CHAPTER ONE

INTRODUCTION

1.1 Background Information

Risk management (RM) is a concept which is used in all industries, from IT related

business, automobile or pharmaceutical industry, to the construction sector. Each

industry has developed their own RM standards, but the general ideas of the

concept usually remain the same regardless of the sector. According to the Project

Management Institute (PMI) (2004), project risk management is one of the nine

most critical parts of project commissioning. This indicates a strong relationship

between managing risks and a project success. While RM is described as the most

difficult area within construction management (Addison et al., 2002) its

application is promoted in all projects in order to avoid negative consequences

(Addison et al., 2002).

One concept which is widely used within the field of RM is called the risk

management process (RMP) and consists of four main steps: identification,

assessment, taking action and monitoring the risks (Barton et al., 2002). In each of

these steps, there are a number of methods and techniques which facilitate handling

the risks.

Many industries have become more proactive and aware of using analyses in

projects. Likewise, RM has become a timely issue widely discussed across

1
industries. However, with regard to the construction industry, risk management is

not commonly used (Akkermans et al., 2002). More construction companies are

starting to become aware of the RMP, but are still not using models and techniques

aimed for managing risks. This contradicts the fact that the industry is trying to be

more cost and time efficient as well as have more control over projects. Risk is

associated to any project regardless the industry and thus RM should be of interest

to any project manager. Risks differ between projects due to the fact that every

project is unique, especially in the construction industry (Bakker et al., 2011).

However there are still many practitioners that have not realized the importance of

including risk management in the process of delivering the project (Akkermans et

al., 2002). Even though there is an awareness of risks and their consequences,

some organizations do not approach them with established RM methods.

Today, in business worldwide, the risk management function is becoming very

important for achieving the objectives of organizations (Alfayo, et al 2016). In

recent years, Nigeria has recognized the importance of the risk management

function, which is why that function has been established in some institutions both

private and public.

The Nigeria, Telecommunication sector is among those institutions that risk

management functions to deal with the assessment of control, good governance

and risk management. Managing risk is actually managing the organization in

2
planning, organising, directing, and controlling the organization's systems and

resources to achieve objectives (Gupta, 2011).

The risk management function is an integral part of the corporate governance

regime of most public institutions and a number of larger private companies. The

primary goal of risk management is to evaluate the institution’s internal controls

and corporate governance processes and ensure that they are adequate and are

functioning correctly. Gupta (2011) views the existence of risk management

function as essential for all institutions and suggests that where the board of such

an institution decides not to implement effective risk management function, full

reasons for its decision should be advanced in the institutions Annual Report.

1.2 Problem Statement

Most Telecommunication companies including MTN have well-structured risk

management departments that have the mandate of regulating and managing the

various risks the companies encounter in the course of doing business. Some of

these risks include: market risk, operational risk, credit risk and funding risk. As a

standard practice they maintain written policies and procedures that clearly outline

their risk management guidance for their trading activities. These policies identify

the risk tolerance of the Board of Directors and clearly delineate lines of authority

and responsibility for managing the risks of these activities. Individuals throughout

the trading and derivatives areas are made fully aware of all the policies and
3
procedures that relate to their specific duties. The Board of Directors, senior-level

management, and members with independent risk management functions also play

important roles in the risk management process.

Efficient management of risk in the Telecommunication industry is crucial for the

growth and development of the sector. To ensure the effective and efficient

management of risk, effective risk management policies and procedures need to be

put in place. Risk management measures are put in place by government,

regulatory bodies or institutions to provide reasonable assurance that objectives

could be achieved.

In spite of the well-structured process in managing risk exposures at MTN, the

company still faces the problem of embezzlement, theft, inaccurate and unreliable

information provided by officials on the field. This phenomenon mostly leads to

huge sums of losses to the company, and this invariably affects the company’s

general performance and profit negatively.

1.3 Aim and objectives of the Study

The aim of this research work is to examine the consequences of risk management

on the performance of MTN Telecommunication projects. To achieve this aim, the

following specific objectives are necessary:

i. To identify the factors responsible for poor risk management practices in

MTN Telecommunication projects;

4
 ii. To examine the various risk response strategies in MTN Telecommunication

projects

1.4 Research Questions

i. What are the factors responsible for poor risk management practices in MTN

Telecommunication projects?

ii. What are the various risk response strategies in MTN Telecommunication

projects?

1.5 Justification of the study

Risk is a significant aspect of business activities in a market economy. As risk

taking constitutes a major characteristic of the Telecommunication sector, it is

important for management to address these risk issues.

Risks inherent in the operations of the Telecommunication sector have become

much more diversified and complicated and are generally categorized as the

following: credit risk, market risk, liquidity risk, operational risk, electronic data

processing (EDP) risk, and management risk. Risk management is a prominent

issue given the degree of impact it has on the Telecommunication sector and its

operations, should it emerge. Consequently, the strength of risk management

systems in the Telecommunication sector has naturally become one of the most

important aspects in assessing the safety and soundness of the sector.

5
Also, the deregulation and increased competition in the Telecommunication

industry in recent times has led to most Telecommunication companies taking

uncalculated risk.

1.6 Scope of the Study

1.7.1. Content Scope

This study review the consequences of risk management on the performance of

MTN Telecommunication and approved factors responsible for poor risk

management practices and various risk response strategies as the independent

variable which affects the performance of MTN Telecommunication

1.7.2. Geographical Scope

The study was conducted in MTN Telecommunication in Port Harcourt , Rivers

State. The study covered the human resources department of the Organisation.

1.7.3. Time Scope

The study covered the period three months, from February, 2021 to May, 2021

when the project was implemented which emphasized risk management on the

performance of MTN Telecommunication.

1.8 Limitations of the Study

Time and financial constraints limited the number of respondents contacted. The

ideal situation would have been to cover many respondents, but since there is time

6
allocation and financial resources limitation on the part of the researcher, it limited

the number of respondents contacted.

Also, the degree of reliability of responses due to memory lapses could affect the

precision of the outcome. Additionally, biases introduced by some respondents

could also not be estimated.

In spite of these limitations, the study was still good and reliable since data was

collected from credible sources.

CHAPTER TWO

LITERATURE REVIEW

2.1 Conceptual Review

2.1.1 The concept of risk management

Chapman et al. (2007) provide a comprehensive description of the concept of RM

and how it can be used in practice. According to the authors, risk management

cannot be perceived as a tool to predict the future, since that is rather impossible.

Instead, they describe it as a tool to facilitate the project in order to make better

decisions based on the information from the investment. In this way, decisions

based on insufficient information can be avoided, and this will lead to better

overall performance. In the literature, RM is described as a process with some

predefined procedures. The scope of its definition differs among the authors;

however the core information is the same. From a number of definitions which can
7
be found in the management literature. Chenoweth et al. (2009) explanation brings

the essence of this concept:

The risk management process involves the systematic application of management

policies, processes and procedures to the tasks of establishing the context,

identifying, analyzing, assessing, treating, monitoring and communicating risks

(Chenoweth et al., 2009).

Risk management process (RMP) is the basic principle of understanding and

managing risks in a project. It consists of the main phases: identification,

assessment and analysis, and response (Chapman et al. 2007). All steps in RMP

should be included when dealing with risks, in order to efficiently implement the

process in the project. There are many variations of RMP available in literature,

but most commonly described frameworks consist of those mentioned steps. In

some models there is one more step added, and the majority of sources identify it

as risk monitoring or review. For the purpose of this paper the model of RMP

described by Chapman et al. (2007) will be used for further analysis and will be

further explained in the following section.

2.1.2 Risk definition

Risk and uncertainty are the two most often used concepts in the literature covering

RM field. Although these terms are closely related, a number of authors

differentiate between them (Campbell Institute, 2014). Also practitioners working

8
with risk have difficulty in defining and distinguishing between these two. Often

definitions of risk or uncertainty are tailored for the use of a particular project. To

make it more systematized, a literature research was done. The findings of this

search resulted in a number of definitions risk and uncertainties.

Uncertainty is defined in a more abstract way. The descriptions provided in Table

2 are similar to each other and the common factor is again lack of information and

knowledge. The biggest difference by definition is awareness. For the purpose of

this thesis, the definition of uncertainty provided by Coles et al (2003) will be

used. These two chosen definitions best show the difference between risk and

uncertainty and help to be consistent with terminology in the paper.

Kogut et al (1996) find some of the risks to be predictable and easy to identify

before they occur, while the others are unforeseeable and can result in unexpected

time delays or additional costs. This statement finds confirmation in the definition

provided by Kululanga et al (2010) that uses the same arguments defining

uncertainty as rather unpredicted, unforeseeable events, while risk should be

possible to foresee. The overview of definitions which can be found in literature

regarding those two terms implies that uncertainty is a broad concept and risk is a

part of it. This confirms close relation between those two concepts but at the same

time distinguishes them.

9
Risk is also the uncertainty associated with any investment. That is, risk is the

possibility that the actual return on an investment will be different from its

expected return. A very important concept in finance is the idea that an investment

that carries a higher risk has the potential of a higher return. For example, a zero-

risk investment, such as treasury security has a low rate of return, while a stock in

a start-up company has the potential to make an investor very wealthy, as well as

the potential to lose one's entire investment. Certain types of risk are easier to

quantify than others. To the extent that risk is quantifiable, it is generally

calculated as the standard deviation on an investment's average return (Ibbs, 2000).

Risk is defined in ISO 31000 as the effect of uncertainty on objectives (whether

positive or negative).

There are a number of terms that relate to the word "risk", namely "chance",

"possibility", "danger", "gamble", "hazard", "jeopardy", "peril", "speculation" and

"uncertainty". Usually the connotation linked to risk is a negative one, which

implies loss or misfortune.

According to Flesher (1996) the word "risk" derives from the early Italian risicare,

which means "to dare". In this sense, risk is choice rather than fate. The action we

dare to take, which depends on how free we are to make choices, are what the story

of risk is all about.

10
According to Kerlinger (2012), risk refers to the probability that an event,

condition or action may adversely affect an organization or its activities. In the

same sense, Kerlinger (2012) states that the concept of risk is fundamental to the

auditing role, since it may be in conflict with the concept of control. Controls are

designed to ensure that objectives are achieved; risk may prevent this. Overall, risk

should be reduced by adequate controls, and the greater the degree of risk, the

greater the need for good controls. Audit has a clear remit to expose and help to

minimize the level of risk that threatens the organization.

According to Kerzner (2009), "risk" is a common word found liberally used in the

daily news media, weighty academic journals, and the professional magazines for

leaders of business, the economy and government. A manager skimming over the

daily news or perusing a more weighty publication is likely to find the word "risk"

used in many different ways. Risk is the property that causes value to vary in

uncertain ways. It is not the variation that is the source of risk. Managers can and

do anticipate variation and deal effectively with it. The source of risk is the

uncertainty of an unexpected change in the environment.

Khan et al (2007) defines risk as the uncertainty of an event occurring that could

have an impact on the achievement of objectives, and specifies that risk is

measured in terms of consequences and likelihood and is inherent to every

business or government entity. Opportunity risks assumed by management are

11
often drivers of organizational activities. Beyond these opportunities may be

threats and other dangers that are not clearly understood or fully evaluated and too

easily accepted as part of doing business.

According to Kinyua et al (2015), risk is defined as a deviation from the expected

value. It implies the presence of uncertainty, where there may be uncertainty as to

the occurrence of an event producing a loss, and uncertainty on the outcome of the

event, where the degree of risk is interpreted with reference to the degree of

variability and not with reference to the frequency with which the event will occur

or to the probability that it will display a particular outcome.

