Introduction
Risk management, as per definition described in ISO 31000, can be explained as the assessment, identification and risks prioritization coupled with economical and harmonized application of the resources in order to monitor, minimize, and control the possibility of unfortunate events and to maximize the accomplishment of the opportunities. There are numerous factors which can cause the risks, for instance; improbability in the financial markets, legal liabilities, accidents, credit risk, natural disasters and project failures in any of the phase of the project. Risks can be managed by shifting threats towards other party, averting the risk or reducing the probability of risk.
Basics of Risk management
Certain principles have been identified by the International Organization for Standardization (ISO) and are described as under ;
1. The resources allocated to mitigate the risk should be lower than to the results or outcomes.
2. The risk management should be a fundamental part of the organizational processes.
3. The risk management should be included in the process of decision making.
4. It should address the assumptions and uncertainties.
5. It should be structured and systematic.
6. The information on which risk is managed should be complete.
7. Risk management should take into account the human factors.
8. It should be inclusive and transparent.
9. It should be iterative, dynamic, and receptive to the change.
10. It should be periodically or continually re-assessed.
Project Management
In the project management, following are some of the activities included in the management of risk throughout the project life cycle :
1. Planning is the first phase of a project cycle and during this initial phase planning of risk management must also be done.
2. Plans of risk management for all other phases of the project cycle like activities and its execution, budgeting, monitoring and elevation of the project of activities etc.
3. A risk officer may be recruited in the project that will solely be responsible for predicting project problems.
4. Risk database be maintained during the project life cycle; wherein the data must be maintained with respect to its date of opening, title, brief description, possibility and significance.
5. An anonymous reporting channel for risk can also be created. Every member of the team should be made bound to indicate any risk foreseen by him/her in project.
6. The data base will be beneficial for choosing the mitigation plans to describe that when, what, by whom and how a particular risk in the project will be dealt with and how the consequences can be minimized.
Risk management in megaprojects
The Megaprojects are the major programs with investment of large-scale; on average per project more than US dollars 1 billion. The Megaprojects comprised of tunnels, bridges, highways, airports, railways, power plants, seaports, dams, wastewater projects, oil and gas extraction megaprojects, public buildings, aerospace projects, IT systems, and the defense systems projects. In the megaprojects the risk factor is greater in respect of safety, finance, environmental and social impacts. Therefore the risk management in mega projects is crucial and has tremendously required to be developed to mitigate the chances of risk to be happened .
Risk Assessment
Assessing the risks that intimidate the implementation of the project activities is an integral part of a project. The risk can be arisen internally (within the project) or externally (outside the project). Whether the risks come from inside or outside, must be recognized and classified in order to make to project prosperous without affecting the project’s mission statement adversely. To understand the internal or external risks during all phases of the project cycle should be made integral part of project plan. The detail of the internal and external risks can be elaborated as under ;
Internal Risks
As for as the internal risks to the project are concerned; they are, financial incapability of the project, deficiency of the required equipment and resources readily available to support the project. The personnel problems like the unanticipated termination or sickness of a skilled team member can also be one of the internal risks to the organization. Infrastructure problems like servers’ availability, IT and software support and electricity supply may also be categorized as internal risks .
External Risks
The external risks, on the other hand, are beyond the control of team of the project. Owing to this reasons the external risks are very difficult to identify and control. For instance, the main dealer of the project going bankrupt, wars, economic upheaval, crime, and some other events may impact directly the effectiveness of the project. Some of the external risk may also be very difficult to predict in foreign country. This type of incident directly intimidates the project .
Internal and External Risks in Project Management
In order to meet the project’s goal and objects as per project plan, the efficient assessment of both the risks, internal and external, is the prerequisite of the project life cycle. The accessibility of several viewpoints on the problem will help to analyze the factors, internal and external, that may have crucial impacts on the project. When both the risks are compared with each other, it has been revealed by the researches that the external risks are more difficult to manage then the internal ones which are easier to manage. It has also been established that whether the risk to the project is internal or external, its accurate and effective assessment is mandatory for a project to be completed successfully.
