Contemporary Approaches to Project Risk Management - Essay Example

? Contemporary Approaches to Project Risk Management: Assessment and Recommendations Table of Contents Introduction 3 2. Risk management – advantages and disadvantages of approaches 3 2.1 Risk management – brief description 3 2.2 Project risk management approaches in Informative Web Systems (IWS) 4 2.2.1 Project risk management in IWS – overview 4 2.2.2 Advantages and disadvantages of risk management in IWS 4 2.2.3 Evaluation of risk management in IWS compared to other risk management approaches 5 2.2.4 Recommendations on the appropriate risk management approach for IWS 6 Conclusion 7 References 8 Appendix 9 1. Introduction The development of globalization in markets worldwide has allowed businesses to achieve a high growth within a relatively short period of time. However, the decrease of time in the expansion of business activities, as a consequence of globalization, has been followed by the increase of relevant risk (Vellani 2007, 134). In this context, the management of risk has become an indispensable part of strategic management. It should be noted that the risk management approaches used by businesses worldwide are not standardized. This means that organizations of different size and characteristics can choose the risk management approach that best suits to their needs. Current paper focuses on risk as an element of the project management. Reference is made to a particular company, the Informative Web Systems (IWS). The firm operates in the Australian market for about a decade. Since last year, the performance of the firm has been deteriorated, being decreased for about 8% compared to 2009. The failures of the project risk management of the firm have been considered as responsible for this outcome. The current project risk management of the firm is evaluated compared to other project risk management approaches – as presented in the literature. Recommendations are made for alterations in the firm’s project risk management system in order to be improved. Reference is made to the barriers that such effort would have to face both in the internal and the external organizational environment. 2. Risk management – advantages and disadvantages of approaches 2.1 Risk management – brief description Risk is involved in all human activities. In businesses the effects of risk are usually related to the decrease of organizational performance. The level at which risk can be estimated by reviewing the common consequences of similar risks in businesses operating in the same industrial sector (Khosrowpour 2001, 142). In accordance with Kaye and Graham (2006, 6) one of the most usual characteristics of risk is that it cannot be fully eliminated; it can always appear, in different forms, even it has been already faced successfully. Moreover, Bowden, Lane and Martin (2001, 5) note that the failures in managing risk can have a series of consequences for the businesses involved, including ‘sanctions for directors, civil claims and legal costs’ (Bowden, Lane and Martin 2001, 5). The effective management of risk means that risk related to the operations of a particular organization is effectively identified and addressed (Bowden, Lane and Martin 2001, 165). Referring specifically to the risks related to projects, Merna and Al-Thani (2008, 42) noted that the management of such risk refers to a series of non-monetary issues/ needs, such as: environment, people, ethics and quality (Merna and Al-Thani, 2008, 42). 2.2 Project risk management approaches in Informative Web Systems (IWS) 2.2.1 Project risk management in IWS - overview One of the priorities of the project risk management approach used in Informative Web Systems is the limitation of risk in the beginning of each project – reference is made to the risks related to the initial phases of the firm’s projects. Because of the need for continuous update of the technology involved in the development of the firm’s project, the risk management approach developed by the firm’s managers has been based on the following principles: a) risk related to each organizational activity will be measured before the beginning of this activity, b) the above task is delegated to employees who have the appropriate skills and training, c) the risks related to the similar activities of competitors are carefully monitored – aiming to avoid common market failures, d) the ethics of the market are the basis for the firm’s risk management approach, e) the resources available for measuring the risk involved in each firm’s project are taken into consideration, f) the costs and the time required for effectively measuring the risk involved in each project of the firm is always taken into consideration, g) the structure/ needs of each project of the firm’s is reviewed before assessing the risk involved in this project, h) the successful measurement of risk in the particular business has been achieved through the establishment of a mechanism that monitors all projects of the firm on a continuous basis. The risk management approach used in IWS is presented in the Graph 1 – Appendix. 