According to CIPFA (1997), risk is the chance of things going wrong. As

individuals, in the experience of risk is an unavoidable fact of life. However

carefully in trying and planning things and whatever precautions they take, the

likelihood is that every now and again things may still go wrong. The situation is

very similar for organizations, except that often the stakes are higher, and the cost

of things going wrong may therefore be far greater. Corporate risk can, thus, be

described as the probability that an event or action may adversely affect the

organization.

In broad terms, the risks faced by an organization can include the following:

- Failure to accomplish established objectives and goals for operations or

programmes
12
- Failure to meet statutory and regulatory requirements

- Wrong decisions taken because of incorrect, untimely, incomplete or unreliable

information, poor record-keeping, inappropriate accounting, inaccurate financial

reporting and financial loss and exposure

- Fraud, corruption, misappropriation of assets, waste and loss, failure to safeguard

assets adequately

- Customer dissatisfaction, negative publicity and damage to the organization's

reputation

- Failure to safeguard staff and customers adequately, and acquiring resources

uneconomically or using them inefficiently or ineffectively.

2.1.3 Risks in construction projects

Due to the nature of the construction sector, RM is a very important process here.

It is most widely used in those projects which include high level of uncertainty.

These types of risk investments are characterized by more formal planning,

monitor and control processes.. The easiest way to identify risk is to analyze and

draw a conclusion from projects which failed in the past. To make sure that the

project objectives are met, the portfolio of risks associated with all actors across

the project life cycle (PLC) should be considered (Cleland and Gareis, 2006). In

the early stages of the project where planning and contracting of work, together

with the preliminary capital budget are being drawn, risk management procedures
13
should be initiated. In later stages, RM applied systemically, helps to control those

critical elements which can negatively impact project performance. In other words,

to keep track of previously identified threats, will result in early warnings to the

project manager if any of the objectives, time, cost or quality, are not being met

(Jin et al, 2006).

There are a number of risks which can be identified in the construction industry

and which can be faced in each construction project regardless of its size and

scope. Changes in design and scope along with time frames for project completion

are the most common risks for the construction sector. The further in the process,

changes in scope or design are implemented, the more additional resources, time

and cost, those changes require. Project completion ahead of time may be as

troublesome as delays in a schedule. Too quick completion may be a result of

insufficient planning or design problems which in fact shorten the completion time

but on the other hand lead to a low quality of final product and increased overall

cost. Being behind schedule generates greater costs for both investors and

contractors due to non-compliance with contracted works (Pimchangthong et al.,

2017). And thus it is important to keep a balance in the concept of time-cost-

quality tradeoff, which more widely is becoming an important issue for the

construction sector (Pimchangthong et al., 2017). Depending on the project scope,

types of risks may differ among investments.

14
2.1.4 Levels of Risk

Risks fall into the following categories:

- Strategic risk - the risk to revenue, earnings and product offerings as a result of

poor decision-making or implementation of those poor decisions. Included in this

category is the risk of the deterioration of reputation arising from negative

publicity.

- Credit risk - the risk that counterpart will default on obligation, resulting in a

financial loss.

- Market risk - the risk of any fluctuation in the value of a portfolio resulting from

adverse changes in market prices and market parameters.

- operational risk - the risk of loss resulting from inadequate or failed internal

processes and systems, as well as the actions of people or from external events

(Owino et al., 2015).

2.1.5. Characteristics of Risk

According to Ovum (2015), risks have many different characteristics. The purpose

of this section is to determine and understand the characteristics of each risk. It is

specifically designed to answer the following questions about each risk:

- Where does the risk arise (is it external or internal to the company)?

- would the occurrence of the risk directly impact on the company's achievement of

its strategic objectives

15
- would the occurrence of one risk cause another risk to occur

- are there relationships and correlations with other risks?

- is the risk pervasive throughout the organization, or more discreet?

An understanding of risk characteristics can help organize and provide a sequence

to the formal assessment, give participants a context for understanding how the

various risks affect the organization, and identify opportunities to combine or

redefine risks before the formal risk assessment.

2.1.6 Sources of Risk

According to Ovum (2015), understanding the source of each risk helps to manage

the risk at its source instead of its outcome. If the source of a risk is not identified,

the risk cannot be managed as effectively and efficiently as desired by

management. External risks (those arising outside the organization) may not be

fully manageable by the company. Internal risks that are not managed at the source

may result in ineffective deployment of valuable resources. For example, if a

company’s products are not selling as expected due to a perception that the price is

too high, there may be an increased focus on managing price risk within the sales

and marketing areas.

Sources of risk are elements of the organizational environment that can bring about

positive or negative outcomes. For example, the decision to start the production of

a new item by an organization is hardly influenced by the market conditions.

16
Therefore, the market conditions that are described by the presence of competitors,

the needs of customers, the quality of the raw materials, etc. are sources of risk for

this organization. Different definitions and classifications can be used in

managerial practice. A general classification may use physical, social and

economic sources, but an in-depth investigation of risk identification may need

classification that can cover all types of risks in more detail. Depending on the

environment in which risks arise, their sources can thus be represented as follows:

• Physical environment

• Political environment

• Operational environment

• Legal environment

• Cognitive environment (Olsson, 2008)

2.1.7 Decision making process from risk management perspective

Each of the phases of the PLC has certain purpose and scope of work assigned. At

the completion of each phase there is a decision point where risk assessment takes

place. Based on the risk assessment, an appropriate decision is made regarding

further actions or proceeding to the next phase (Nelson et al., 2008). For project

management to be effective, an evaluation should be made including all phases of

the PLC. Nachmias, (2005) use 'go', 'maybe' and 'no go' options in a decision

making process. A 'go' status will constitute a green light for proceeding on to the
17
next phase while 'no go' will stop the project. Evaluation resulting in a 'maybe'

decision will lead to return to a previous phase or even phases for further

improvements and minimizing risk (Nachmias, 2005). The further on in the stages

the 'maybe' decision is made, which takes the process back to the initial phases, the

more problems it causes. According to Modarres (2006) it is possible to go back in

phases within a PLC, however this undermines decisions which were made in

previous stages and leads to waste of resources, usually both time and money

(Modarres, 2006). Decisions which are made at the end of each stage should be

made after a careful study of the possible risks and hindrances which might be

encountered.

2.1.8 The risk management process

As mentioned above, an RMP described by Modarres et al. (2006) has been chosen

for the purpose of this paper. This section will further explain the RMP, its four

stages and how it can be used in managing risks.

2.1.9 Risk identification

Mortensen (2013) claims that the first step in the RMP is usually informal and can

be performed in various ways, depending on the organization and the project team.

It means that the identification of risks relies mostly on past experience that should

be used in upcoming projects. In order to find the potential risks, an allocation

needs to be done. This can be decided and arranged by the organization. In this
18
case, no method is better than another, since the only purpose is to establish the

possible risks in a project.

Risks and other threats can be hard to eliminate, but when they have been

identified, it is easier to take actions and have control over them. If the causes of

the risks have been identified and allocated before any problems occur, the risk

management will be more effective (PMI, 2004). RM is not only solving problems

in advance, but also being prepared for potential problems that can occur

unexpectedly. Handling potential threats is not only a way to minimize losses

within the project, but also a way to transfer risks into opportunities, which can

lead to economical profitability, environmental and other advantages (Mortensen,

2013).

The purpose of identifying risks is to obtain a list with potential risks to be

managed in a project (National Communications Authority, 2012). In order to find

all potential risks which might impact a specific project, different techniques can

be applied. It is important to use a method that the project team is most familiar

with and the project will benefit from. The aim is to highlight the potential

problems, in order for the project team to be aware of them. Authors describe

many creative alternative methods.

2.1.9.1 Assessment/analysis

19
Risk analysis is the second stage in the RMP where collected data about the

potential risk are analyzed. Risk analysis can be described as short listing risks

with the highest impact on the project, out of all threats mentioned in the

identification phase (McKinsey et al. 2016). Although some researchers

distinguish between terms risk assessment and risk analysis and describe them as

two separate processes, for the purpose of this paper, this part of RMP will be

consistent with the model provided by McKinsey et al. (2016) and described as

one process.

In the analysis of the identified risk, two categories of methods – qualitative and

quantitative – have been developed. The qualitative methods are most applicable

when risks can be placed somewhere on a descriptive scale from high to low level.

The quantitative methods are used to determine the probability and impacts of the

risks identified and are based on numeric estimations (Mortensen, 2013).

Companies tend to use a qualitative approach since it is more convenient to

describe the risks than to quantify them (Thapar et al., 2016). In addition, there is

also one approach called semi-quantitative analysis, which combines numerical

values from quantitative analysis and description of risk factors, the qualitative

method (Mortensen, 2013).

Within the quantitative and qualitative categories, a number of methods which use

different assumptions can be found, and it may be problematic to choose an

20
appropriate risk assessment model for a specific project. The methods should be

chosen depending on the type of risk, project scope as well as on the specific

method’s requirements and criteria. Regardless of the method chosen, the desired

outcome of such assessment should be reliable (Thapar et al., 2016).

Thapar et al., 2016 explains a number of factors that can influence the selection of

the most appropriate methods in the risk assessment for the right purpose. It is up

to each organization to decide which of these factors are the most critical for them

and develop the assessment accordingly. In a survey conducted by Thapar et al.,

2016, many factors were discovered, and the most important ones are listed below.

 Cost of using the method, both the employment cost and the method itself

 Adaptability, the need of adapting to the organization’s requirement

 Complexity, how limited and simple the method is

 Completeness, the method needs to be feasible

 Usability, the method should be understandable to use

 Validity, the results should be valid

 Credibility

2.1.9.2 Quantitative methods

Quantitative methods need a lot of work for the analysis to be performed. The

effort should be weighed against the benefits and outcomes from the chosen

method, for example smaller projects may sometimes require only identification
21
and taking action on the identified risks, while larger projects require more in

depth analysis. The quantitative methods estimate the impact of a risk in a project

(PMI, 2017). They are more suitable for medium and large projects due to the

number of required resources such as complex software and skilled personnel

(PWC, 2017).

2.1.9.3 Scenario technique - Monte Carlo simulation

The Monte Carlo method is based on statistics which are used in a simulation to

assess the risks. The simulation is used for forecasting, estimations and risk

analysis by generating different scenarios (Rabechini et al, 2013). Information

collected for the simulation is, for instance, historical data from previous projects.

The data represent variables of schedule and costs for each small activity in a

project, and may contain pessimistic, most likely and optimistic scenarios (PWC,

2017). The simulation can be presented as a basket with golf balls, as Mun (2006)

explains the process. Data (the golf balls) are mixed and one of them is picked

each time the simulation is done. The chosen unit is an outcome which is recorded

and the ball will be put back into the basket. The simulation is then redone a

number of times and all outcomes are recorded. After completing the simulations

required number of times, the average is drawn from all of the outcomes, which

will constitute the forecast for the risk (Rabechini et al, 2013). The result from this

22
method is a probability of a risk to occur, often expressed in a percentage (Raz et

al., 2002).

The most common way of performing the Monte Carlo simulation is to use the

program Risk Simulator software, where more efficient simulations can be

performed. This analysis can be also done in Microsoft Excel where a special

function is used to pick the data randomly, but the results can be very limited

(Rabechini et al, 2013).

2.1.9.4 Modeling technique - Sensitivity analysis

The purpose of a sensitivity analysis is to establish the risk events which have the

greatest impact or value. Those events are later weighed against the objectives of

the project. The higher the level of uncertainty a specific risk has, the more

sensitive it is concerning the objectives. In other words, the risk events which are

the most critical to the project are the most sensitive and appropriate action needs

to be taken (PWC, 2017)

The result from the analysis can be presented in a spider diagram, Figure 4, that

shows the areas in the project which are the most critical and sensitive. Moreover,

one disadvantage with this analysis is that the variables are considered separately,

which means that there is no connection between them (PWC, 2017).

