Chapter 09

Risk Management 243185358.

Risk "ana/e"ent inc-des !isk assess"ent and t+e p!ocess of actin/ on t+at
assess"ent. Using risk assessment in the planning stages assumes (rightly or wrongly)
that prudent management will take the necessary steps to manage the risk once it is
assessed. Risk assess"ent inc-des a t+!ee0step p!ocess1
1. Risk Identification1 Understanding what the risks and consequences of those
risks can be.
2. Risk Meas!e"ent1 Measuring the likely consequences and their severity.
#. Risk P!io!itisation1 anking the results to place more management effort on the
highest risks.
Risk "ana/e"ent t+en c-oses t+e -oop ,2 "akin/ decisions on +o3 to dea- 3it+
t+e !isks assessed1
(a) A*oid t+e !isk1 !esign the process to eliminate particular risks" minimi#e the risks"
or change the nature of the risks to be faced.
(,) Cont!o- t+e !isk1 $nstitute procedures to control the process that minimi#e the
consequences and severity of risk occurrence. %his includes accepting some risk.
(c) S+a!e t+e !isk1 %hrough contractual arrangements with suppliers" customers"
constituents" or third parties (such as insurers)" apportion some of the risk or risky
activities to others and accepting the remainder.
%here is always an amount of residual risk left over after all efforts have been made to
avoid control" or share the risk" if the residual risk is too high" then the task should not be
done" $f the residual risk is not too high" management may choose to accept this amount
of risk in order to achieve ob&ectives.
$n addition to the residual risks left over from efforts of risk management" there are risks
inherent in the management process known as control risks" or those risks associated
with or relying upon a control procedure" etc." that fails to accomplish its task. 'oth
residual risk and control risk need to be e(plicitly dealt within pro&ect management.
Ma&or pro&ects should be assessed by the pro&ect initiator and the functional or area
management team. )igh risk factors should be e(amined for possible risk management
action (avoid through redesign" additional controls" contractual arrangements" etc.). *fter
proposed changes to the pro&ect plan are made" the pro&ect is again assessed" and
management+s &udgment is applied to test whether the change in risk assessment for the
high risk factors is worth the e(tra costs (if any) of the risk management efforts. *n
additional assessment is recommended, that is the risk of not doing the pro&ect. *
comparison of this risk with the best (lowest risk) redesign of the pro&ect will give
management information to make the decision whether to proceed or not.
.or ongoing business risk management" pro&ect management should use the information
gained to enhance risk management techniques. /ach of the organi#ation0s entities that
uses risk assessment should establish a Sensiti*e P!o4ects list of pro&ects that are either
high risk overall or those that may have high risk in certain key areas (whatever are the
most sensitive areas for your organi#ation). %he list would vary in si#e" depending on the
$n addition" middle managers may want to assess or monitor their portfolio of lower level
pro&ect managers+ pro&ects. %hese supervisory reviews compare relative risk
assessments in order to provide more support to higher risk pro&ects" either in terms of
more personal management attention or in notifying functional support managers in the
region of possible involvement in local pro&ects. 1ensitive pro&ects should be monitored
through regular reports and thorough review at regular staff meetings.
isk management is the act of doing something with the information generated by the
risk assessment. $t is the necessary action step that uses all of the information provided
to make efficient and effective decisions. Mana/e!s pt assets at !isk to ac+ie*e
o,4ecti*es. T+ese decisions need to ,e sppo!ted ,2 an efficient and effecti*e
,siness !isk assess"ent and !isk "ana/e"ent p!ocess.
