DEPARTMENT OF ENGINEERING

EGEE4270 - PROJECT MANAGEMENT

Version 5, AY2023-2024, Semester 2

Mr. K.P.PREMANAND
Lecturer – EE Section
UTAS – Al Mussanah

CHAPTER – 4
 CHAPTER – 4
RISK MANAGEMENT STRATEGIES TO
PROJECT MANAGEMENT

Outcome-4:Classify, analyse and propose

appropriate risk management strategies.
 RISK MANAGEMENT

• An uncertain event or condition that, if it occurs, has a positive or negative

effect on one or more project objectives such as scope, schedule, cost, or
quality.
• Project risk is based on a simple equation:
Event Risk = Probability of Event X Consequences of Event
 RISK MANAGEMENT…
❖ Risk Management is NOT about eliminating all risks.
❖ Risk Management IS about gaining a better understanding of the nature,
scale and potential effects.
And then,
❖ Taking appropriate action to reduce or mitigate threats and maximise
opportunities .
Why do we need to manage risks ?
❑ Risk Management protects and adds value to the organisation and its
stakeholders through supporting the organisation’s objectives.
❑ It should be about the management, not avoidance of risk.
❑ It should help to prioritise work in a fast moving context or
surroundings.
 Risk Management: Four-stage
Process Systematic Risk Management

1. RISK INDENTIFICATION
2. ANALYSIS OF PROBABILITY AND CONSEQUENCES
3. RISK MITIGATION STRATEGIES
4. CONTROL AND DOCUMENTATION
 1. RISK IDENTIFICATION -
Classification of Risk
“The process of determining the specific risk factors that can reasonably be
expected to affect any project”.

CLASSIFICATION OF RISK
1. Financial risk
Financial risk refers to the financial exposure a firm opens itself to when
developing a project.
Eg., Construction companies building structures “on spec” . Without a
contracted buyer prior to the construction, these companies agree to accept
significant financial risk in the hopes of selling office space or the building itself
after it is completed.
2. Technical risk
When new projects contain unique technical elements or unproven
technology, they are being developed under significant technical risk.
Eg., New and changing technology and changing regulatory requirements.
 1. RISK IDENTIFICATION -
Classification of Risk …
3. Commercial risk
This risk is an uncertainty that companies may willingly accept, because it is
impossible to predict customer acceptance of new product or service venture.
Eg., The risk a company takes by offering credit with no collateral, changing interest
rates, recession, inflation, taxes.
4. Execution risk
Execution risk is a broad category that seeks to assess any unique circumstances
or uncertainties that could have a negative impact on execution of the plan.
Eg., Poor communication, Lack of commitment from top Managers, weak strategies.
5. Contractual or Legal risk
This form of risk is often consistent with projects in which strict terms and
conditions are drawn up in advance. Many forms of contracted terms result in a
significant degree of project risk.
Eg., Cost-plus terms, Fixed cost, Liquidated damages.
 1. RISK IDENTIFICATION -
Classification of Risk …

**Common types of risk to which most projects may

be exposed:**

• Absenteeism • Resignation
• Staff being pulled away by • Additional staff/skills not
management available
• Training not as effective as • Initial specifications poor or
desired incomplete
• Work or change orders • Enhancements taking longer
multiplying due to various problems than expected
 1. RISK IDENTIFICATION - METHODS
(1) Brainstorming meetings
(2) Expert opinion
(3) Past history
(4) Multiple or team-based assessments

(1) Brainstorming meetings

• Bringing the project team, top management,
and clients together for a brainstorming
meeting can give good list of potential risk
factors.
• Brainstorming is a qualitative idea-creation
technique, not focused on decision making.
1. RISK IDENTIFICATION - METHODS …

(2) Expert Opinion

The more quantifiable method, commonly referred to as the Delphi
approach, collects and consolidates the judgments of isolated
anonymous respondents.
 1. RISK IDENTIFICATION - METHODS …
(3) Past History
❖ The issues contributed to project risk in the past decade, year, or even month may not be
relevant to current market conditions as it is now being conducted.
❖ Hence, history can be useful for identifying key project risk factors
❖ All parties employ a reasonable degree of caution when evaluating current projects through
the portal of past events.

