This report examines contemporary approaches to Project Risk Management, their advantages and disadvantages. The paper further makes recommendations as to appropriate risk management process that should be implemented within the context of my organization. A risk is an issue that might come up. If it happens, it may affect the project positively or negatively. Risk management is the identification, assessment of these risks and planning on what to do or what actions to take when they occur.
Risk management is important because there when least expected. Additionally, whether a risk comes up when expected, unless there was prior preparation, managing it becomes very difficult. Managers cannot be able to avoid risks but they can manage them. Risk management is carried out in the whole project as it develops. In-calculating risk management in the project development process leads to the success of the project because management would have identified the sources of these risks early enough.
There are three different contemporary approaches to risk management. The three approaches are; project management body of knowledge, PRAM and AS/NZS 4360 standard.
The Institute of Project Management provides an approach known as project management body of knowledge (PMBOK). Project management body of knowledge consists of four major processes. These include, risk identification, risk quantification, risk response development and risk response control.
Risk identification involves analyzing the risks that can affect a project. It is vital for the risk identification mechanisms to be assessed at regular intervals throughout the project development. It should involve careful consideration of external and internal factors such as budget allocation, work delegation policy analysis and economic factors.
The approaches involved in risk identification include organizing a workshop for the information technology people who will identify the problem. There are different types of risks and each risk has to be approached according to its peculiar characteristics. In identification of a risk, the source of the risk should be identified. During identification, it is important not to skip any risk. Risk identification also involves identifying what generates those risks and any sign that shows that a risk is going to happen. This process results into generation of a list showing the risks in the project. It’s easy to investigate the events that may lead to risks when the source of the risk has been identified.
In risk quantification, all the information about all the possible dangers is analyzed. This process helps risk managers make a risk decision. It also involves the assessment of how different risks are related and how they communicate with each other. Qualitative risk analysis assesses how the identified risks affect the cost of the project, schedule and objectives. There are several different aspects of risk qualification. There are complex calculations which may lead to inaccuracy and inconsistency. In addition to these, a risk event may lead to a snowball effect. Ways to exploit this risk and the chance of a risk occurring may communicate in ways not expected.
Risk response development is a process in which options are developed in order to minimize threats so as to increase opportunities. The options developed include avoiding measure in order to stop the cause of the threat. Another option is mitigating which is reducing the cost of a risk event by minimizing the possibility of it happening. In addition, accepting the consequences of a threat is developed.
One advantages of project management body of knowledge is that project managers who strictly follow this technique are well guided because it’s a detailed process. The details it provides enable a user to be able to follow through without loosing track. It also means one does not have to be an expert to use the method. The detailed directions can be used to direct user towards affecting a risk management process. Another advantage of this approach is that management processes and risk management processes combine well to make it successful. Any project unless fully supported by management processes is bound to fail. Therefore, the idea that risk management can go well with the risk management processes leads to success of the risk management process. The implementation of this process is cost effective.
One disadvantage of this technique is that it may be quite tiring and not good for big projects. Another disadvantage is that complex calculations involved in this process may lead to inaccuracy and inconsistency.
The second contemporary approach to risk management is UK Association for Project Management’s ‘Project Risk Analysis and Management (PRAM)’. This is a guide for new users on project risk analysis and management. It involves studying and organizing risks on different projects. When project analysis and management is implemented well it results to successful cost effective projects; projects finished in expected time and of required performance.
This guide which offers practical framework for new users is divided into risk analysis and risk management categories. Risk analysis includes qualitative and quantitative analysis. Quantitative risk analysis involves use of statistical methods or approaches to gather relevant data. There are numerous statistical methods that can be used in gathering information. Further, statistical methods like linear programming are used to optimize solutions. Quantitative analysis deals with numbers to ensure exact measures or risk are established.
Qualitative analysis is the identification and recognition of non numerical factors which lead to risks. These non numerical factors could be issues to do with management processes, employee attitudes or quality of items and tools being used. Qualitative involves an assessment to describe risks and their consequences. Quantitative analysis on the other hand helps remove uncertainties on cost and time estimates as well as individual doubts.
Risk management describes management’s response to risks and it includes a number of measures. First it concerns identifying measures so as to prevent and minimize risks. It also includes implementing plans to respond to risks. In addition, investigation of useful information in order to reduce uncertainties is carried out. Transfer of risks and its consequences to a third party or asset is another preventive measure carried out by the management. Furthermore, allocation of risks in contractual agreements and allocating budgets by setting possibilities is another way management responds to risks. PRAM is a structural process which makes it easy for managers to understand and learn.
The techniques involved in this approach are detailed and to the point. Because of its detailed techniques, the process is useful for project team in that it guides it all through the project development. Details of activities and tasks come with significant inputs and result to expected outputs. Another advantage is that it provides a direct connection to the management. The advantage of using the risk concept of avoiding is that the risk will be avoided and the cause of the risk eliminated as well. The concept of transfer of risks and its consequences to a third party is advantageous because it means responsibility of managing the risk now lies on a third party.