23
Figure 2.1: shows how a sensitivity analysis can look like (PWC, 2017)

The method requires a model of project in order to be analyzed with computer

software. According to Smith et al. (2006), the project will benefit if the method is

carried out in the project’s initial phases in order to focus on critical areas during

the project.

24
2.1.9.5 Diagramming technique

Decision tree analyses are commonly used when certain risks have an

exceptionally high impact on the two main project objectives: time and cost

(Robson et al., 2016). There are two types of decisions trees; called Fault tree

analysis (FTA) and Event tree analysis (ETA).

The FTA method of analysis is used to determine the probability of the risk and is

used to identify risks that can contribute or cause a failure of one event (Shenhar,

2002). The purpose is to find the underlying causes to this event. It is usually

drawn up as a sketch of a tree. The branches are the causes to the problem, and the

starting point of the tree is the problem itself. Each branch has its own sequence of

events and possible outcomes. The problem could depend on some causes that are

interrelated with each other, or simply random causes (Cooper et al. 2005). By

having many branches, the tree provides an opportunity to choose which branch to

follow and base decisions on (Robson et al., 2016).

2.1.9.6 Qualitative methods

Qualitative methods for risk assessment are based on descriptive scales, and are

used for describing the likelihood and impact of a risk. These relatively simple

techniques apply when quick assessment is required (Cooper et al. 2005) in small

and medium size projects (Robson et al., 2016). Moreover, this method is often

used in case of inadequate, limited or unavailable numerical data as well as limited

25
resources of time and money (Radu, 2009). The main aim is to prioritize potential

threats in order to identify those of greatest impact on the project (Cooper et al.

2005), and by focusing on those threats, improve the project’s overall performance

(Standish Group, 2014). The complexity of scales (Smith, 2006) and definitions

(Standish Group, 2014) used in this examination reflect the project's size and its

objectives. During the phases of the PLC, risks may change, and thus continuous

risk assessment helps to establish actual risk status (Smith, 2006).

Limitations of qualitative methods lie in the accuracy of the data needed to provide

credible analysis. In order for the risk analysis to be of use for the project team, the

accuracy, quality, reliability, and integrity of the information as well as

understanding the risk is essential.

Qualitative methods are related to the quantitative methods, and in some cases

constitute its foundations (PMI, 2017).

PMI (2017) identifies four qualitative methods for risk assessment: Risk

probability and impact assessment, Probability/impact risk rating matrix, Risk

Categorization and Risk Urgency Assessment. These methods are briefly discussed

below.

2.1.10 Risk probability and impact assessment

By applying the method called risk probability and impact assessment, the

likelihood of a specific risk to occur is evaluated. Furthermore, risk impact on

26
project‟s objectives is assessed regarding its positive effects for opportunities, as

well as negative effects which result from threats. For the purpose of this

assessment, probability and impact should be defined and tailored to a particular

project (PMI, 2017). This means that clear definitions of scale should be drawn up

and its scope depends on the project's nature, criteria and objectives (Smith, 2006).

PMI (2017) identifies exemplary range of probability from 'very unlikely' to

'almost certain', however, corresponding numerical assessment is admissible. The

impact scale varies from 'very low' to 'very high'. Moreover, assessing impact of

project factors like time, cost or quality requires further definitions of each degree

in scale to be drawn up. Each risk listed under the identification phase is assessed

in terms of the probability and the impact of its occurrence (PMI, 2017).

Figure 2.2: Definition of Impact Scales for Four Project Objectives (PMI,

2017)
27
Risk impact assessment investigates the potential effect on a project objective such

as time, cost, scope, or quality. Risk probability assessment investigates the

likelihood of each specific risk to occur. The level of probability for each risk and

its impact on each objective is evaluated during an interview or meeting.

Explanatory detail, including assumptions justifying the levels assigned, are also

recorded. Risk probabilities and impacts are rated according to the definitions

given in the risk management plan. Sometimes, risks with obviously low ratings of

probability and impact will not be rated, but will be included on a watch-list for

future monitoring (Safaricom, 2016).

2.1.11 Probability/impact risk rating matrix

Probability and impact, which were assessed in the previous step, are used as basis

for quantitative analysis and risk response which will be explained further in the

paper. For this reason findings from the assessment are prioritized by using various

methods of calculation which can be found in the literature (PMI, 2017). Westland

(2016) computes the priority score as the average of the probability and impact.

The range of priority score, the rating and color are assigned to indicate the

importance of each risk (Westland, 2016). In order to set priorities, impact is

multiplied by probability. The compiled results are shown in the matrix in Figure

7(PMI, 2004). Such combination of factors indicates which risks are of low,

28
moderate or high priority. Regardless of the calculation method chosen, such a

combination of data shows priority of previously identified risks by use of i.e.

corresponding colors or numerical system and helps to assign appropriate risk

response. For instance, threats with high impact and likelihood are identified as

high-risk and may require immediate response, while low priority score threats can

be monitored with action being taken only if, or when, needed (PMI, 2017).

Figure 2.3 Probabilities and Impact Matrix (PMI, 2017)

2.1.12 Risk categorization and Risk Urgency Assessment

Two methods mentioned by PMI (2017) are not as commonly used as probability

and impact. Risk categorization is a way of systematizing project threats according

to e.g. their sources, in order to identify areas of the project that are most exposed
29
to those risks. Tools which can be used in this method are work break down

structure (WBS) or risk breakdown structure (RBS), and their role is to develop

effective risk response (PMI, 2004). WBS breaks down large activities into small,

manageable units and creates linked, hierarchical series of independent activities

(Zailani et al., 2016). RBS categorizes risks and shows their dependencies (Dallas,

2006). The role of the second method, Risk Urgency Assessment, is to prioritize

risks according to how quick response they require.

Lists with risks prioritized by applying qualitative methods, can be used to bring

attention to significant problems to the project. Problems that are classified as a

medium level risks can be a subject of a quantitative analysis to have better control

over them. The threats that are assessed as low impact can be placed on a watch list

and monitored. It will allow the project team to focus on more important issues.

Risk categorization helps reveal the weak links in the project organization where

more attention should be directed (PMI, 2017).

2.1.13 External and Internal Risk

One way in which to classify risks is to refer to external and internal risks. External

risks are usually very difficult or impossible to control. These include risks such as

economic factors (inflation, petrol price), the financial markets (exchange rates,

share prices), regulating factors (legislation, import control and regulations) and

the actions of competitors (Young and Associates, 2017). Internal risks arise as a
30
result of the organization's own activities, processes, products, contractual

obligations and/or relationships with employees, clients, suppliers and the

environment.

Young and Associates (2017), states that several events, which can be classified as

either external or internal factors, may affect an organization. The external and

internal factors are as follows:

■ External factors

- Economic

- Natural environment

- Political

- Technological

■ internal factors

- Infrastructure

- Personnel

- Process

2.1.14. Risk identification

According to Pickett (2005), the risk management process starts with a method for

identifying all risks an organization faces. This should involve all parties who have

expertise, responsibility and influence over the area affected by the risks in

question. All imaginable risks should be identified and recorded. Business risk is
31
really about these types of issues, and not just the more well-known disasters, acts

of God or risks to personal safety.

Every organization faces a number of risks of varying levels of seriousness. Risk

can be seen both in terms of threats (something going wrong) and opportunities

(achieving, or not achieving, business objectives). It can be financial (e.g. incurring

bad debts) or non-financial (e.g. pollution), although most will be reflected in

deteriorating financial performance sooner or later (Financial Management 2005).

AIRMIC, ALARM, IRM (2002) indicate that risk identification sets out to identify

an organization's exposure to uncertainty. This requires an intimate knowledge of

the organization, the market in which it operates, the legal, social, political and

cultural environment in which it exists, as well as the development of a sound

understanding of its strategic and operational objectives. Risk identification should

be approached in a methodical way to ensure that all significant activities within

the organization have been identified and all the risks flowing from these activities

are defined. All associated volatility related to these activities should be identified

and categorized.

2.1.14.1 Techniques with which to identify risk

Various techniques may be used in the process of identifying risk. According to the

results of a study on the use of the enterprise risk management (ERM) by

organizations on which methods are used most frequently, conducted by the

32
Institute of Internal Auditors Research Foundation, the most popular methods are

interviews, questionnaires and workshops.

• Interviews

This is the best method by which to obtain information with regard to areas that

hold possible risks for the organization. However, for a thorough study it is not

sufficient to only conduct interviews.

• Questionnaires

Questionnaires may be used to point out important information that may be

examined further by means of other techniques.

• Workshops

Workshops may be arranged to identify information on risk areas. This entails the

bringing together of key figures in the organization at one central point (conference

venue). Certain subjects are discussed by the group, from which the identification

of risks follows with the help of a facilitator. These workshops may be manual or

computer-driven. With a manual system, the facilitator will table certain subjects

and the group will discuss them. From the discussion, the risks will be identified

(Young and Associates, 2017).

2.1.14.2 Addressing specific risks

It is sometimes very difficult to identify the risks that threaten an organization,

because there are so many risks. According to a study performed by the Institute of
33
Internal Auditors Research Foundation (Young and Associates, 2017), the top five

areas affected by risk are as follows (it is important to note that this is not a

complete list):

- Reputation or rating

- People and intellectual capital

- Technology

- Competition

- Expenses

According to Wipro (2014), the risks that are identified as the most common by

government departments are as follows:

- Financial risk

- Project risk

- Compliance risk

- Reputation risk

- missed opportunities

2.1.14.3 Risk assessment

According to Wieland et al (2012), the entity must be aware of and deal with the

risks it faces. It must set objectives, integrated with sales, production, marketing,

financial and other activities, so that the organization is operating in concert. It

must also establish mechanisms to identify, analyze, and manage the related risks.
34
Risk assessment (risk analysis) is the process of identifying the risks and

determining the probability of occurrence, the resulting impact, and additional

safeguards that would mitigate this impact. It includes risk measurement and

prioritization.

The assessment of the potential impact of a particular risk may be complicated by

the fact that a range of possible outcomes may exist or that the risk may occur a

number of times in a given period of time. Such complications should be

anticipated and a consistent approach adopted, which, for example, may seek to

estimate a worst-case scenario over a 12-month period. The assessment of the

impact of the risk on the organization should take the financial impact, the impact

on the organization's viability and objectives and the impact on political and

community sensitivity into account. The analysis may be either qualitative or

quantitative, but should be consistent to permit comparisons (Wieland et al 2012).

The assessment and classification of risk will be different for each company and

internal audit helps management by commenting on the criteria used for

classification and/or criteria that have been applied. The following is a list of risk

management techniques:

- accept the risk (e.g. for low impact, low likelihood risks)

- reduce the risk (e.g. by implementing improved internal controls)

- avoid the risk (e.g. by not engaging in a particular activity)

35
- transfer the risk (e.g. by means of insurance, or by requiring third parties to sign

on (Bagshaw 2002)

2.1.14.4 Management acceptance of risks

Gleim (2004), practice advisory (2600), states that when the chief audit executive

believes that senior management has accepted a level of residual risk that is

unacceptable to the organization, he or she should discuss the matter with senior

management.

If the decision regarding residual risk is not resolved, the chief audit executive and

senior management should report the matter to the board for resolution. One of the

key requirements of the board or its equivalent is to gain assurance that risk

management processes are working effectively and that key risks are managed to

an acceptable level (IIA 2004).

