How Managing Project Risk Relates to Managing Organisational Risk - Case Study Example

How Managing Project Risk Relates to Managing Organisational Risk Student’s Name Institution How Managing Project Risk Relates to Managing Organisational Risk Introduction A risk is the situation that exposes a person or a place to a probable threat or danger. The situation can be either foreseeable or unforeseeable. Risk management involves the deliberate and proactive process of identifying, analysing and responding to situations that expose the corporate entity to losses. Effectiveness in risk management starts with identification and evaluation risks. The two steps involve spotting the risks and extent of damage those risks are likely to cause in an organisation. After proper evaluation, the organisation is able to devise mitigating measures that would respond effectively in the event of risk. Where these risks are avoidable, the management examines them and puts measures in place to ensure they do not affect the operations of the firm. However, most uncertainties are unavoidable and call for proper risk management strategies to ensure the entity operates uninterrupted when they arise. The main task of the management in this case is to ensure the organisation has the required capacity to deal with risks effectively. Today’s environment presents various types of risks, which have significant effect on organisational operations and sustainability especially if the management fails to address issues competently and effectively. These types include financial, human, operational, technical, physical, and reputational. All these risks are potential threats to the profitability of the company. They appear in different forms to different firms and in different times. There are risks that are more likely to affect a certain firm than the other, depending on the nature of operations among other factors. For example, the firm with hi-tech systems and computerised operations are likely to experience technological and operational risks than firms whose work is 90 percent manual. Technological risk includes accidental loss of data or system collapse without adequate backup. Theft or destruction of computers and system hacking contribute to operational risk since these events affect the efficient operation of company affairs. Risk management is the core activity that determines successful completion of specific projects as well as that of the entire organisation. Managing risks at project level requires competent team of risk personnel. Risk experts are able to identify situations that are more likely to affect the company operations hence allocating adequate resources to counter the negative impact. Failure to manage risks at the project level has far reaching effects on the risk management at the organisational level. In other words, poor risk management in projects translates to underachievement of the project goals and overall objective of the entire entity. At this point, it is clear that the level of risk management at the project level has direct effect on risk management at the organisation. Therefore, the emphasis the management puts in managing project risks should match the one put in managing those affecting the entire firm. Managing project risks is the critical aspect that determines efficient operations and successful completion of tasks. The manager needs to apply risk management techniques in the same way he would while managing the entire organisation. Many large organisations have projects as integral part of their business, which usually have a particular risk level. Projects fail to realise the intended goal due to lack of proactive measures of managing risks. To manage project risks, activities involving identification of impending risks, assessment and analysis of these risks, and monitoring them should be embraced throughout the project lifespan. Every project faces a unique risk depending on the specific nature of activities conducted and the environment from which they operate. In this case, risk management approaches differ due to the uniqueness of risks. The process that involves identifying, assessing, analysing, and monitoring risks is therefore critical in ensuring projects adopt suitable and relevant strategy for managing risks. In light of the concept of managing project risks, it is clear that the same concept is applicable in managing organisational risks. Just like projects, organisations face unique risks due to differences in the nature of operations and environments from which they operate. For instance, the organisation whose operations are technology based is likely to encounter technological risks unlike firms whose operations are virtually manual. In this regard, the approach project managers adopt in managing risk is the same the organisational management would assume. The implementation may differ due to the multiplicity of tasks in organisations. Due diligence is therefore required in managing risks in projects as well as in organisations. At each level, managers should start by identifying potential risks threatening the operations of projects and organisations, then move to assessment and analysis, and monitor risks to mitigate the negative effects. In other words, elements such as risk identification, evaluation, analysis, and monitoring demonstrate how project risk management relates to managing organisational risks. Literature Review Concept of Risk Management Hoyt and Liebenberg (2011) describe risk as an element that creates uncertainty about the future outcome. The journal explains that the presence of a potential risk may bring deviation of the effort from the intended outcome if not properly managed. Aven (2012) portrays risk management as an integral part of corporate governance and the key determinant of successful accomplishment of the intended goals and objective. In this sense, the scholar argues that managing risk remains the pertinent measure of efficiency and effectiveness in the organization. The management therefore requires competent personnel to manage risks, the aspect that ensures the firm achieves its goals without unnecessary interruption. Ward and Chapman (2003) emphasise that organisations should prioritise the issue of risk management in order to develop competitive advantage and enhance sustainability. In a nutshell, proper risk management should form the basis of effectiveness for corporate governance. According to Aven (2012), today’s businesses operate in a dynamic and highly risky environment. Managements face number of issues that present uncertainties about the future of organisations. In this regard, managing risk has become unavoidable task for managers and a yardstick through which efficiency is determined. In response to this view, Colicchia and Strozzi (2012) points out that risk management is the main factor that determines survival of firms operating in turbulent business environment. The journal critically looks at the current environment and frequent