate planning and project planning, particularly between business analysis of threats and opportunities, and analysis of project risk;
· Deep project experience in its industry;
· Capacity to document project experience and learn as an organization
· A workforce of strong functional managers who address product quality as a risk reduction issue.
How is responsible for risk management and how responsibilities are assigned across the team? Although PM usually charged with risk management, he doesn’t function in vacuum. Everyone involved in the project – the project manager, project team, customer stakeholders, sponsor and subject matter experts – should have input into risk management (Royer, 2001). Total participation is especially vital in risk tracking. When risks were defined and strategies are developed it is necessary to monitor effectiveness of these strategies. To that end, it is important to identify meaningful risk metrics (Haimes, 2004). These metrics are only accurate when those actually designing and building the product are fully and accurately disclosing project information. They also may help to define whether risk can have negative, neutral or positive effect on the project. A business risk is the one that provides opportunity for gain or loss. It is an uncertainty attached with the operations of an entity wherein the realization of future expected returns is unpredictable. The good thing about these type of risks is that they manageable. On other hand, insurable risks, sometimes called pure risks, because they can bring only loss to organization. Some examples of pure risks are natural disasters, like hurricanes, flood, etc. PM should remember golden rule: if risk event can only lead to negative impacts, then it should not be attempted; it should be avoided or transferred to someone else or another organization (Taylor, 2006).
In order to successfully accomplish assigned project PM will have to identify, evaluate and develop risk management. The first step is to identify risks and where to look for them. Business risks should be analyzed and pure risks thrown away. Successful risk management will require involvement from all the parties of the project. The goal is to establish risk management culture, where all members think in terms of risk and embed risk management into daily routine. Although PM is ultimately responsible for risk management, team members and project leaders should have active participation to develop and sustain risk management goals.
Barkley, B. (2004). Project risk management. McGraw-Hill Professinal
Haimes, Y. (2004). Risk modeling, assessment and management. Wiley-IEEE
Heldman, K. (2005) Project manager’s spotlight on risk management. John Wiley and Sons
Klein, R. (1994). Project risk analysis based on prototype activities. The journal of operational Research Society, Vol. 45, No. 7 (Jul., 1994). pp. 749-757
Royer, P. (2001). Project risk management: a proactive approach. Management Concepts
Taylor, J. (2006). A survival guide for project managers. AMACOM Div American Mgmt Assn