Way forward
Once the internal or external risks are identified and classified in the project management, the next step is the creation of breakdown structure that assigns the risks to the project’s specific elements. The relationships between project elements and the sources of risks can be then evaluated using the breakdown structure to regulate the plan of the project.
Risk Breakdown Structures
Risk Identification: once are created, the risks can be identified by the team by using the techniques of risk identification, like by conducting SWOT Analysis of workshops or by brainstorming. If the risk is uncovered, it will then be categorized in the Risk Breakdown Structures. Sometimes one risk may plunge in several topics.
Risk Analysis: A Risk Breakdown Structures gives the type of the risk exposure a project has and also provides the kind of the dependencies between the risks. The Risk Breakdown Structures may also some time mislead to suppose that certain category of the issue is most risky. For instance, lets Technology in any of the project has been considered as risks more than that of Communication; means that the technology is risky for the project. This may, however, not be so. The project manager or the risk officer will have to conduct risks Probability-Impact analysis in order to determine the severity of the risk. After all the analysis if it is proved that the technology has a low severity of risks than that of the Communication, would reveal that Communication is more risky then technology.
Project Comparisons: With Risk Breakdown Structures projects can be compared. For instance, a manager has to pick one of the two projects for which SWOT Analysis has been conducted. But, Risk Breakdown Structures enables the management to recognize the whole project’s risks associated with every activity.
Risk Management in IT Projects
IT projects have quite different nature in terms of resources and functions; therefore, the associated risks are also different as compared to non-IT projects. IT projects require consideration of risks of loss of data for which backup is considered essential. In this manner IT projects require additional resources dedicated to the task of keeping backup of all essential data. IT projects are at risk from the threat of hackers for which proper firewall and other measures are to be taken . All IT based projects have the threat of getting troubled by any hacker or even spammer. Such instances may even lead to termination of the project if the loss is of great extent and recovering from loss is not a feasible solution. IT projects are more prone to copyright violations as compared to non-IT projects. This issue is as old as the history of IT projects. In current era of high technology one of the biggest threat to the business of IT projects is copyright violations. In such cases any hacker may sneak into the IT systems of an IT project and then steal the information rather than corrupting it. The same hacker may then either sell the same information to some other party or release to public or may even start his own IT project on similar lines. IT projects are at risk from virus attacks for which a good updated anti-virus must be purchased . Virus attacks on all software systems is a great threat which must be considered while planning an IT bases project.
Conclusion
There is a clear cut difference between the risk management and the project management. The risk management concentrates on the possible failures during the project cycle, whereas, the project management pays attention to the opportunities of the success. The risk management can be classified as a continuing process which identifies the risks throughout the project time frame in order to mitigate the chances of failures of the projects. By monitoring the potential risks actively, the management can avoid the failures of the project.
References
Boehm, B. W. (1991). Software risk management: principles and practices. Software, IEEE, 32-41.
Charette, R. N. (1989). Software Engineering Risk Analysis and Management. New York: McGraw-Hill.
Dowd, K. (1998). Beyond Value at Risk: The New Science of Risk Management. New York: John Wiley & Sons.
Harvard Business School Press. (2009). Harvard Business Review on Managing External Risk. Harvard: Harvard Business Press.
Kerzner, H. (2009). Project Management: A Systems Approach to Planning, Scheduling, and Controlling. New York: John Wiley & Sons.
Leitch, M. (2012). Intelligent Internal Control and Risk Management: Designing High-Performance Risk Control Systems. Farnham: Gower Publishing, Ltd.
Power, M. (2008). Organized Uncertainty: Designing a World of Risk Management. Oxford: Oxford University Press.
Stulz, R. M. (1996). Rethinking Risk Management. Journal of Applied Corporate Finance, 8-25.