2.1.15 Risk Management

According to Namee (2005), the risk management practice of yesterday focused

largely on hazard insurance and probable loss, but the risk management practice of

today focuses on the broad issues of general management. This is the essence of

management, and the reason why understanding risk and the practice of risk

management is a central issue for management today and tomorrow.

Managing risk is actually managing the organization in planning, organizing,

directing, and controlling the organization's systems and resources to achieve

36
objectives. This must come from within and act to change the organization and its

responses to change in the environment rather than trying to guess what risks will

affect the organization. In this context, the organization should develop certain

characteristics to improve its ability to respond to change.

Managers must plan, organize, direct, and control systems to reflect both risk and

opportunity. The strategic risk/opportunity curve is an effective thinking model to

plan control systems to deal with both risk and opportunity over multiple time

horizons (Risk Management Framework 2002).

Risk management has been related to financial loss due to fraud and has also been

associated with doing something wrong. As a result, there has been a

preoccupation with administrative processes and controls rather than outcomes and

performance. Risk management has different and more complex dimensions in the

public sector compared to the private sector, which means more attention should be

devoted to "getting the balance right". Managing risk is a continuing activity and

not something done once a year. To be effective, risk management requires a

systematic and logical approach, as well as the availability of good quality

information to individuals (IIA 2004).

According to AIRMIC, ALARM and IRM (2002), risk management is a central

part of any organization's strategic management. It is the process according to

which organizations methodically address the risks attached to their activities with
37
the goal of achieving sustained benefits in each activity and across the portfolio of

all activities. The focus of good risk management is the identification and

treatment of these risks. It marshals the understanding of the potential upside and

downside of all those factors that can affect the organization. It increases the

probability of success, and reduces both the probability of failure and the

uncertainty of achieving should be a continuous and developing process that runs

throughout the organization's overall objectives.

Risk management should be a continuous and developing process that runs

throughout the organization’s strategy and the implementation of that strategy. It

should methodically address all the risks surrounding the organization's activities

in the past, present and, in particular, the future. It should further be integrated into

the culture of the organization with an effective policy and a programme led by the

most senior management. This strategy should be translated into tactical and

operational objectives according to which responsibility will be assigned

throughout the organization to each manager and employee responsible for the

management of risk. Risk management supports accountability, performance

measurement and reward; thus promoting operational efficiency at all levels.

CIPFA (2001) explains risk management as the term applied to a logical and

systematic method of establishing the context of and identifying, analyzing,

evaluating, treating, monitoring, and communicating the risks associated with any
38
activity, function, or process in a way that will enable the organization to minimize

losses and maximize opportunities. In the public sector there are many cases where

risk management is being practiced under other names, such as health and safety,

community safety, environmental management, emergency planning, treasury

management, etc.

Woods (2011) suggests that in the process of risk management, the internal audit

activity should assist the organization by identifying and evaluating significant

exposures to risk and contributing to the improvement of risk management and

control systems.

Risk management is detecting, preventing and managing the possibility of

something going wrong in an area of business in which the likelihood and/or

impact of this untimely event could threaten a company from meeting its business

objectives. This untimely threat may originate in and/or affect any area of a

business, such as financial reporting, operations or any other segment of the

business infrastructure. Furthermore, successful risk management does not mean

absolute assurance, but rather an approach to systematically manage the higher

risks of each segment in a business to mitigate these risks, as well as to identify

and address new risks as a business evolves (Woods, 2011).

The risk management process has gone through the following steps:

39
> Risk identification

Risk identification sets out to identify an organization's exposure to uncertainty.

This requires an intimate knowledge of the organization, the market in which it

operates, the legal, social, political and cultural environment in which it exists, as

well as the development of a sound understanding of its strategic and operational

objectives, including factors critical to its success and the threats and opportunities

related to the achievement of objectives.

> Risk description

The objective of risk description is to display the identified risks in a structured

format, for example, by using a table. The risk description figure (Figure 2.2)

overleaf can be used to facilitate the description and assessment of risks.

> Risk evaluation

When the risk analysis process has been completed, it is necessary to compare the

estimated risks against the risk criteria that the organization has established.

> Risk reporting

Different levels in an organization need different information from the risk

management process. A company needs to report to its stakeholders on a regular

basis to set out its risk management policies and report on its effectiveness in

achieving its objectives.

40
> Risk treatment

Risk treatment is the process of selecting and implementing measures to modify

the risk. Risk treatment has risk control or mitigation as its major element, but

extends further to, for example, risk avoidance, transfer and financing, etc.

> Monitoring

Effective risk management requires a reporting and review structure to ensure that

risks are effectively identified and assessed and that appropriate controls and

responses are in place.

2.1.16 Risk management cycle

> Objectives

Risk management starts and stops with helping an organization achieve its

objectives. This includes high-level corporate objectives and the lower-level

operational objectives that derive from an overall strategic plan.

> Risk policy

One aspect of risk management that comes to the fore when developing suitable

arrangements relates to commonality and consistency - that is, consistency in

terminology, clarity of the respective roles in the organization, an accepted

assessment methodology, and a willingness to develop a culture that supports risk

management and accountability rather than blame assignment.

41
> Risk identification

The risk cycle requires that a formal process is in place for identifying risks to the

business. This may be done through research, business analysis, risk workshops,

audit and review, industry benchmarking schemes or regular staff surveys.

> Risk assessment

Once all known risks are documented, there has to be a mechanism to put them

into context, and sort out which ones are important and crucial to address and

which ones can be sidelined for the time being. The idea is that an organization can

allocate its base resources to areas of high risk with a view to mitigation and,

meanwhile, assign venture capital to areas of low risk that can be further exploited.

> Risk mitigation

High levels of unacceptable risk have to be mitigated to bring them to an exposure

that fits the organization's risk appetite. Mitigation revolves around implementing

controls where required. Controls increase the certainty that risks will be

addressed, and that objectives will have a better chance of being achieved.

> Risk management

The overall response to risk across an organization will be found at this stage: the

adoption of a risk management strategy. The response to risk depends on the nature

of the risk and whether it is of high, medium or low priority. Some risks have to be

42
accepted, because there is little that can be done to mitigate them, or the cost of

such mitigation is prohibitive.

2.1.16.1 Risk management policy

Woods (2011) suggests that the risk management policy of the organization should

fit into the policy on performance management, and each risk status should prompt

different types of actions as a response to the risk exposure identified along, for

example, the following lines:

- High risk exposure: urgent board level reports and ongoing monitoring

- Major risk exposure: director involvement rapid review

- Significant risk exposure: manager intervention and summary briefing to director

- Moderate risk exposure: basic management practice applied

- Low risk exposure: no special action

- Trivial risk exposure: review whether able to remove resources away from

monitoring

In this way the board and top management may have a view on risk across the

organization and how it is handled.

IRMIC, ALARM and IRM (2002), stress that an organization's risk management

policy should set out its approach to and appetite for risk and its approach to risk

management. The policy should also set out responsibilities for risk management

43
throughout the organization. Furthermore, it should refer to any legal requirements

for policy statements.

Attached to the risk management process is an integrated set of tools and

techniques for use in the various stages of the business process. To work

effectively, the risk management process requires the following:

- Commitment from the chief executive and executive management of the

organization

- Assignment of responsibilities in the organization

- Allocation of appropriate resources for training and development on enhanced

risk awareness by all stakeholders.

2.1.17 Responsibility for risk management

The board of directors has overall responsibility for ensuring that risks are

managed. In practice, the board will delegate the operation of the risk management

framework to the management team, who will be responsible for completing the

activities pertaining to risk management. There may be a separate function that

coordinates and manages these activities and has specialist skills and knowledge.

Everyone in the organization plays a role in ensuring successful enterprise-wide

risk management, but the primary responsibility for identifying risks and managing

those lies with management (World Economic Forum, 2015).

44
The board is responsible for setting the organization's risk appetite and tolerance.

The audit committee of the board is responsible for overseeing all aspects of risk

management and internal control, including compliance activity, the audit

programme, the appropriateness of accounting policies and the adequacy of

financial reporting. The executive and the senior management teams are

responsible at the management level for implementing the board-approved

management strategy and developing policies, processes, procedures and controls

for identifying and managing risks in all areas of activity (World Economic Forum,

2015).

2.1.18 Managing risks through internal control

CIPFA (1997:6) suggests that if an organization is to manage and assess risks

successfully, then the evaluation of risk will need to cover the whole spectrum of

the organization's activity to ensure that the most appropriate decision is taken.

Similarly, managers should be in possession of information on the organization's

risk exposure in order to take sensible and timely decisions, so that objectives are

achieved.

Organizations need to establish an efficient and effective system of internal

controls to ensure that they meet their objectives. "Internal control" is defined as

the whole system of controls, financial or otherwise, established in order to provide

reasonable assurance of:

45
- Effective and efficient operations;

- Reliable financial information and reporting; and

- Compliance with laws and regulations.

i) Effective and efficient operations

Organizations need to establish controls to assist them in operating effectively and

efficiently to meet their basic objectives, including both financial and non-financial

performance goals, and to help them in the safeguarding and efficient use of

resources. Safeguarding includes controlling the unauthorized use or loss of assets

and ensuring that liabilities are identified and controlled.

ii) Reliable financial information and reporting

Organizations need to maintain proper accounting records and have reliable

financial information to assist them in making decisions for day-to-day operations

and for publication to third parties.

iii) Compliance with laws and regulations

Organizations seek to operate within the law and abide by relevant regulatory

requirements that apply to them, as infringement can often result in the imposition

of serious penalties and, in extreme cases, can bring about an organization's

demise. Furthermore, legislative and regulatory changes themselves often require

that organizations reappraise and change their corporate objectives.

46
2.1.19 Benefits with risk management

To maximize the efficiency of risk management, the RMP should be continuously

developed during the entire project. In this way, risks will be discovered and

managed throughout all the phases (World Economic Forum, 2015). The benefits

from RM are not only reserved for the project itself, but also for the actors

involved. The main incentives are clear understanding and awareness of potential

risks in the project. In other words, risk management contributes to a better view of

possible consequences resulting from unmanaged risks and how to avoid them.

(Thomas, 2009) Another benefit of working with risk management is increased

level of control over the whole project and more efficient problem solving

processes which can be supported on a more genuine basis. It results from an

analysis of project conditions already in the beginning of the project. (Perry, 1986)

The risk management also provides a procedure which can reduce possible and

sudden surprises (World Economic Forum, 2015).

Different attitudes towards risk can be explained as cultural differences between

organizations, where the approach depends on the company's policy and their

internal procedures (World Economic Forum, 2015).

47
2.1.20 Risk response

This third step of the RMP indicates what action should be taken towards the

identified risks and threats. The response strategy and approach chosen depend on

the kind of risks concerned (Winch, 2002). Other requirements are that the risk

needs to have a supervisor to monitor the development of the response, which will

be agreed by the actors involved in this risk management process. (PMI, 2004)

Winch (2002) claims that the lower impact the risk has, the better it can be

managed. Most common strategies for risk response are: avoidance, reduction,

transfer and retention (Potts, 2008). Beyond those types of responses, Winch

(2002) describes that sometimes it is difficult to take a decision based on too little

information. This may be avoided by waiting until the appropriate information is

available in order to deal with the risk. This way of acting is called „Delay the

decision‟ but this approach is not appropriate in all situations, especially when

handling critical risks. Those need to be managed earlier in the process.

Avoidance/prevention

If the risk is classified as bringing negative consequences to the whole project, it is

of importance to review the project’s aim. In other words, if the risk has significant

impact on the project, the best solution is to avoid it by changing the scope of the

project or, worst scenario, cancel it. There are many potential risks that a project

can be exposed to, and which can impact its success (Potts, 2008). This is why risk
48
management is required in the early stages of a project instead of dealing with the

damage after the occurrence of the risk (PMI, 2017).

