Risk Analysis or Assessment, Risk Response - Coursework Example

Project Management: Risk Management Student’s Name: Instructor’s Name: Subject: Date: Table of Contents 1.0 Table of Contents 2 1.0 Introduction 3 2.0 Risk Management Strategy 4 2.0.1 Risk Identification 5 2.0.2 Risk Analysis or Assessment 8 2.0.3 Risk Response 9 2.0.4 Risk Reporting 11 3.0 Challenges in Risk Management Strategy 12 4.0 Corporate Governance 13 4.0.1 Eskom Holdings Ltd’s corporate risk management 13 5.0 Risks Associated with change management 14 6.0 Team Working 16 7.0 Conclusion 17 Bibliography 17 Appendix A 19 Appendix B 20 Appendix C 21 Appendix D 22 Appendix F 23 1.0 Introduction The advancement is technology, coupled with such other factors for instance globalization has led to an increase in major projects so as to steer economic growth within the areas they are implemented. In this regard, to undertake a project a number of barriers are faced but the most common to all is the charges within the environment. It is important to note that for any project to succeed (or its objectives achieved) parameters such as on-time completion, within particular technical requirements and budget (Dey, 2010, p. 990). Challenges that face a project multiply more depending on the size of the project. For instance, large construction projects are characterized by unpredictable environment because of factors such “as planning and design complexity, presence of various interest groups (project owner, consultants, contractors, and vendor’s etc) resources (materials equipments, funds etc) availability, climatic environment, the economic and political environment and stationary regulations” (Dey, 2010, p. 990). Based on the aforementioned challenges, risk management process or strategies have become the norm in the context of project management. This is attributed to the fact that risk as well as other challenges facing a project has got considerable impact on project results. According to KarimiAzari (2011, p. 1-7), effective control of identifiable project risks impacts positively on the management of a cost of project as well as on the project completion. Cagno (2007) describes project as a doubtful event that may or may not occur and upon its occurrence, will impact heavily on objectives of the project (p. 2). In another perspective, Cagno (2007, p.1-2) argues that risks which are common to all projects can be divided into four: technical, commercial, environmental and managerial risks. This is illustrated in the Risk Breakdown Structure (RIBS) in appendix A Cagno (2007, p.1-2). Generally, the most common processes used risk management is typically categorized into; initializing of risk management system, risk identification, qualitative and quantitative analysis, planning of mitigation measures, monitoring and control risk. In the same note, Wyk et al. (2008) argues that generic risk management processes includes; ‘define, focus, identity, structure, ownership, eliminate, evaluate, plan and manage’ (p. 154). However, in the context and scope of this research essay a four-stage risk management process will be focused on, ‘risk identification, risk analysis, risk response and reporting’. 2.0 Risk Management Strategy To efficiently manage project risks, these four stages must be implemented and they are typical in all context of project management. In the risk identification stage, classification and allocation are considered whereas the risk reporting stage encompasses monitoring, controlling and evaluation of project risks these four generic stages of project risk management are explained in the sections below while taking a closer look at integrated risk management framework applied by a South African Utility Company (Eskom Holding ltd) in its recovery plan project (Wyk et al., 2008, p. 150-160). Furthermore, according to Well-Stam et al. (2008, p. 50), risk management in the perspective of project-dependent approach emphasizes much on project management strategy as illustrated in the figure below. Figure 1. Relationship between a risk and project management Source: Well-Stam, D., Lindenaar, F., Kinderen, S. & Bunt, B. (2008). Project Risk Management: an essential tool fro managing and controlling projects. UK: Kogan Page Limited. In reference to the research topic of this essay, risk management processes in Distribution Division of the company as well as its corporate risk management processes are emphasized in the sections ahead. 2.0.1 Risk Identification Loosemore et al. (2006, p. 50-70) argues that to sufficiently identify all probable risks which may face a project, it’s important to involve all the stake holders. The authors goes to argues that effective and regular involvement of key stake holders throughout the stages of risk management processes ensures that more risks are identified and relevant commitments are obtained to manage them. It is important to note that management of stake holders is critical during risk ‘identification processes in that they can have conflicting interests and some of the risks identified could be biased towards those interests or limited to their own experiences’ (Wyk et al., 2008, p. 154). Another concern is that the type of stake holders may change during life of the project and thus impact heavily on the objectives of the project as well as its related risks. In addition, there is also the likelihood of stakeholders not being in a position to express their goals properly or four inter-stakeholders politics. It is therefore essential for project risk managers to persuade stakeholders to harmonize their objectives with each other and be flexible as