The first disadvantage associated with PRAM is that it uses broad concepts that are subjected to several discussions. The transfer of risks may also affect the budget of the project if it was initially not included.
The third strategy known as AS/NZS 4360 standard is a strategy that was developed to help private and public organizations on risk management. This standard is a methodology specifically for risk management. It is a highly structured method that can be used on any project. However, in order for it to suit an organization’s objectives, the methodology has to be modified. Risk management process for AS/NZS 5360 standard consist of five steps. Step one is the establishing of the objectives and situations for risk management. The second step is to identify the risks. Next is analyzing possibilities of risks occurrence and their consequences as well as estimating the risk level. The fourth step is evaluating and placing the identified risks according to their levels. The last step is to deal with the risks in the most suitable options and measures.
This standard is simple thus is easy to follow. It can also be used on any type of project because it’s easy to follow. In addition, it is can be able to support different levels of risks. The standard is acceptable and many organizations use it worldwide. One disadvantage of using the standard is that the way it is implemented does not accommodate assessment of risks.
Changes in Information technology at times may lead to poor executions of projects or production of low quality products. I work in an organization that efficiently manages information technology. Most of our projects are new information technology driven, which helps towards efficiency and effectiveness for customer delight. Risk management is always done and careful planning is also done so as to reduce risks and take advantage of opportunities that come up. My organization takes security of software very seriously and strictly follows standards that are recognized worldwide.
AS/NZS 4360 risk management standard specifically handles risks. It is also recognized worldwide and used by many organizations. It is a strategy that was developed to be used by private and public organization thus it is flexible and can be used in any organization. It is also a good strategy because only a small team is required to conduct risk management. Additionally, inputs to the project are only obtained by the appropriate teams in the project. The method is highly structured and can be used for any project in my organization. It is can also be adjusted and modified to suit the objectives of any organization.
Implementation AS/NZS 4360 risk management standard is very cost effective and enough resources must be allocated. The risks and measures taken are attended to according to urgency thus priorities are set. This standard is detailed but suitable for a government organization or agencies which deal with risk control, maintaining of budgets and data security, which is the number one priority. The other thing about this standard is that by adopting it, people have to be trained and roles and responsibilities of personnel have to change. It is a very easy and simple strategy for people to follow, this means that it may take a short time to train people. AS/NZS 4360 should be included during the planning of the project. It involves change of roles and responsibilities of personnel and this change might take time and planning as well. Therefore, management has to take a very significant role of communicating continuously to the staff. In addition, management constantly plays the role of delivering policies to the staff. AS/NZS 4360 requires input from staff and project managers. By doing this they raise awareness towards a common understanding concerning project risk management being achieved by both management and staff. AS/NZS 4360 standard gives opportunity to staff and management to work together in order to achieve the objectives of the organization. This standard supports different levels of risks thus it is suitable for any project which produces different levels of risks.
PMBOK and PRAM may have similar effects when adopted. The strategies are both easy to understand but they may not be effective for risk management in an organization. For a private or public organization the processes of PRAM and PMBOK may be hard for staff to understand and comply.
There are issues such as culture and organizational structure that might make some strategies not work in my organization. The management needs to understand the importance of third party audits that assess the process of risk management. Third party audits may incur cost but they are very important because they assess the internal risk management team. This ensures that risks are managed effectively. Extra costs leading to avoidance of external risk auditors may lead to strategies not being successful. People always take risk management as a process of blaming and exposing errors in a project. This culture and belief has to end and give way to the understanding that risk management is the only sure way to manage doubts concerning a particular project. These are negative attitudes that have to be eliminated in order to make project risk management successful in any organization. All projects have risks and risk management is always important in every phase of project development.
Bibliography
Collier, Paul, M., Fundamentals of Risk Management for Accountants and Managers Tools & Technique. Massachusetts: Butterworth-Heinemann, 2009.
Cooper, Dale F. “Tutorial Notes: The Australian and New Zealand Standard on Risk Management”, 1995, Web.
Culp, Christopher, L., The Risk Management Process: Business Strategy And Tactics, (New Jersey: John Wiley and Sons, 2001), 123
Duncan, William, R. A Guide to the Project Management Body of Knowledge, 1996. Web.
Grey, Stephen. “Risk Management Processes”, 2001. Web.
Heldman, Kim, Project Manager’s Spotlight on Risk Management Project Manager’s Series. New York: John Wiley and Sons, 2005.
Kerzner, Harold, Project Management. A Systems Approach to Planning, Scheduling, and Controlling. New York: John Wiley and Sons, 2009.
Loosemore, Martin, Rafter, John, and Reilly, Charles. Risk Management in Projects. UK: Taylor & Francis, 2006.
Norris, Cariona, Professor Perry, John and Petre Simon. “Project Risk Analysis and Management”, 2010. Web.
Pohlman, Marlin B. 2008. Oracle Identity Management: Governance, Risk, and Compliance Architecture. New York: CRC Press
Sadgrove, Kit, The Complete Guide To Business Risk Management. Aldershot: Gower Publishing Ltd, 2005.
Sofroniou, Andreas, I.T. Risk Management, London: Lulu.com, 2002.