The avoidance means that by looking at alternatives in the project, many risks can

be eliminated. If major changes are required in the project in order to avoid risks,

Zailani et al (2016) suggest applying known and well developed strategies instead

of new ones, even if the new ones may appear to be more cost efficient. In this

way, the risks can be avoided and work can proceed smoothly because strategy is

less stressful to the users.

Cooper et al. (2005) list some activities that can help to avoid potential risk:

i. More detailed planning

ii. Alternative approaches

iii. Protection and safety systems

iv. Operation reviews

v. Regular inspections

vi. Training and skills enhancement

vii. Permits to work

viii. Procedural changes

ix. Preventive maintenance

49
Reduction/mitigation

By having an overview over the whole project it is easy to identify problems which

are causing damage. In order to reduce the level of risk, the exposed areas should

be changed (Wallace et al., 2007). This is a way of minimizing the potential risks

by mitigating their likelihood. One way to reduce risks in a project is to add

expenditures that can provide benefits in the long term. Some projects invest in

guarantees or hire experts to manage high-risk activities. Those experts may find

solutions that the project team has not considered (Wallace et al., 2007).

Mitigation strategies can, according to Cooper et al. (2005), include:

 Contingency planning

 Quality assurance

 Separation or relocation of activities and resources

 Contract terms and conditions

 Crisis management and disaster recovery plans

Those risks which should be reduced can also be shared with parties that have

more appropriate resources and knowledge about the consequences (Thomas,

2009). Sharing can also be an alternative, by cooperating with other parties. In this

way, one project team can take advantage of another‟s resources and experience. It

is a way to share responsibilities concerning risks in the project (Darnall and

Preston, 2010).
50
Transfer

If a risk can be managed by another actor who has a greater capability or capacity,

the best option is to transfer it. The actors that the risks can be transferred to are,

for example, the client, contractor, subcontractor, designer etc, depending on the

risk’s character. As a result this could lead to higher costs and additional work,

usually called risk premium (Potts, 2008). It must be recognized that the risk is not

eliminated; it is only transferred to the party that is best able to manage it (PMI,

2004). Shifting risks and the negative impacts they bring is also an option when the

risks are outside the project management’s control, for example political issues or

labor strikes (Wallace et al., 2007). The situation may also consist of catastrophes

that are rare and unpredictable in a certain environment. (Winch, 2002) Such risks

that are beyond the management’s control should be transferred through insurance

policies.

Retention

When a risk cannot be transferred or avoided, the best solution is to retain the risk.

In this case the risk must be controlled, in order to minimize the impact of its

occurrence. Retention can also be an option when other solutions are uneconomical

(Wallace et al., 2007).

51
Monitoring

This final step of RMP is vital since all information about the identified risks is

collected and monitored (Winch, 2002). The continuous supervision over the RMP

helps to discover new risks, keep track of identified risks and eliminate past risks

from the risk assessment and project (PMI, 2017). PMI (2017) also states that the

assumptions for monitoring and controlling are to supervise the status of the risks

and take corrective actions if needed.

2.1.21 Management Override of Risk Management Procedures

Management may override or disregard prescribed policies, procedures, and

controls for improper purposes. Override practices include misrepresentations to

state officials, staff from the central control agencies, auditors or others.

Management override must not be confused with management intervention (ie the

departure from prescribed policies and procedures for legitimate purposes).

Intervention may be required in order to process non-standard transactions that

otherwise would be handled inappropriately by the risk management processes. A

provision for intervention is needed in all risk management processes since no

process anticipates every condition (Voetsch et al., 2004).

2.1.21.1 Personnel Errors or Mistakes

The risk management procedure is only as effective as the personnel who

implement the procedure and process. For example, employees may misunderstand
52
instructions or make errors of judgment. Employees may also make mistakes

because of personal carelessness, distraction or fatigue. The risk department should

carefully consider the quality of the entity’s personnel when evaluating risk

(Voetsch et al., 2004)

2.1.21.2 Collusion

The effectiveness of segregation of duties lies in individuals’ performing only their

assigned tasks or in the performance of one person being checked by another.

There is always a risk that collusion between individuals will destroy the

effectiveness of segregation of duties. For example an individual received cash

receipts from customer can collude with the one who records these receipts in the

customers’ records in order to steal cash from the entity (Voetsch et al., 2004).

2.1.21.3 Judgment

Effective risk management may be limited by the realities of human judgment.

Decisions are often made within a limited time frame, without the benefit of

complete information, and under time pressures of conducting agency business.

These judgment decisions may affect achievement of objective. Risk management

may become ineffective if management fails to minimize the occurrence of errors

for example, misunderstanding instructions, carelessness, distraction, fatigue, or

mistakes (Voetsch et al., 2004).

53
2.1.21.4 Breakdowns

Even well designed risk management procedures and processes can break down.

Employees sometime misunderstand instructions or simply make mistakes. Errors

may also result from new technology and the complexity of computerized

information systems.

2.1.21.5 Cost versus Benefits

The cost of risk management must not exceed benefits to be derived. Potential loss,

associated with exposure, should be weighed against the cost to control it.

Although the cost-benefit relationship is a primary criterion to be considered in

designing risk management policies, the precise measurement of costs is generally

not possible. The challenge is to find a balance between excessive risk which is

costly and counterproductive and too little risk which exposes the organization to

increased and unnecessary risk (Voetsch et al., 2004).

2.1.22 Limitations of Risk Management

A fundamental concept underlying the definition of risk management is that risk

management structure provides only reasonable assurance that agency

objectiveness will be achieved. Limitations are inherent in all risk management

processes. These result from poor judgment in decision-making, human error,

management’s ability to override controls, collusion to circumvent control, and

consideration of costs and benefits relative to risk management. No matter how

54
well risk management procedures operate, some events and conditions are beyond

management’s control (Voetsch et al., 2004).

2.2 Theoretical Review

2.2.1 Expectancy Theory

This theory was developed by Vroom (1964). The theorist believes that motivation

of the individual is determined by perception of relationship between the actions

and rewards. The theory is categorized into three sections namely, valence,

expectancy and instrumentality. Expectancy assumes that a certain level of effort

will be followed with certain level of performance. Valence represents a value that

a given outcome has for individual. Instrumentality relate to the connection

between first level outcome like promotion and second level outcome such as raise.

Thomas (1990) analyzed Vroom expectancy theory model in the context of

construction industry, and found that the theory discusses variations of

performance in terms of effort which the employee is willing to exert in order to

finish a job. According to Thomas, the result performance could be observed based

on efficiency, effectiveness, quality of work, innovation, profitability and

productivity. 12 According to Gonzalez (1991), managers should determine the

outcome of each employee values and define adequate and good performance, in

terms that are observable and measurable so that employees understand managers’

desires. Project managers in construction industries should also ensure that

55
intended level of performance is attainable in fact; they should connect the

outcome required by the workers to specific performance. This theory relates to

performance of projects as it will help all stakeholders such as projects managers to

develop measurement guide that can give important feedback to workers therefore

improving performance of projects.

2.2.2 Enterprise Risk Management Theory

According to Nocco and Stulz (2006), Enterprise Risk Management (ERM) is a

risk management theory advocates for recommends for the measurement and

management of notable risk facing a given entity whole than the management of

each risk independently. Its main aim is to combine the risk management silos in

an organization into one holistic and comprehensive framework. The ERM risk

management framework of managing risk emphasizes that senior company

executives and employees should actively be involved in risk management process

of analyzing and responding to a wide range of company risks (Hallowell,

Molenaar, &Fortunato, 2013). This concept encourages all members of the

organization to be involved in the management of risks and not only one or a few

members. The ERM also highlight the importance of clear process and policies for

managing risks. According to Olson and Wu (2010), the theory also affirms that if

10 organizations can embrace formal policies that define risks appetite, strategic

goals, tolerance and systematic processes then they can improve their risk
56
management capacity of identifying, analyzing, and treating of risks. The theory

also stresses on a creation of risk management culture where all stakeholders are

empowered and accountable to manage risks. Cormican (2015) suggested that

ERM practices involve increased competitive advantage, stakeholder confidence

and long-term viability of organizations. The ERM theory has become popular in

project management techniques despite the fact that it was developed for

management of company risks. Drumll (2001) explains that adopting ERM

philosophy in the construction industry is a wise decision as it applies to industries

that have very high rates of failure like construction industry. These failures are as

a result of failure to identify, mitigate and control risk across the entire business

making this theory relevant to this research.

2.2.3 Network Theory

Network theory is a hypothesis that is used to clarify the structure and working of

social frameworks. According to Fang, Marle, Zio&Bocquet (2015) this hypothesis

sees social frameworks, for example, organizations or projects as a network that

includes nodes and links associating these nodes. For example, in a given projects,

the nodes may incorporate members of the project team, the task administrator,

suppliers, owner of the project and project financiers. These nodes are associated

with different connections such as supplier buyer relationship, financing, legal, and

working connections. The hypothesis clarifies that adjustments or unsettling

57
influences in any node or line inside the system cause a progressively outstretching

influence on every single other line and nodes. The theory is frequently used as a

part of risk management to clarify and educate the procedure of risk analysis.

Moreover, according to Zingrand (2010), this theory also put more emphasis on the

need to adopt a systematic approach when analyzing and understanding risk

instead of concentrating on the risk consequences as one component of the project.

It urges project team to consider how different segments of the project are

interrelated and how obstruction in one component will influence other

components of the project. This point of view of investigating risk empowers

managers of the project to think of a more reasonable and all-encompassing

evaluation of the effect of specific risk. This theory recommends that in order to

judge the success of project management strategies the researcher should establish

the extent at which this strategy holistic and comprehensive making this theory

relevant to this research

2.3 Empirical Review

Aduma and Kimutai (2018) conducted a study in Nairobi Kenya to investigate risk

management practices conducted at the National Hospital Insurance Fund in

Nairobi. A descriptive research design was adopted in the study and a total of 651

management employees at NHIF were the study’ target population. A stratified

proportionate random sampling technique was employed and the sample size was
58
241. Self-administered questionnaires were then administered to the study

respondents who consisted of staff from finance, Health insurance and legal affairs,

Public procurement and human resources departments. The data collected was then

analyzed using both descriptive statistics and inferential statistics a test for

multicollinearity. Findings of the study revealed that risk transfer influenced

performance of NHIF in that use of outsourcing, high cost of risk premiums and

insurance policy and contractual agreements to a third party greatly influenced

performance of the Funds projects.

Nsiah and Bonnah (2014) conducted a study in Ghana to investigate the effect of

risk management practices on Ghanaian banking industry. The study adopted a

case study research design and a total of 5 banks located in the rural area consisted

of the study’ target population. The employed questionnaires and face to face in-

depth interviews to investigate how risk management practices influenced the

performance of the banks. Questionnaires were then successful administered to

bank managers, strategic and finance officers. For data analysis, the study

employed descriptive and content analysis and findings of the study revealed that

risk transfer strategies such as high-risk premiums, signing of contracts and

insurance policy influenced the performance of the 5 banks.

Kolo (2015) investigated the influence of project risk management practices in

construction projects in Abuja Nigeria. The study adopted a descriptive research

59
design and a total of 12 construction firms in Yola were the study’ target

population. Questionnaires were successfully administered to project managers,

supervisors and general managers of the firms. Data collected was then analyzed

using descriptive analysis and findings of the study revealed that the construction

firm adopted risk transfer strategies such as insurance policy and risk premiums

influenced performance of the projects in terms of cost time and quality.