changes that happen unexpectedly as the basic reason why corporate entities should strive to initiate efficiency in risk management. Ward and Chapman (2003) observe that businesses operate in a constantly changing environment, which poses a threat to successful achievement of intended goals. In this case, scholars insist that it is only proper risk management firms are able to realise efficiency. In view of Ward (1999), as organisations become more dynamic, likelihood of risks increases. Proper risk management has therefore become the main factor that influences outcome of activities in the organisation. Risk Management as a Process Ward and Chapman (2003) acknowledge that risk management is a process, which emerges from the executive deliberations. The willingness of the management to manage risk is therefore a core element in this process. Hoyt and Liebenberg (2011) explain that the process starts at the conception of the business idea, and not when the entity is already in place. The person responsible for initiating the business idea should think of risks involved in the course of operation, hence develop the appropriate measures that would respond effectively to those risks. McNeil, Frey, and Embrechts (2015) encompass that risk management should form the top priority at inception stage and continue throughout the business lifespan. The implication of this aspect is that consciousness of risk prevalence and the deliberate approach to mitigating the potential risk should go hand in hand with other operations. Manuj and Mentzer (2008) observe that risk management is part of every activity that takes place in the course of business life. The implication is that risk management is the key activity that touches on all managerial decisions and is applied in all activities in the organisation. McNeil et al (2015) enumerates various activities that complete the risk management process. The process involves identifying the potential risk, analysis, evaluation, treatment, and monitoring of risk. To identify the risk, Ward and Chapman (2003) argue that the management should conduct through analysis of both internal and external environment. The organisational leadership should have the capacity to recognise elements, which threaten realisation of goals and overall survival of the entity. Anything that presents uncertainty, which threatens successful realisation of intended outcome. Manuj and Mentzer (2008) indicate that it is only after identification of risk one can analyse it. Through analysis, the management is able to measure the effect of risk and carry out the evaluation. Analysis and evaluation pave way for developing the suitable measures to respond to the risk. For effective management of risks, Aven (2012) argues that application of this process should be timely and continuous. The ever-changing business environment presents different risks, which require different approaches to counter. Managing Project Risk Chapman and Ward (2003) describe projects as initiatives that face various risks in the course of running. Governments, corporate entities, or individuals may initiate a project whose aim is to achieve a particular result. For instance, the government agency may have a project to generate income or achieve any other goal that relates to the overall objective of the agency. Arena et al (2010) argue that running a project and achieving its set goals require a competent manager and efficient team of experts to carry out various tasks. These tasks call for particular specialty from individuals tasked with the mandate of implementation of policies and decisions. The individuals with different talents and specialties required in the project make up the committee to run the affairs of the project under the leadership of the manager. According to Ward and Chapman (2003), all individuals running the project collaborate in identifying risks, analysing, evaluating, developing response mechanism, and monitoring the sequence. Managing risks in project calls for a combined effort of all individuals involved. Projects experience different risks depending on the nature of activities carried out. Chapman and Ward (2003) reveal that most projects fail to manage risks due to incompetent personnel. In this case, lack of competent staff amounts to human resource risk. Projects also experience lack of adequate funds and equipment to run planned activities, which poses financial and operational risks respectively. Fortunately, Ward (1999) explains that it is easy to foresee these risks and the manager or the project financier can plan ahead and avoid the risk. For example, the organisation initiating the project may demand the proof of competence from people it hires to run the project. Ward and Chapman (2003) argue that initiators or financiers need to have proper planning to avoid most potential risks likely to affect operations. Planning includes determination of adequate funds to conduct all activities, hiring of competent individuals, and acquisition of efficient equipment and facilities. Managing Organisational Risks Aven (2012) points out that managing organisational risks is different from managing project risks. Although some risks are similar, managing these risks require different approaches. According to McNeil et al (2015), project deals with specific activities and have the definite timeline. Organisations on the other hand have no definite lifespan. In this case, the management approach in organisations is different as they are likely to encounter different risks. Hoyt and Liebenberg (2011) argue that it is difficult to predict some risks likely to affect the organisation, hence the need to have competent management in place. Again, the organisation has a complex chain of command where the decision are made at the top and executed by junior employees. Manuj and Mentzer (2008) observes that constant consultation and adoption of effective risk management policy help to prevent the problem. The top management should be in position to address the challenges in advance and develop the mechanism that can respond to the anticipated risks effectively. When managing risks in the organisation, McNeil et al (2015) state that the management should adopt a proactive and flexible strategy. Due to the indefinite lifespan, the management should ensure the strategy adopted is able to respond to threats that come along with ever-changing business environment. Hoyt and Liebenberg (2011) argue that risk management strategies should facilitate anticipation of threats and enhance preparedness in the organisation. These strategies may be in the form of policies that the firm adopts to enhance consistent assessment of risks and call for immediate action whenever uncertainty is perceived. In addition, Aven (2012) suggests that the management should adopt policies that allow frequent sensitisation of risks as well as those that enable organisations to react effectively to the unforeseeable risks. In a nutshell, awareness of risk should be at the