well as understand the background and pressure up on which project objectives. Generally a company can make use imagery and creative approach in identification of a risk. As earlier mentioned, classifying risks establishes a framework within which risks can be grouped through there is also an alternative to classify risks based up on different cultures. According to Edwards and Bowen (2005, p. 50-100) risks can be classified into human and natural risks. Natural risks results from systems beyond human control for instance, extra-terrestrial environments, geological, and weather. On the other hand human risks results from political, social, economic, health, cultural, legal, technical, and managerial &financial systems. However in the context of project management, risk can be classified into two; external and internal risks. Internal risks results from various issues with respect to site conditions, labor, materials and cash flow whereas external risks encompass vandalism, sabotage, government regulations, inflation, environmental factors and market forces among others. Consequently, Zou et al. (2007, p. 601-614) notes that risk management practices are largely emphasized on and the company has invested heavily into efficient project management practices. Wyk et al. (2008, p. 149-163) in their article the company has put in place a lot of risk management processes aimed at identifying and managing probable project risks in various functional areas. At ESKOM, Risk management practices are significantly notable in distribution Division which acts the focal point of operations. For that reason all the services offered within this division (such as customer services, engineering, human resources finance, commercial and information management) are represented in the company’s business planning and integrated Risk Committee. At BPIR Committee level, risks are identified and managed as well as grouped into ‘finance, technical operations and performance, legal audit and compliance, people, strategic acquisitions, divestitures and projects, strategy, transformation, pricing, regulatory stakeholders, information, subsidiaries, association and joint ventures’ (Wyk et al. 2008, p. 154). The authors in their analysis on Eskom argue that all probable risks are entrusted in BPIR committee for mitigation. However, according to Wyk et al. (2008, p. 149-163), although to a large extent it is the BPIR which is held accountable for risk identification of risk, it can as well delegate some risk mitigation Management and practice to respective staff within the department. Subsequently, the author notes that Eskom’s risk management committee consists of a team of experts drawn from all divisions and /or departments within the company. It is important to note that such inclusive team of experts ensures there is wide input of knowledge and thus a guarantee for success in mitigating majority project risk. In the context of Eskom, Wyk et al. (2008) argues that a number of risks were established based on past experience whereas others were squarely dependent on laid down rules and regulations. However, successful implementation for some risk may lead to eruption of other risks in a different perspective. For instance in the case of Eskom, the risk of not being in a position for the company to meet the demand for electricity (risk no.20) was being controlled by Demand Side Management (DSM) plans such as provision of an exchange program for Compact Fluorescent Lamps (CFLs). Subsequently, risk no.23 (provision of enough lights) and risk no.21 (Wyk, 2008, p. 149-163). This is illustrated in Appendix B. On the other hand, it is also possible for risk management committee to fail in identification of some risk; as the case for Eskom whereby faulty valves were identified after sometime. It is also necessary to have a risk identification matrix so as to ensure responsibility is allocated between the various stakeholders in the project. This is illustrated in Appendix B where responsibility to action the identified risk is shared between city of Cape Town and Eskom (Wyk, 2008, p. 149-163). 2.0.2 Risk Analysis or Assessment At this stage of risk analysis, it is important to evaluate and decompose the risk and subject them to some kind of assessment so as to establish the degree with which they will import on the organization should they occur (Edwards, & Bowen, 2005). In risk analysis, it is important to make sure that the assessment method used is appropriate for both the organization and the risk and besides, the method should be capable of determining the severity of the risk. This aids in determining the relevant management actions as well as priority to be applied. Wyk et al. (2008, p. 149-163) argues that analysis of project risk qualitative approaches. However, it is important to note that qualitative risk analysis precedes qualitative risk analysis. Reason being during qualitative analysis major risk which is assessed is capable of being evaluated using reliable data (Loosemore et al., 2006). Consequently, by carrying out qualitative risk through subjective results would result hence a lot of judgment errors. In this regard, Cagno et al. (2007, p. 1-18), in their article identifies a classical procedure which can be applied in risk analysis to carry out a qualitative assessment. Such involves identifying the probability clauses (for instance highly probable, probable, possible and remote) and the magnitude classes (critical, significant moderate and negligible) alongside their monitory values. A sample risk matrix is illustrated in Appendix C. In another perspective, in order to