Pimchangthong and Boonjing (2017) investigated the effect of risk management

practices on performance of IT projects. The study adopted a descriptive research

design and a total of 200 project managers, IT managers and IT analysts working

in IT firms were interviewed. The researcher successfully administered

questionnaires consisting of both open ended and closed ended questions to the

study respondents. Data collected was then analyzed using descriptive statistics.

Findings of the study revealed that risk transfer strategies such as highrisk

premiums, signing of legal agreements and outsourcing influenced the

performance of the firm’s IT projects.

Ubani, Amade, Benedict, Aku, Agwu, and Okogbuo (2015) conducted a study in

Nigeria to investigate the influence of risk management practices on construction

industry. The study adopted a case study research design and the study’ target

population consisted of contractors, clients and consultants in the construction

industry. A total of 84 respondents represented the sampling size. For data

60
collection the study adopted use of questionnaires that were administered t 15

construction companies. Data collected was then analyzed using SPSS and the

findings of the study revealed that the construction firms adopted risk control

strategies through identification of the risk, quantifying and responding to the risk

in accordance to risk management policy of each firm. The findings of the study

further implicated that all of the construction firms adjusted plans and scope of

work in order to counter risk effects, monitoring risk making timely decisions and

keeping project managers informed about possible risk. The study concluded that

by adopting risk control measures the construction company’s performance of

projects is enhanced through working within the time limit and budget of projects.

Naktari (2014) conducted a study in West Pokot to investigate the effect of

humanitarian risk management strategies on NGO’s. The study adopted a

descriptive research methodology and the study’ population consisted of all

humanitarian NGO operating in West Pokot. The study employed structured

questionnaires that consisted of both open ended and close ended questions. For

the data collected the study employed descriptive statistics and content analysis for

statistical analysis of the data collected. Findings of the study revealed that the

NGO’s adopted a contingency plan to minimize hazard risks financial risks,

operational and strategic risks. Study findings further revealed that the NGO’s

61
adopted a detailed crisis management plan and a disaster recovery plan as the

mitigation strategies.

Ubani, Amade, Benedict, Aku, Agwu, and Okogbuo (2015) conducted a study in

Nigeria to investigate the influence of risk management practices on construction

industry. The study adopted a case study research design and the study’ target

population consisted of contractors, clients and consultants in the construction

industry. A total of 84 respondents represented the sampling size. For data

collection the study adopted use of questionnaires that were administered t 15

construction companies. Data collected was then analyzed using SPSS and the

findings of the study revealed that the construction firms adopted risk retention

through active retention by taking self-insurance after evaluation of possible losses

and costs of alternative ways of handling risks. The study findings further

implicated that risk retention positively influences performance of the construction

firms.

Aimable, Shukla and Oduor (2015) conducted a study in Rwanda to investigate the

effects of risk management methods on the performance of construction projects

facilitated by RBSS multi-storey building projects. The study adopted a descriptive

research design and a total of 291 project team located in 4 districts were the study’

population. The study used simple random sampling and the sample size was

169.Study employed structured questionnaires, documentary review and In-depth

62
interviews for data collection and for data analysis the study adopted qualitative

analysis techniques. Findings of the study revealed that the construction firm

purchase insurance and have detailed crisis management plan and a disaster

recovery plan in the case of hurricanes. The findings of the study revealed that risk

retention positively influenced the performance of the construction projects.

2.4 Summary

In this chapter, risk management is explained in detail; that is the definition of risk,

and sources, characteristics and the impact of risk. This knowledge is necessary to

understand the role of management and risk department in the risk management

process. The chapter also expands on the risk management cycle and policy, the

responsibility for risk management, and how to assess risk management.

63
 CHAPTER THREE

METHODOLOGY

3.1. Research Design

The use of descriptive survey research method was used for this research work

(Quantitative approach). The data collection procedure made use of closed end

questionnaire. The chapter concluded with different data analysis techniques, using

the SPSS data analysis software.

In this part of the research, the researcher talked mainly about the assessment of

risk management tools in construction project in Nigeria using MTN office at

G.R.A in Rivers State, as a case study. Emphases are therefore on the various risk

management tools used in construction projects in Nigeria.

3.3 Population and Sample Size of the Study

For the purpose of this research, the population of study comprised the Clients,

Contractors, Consultants, and Other Professionals in the study area. These

respondents were 103 in numbered. 103 was therefore the Sample Size, Using

Taro Yamane formula for the sample size determination.

n = N

1+N(e)2

n= 103
64
 1+103 (0.0025)

n= 103. Therefore, the sample size was 103 respondents.

3.4: Data Collection Procedure

For purposes of triangulation (Ghauri and Grönhaug, 2005) both primary and

secondary sources of data were used.

According to Kumar (2005) primary sources are sources of data collection where

the data is collected for the specific purpose at the time of collection. The primary

sources of data were collected primarily through survey of the staffs using

questionnaires. The study also made used secondary sources of data. To Ghauri

and Grönhaug (2005) secondary sources of data are data that were collected,

recorded and used previously. The secondary sources of data were from featured

periodicals, company websites and journals.

3.5 Research Instruments

Questionnaire distribution as well as interviews with some of the respondents in

the study area was deployed to elicit opinions on the objectives of the study. All

the respondents that were administered the questionnaire include Clients,

Contractors, Consultants, and Other Professionals who have gained experience on

project related issues. One hundred and three (103) questionnaire were distributed

65
via personal contacts to the respondents and a total number of ninety two (92)

were properly filled out and were used for the analysis. The respondents’

background was of importance as this was used to determine their level of

experience in project related issues. The five point likert scale, was used in

eliciting response from the respondents in the scale of 1 to 5 (Strongly agree=5,

Agree=4, Neutral=3, Disagree=2 and strongly disagree=1). In addition, the data

collected were also used to compare the opinions among Clients, Contractors,

Consultants and Other Professionals on the project related issues. Results from the

questionnaire survey were analyzed using different statistical techniques with the

aid of Statistical Package for Social Sciences (SPSS). Firstly, a descriptive

statistics of the demographic concerns about the respondents in terms of their

frequency as regards the professionals’ background, education qualifications, work

experiences in addition to average number of projects taken were presented using

frequency tables. Secondly, the respondents were asked to provide answers to the

key research questions using the five point likert scale questionnaire format.

The research design used in any study is determined by the nature of the research

problems and by the objective of the study. As this study is focused on evaluating

the as a case study,

3.7 Data Analysis Procedure

66
Both descriptive statistics and qualitative approaches were used to analyse the data.

The collected data were summarized and presented in tabular form. The

questionnaires which were not completely answered were considered non-

responsive. Frequency distributions tables and percentages were used to illustrate

the results. Key variables were analyzed and ranked in order to establish their

criticality, relevance and level of influence in determining…. Then before a

relative importance index (RII) as stated in equation 3.2 below was applied to

prioritize the severity of the factors, the raw rankings were multiplied together to

produce a critical factor index (CFI) as shown in equation 3.1

(CFI) = ΣW [(f1 x n1) + (f2 x n2) + (f3 x n3) +... + (fn x nn)] --------------- 3.1

Where,

ΣW = the summation of the weighting given to each factor.

fn = score ranking.

nn = corresponding number of responses.

Relative important index (RII) = ------------------------------ 3.2

Where, f is the frequency of score,(x) for the factor under consideration, A=

highest weighting factor, (that is 5), F=total number of sample. The final results

obtained were presented using Tables and percentages. All these were done in

order to ensure that the responses received would be reliable.

67
 CHAPTER FOUR

RESULTS AND DISCUSSIONS

4.1 Preamble

Chapter four gives a comprehensive and analytical discussion of the results of the

study in form of tables. The section deals with an analysis of information gathered

from the survey questionnaire issued to the respondents so as to achieve the

objectives of the study. The initial aspect of the result deals with general

background information of the respondents. Frequency tables and Relative

Importance Index (RII) to identify the most important factors that impact on risk

management on projects were all detailed.

SECTION A

Table 4.1: Details of Response Rate of Respondents

Group of No. of No. returned Rate (%) of No. Percentage

Respondents Questionnair returned Responsive
es distributed
Clients 24 21 87.5 21 22.8
Contractors 29 27 93.1 27 29.3
Consultants 35 31 88.6 31 33.7
Others 15 13 86.7 13 14.2
TOTAL 103 92 89.3 92 100.0
Source: Field survey, 2019.
68
The data were collected from the questionnaires administered to the four basic

respondents namely: Clients, Contractors, Consultants and Other Professionals

identified in the study area. The Table 4.1 above had shown the sample size of the

respondents. 103 questionnaires were administered to respondents out of which 92

representing 89.3% (n=92) were returned. A questionnaire is said to be responsive

where all questions in relation to the topic are fully answered. A total of 92

questionnaires were said to be responsive representing 89.3% (n=92) of the

questionnaires returned as displayed in Table 4.1 above.

The Table 4.1 also shows the breakdown of the results. 22.8% are Clients, 29.3%

are Contractors, 33.7% are Consultants, while the remaining 14.2% are other

Professionals. The result shows that majority of the respondents are Consultants

representing 33.7% of the total respondents.

Table 4.2: Level of Education

Level of Education Frequency Percent Valid Cumulative

Percent Percent

O – LEVEL 18 19.6 19.6 19.6

OND/ NCE 21 22.8 22.8 42.4

HND / B.Sc. 34 37.0 37.0 79.3

Valid
MBA / M.Sc. 16 17.4 17.4 96.7

Ph.D. 3 3.3 3.3 100.0

Total 92 100.0 100.0

Source: Field survey, 2019.

69
From the table 4.2 above, it was observed that 19.6% or 18 respondents are
O – Level holders, 22.8% or 21 respondents are OND/NCE holders, 37.0% or 34
respondents are HND/B.Sc. holders, 17.4% or 16 respondents are MBA/M.Sc.
holders and the remaining 3.3% or 3 respondents had Ph.D. qualifications.

Table 4.3: Years of working experience of the respondents.

Age Frequency Percent Valid Cumulative

Percent Percent

0 – 5 years 29 31.5 31.5 31.5

6 – 10 years 47 51.1 51.1 82.6

Valid
More than 10 years 16 17.4 17.4 100.0

Total 92 100.0 100.0

Source: Field survey, 2019.

Table 4.3 indicates that the results of distribution of the respondents on the basis of

working experience. The table shows that out of the 92 respondents surveyed

31.5% of the respondents have between 0-5 years working experience, 51.1% have

experience between 6-10 years while the remaining 17.4% or 16 respondents have

over 10 years working experience. These finding indicates that the majority of the

respondents have working experiences 6-10 years. The result as displayed provided

the level of working experience and knowledge which would help in creating

confidence in the credibility of the data. It indicates that responses provided could

be relied upon for the study.

70
Table 4.4: Average Number of Projects taken.

Options Frequency Percent Valid Cumulative

Percent Percent

Below 3 9 9.8 9.8 9.8

3–5 18 19.6 19.6 29.3

Valid 6 – 10 24 26.1 26.1 55.4

Above 10 41 44.6 44.6 100.0

Total 92 100.0 100.0

Source: Field survey, 2019.