(4) Multiple or Team-based Assessments

➢ Using single-case sources to identify project risks is itself a risky proposition because of the
potential bias in any one person’s viewpoint.
➢ No individual, regardless of her perceived degree of expertise, can possibly identify all sources
of threat and project risk.
➢ A team-based approach to risk factor identification identifies more comprehensive set of
potential project risks.
➢ Collaborative approach can help convincing the half-convinced or uncommitted members of
the team to support project goals
1. RISK IDENTIFICATION –
RISK BREAKDOWN STRUCTURES(RBS)
❑ A tool in identifying and categorizing various
project risks.
❑ Defined as “a source-oriented grouping of
project risks that organizes and defines the total
risk exposure of the project.”
❑ Our goal is to create a hierarchical representation
of the project’s risks, starting at the higher,
general level and breaking the risks to more
specific risks at lower levels.

❑ Example - At the highest level, you have both external and internal risks. Closely,
you may identify “Market risks”, “Technical risks”, “Environmental Impact risks”,
and “Quality risks” as second level categories.
❑ From this first level, the project team breaks out the specific types of risk
associated with each of these bigger concepts.
Image courtesy: https://ariostark.wordpress.com/tag/project-risk/
 1. RISK IDENTIFICATION –
RISK BREAKDOWN STRUCTURES…

Risk Breakdown Structure (RBS):

▪ This identification method helps with the next step in project risk management.
▪ This is the analysis of probability and consequences associated with each risk.
2. RISK ASSESSMENT –
ANALYSIS OF PROBABILITY AND CONSEQUENCES
❖ The potential impact of Risk factors is determined by
- how likely they will occur or happen,
- the effect they will have on the project if they will occur.
❖ The next step - try to attach a reasonable estimate of the likelihood of each
of these risk events occurring.
❖ We can construct a risk impact matrix.
 3. RISK MITIGATION STRATEGIES

Risks can be mitigated through four primary approaches:

(1)Accept risk
• we can simply accept the risk. We may choose this in a situation in which
we either have no alternative or we consider the risk is small to be
acceptable.
• If likelihood of their occurrence is so small or the consequences of their
impact are so minor, they may be judged acceptable and ignored.
(2)Minimize risk
we can seek to minimize risk, perhaps through entering partnerships or
joint ventures in order to lower our company’s exposure to the risk.
(3)Share risk
we can share risk with other organizations or project stakeholders.
 3. RISK MITIGATION STRATEGIES…
(4) Transfer risk
o We may seek to transfer risk to other project stakeholders.
o Example - If our goal is to prevent excessive budget overruns, a good
method for directly transferring risk lies in developing fixed-price
contracts.
Fixed-price contracts establish a firm, fixed price for the project upfront; If
the project’s budget begin to slip, the project organization must bear the full
cost of these overruns.
o Alternatively, if our goal is to ensure project functionality (quality and
performance), the concept of liquidated damages offers a way to transfer
risk through contracts.
Liquidated damages represent project penalty clauses that kick in at
mutually agreed-on points in the project’s development and implementation.
4. CONTROL AND DOCUMENTATION

❖ Once project risk analysis has been completed, it is important to

begin developing a reporting and documentation system for
cataloguing and future reference.
❖ Control and documentation methods help managers classify and
codify the various risks the company or firm faces, its responses to
these risks, and the outcome of its response strategies.
 SAMPLE RISK MANAGEMENT REPORT FORM
SAMPLE RISK MANAGEMENT REPORT FORM

Customer: ___________________________________ Project Name: ______________________________