defeat the drawbacks resulting from qualitative risk analysis, incorporation of qualitative attributes may be incorporated thus resulting into having a semi- qualitative risk analysis. In the case of Eskom, the ‘Business Planning and Integrated Risk’ committee realized that number of risks with varied levels of magnitude could emanate from the various departments. For that reason, BPIR committee created a Qualitative Analysis matrix and description protocol which was applied in the risk management process (Appendix D). Subsequently, the committee relied on the rating and the description protocol to determine the ways in which risk would be ranked and prioritized. This is illustrated in Appendix E. On the other hand, the company, Eskom, applies semi-quantitative approach in evaluating of most of its projects; in which case probability is presented as a likelihood percentage of the occurring risk and impact as a monitory value that correlates to the percentage Cost-Impact of the specific project. The resulting product of Probability-Impact is henceforth applied in determining the categorization of project risks. 2.0.3 Risk Response At this stage, in risk management process, the main aim is to reduce the magnitude or level of risk or in situations where risk is escalating, to maximize its benefits and opportunity (Loosemore et al., 2006). However, it is not always common for a risk management committee to respond to the occurrences of certain risks, reason being mitigation measures put in place may be sufficient to minimize the threat posed and /or there are high chances that the risk in question will disappear in the near future. On the other hand, the attitude and culture of the risk management committee influence the cause of action to be taken while putting into consideration the cost-benefit analysis of the specific response. Nonetheless, project risk, however small should not be ignored. Instead it is appropriate to keep on monitoring them so as to establish underlying circumstances which may have changed and requires different response (Wyk et al., 2008, p. 149-163). In another perspective, legislation and/or public perceptions may influence a company to respond to certain risk however small they may be, for instance, in case where public health is at risk such as leakage of radioactive materials, the risk management committee is expected to respond. Edwards and Bowen (2005), have identifies various forms of risk response to include risk transfer, reduction, retention and avoidance or combination of them all. In the case of Eskom, Wyk et al. (2008, p. 149-163) notes that BPIR committee was mandated to respond risk based on the established company’s risk response nomenclature. This was classified as: 1. Treat the risk (i.e. to lessen risk) 2. Retain the risk (i.e. to reduce risk) 3. To avoid the risk (terminate the risk) 4. Transfer the risk The table presented in Appendix F illustrates various mitigation measures (applied by Eskom), which can be used to lessen the impact and probability of all the risk which have treats and retain most of the project risk as outlined in its risk response nomenclature. 2.0.4 Risk Reporting At this stage in Risk Management process, ‘the recording, monitoring, control and evaluation’ of project risks is usually done. Generally, this is the usual practice of all risk management committees. For each type of risk, it should be specially identified (using a risk code) noting its description, type, assigned risk owner as well as the applicable risk mitigation measure and response (Wyk et al., 2008, p. 149-163). The frequency which risks are monitored and methods used in reporting should be pre-determined within the process of risk management. Loosemore et al. (2006), argues that the ways in which risk would be communicated to relevant stakeholders and departmental staff is identified are also considered during formation of risk process. Loosemore et al (2006), in their article argues that the greater the magnitude of project risk, the more it would call for involvement of senior management within the company. This is essential in cases where implementation of risk-response is expected to be faced with resistances redirected from other functions or projects to lessen risk. It is worth noting that risks monitoring and controlling highlights the urgency of Risk Management system thus making the project risk to be identified clearly (Wyk et al., 2008, p. 149-163). Besides, risk occurrences become more pronounced hence reduces the magnitude of risk as more information becomes available (Edwards & Bowen, 2005). A risk management committee such as Eskom’s BPIR, is mandated with responsibility of all project risks within the organization. The main objective should be to integrate such and evaluate how a particular risk may impact on and/or create another risk. In addition, there should be increased risk-awareness in the organization as well as inclusion of Risk Management processes within the ordinary business processes. It is also essential to review risks on periodic basis so as to determine their impact on business in the short or long term basis. However, for the purpose of project development, Wyk et al. (2008, 149-163), notes that Eskom’s BPIR applies three stages during risk analysis and monitoring i.e. at the initial stages, before and after implementation as well as upon identification of technical hitches during implementation. In another perspective, Stoelsnes (2007, p. 271-280) a risk management committee may supplement the aforementioned risk mitigation processes by instituting contingency plans. This would entail identification of unknowns which would be followed by a creating an uncertainty management process. Stoelsnes (2007, p. 271-280) proposes a six-step ongoing process that is proactive, interactive, and reactive. This management process should be revised throughout the project implementation process at all levels. An illustration is shown below. Figure. 