2.2.2 Advantages and disadvantages of risk management in IWS The risk management approach used in IWS has a series of advantages: a) reference is made to all project’s needs, b) all resources available are appropriately used for controlling risk related to the firm’s projects, c) the chances for the appearance of unexpected risks are minimized, d) the specific approach is flexible, allowing the changes and updates in accordance with the organizational and the market conditions, e) the use of this approach helps to minimize the risk in the firm’s projects securing the organizational performance – as possible. However, the specific approach also has a series of disadvantages, which could be described as follows: a) the specific approach can be time consuming – no time limit is set in regard to the completion of each phase of the relevant plan (McNeil, Frey and Embrechts 2005, 6), b) the fact that the form of the plan is not standardized; moreover, no criteria are set for the potential alteration of the plan implying that the relevant power of the firm’s project manager is absolute, c) the above risk management approach does not refer separately to the monetary and non-monetary risks of the organization. The above weaknesses are closely related to the lack of effective method for the risk quantification; the findings of the specific process could help to identify the practices for addressing the above problems in regard to the firm’s risk management approach – as explained in the section 2.2.4 below. 2.2.3 Evaluation of risk management in IWS compared to other project risk management approaches The performance of the risk management approach in IWS could be evaluated by referring to other risk management approaches, as presented in the literature and as developed in the common business practice. At a first level, the risk management plan of IWS is compared to the GAMP 5 risk management approach; GAMP 5 is a software programme helping to control the risks related to the computer systems used in organizations of the healthcare industry. The above risk management approach is based on 5 phases, which are presented in Graph 2, Appendix. Through the above Graph 2, the following issue is revealed: the GAMP 5 risk management approach is similar to the one used by IWS; the only difference seems to be the following one: in GAMP 5, ethics and organizational culture do not seem to have particular impact when assessing risk – in fact, in this phase of the GAMP 5 plan, reference is made to the needs of patients, i.e. to the individuals who will affected in case of an organizational failure. In other words, the risk management approach of IWS is more generic, a fact that increases its flexibility, as noted above, but also increases the chances for failure when having to identify an appropriate strategy for controlling the risk involved. Similar assumptions are made when comparing the risk management approach of IWS with the one used by the Merseyside county (North West England); in the above county, a risk management plan was considered as necessary for preventing fires across the particular county. The risk management approach of Merseyside county has been differentiated from the one of IWS at the following point: the assessment of risk (divided into analysis and evaluation of risk) is combined with monitoring/ review and communication with the stakeholders (meaning those who are expected to be affected in case that a critical event will take place). All these activities are incorporated into an integrated risk management approach where the identification of risk does not necessarily takes place at the beginning of the plan, but it can be developed later, even simultaneously with the assessment of risk. In other words, the hierarchy of tasks in the above risk management approach is not obligatory; however, it is necessary that monitor/ review and communication processes are continued up to the final phase of the plan, i.e. the application of appropriate measures. Compared with the risk management approaches developed in the literature, the risk management approach of IWS can be characterized as appropriately structured – with only minor changes required. Reference should be primarily made to the risk management approach suggested by Heldman (2005, 12); the above approach is based on the idea that a risk management plan should be continuously monitored – in all its phases – as of its impact and its probability (Heldman 2005, 12). This is the only difference between the above approach and the one of IWS, in which it is not made clear in which phase of the relevant plan the level of impact/ probability of risk should be measured. On the other hand, the Enterprise Risk Management Approach (ERM) analyzed in the study of Pickett (2005, 203) is more effective than the risk management plan of IWS at the following points: a) in the former, reference is made to the risks related to all aspects of businesses, not just to its activities (for example, the corporate reputation or the terms of promotion across the organization), b) the former can be more effective in auditing risk – since it incorporates a detailed audit function and c) the former can reduce costs in controlling of risk – since it can help to establish an integrate mechanism for controlling risk in regard to all business aspects. 