Table 4.4 indicates that the results of distribution of the respondents on the basis of

average number of projects taken. The table shows that out of the 92 respondents

surveyed, 9.8% of the respondents have taken below 3 projects, 19.6% have taken

between 3-5 projects, 26.1% respondents have taken between 6-10 projects while

the remaining 44.6% or 41 respondents have taken over 10 projects

71
 SECTION B

Table 4.5: Analysis and ranking of Risk Factors

RANKING total ΣW Mea RII Rank
Risk Factors SA A N D SD n
5 4 3 2 1
Change of Government Policy 12 28 25 20 7 92 294 3.20 0.64 8th
Delay in Payment 28 44 20 0 0 92 376 4.01 0.82 1st
Obsolete Technology 18 16 30 14 14 92 286 3.10 0.62 9th
Availability of Labour and Materials 25 37 26 4 0 92 359 3.90 0.78 2nd
Competence of Consultants and 16 33 32 11 0 92 330 3.59 0.71 4th
Contractors
Design Changes 28 23 14 14 13 92 315 3.42 0.68 5th
Inaccurate Estimates 20 33 25 12 2 92 333 3.62 0.72 3rd
Poor Communication Among Project 17 16 32 27 0 92 299 3.25 0.65 7th
Team
Price Fluctuation 17 16 32 10 17 92 282 3.07 0.61 10th
Contract Flaws 16 18 41 15 2 92 307 3.34 0.67 6th
Source: Field survey, 2019.

The viewpoints of the respondents were sought on the Risk factors affecting

project management. The results of the responses were analysed using Relative

Importance Index (RII) and Mean Score as shown in Table 4.5 above. The indices

observed suggest that the higher the important index, the more significant and

influential that factor. Based on Table 4.5 above, Delay in Payment emerged as the

highest ranked factor with a RII value of 0.82 followed by Availability of Labour

and Materials (RII=0.78) as the second ranked factor. Inaccurate Estimates was

72
 3rd major factor (RII=0.72) followed by Competence of Consultants and

Contractors as 4th ranked factor (RII=0.71 and Mean Score = 3.59). Design

Changes was ranked 5th, with a RII of 0.68 (Mean Score=3.42), Contract Flaws

with RII of 0.67 was ranked sixth, Poor Communication Among Project Team

with RII of 0.65 as the seventh and Change of Government Policy (RII=0.64) as

the eighth factor. Obsolete Technology was ranked 9th with a RII of 0.62 (Mean

Score=3.10), Price Fluctuation with RII of 0.61 was ranked tenth and lowest

ranked factor among other factors as displayed in the Table 4.5 above.

SECTION C

Table 4.6: Ranking of Respondents’ opinions on Risk Response Strategies

Risk Response Strategies RANKING Total ΣW Mean RII Rank

SA A N D SD

Risk Avoidance 26 44 10 8 4 92 356 3.87 0.77 2nd

Risk Transfer 24 42 13 8 5 92 348 3.78 0.76 3rd

Risk Reduction 28 49 8 5 2 92 382 4.15 0.83 1st

Risk Retention 21 36 8 15 12 92 315 3.42 0.68 4th

Source: Field Study, 2019.

The viewpoints of the respondents were sought on the Risk Response Strategies.

The results of the responses were analysed using Relative Importance Index (RII)

and Mean Score as shown in table 4.6 above. The indices observed suggest that the
73
higher the important index, the more significant and influential that factor. Based

on Table 4.6 above, Risk Reduction as the highest ranked sanitary facility with a

RII value of 0.83 followed by Risk Avoidance (RII=0.77) as the second ranked risk

response strategy. Risk Transfer was 3rd strategy (RII=0.76). Risk Retention with

RII of 0.68 was ranked fourth risk response strategy among others as displayed in

the table 4.6 above. Interestingly, most respondents interviewed in the study area

considered Risk Reduction as highest ranked risk response strategies in the study

area.

4.2 Discussion of findings

Firstly, it was observed from the analysis that the indices observed suggest that the

higher the important index, the more significant and influential that factor. Based

on Table 4.5 above, Delay in Payment emerged as the highest ranked factor with a

RII value of 0.82 followed by Availability of Labour and Materials (RII=0.78) as

the second ranked factor. Inaccurate Estimates was 3rd major factor (RII=0.72)

followed by Competence of Consultants and Contractors as 4th ranked factor

(RII=0.71 and Mean Score = 3.59). Design Changes was ranked 5th, with a RII of

0.68 (Mean Score=3.42), Contract Flaws with RII of 0.67 was ranked sixth, Poor

Communication Among Project Team with RII of 0.65 as the seventh and Change

of Government Policy (RII=0.64) as the eighth factor. Obsolete Technology was

ranked 9th with a RII of 0.62 (Mean Score=3.10), Price Fluctuation with RII of
74
0.61 was ranked tenth and lowest ranked factor among other factors as displayed in

the Table 4.5 above.

The second tables of the respondents were sought on the Risk Response Strategies.

The results of the responses were analysed using Relative Importance Index (RII)

and Mean Score as shown in table 4.6 above. The indices observed suggest that the

higher the important index, the more significant and influential that factor. Based

on Table 4.6 above, Risk Reduction as the highest ranked sanitary facility with a

RII value of 0.83 followed by Risk Avoidance (RII=0.77) as the second ranked risk

response strategy. Risk Transfer was 3rd strategy (RII=0.76). Risk Retention with

RII of 0.68 was ranked fourth risk response strategy among others as displayed in

the table 4.6 above. Interestingly, most respondents interviewed in the study area

considered Risk Reduction as highest ranked risk response strategies in the study

area.

75
 CHAPTER FIVE

CONCLUSION AND RECOMMENDATION

5.1. Conclusions

This study primarily sets out to examine the consequences of risk management on

the performance of MTN Telecommunication. The specific objectives were to:

identify the factors responsible for poor risk management practices in Nigeria and

to identify the various risk response strategies in MTN Telecommunication. The

outcomes of this study were expected to serve cell site construction projects

implementers with the requisite knowledge on the possible risk associated with this

kind of project and how to manage the risks accordingly.

A cursory search on existing literature on the subject matter indicates that popular

among the various types of risk identified by previous writers are physical works,

delay and disputes, direction and supervision, damage and injury to persons and

property, external factors, payment, and law and arbitration. Classification of risk

also encompassed contractual risk - caused by lack of clarity, absence of

communication between parties, problems of timeliness in contract administration

and construction risk – which is inherent in the work itself.

The Project Management Institute (2004), being a major source of authority on this

subject matter, also puts together in their literature that two of the major categories

of risk assessment and measurement techniques include the quantitative or

76
qualitative approaches. The literature accordingly emphasises that qualitative risk

analysis usually prioritises risks for subsequent further analysis or action by

assessing and combining their probability of occurrence and impact. Quantitative

risk analysis approaches on the other hand numerically analysis the effect on

overall project objectives of identified risks.

This study primarily makes use of field data sourced through questionnaires

administered in MTN Nigeria, G.RA Branch, Rivers state in Nigeria. In all, a total

of one hundred and three (103) questionnaires were distributed to respondents but

due to high non-response rate, only ninety two (92) were returned by the

respondents representing 89.3% of the non- response rate. The ninety-two (92)

respondents unevenly emerged from the stakeholders currently in the industry at

the time of the analysis and concluding on the findings of the study.

paragraph

In drawing a conclusion on the various submissions on poor risk management and

risk response strategies, it is worth establishing that task such as site feasibility

assessment, survey, and marking; and the finalization of specifications for risk

response strategies in the company. These two major tasks are paramount and must

be granted the necessary attention by project managers in the telecommunication

sector.

77
On the various types of risks associated with the performance of MTN

Telecommunication. However, the study finally establishes with deductions from

the responses of the respondents that cell site construction project implementers

give higher attention to financial loss and market leadership related risks than to

the other identified risk forms.

On the modalities of how project implementers have identified and managed the

associated risks of telecommunication tower construction, it was realized that a

mix of quantitative and qualitative techniques are employed in the assessment of

risk. In this regard, the results show that the expected net present value (ENPV)

and expected monitory value (EMV) are the most prevalent quantitative techniques

used by project implementers in the identification of risks. The results also show

that in terms of qualitative approaches, the use of ―rule of thumb‖ appears to be

the most frequently used and popular method compared to ―personal and

corporate experience approaches‖ though being occasionally used in respondents

organisations also yields a relatively high rate of success.

More emphatically, managing risks in the cell site construction project through the

collaboration of project related parties have been found in this study as being

fundamental to the realisation of goals of cell site projects. It is established that

there is a high need for consultative and collaborative interfaces between the

project technical teams, the commercial/market and capital budgeting teams at all
78
stages of the project implementation. There is an effective management and control

of deviations from standards, budgets allocations, corporate policies and the

organisational objectives of acquiring high returns on the cell site project when this

is done.

5.2. Recommendations

From this study, I propose to stakeholders to employ all due diligence in the

assessment of the feasibility of locations for the installation of cell sites prior to

commencement of on-site works.

There is the need to create the platforms in corporate settings that foster an

effective interface among the various units within the organisation especially

among the commercial or marketing teams and the project technical teams in an

efficient manner that enhances the bringing on board of ideas pertaining to good

cell site locations and satisfaction of customer mobile communication needs. A fair

representation of individuals with various backgrounds to also have evaluative

oversight on any cell site project to be constructed would go a long way to enhance

the achievements of cell site construction objectives.

These competitive business times would not reward organisations that rely solely

on the prerogatives of its top management or corporate governing body regarding

the feasibility of the implementation of any slated cell site projects without

79
considering the competing views or interest of stakeholder groups in any cell site

construction project.

