In general risk management process helps identify all items that can impact a project for both cost and schedule. Before embarking on a risk management process, let us establish some key risk-related definitions. AACE International has defined project risks, as unknown events. These events can be positive (opportunities or upside) or negative (threats or downside). Past project experience shows that most of the time is spent handling negative project risks, or "threats," rather than positive project risks, or "opportunities." Special risk session should be initiated to capture all opportunities within the project scope of work. Here are risk related definitions from AACE International recommended practice RP 10S-90:
Risk: An uncertain future event that, if it occurs, will affect project objectives either positively (upside) or negatively (downside); resulting in outcome of uncertainty
Issue: Actual problem that can affect objectives if not managed (potential for loss)
Uncertainty: An unknown event due to inherent lack of knowledge or ambiguity (i.e., weather, subsurface, etc.)
Threat: An unfavorable condition or situation that can lead to a risk (i.e., issue, uncertainty, etc.)
Opportunity: Potential for gain (favorable condition or situation, good idea, or response)
Impact (Severity, Risk Exposure): Effect of the risk, if it occurs, on project objectives
Probability: Likelihood of occurrence of risk, measured in percentage
The basic attributes of risk management (planning, organizing, directing and controlling) process are identical in all aspects of all four attributes of project management process. The four attributes of project management are - Plan, Organize, Direct, and Control. These management concepts, allow any company, to handle the tactical, planned and set decisions. In addition, these functions are adequate to enable the company with a controlled plan over the preventative measures to maintain the project within established cost and schedule.
In our day-to-day affairs, we are constantly exposed to risks, yet we are managing our lives with some degree of success, by unknowingly taking risk into account with our daily chores. On any project through all phases of work, the question of managing risk comes down to acting responsibly on behalf of all stakeholders, owners, contractors or any other affected parties. However, risk management process would increase the project budget for handling risks. This cost should be balanced against the expected values of the risks to be assessed. The risk process relies heavily on the judgments and experience of the person or the project team that will handle the process. It also depends on the historical database established by the company from previous projects. Taking all appropriate steps to get the process going, is probably one of the most critical decisions a company can make to address all types of risk. Overall, the processes identified in the project management body of knowledge (PMBOK) will support any risk management concept for all disciplines. Six major processes are as follows:
1. Risk management planning
2. Risk identification
3. Qualitative risk analysis
4. Quantitative risk analysis
5. Risk response planning
6. Risk monitoring and control
In order to implement effective cost controls or effective schedule controls, risk management process should be based on industry best practices. The following, best practices currently in use are as follows:
1. Create an integrated project controls system
2. Develop an accurate cost estimate
3. Establish a comprehensive project budget
4. Develop an integrated schedule baseline
5. Develop an effective risk management plan
6. Implement an earned value management system
7. Conduct independent reviews and audits of cost, schedule, and risks
8. Reduce change orders and keep costs and schedule in control
Before listing typical sources for project related risks, let us define the differences between risk and issue. An issue is something that can be resolved. On the other hand, risk reflects uncertainty and will require mitigation to resolve. Depending on the procedures adopted by the company, based on actual circumstances, managing risks and issues together makes sense. For example, in projects managing and reporting risks and issues together makes sense as they both can affect the outcome of the project. While dealing with risks, managers, in general, are more concerned about the risk profile and less worried about issues.
Risk sources can be subdivided into the following groups, based on the underlying source. However, certain events or conditions highlighted during risk identification session might affect the outcome of a project.
1. Business needs risks
2. Results definition risks
3. Scope definition risks
4. Execution plan and processes risks
5. External risks (external to project team — like late management approval).
Risk management is an essential activity of project management. So it is essential to classify risks appropriately. At a scoping level risks can be classified into any one of the following categories:
1. Technical risks are risks associated with project development for items like the scope of work, detailed design, construction and operation of facilities and processes. In addition, it may affect the functional and operational requirements of the project.
2. Cost risk is associated with the capability of the project team to achieve the established project life-cycle costs. This includes the cost for items like the detailed design, construction, and operations. In addition, it will address the accuracy of the overall cost estimate. Cost risk is quite simply the uncertainty about the project estimated costs. Some cost risks may affect the schedule, task duration uncertainty etc., but others are totally independent of schedule.
3. Schedule risk is associated with allocating an adequate amount of time for each activity in project planning, for activities like - regulatory approval, detailed design, construction, startup, operations and other similar activities.
4. Budget Risk is the result of establishing a wrong budget estimate for the project. In addition, project scope creep will add additional cost to the budget, resulting in additional project cost risk. This risk may result in further delay of project completion or at times even an incomplete termination of the project.
5. Business Risk: If the project gets delayed due to late management approval, it may result in losing the market share and may make the project unprofitable. Furthermore, any delay in receiving timely inputs from the customer or other business entities may result in additional business risks.
6. Infrastructure Risk is the result of poor planning of all activities associated with infrastructure. In order to avoid project delays, it is essential to assign adequate resources to project activities like detailed design, construction, and start-up. It is essential to do proper planning of infrastructure for maintaining the project schedule.
7. Operational Risk is the result of improper execution of process-related events. This risk can occur for not assigning adequate resources during start-up.
8. Resource Risk is the result of improper management of factors like - staff availability, project budget, overall schedule and use of facilities.
9. Supplier Risk is the result of some third party supplier assigned with developing the project. This risk occurs when the capabilities of the supplier are inadequate.
Another, common projects related risk is company project management. This risk is the result of late project management approvals. Delayed management approvals will add additional costs to the project and delay overall schedule.