2. Six-steps uncertainty management process. Source: Stoelsnes, R. R. (2007). Managing unknowns in projects. Risk Management, 9, 271-280. 3.0 Challenges in Risk Management Strategy Risk management practices are usually faced by various challenges with respect to an organization’s culture, communication and decision making. According to Zwikael and Ahn, (2011, p.25-37), currently, it is project managers who are responsible for all the company’s risk management process. This is a major hindrance in effective risk management in that functional managers are overlooked. They are ones who have all the necessary information concerning projects risk as well as best available technical is solutions. In cases where a high level of expertise or technological is involved, functional manager is well endured in managing the risk compared to the overall project manager. On the other hand, the relationship between various project stakeholders influences the level of communication. According to Wyk et al. (2008, 149-163) such weak relationship existed between city of Cape Town and Eskom (key ownerships-external and internal respectively- of the assorted risks) thus leading to each faulting the other and miscommunication towards customers of the project. 4.0 Corporate Governance 4.0.1 Eskom Holdings Ltd’s corporate risk management For a company to succeed in undertaking any project, it is essential for the management to adopt good corporate governance. This ensures that risk management is prioritized in enactment and implementation of related processes. In the case of Eskom Holdings Ltd, risk management is considered to be a crucial element of the company’s business. As a result, the risk management committee is dedicated as one of the company’s primary committee. To demonstrate the importance of risk management committee, it is managed independently; it consists of a managing director, finance director and three non-executive directors. The chair of the risk management is an autonomous non-executive director. According to Wyk et al. (2008, p. 149-163), this risk committee is mandated to develop Eskom’s Risk Management strategies and processes and which are aligned with the company’s best practice. The risk committee deals with Eskom’s integrated risk management strategy and processes that embrace risk appetite and tolerance, accountability, major risk exposures and other emerging issues. In addition, the company applies Integrated Risk Management (IRM) processes by spotting opportunities and risks against objectives of the business throughout risk assessment within the whole organization, from both a live and functional perception in the company’s annual reports, current and proposed risk management strategies feature prominent. According to Wyk et al. (2008, p.149-163), risk prefixes that feature considerably are for instance, assessment, exposure, internal control, accountability, tolerance levels, matrix, evaluation, mitigation measures, etc. The author also notes that the word ‘risk’ appears 206 times whereas the phrase ‘risk’ management appears 56 times; hence showing importance with which the company defines the risk categories in its risk matrix. 5.0 Risks Associated with change management Bakker et al. (2010, p. 493-503) in their work identifies a type of risk management that emphasizes much on sequence of activities aimed at gathering information about situations which may or may not happen in particular projects. Furthermore, Bakker et al. (2010, p. 493-503) argues that such sequence of activities are executed while carrying out the project aiming at supporting and improving project management through establishing the kind of actions to be taken. This management approach of risk management is illustrated in the figure below. Figure 3. Management approach to project risk management Source: Bakker, K., Boonstra, A. & Wortmann, H. (2010). Does risk management contribute to IT project success? A meta-analysis of empirical evidence. International Journal of Project Management, 28, 493–503. The main aim of this approach is to answer the question, how to control risks in project so as to avoid project failure. In regard to projects and projects success, it is assumed that good information leads into making estimates in terms of time and monetary value. Therefore, by improving planning of a project, design and budget, the risk management of project is expected to result in attainment of project objectives. Subsequently, the Management Approach towards project risks considers risk management as one of the management instruments through which information is gathered and evaluated to facilitate in decision making of particular project. In this approach, generic risks are ignored and much emphasis is put on managing specific risks related to the project in question. At the risk identification stage, a checklist can be used although it is project specific risks that are emphasized on. Thus, free-type of techniques for generation of information for instance brainstorming are considered. In summary, the management approach’s in risk management objectives are determining particular risks, focus on current projects, carry out various activities and achieve direct results (Bakker et al., 2010, p. 493–503). 