Budget Number: _______________________________Project Team: ______________________________
Date of Most Recent Evaluation: ____________________________________________________________
Risk Description: _________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Risk Assessment: _____________________________________ Risk Factor: _________________________
Discussion:
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Risk Reduction Plan: ___________________________ Owner: ____________________________________
_______________________________________________________________________________________
Time Frame to Next Assessment: ____________________________________________________________
Expected Outcome: ______________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Contingency Document For Adjustments To Project Plan

Probable Event Adjustment to Plans

Absenteeism

Resignation

Pull-aways

Unavailable staff /
skills
Spec change

Added work

Need more
training
Vendors late
 4. Risk Control Document – A Need of the Hour
A useful control document, a report form has to coherently identify the key information:
what, who, when, why, and how ???
• What—Identify clearly the source of risk that has been uncovered.
• Who—Assign a project team member directly responsible to follow this issue and maintain
ownership regarding its resolution.
• When—Establish a clear time frame, including milestones that will determine when the expected
mitigation is to occur. Identify a completion date in advance, then identify reasonable process goals to
the final risk reduction point.
• Why—Pinpoint the most likely reasons for the risk
• How—Create plan for how the risk is to be abated. Steps of the technical and administrative project
team members charted as a method for closing this particular project “risk window”? Do they seem
reasonable or far-fetched? Too expensive in terms of money or time?
 PROJECT RISK MANAGEMENT:
AN INTEGRATED APPROACH - PRAM
❑ The European Association for Project Management has developed an integrated
program of risk management, based on efforts to extend risk management to cover a
project’s entire life cycle.
❑ This program, known as Project risk Analysis and Management (PRAM),
presents a generic methodology that can be applied to multiple project
environments and encompasses the key components of project risk management.
❑ The ultimate benefit of models such as PRAM is that they present a systematic
alternative to ad hoc approaches to risk assessment, and hence can help
organizations that may not have a clearly developed, comprehensive process for
risk management and are instead locked into one or two aspects (e.g., risk
identification or analysis of probability and consequences).
❑ The PRAM model offers a step by-step approach to creating a comprehensive
and logically sequenced method for analysing and addressing project risk.
 The Nine Phases of a Comprehensive Project
Risk Assessment – A PRAM Approach
1.Define—The project is well defined, including all deliverables, statement of
work, and project scope
2. Focus—Plan the risk management process as a project in its own right and
determine the best methods for addressing project risk, where unique nature
of the project being undertaken.
3. Identify—Assess the specific sources of risk of the project, including the
need to fashion appropriate responses. This step requires search for all
sources of risk and their responses and then classify these risks in some
manner to prioritize them.
4. Structure—Review and refine the classification of risks for the project,
determine if there are commonalities across various risks that uncovered, and
create a prioritization scheme for addressing these risks.
 The Nine Phases of a Comprehensive Project
Risk Assessment – A PRAM Approach …
5. Clarify ownership of risks— Risks that project organization will handle and those
that the clients are expected to accept, and allocate responsibility for managing
risks and responses.
6. Estimate—Develop a reasonable estimate of the impacts on the project of both
the identified risks and the proposed solutions. What are the likely scenarios and
their relative potential costs?
7. Evaluate—Critically evaluate the results of the estimate phase to determine the
most likely plan for mitigating potential risks. Start to prioritize risks and the project
team’s responses.
8. Plan—Produce a project risk management plan that proactively offers risk
mitigation strategies for the project as needed.
9. Manage—Monitor actual progress with the project and associated risk
management plans, responding to any variances in these plans, with an eye toward
developing these plans for the future.
REFERENCES:
1. Project management-achieving competitive advantage-4th edition by Jeffrey
K.Pinto, Pennsylvania State University -dlscrib.com
2. http://singhvikash.blogspot.com/2013/06/project-management-in-pictures-
what-is.html (for brainstorming image)
3. https://www.swlearning.com/management/williams/effective1e/powerpoint/
ch04/sld012.htm (delphi technique)
4. Image courtesy: https://ariostark.wordpress.com/tag/project-risk/