2.2.4 Recommendations on the appropriate risk management approach for IWS As noted above, one of the most important problems of the current risk management approach of IWS is the lack of a detailed risk quantification method. The matrix suggested by Turbit (2005) - see also Graph 4, Appendix - could be used in order for the risk quantification in IWS – as part of its risk management plan – to be improved. In the context of this matrix, risks in IWS should be put in hierarchy in accordance with the chance of their appearance. In cases of risks the probability of which to appear is critical or high, their impact will be high. For risks with low or average probability, the impact on the organizational performance is expected to be of low or average level. In this way, risks related to the organizational activities will be more effectively evaluated. The findings of the above process would help towards the improvement of the firm’s risk management plan at the following points: a) time limits would be set for completing the firm’s risk management plan – especially when the risks identified are found to be of high impact, b) the methods suggested for the risks of high impact would be given a priority – compared to the risks of low impact and c) risks of high impact would be reviewed more carefully in regard to their relation to the firm’s monetary and non-monetary needs (as described above). 3. Conclusion The control of risk in modern organizations can be characterized as a challenging task. In fact, the relevant plans can be quite complex, as proved through the issues highlighted above. The flexibility of these plans would allow its easy alteration, i.e. update, in case of unexpected changes in the internal or the external organizational environment. However, in certain cases, such target is difficult to be achieved mostly because of the following reasons: a) the lack of resources required for the completion of the relevant processes, b) the continuous changes in the organizational and the market conditions; these changes favour instability both in the internal and the external environment, c) the support provided to the relevant plans is often inadequate; reference is made to the lack of effective monitoring of the plans after their implementation. Through the case of IWS it has been proved that the simplicity of risk management plans does not necessarily means the lack of quality. On the contrary, such plans would be quite effective, especially if they were appropriately adjusted to the needs of each organization. References Bowden, Adrian, Lane, Malcolm and Julia, Martin. 2001. Triple bottom line risk management: enhancing profit, environmental performance, and community benefits. Hoboken, NJ: John Wiley and Sons Culp, Christopher. 2001. The risk management process: business strategy and tactics. Hoboken, NJ: John Wiley and Sons Fraser, John and Betty, Simkins. 2010. Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives. Hoboken, NJ: John Wiley and Sons Heldman, Kim. 2005. Project manager's spotlight on risk management. Hoboken, NJ: John Wiley and Sons Kaye, David and Julia, Graham. 2006. A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance. Connecticut: Rothstein Associates Kevin, Martin and Dr. Arthur Perez. 2008. GAMP 5 Quality Risk Management Approach. Accessed April 8, http://www.vialis.ch/fileadmin/files/imgs/pdf/Newsletter/q1-09/08MJ-Martin.pdf Khosrowpour, Mehdi. 2001. Managing information technology in a global economy. Hershey, PA: Idea Group Inc McNeil, Alexander, Frey, Rudiger and Paul, Embrechts. 2005. Quantitative risk management: concepts, techniques and tools. Princeton, NJ: Princeton University Press Merna, Tony and Faisal, Al-Thani. 2008. Corporate risk management. Hoboken, NJ: John Wiley and Sons Pickett, Spencer. 2005. Auditing the risk management process. Hoboken, NJ: John Wiley and Sons Turbit, Neville. 2005. Basics of Managing Risks. The Project Perfect White Paper Collection. Accessed April 8, http://www.projectperfect.com.au/downloads/Info/info_risk_mgmt.pdf Vellani, Karim. 2007. Strategic security management: a risk assessment guide for decision makers. Oxford, UK: Butterworth-Heinemann Appendix Identification of risk by skilled employees Measurement of risk (use of market ethics, organizational culture/ needs, project structure/ needs) Strategy for facing the risk (identification and implementation) Risk Audit Graph 1 - Project risk management in IWS (Hierarchy – from top to bottom) Perform initial risk assessment Identify functions with impact on Patient Safety Perform functional risk assessments and identify controls Implement and verify appropriate controls Review risks and monitor controls Graph 2 - Project risk management in GAMP 5 (Hierarchy – from top to bottom) (Source: Kevin and Perez 2008) Graph 3 – Risk Management plan for preventing fires in Merseyside county – North West England Graph 4 – Risk quantification (Source: Turbit 2005, 2) Read More