6.0 Team Working To ensure success of a project, it is essential for all stakeholders to work as team by recognizing the responsibility of each one of them. Dey (2010) in his article notes that in risk management, team work is required and he identifies Analytical Hierarchy Process (AHP) as a possible method for establishing a systematic structure for group decision making vis-a-vis group interaction. Subsequently, Dey (2010, p. 990-1000) acknowledges that team work in risk management process, if implemented using AHP, brings about a lot of advantages in the group setting which include: first is that both intangibles and tangibles, personal and shared values are contained in an AHP- based group decision process; secondly, deliberations groups emphasize on project objectives instead of alternatives; thirdly, it is possible to structure discussions within the group in order to consider each factor in turn; finally, within a structured risk analysis, discussions continue until all necessary information from each group member is taken into consideration and a compromise of the decisions alternatives is achieved. In the same regard, according to Olsson (2007, 745-752), project internal factors influences to a large extent the efficacy of risk management in project. Some of the major project internal factors are for instance internal communication, competence and team spirit. All the members in a risk management committee are supposed be of high competence. This means that each member should have appreciable level of expertise in his/her professional field. Nonetheless, he/she should have the ability to work as a team player and encourage discussions within the group. On the other hand, the team spirit in the risk management perspective encompasses the ability of each member in particular and the committee in general to remain committed and create an environment where thoughts can be ventilated and discussions enabled. Finally, internal communication depends much on the project manager coupled with his/her ability to facilitate communication within the team. 7.0 Conclusion Risk management is crucial in making certain the accomplishment of project objectives and such it is imperative for a company to institute a risk management committee. As is the case with Eskom Holdings limited, proper identification, analysis, response and reporting of project risks played a key role in the implementation of its project. Although the magnitude of risk reduces the performance of a project, it is evident that effective risk management planning moderates the relationship between the risk management process and the project. In a nutshell, it is essential to integrate risks management into various project management processes without ignoring the role of all stakeholders. Bibliography Bakker, K., Boonstra, A. & Wortmann, H. (2010). Does risk management contribute to IT project success? A meta-analysis of empirical evidence. International Journal of Project Management, 28, 493–503. Cagno, E., Caron, F. & Mancini, M. (2007). A Multi-dimensional analysis of major risks in complex projects. Risk Management, 9, 1-18. Dey, P.K. (2010). Managing project risk using combined analytic hierarchy process and risk map. Applied Soft Computing, 10, 990–1000. Edwards, P.J. & Bowen, P.A. (2005). Risk management in project organisations. Butterworth Heinemann: Elsevier. KarimiAzari A., Mousavi N., Mousavi, S.F. & Hosseini S. (2011). Risk assessment model selection in construction industry. Expert Systems with Applications, 1-7. Loosemore, M., Raftery, J., Reily, C. & Higgon, D. (2006). Risk management in projects, 2nd ed. Taylor and Francis. Olsson, R. (2007). In search of opportunity management: Is the risk management process enough? International Journal of Project Management, 25, 745–752. Stoelsnes, R. R. (2007). Managing unknowns in projects. Risk Management, 9, 271-280. Well-Stam, D., Lindenaar, F., Kinderen, S. & Bunt, B. (2008). Project Risk Management: An essential tool fro managing and controlling projects. UK: Kogan Page Limited. Wyk, R., Bowen, P. & Akintoye, A. (2008). Project risk management practice: The case of a South African utility company. International Journal of Project Management, 26, 149–163. Zou, P.X.W., Guomin, Z., Wang, J. (2007). Understanding the key risks in construction projects in China. International Journal of Project Management, 25, 601–614. Zwikael1, O. & Ahn, M. (2011). The effectiveness of risk management: An analysis of project risk planning across industries and countries. Risk Analysis, 31(1), 25-37. Appendix A Source: Cagno, E., Caron, F. & Mancini, M. (2007). A Multi-dimensional analysis of major risks in complex projects. Risk Management, 9, 1-18. Appendix B Source: Wyk, R., Bowen, P. & Akintoye, A. (2008). Project risk management practice: The case of a South African utility company. International Journal of Project Management, 26, 149–163. Appendix C Source: Cagno, E., Caron, F. & Mancini, M. (2007). A Multi-dimensional analysis of major risks in complex projects. Risk Management, 9, 1-18. Appendix D Source:Wyk, R., Bowen, P. & Akintoye, A. (2008). Project risk management practice: The case of a South African utility company. International Journal of Project Management, 26, 149–163. Appendix E Source:Wyk, R., Bowen, P. & Akintoye, A. (2008). Project risk management practice: The case of a South African utility company. International Journal of Project Management, 26, 149–163. Appendix F Source:Wyk, R., Bowen, P. & Akintoye, A. (2008). Project risk management practice: The case of a South African utility company. International Journal of Project Management, 26, 149–163. Read More