80
 REFERENCES
Addison, W. & Vallabh, P. (2002). Impact of project risk Identification
performance of software projects in IT enterprises in China. Journal of
Project Risk Management, 8 (1), 17-24.
Akkermans, H. & Helden, V. (2002). Vicious and virtuous cycles in ERP
implementation: a case study of interrelations between critical success
factors; European Journal of Information Systems, 11(1), 35-46.
Alhawari, S., Karadech, L., Talet, A., Mansour E. (2012). Knowledge-based risk
management framework for information technology project. International
Journal of Information Management, 32(1), 50–65.
Alfayo, K. & Namusonge, G. (2016). The effect of monitoring, evaluation and risk
management of projects on performance of firms in the telecommunication
sector in Kenya: The Strategic Journal of Business & Change Management,
3(4), 1377-1396.
Aviram-Unger, E., Zwikael, O. & Restubog, S. (2013). Revisiting goals, feedback,
recognition and performance success: the case of project teams. Group &
Organization Management: An International Journal, 38 (5), 570–600
Bakker, K., Boonstra, A., & Wortmann, H. (2011). Risk management affecting
IS/IT project success through communicative action. Pproject Management
Journal, 42(3), 75–90. Retrieved from: http://dx.doi.org/10.1002/pmj.20242
Bannerman, P. L. (2008). Risk and risk management in software projects: A
reassessment. The Journal of Systems and Software, 81(12), 2118-2133.
Barton, T. L., Shenkir, W.G. and Walker, P. L. (2002). Making Enterprise Risk
Management Pay Off. USA, Prentice Hall PTR, Financial Times
Besner, C., Hobbs, B. (2006). The perceived value and potential contribution of
project management practices to project success. Project Management
Journal, 37(3), 37-48.
Bloch, M., Blumberg, S., Laartz, J. (2012). Delivering large-scale IT projects on
time, on budget, and on value, McKinsey & Company in conjunction with
the University of Oxford. Retrieved from
http://www.mckinsey.com/businessfunctions/businesstechnology/our-
insights.
Briggs, R. (2017). Normative Theories of Rational Choice: Expected Utility. The
Stanford Encyclopedia of Philosophy (spring 2017 Edition). Retrieved from
81
 https://plato.stanford.edu/archives/spr2017/entries/rationality-normative-
utility. Cagliano, C., Grimaldi, S., Rafele, C. (2015). Choosing project risk
management techniques. A theoretical framework. Journal of risk research,
18(2), 232-248.
Campbell Institute. (2014). Risk Perception: Theories, Strategies and Nest Steps.
The Campbell Institute. Retrieved from https://thecampbellinstitute.org
Chapman, C., & Ward, S. (2007). Project risk management: Process, techniques
and insights (2nd Ed.). Chichester, UK: John Wiley. Chapman, C., and
Ward, S. 1997. Project Risk Management: Process, Techniques and Insights,
John Wiley & Sons.
Chenoweth, T., Minch, R. and Gattiker, T. (2009). Application of Protection
Motivation Theory to Adoption of Protective Technologies. Proceedings of
the 42nd Hawaii International Conference on System Sciences.
Cisco Visual networking Index. (2016). Global Mobile data Traffic Forecast
Update 2016 − 2021, White Paper. Retrieved from https://www.cisco.com
Communication Authority of Kenya. (2015). Mobile operators Fail to Meet
Quality of Service targets for the third year running. Retrieved from
http://www.ca.go.ke/index.php Communication Authority of Kenya. (2017).
Annual report. Retrieved from http://www.ca.go.ke.
Coles, R. S. & Moulton, R. (2003). Operationalizing IT risk management.
Computers and security, 487-492
GSMA (2016). The Mobile Economy Africa report. Gsmaintelligence. Accessed
from https://www.gsmaintelligence.com/research.
Gupta P. (2011). Risk Management in Indian Companies: Enterprise-Wide Risk
Management. Journal of Risk Finance, 121-139.
Hens, T. and Rieger, M. (2016). Financial Economics, Springer Texts in Business
and Economics, Springer-Verlag Berlin Heidelberg.
Hillson, D. (2000). Developing effective risk responses. In Proceedings of the 30th
Annual Project Management Institute Seminars & Symposium, 10-16
October, 1999, Sylva. NC:Project Management Institute;
Hillson, D., and Simon, P. (2007). Practical project risk management. The ATOM
methodology. Vienna, VA: Management Concepts.
Hunt. R. and Kosaroglu, M. (2006) Project manager skill sets in
telecommunications industry new product development projects,
82
 International Conference on Project Management (Promac2006), PMI,
September 2006, Sydney, Australia.
Ibbs, C.W., Kwak, Y. (2000). Assessing project management maturity. Project
Management Journal, 31(1), 3243.
Jin, X. & Yean, F. (2006). Key relationship-based determinants of project
performance in China, Building and Environment, 41, 915-925.
Jun, G., Qiuzhen, R. & Qingguo, E. (2010). Effects of project risk planning on IT
project performance focusing on a case of China vendor firms. Project
Management Journal, 31(1), 32-43.
Kerlinger (2012). Leading Change: “Why Transformation Efforts Fail”. Harvard
Business Review, 59-67.
Kerzner, H. (2009). Project Management: A Systems Approach to Planning,
Scheduling and Management, Hoboken, New Jersey, USA, John Wiley
&Sons, Inc.
Khan, O., & Burnes, B. (2007). Risk and supply chain management: Creating a
research agenda, International Journal of Logistics Management, 18(2), 197-
216.
Kinyua, E., Ogollah, K. & Mburu D. (2015) Effect Of Risk Management Strategies
on Project Performance of Small and Medium Information Communication
Technology Enterprises in Nairobi, Kenya. International Journal of
Economics, Commerce and Management, United Kingdom, 3(2), 1-30.
Kululanga, G., Kuotcha, W. (2010). Measuring project risk management process
for construction contractors with statement indicators linked to numerical
scores", Engineering, Construction and Architectural Management, 17(4),
336-351.
Lee, J., & Chun, J. (2009). Risk response analysis model for construction method
using the forced-decision method and binary weighting analysis. Journal of
Asian Architecture and Engineering, No.1:205-12.
Leung, H. V., Tummala, R. & Chuah, K. (1998). A knowledge-based system for
identifying potential project risks. Omega:26, 623-638.
Levinson, M. (2010). IT Project Management: 10 less considered Keys to Success.
Retrieved from http://www.cio.com.
Lientz, B. P & Larsen, L. (2006). Risk Management for IT projects: how to deal
with over 150 issues and risks. USA, Elsevier, Inc.
83
Ludovico, F. & Petrarca, F. (2010), Extreme project management in Telco
industry. Paper presented at PMI Global Congress. EMEA, Milan, Italy.
Newtown Square, PA: Project Management Institute
McKinsey & Co. (2016). Telecommunications industry at cliff’s edge, Report on
Telecommunications, Media, and Technology practice in Middle East and
Africa. Retrieved from https://www.mckinsey.com
Mortensen, M. (2013). The top five Network Migration Implementation Risks
Telecom Project Managers Should Focus On. Retrieved from
http://www.redonis.com.
Modarres, M. (2006). Risk analysis in engineering: techniques, tools, and trends.
Taylor & Francis Group, Boca Raton.
Nachmias, N. (2005). Improvising organizational transformation overtime: A
situated change perspective, 7(1), 63-92.
National Communications Authority. (2012). Mobile Number Portability in Ghana,
First Year Report, 1-15 Retrieved from http://www.nca.org.
Nelson, R. & Winter, S. (2008). Innovation systems, path dependency and policy.
Journal of Economic Behavior & Organization.
Olsson, R. (2008). Risk management in a multi project environment. International
Journal of Quality and Reliability Management, 25, 1, 60-71
Ovum (2015). Africa Market Outlook. Retrieved from http://info.ovum.com
Owino, W., Keraro, N. & Wanjiku, R. (2015). Factors That Influence the
Performance of Information Communication Technology Projects in Kenya.
International Journal of Innovative Social Sciences & Humanities Research,
3(2), 127-135
Pimchangthong, D., Boonjing, V. (2017). Effects of risk management practices on
IT project success. Management and production engineering review, 8(1),
30–37.
Porta, M., Puigdomènech, E., Ballester, F., Selva, J., Ribas-Fitó, N., Llop, S., &
López, T. (2008). Monitoring concentrations of persistent organic pollutants
in the general population: the international experience. Environment
International, 34(4), 546-561.
Project Management Institute. (2017). Pulse of the profession global survey, 9th
Edition. Newtown square, USA. Project Management Inc.

84
Pushpakumari, M., & Watanabe, T. (2009). Do strategies improve SME
performance? An empirical analysis of japan and Sri Lanka. Meijo Asian
Research Journal,1(1).
PWC (2017). The Global Information Technology Report: Strategyand. Retrieved
from http://www.strategyand.pwc.com.
Rabechini, R., Carvalho, M. (2013), Understanding the Impact of Project Risk
Management on Project Performance: an Empirical Study; Journal of
Technology management and Innovation, 8, Special Issue ALTEC.
Raz, T., Shenhar, A. j., Dvir, D. (2002). Risk management, project success, and
technological uncertainty. R&D Management, 32(2), 101-109.
Robson, C., & McCartan, K. (2016). Real world research. John Wiley & Sons ltd.
Westland, Y. (2016). Impact of project risk management, assessment of risks on
project performance in Brazilian Vendor companies. International Journal of
Project Management, Vol. 21 No 2, pp. 97-105.
Rwanda utility regulatory Authority. (2017). Retrieved from http://www.rura.rw
Safaricom (2016). Safaricom Annual Report 2016/2017, accessed from
http://www.safaricom.co.net
Shenhar, A. J. (2002). One size does not fit all projects: exploring classical
contingency domains. Management Science, 47(3), 394–414.
Smith, N. (2006) Managing Risk in Construction Projects, Blackwell Science,
Oxford. Speckle, F., Elten, H. & Kruis, M. (2007). Sourcing of internal
auditing: An empirical study. Management Accounting Research, 36, 1-66
Standish Group. (2014). Chaos Report. Retrieved from
http://www.projectsmart.co.uk
Taylor, H., Artman E., Woelfer, J. (2012). Information Technology Project Risk
Management: Bridging the Gap between Research and Practice, Journal of
Information Technology, 27, 17-34.
Thapar, S. Karmakar, P. (2016). Performance evaluation of LTE network: An
energy saving and capacity gain perspective, International conference on
Advances in Computing, Communications and informatics (ICACCI).
The Institute of Risk Management. (2010). Fundamentals of effective risk
management. London, Kogan Page publishers.
Tuncel, G., & Alpan, G. (2010). Risk assessment and management for supply
chain networks: A case study. Computers in industry, 61(3), 250-259.
85
Voetsch, J., Cioffi, F. and Anbari, F.T. (2004) Project Risk Management Practices
and their Association with Reported Project Success, Proceedings from
IRNOP.
Wallace, P., & Blumkin, M. (2007). Major Construction Projects: Improving
Governance and Managing Risks. Retrieved from www.deloitte.com Ward,
S., Chapman, C. (2003). Transforming project risk management into project
uncertainty management. International Journal of Project Management, 21
(2), 97- 105.
Wieland, A. & Wallenberg, C.M. (2012). Dealing with supply chain risks: Linking
risk management practices and strategies to performance, International
Journal of Physical Distribution and Logistics Management, 42(10), 887-
905.
Wipro (2014). Accelerated Rollout of LTE services, accessed on 20th June 2017
[online]. Available: http://www.wipro.com/documents/accelerated-rollout-
of-LTE-services.pdf
Woods, M. (2011). Risk Management in Organizations: An Integrated Case Study
Approach, Abingdon and Routledge. Harvard Business Review. 79(1): 66-
76.
World Economic Forum. (2015). Global Information Technology Report:
INSEAD. Retrieved from www.weforum.org/gitr. Yin, R.K (2013). Case
study research: Design and methods. Sage publications.
Young and Associates. (2017). Risk articles Retrieved from
http://riskarticles.com/creditrisk-management.
Zailani, S., Ariffin, H., Iranmanesh, M., Moeinzahed, S., Masoomeh I., (2016).
The moderating effect of project risk mitigation strategies on the relationship
between delay factors and construction project performance. Journal of
Science and Technology Policy Management, 7(3).
Zwikael, O., & Ahn, M. (2011). The effectiveness of risk management: an analysis
of project risk planning across industries and countries. Risk analysis, 31(1),
25-37.

86
 Appendix

Department of Project management

technology
Federal University of Technology
P.M.B 1526, Owerri
Imo State
Dear Respondents

I am Anyi Lambert Chinweuba, from Federal University of technology, pursuing a

Masters Degree in Project management technology. I’m interested in learning more
about consequences of risk management on the performance of MTN
Telecommunication. I will ask you several questions. The information you
provide will be used to develop better education programs for construction
stakeholders. DO NOT write your name on this questionnaire. The answers you
give will be kept strictly confidential; they will only be used for statistical analysis,
and for University use only. No one will know what you write. Answer the
questions based on what you really do and to the best of your ability. Completing
the survey is voluntary. If you don’t want to answer a question, just leave it blank.
Thank you

Yours faithfully

…………………………………….

87
 QUESTIONNAIRE

Instruction: Please tick (√) on your most preferred choice(s) on a question

SECTION A: Demographic Characteristics of Respondent

SECTION A: Background and Characteristics of Respondents

1. Group of Respondents

Clients

Contractors

Consultants

Others

2. Level of Education

O – LEVEL

OND/ NCE

HND / B.Sc

MBA / M.Sc

Ph.D

3. Years of working experience of the respondents

0 – 5 years

6 – 10 years

More than 10 years

88
 4. Average Number of Projects taken.

Below 3

3–5

6 – 10

Above 10

SECTION B: Analysis and ranking of Risk Factors

Table 4.5:
RANKING
Risk Factors SA A N D SD
5 4 3 2 1
Change of Government Policy
Delay in Payment
Obsolete Technology
Availability of Labour and Materials
Competence of Consultants and Contractors
Design Changes
Inaccurate Estimates
Poor Communication Among Project Team
Price Fluctuation
Contract Flaws

89
 SECTION C: Ranking of Respondents’ opinions on Risk Response Strategies

Risk Response Strategies RANKING

SA A N D SD

Risk Avoidance

Risk Transfer

Risk Reduction

Risk Retention

90