centre of policy making and should be integrated in all operational strategies, plans, and procedures. How Managing Project Risks Relates to Managing Organisational Risk Colicchia and Strozzi (2012) state that approaches adopted in managing projects have similarities with those adopted in managing organisations. Some strategies are applicable in both cases especially where both the project and the organisation face similar risk. Ward (1999) argues that big projects with long lifespan mostly adopt similar risk management strategies adopted in organisations. For instance, projects which last for ten years suffer similar consequences with organisations when they lose the key personnel. Aven (2012) is of the opinion that when projects and organisations lose a talent, they are likely to experience inefficiency in operations. In such scenario, the organisation and projects alike should adopt policies that facilitate retention of talents to avoid human resource risk. De Bakker, Boonstra, and Wortmann (2010) attribute lose of talent to ineffective human resource policies and procedures. The approach of managing such risk is therefore similar in projects and in organisations. The process for managing risks in organisations applies also in projects. Aven (2012) points out that most entities initiate projects and apply similar management approaches used in the entire organisation. In such case, Arena et al (2010) observe that the project is more likely to be influenced by the organisational culture. Although the execution may differ, strategies remain the same especially when the project has been initiated by the organisation. The project manager is likely to adopt measures used by the organisation to detect, assess, and respond to risks. In some cases, project manager may alter the strategy to suit the particular situation. McNeil et al (2015) acknowledge that this element happens when the project is autonomous from the parent organisation. In other words, the difference in approaches arises when the project is free to operate on its own. Findings and Conclusion The recent case of reputational risk at Apple Inc provides the relevant information on risk management strategies. The corruption scandal associated with Apple’s global supply chain manager had serious implication on the reputation of the firm. The lawsuit alleged that the manager had received a bribe from suppliers for allegedly influencing awarding of contracts in their favour. The organisation also faced a similar risk associated with antitrust lawsuit. The firm faced allegation of creating a monopoly with its products; ipod music player and itune store. The allegation was that the music player could only work with music purchased from Apple’s online store. The two accusations leave Apple Inc exposed to reputational risk, which significantly affects consumers’ perception and overall profitability of its business. The investigation at Apple Inc also found that the firm battled another allegation related to violation of privacy laws. The allegation stated that the firm had allowed third party to access personal information of consumers. The third party, known as ad networks, was in position to track activities of Apple products’ consumers using the unique code that identified consumers. It was also found that Apple permitted app developers to access consumers’ personal information. In this case, the firm failed on its duty to protect consumers’ privacy thus exposing its business to a threat of reputation in the global market. The revelation had significant impact on the reputation of Apple especially in matters of consumer privacy. High percentage of consumers was likely to avoid any relationship with Apple, hence losing substantial market share to competitors. Despite the above stated accusations and lawsuits, the firm managed to cope with the risk and control its impact on the market. The firm applied risk management strategies that got the business on track. Series of lawsuits never interrupted the supply chain and the firm continued to present itself as the market leader in the area of technology. The top management adopted the vibrant marketing approach and continued to supply unmatched products across the world. The firm also defended its corporate reputation by distancing itself from the actions of individual manager. The manager involved in the bribery allegation faced the charges as an individual without involving the company. In this regard, the firm separated itself from unlawful acts that would ruin its reputation. Recommendations and Implementation To operate effectively in a volatile environment, it is important to integrate risk management strategies to the corporate policy. In the case of Apple Inc, the top management should emphasise on its policies such as delivery of unique and quality products to customers instead of concentrating on lawsuits. The management should continue focusing on the market and not the past mistakes done by its employees. Consistent marketing and engagement with consumers should form part of firm’s activities. The lawsuits and allegations should not divert the attention of the firm. They should neither form the basis of firm’s engagement with the market as it would appear as if the company accepts those misdeeds. The firm should also deal with those responsible of each misdeed and separate itself from such individuals. The company should integrate consumer protection in its policy, which binds all employees and subsidiaries. Consumers should be aware of their right to privacy and the firm should initiate charges against individuals responsible for violating consumer privacy. To prevent such issues in future, Apple Inc should integrate the requirement on consumer privacy in all contracts with both employees and third parties. Stiffer penalty against those who violate the requirement is likely to boost the consumer confidence. In other words, the management should play the pivotal role in protecting consumers’ information as part of corporate integrity. Such aspect would restore the trust and confidence of customers across the world, hence safeguarding the firm from reputational risk. References Arena, M., Arnaboldi, M., & Azzone, G. (2010). The organizational dynamics of enterprise risk management. Accounting, Organizations and Society, 35(7), 659-675. Aven, T. (2012). Foundational issues in risk assessment and risk management. Risk Analysis, 32(10), 1647-1656. Chapman, C., & Ward, S. (2003). Project risk management: processes, techniques and insights. John Wiley & Sons, UK. Colicchia, C., & Strozzi, F. (2012). Supply chain risk management: a new methodology for a systematic literature review. Supply Chain Management: An International Journal, 17(4), 403-418. De Bakker, K., Boonstra, A., & Wortmann, H. (2010). Does risk management contribute to IT project success? A meta-analysis of empirical evidence. International Journal of Project Management, 28(5), 493-503. Hoyt, R. E., & Liebenberg, A. P. (2011). The value of enterprise risk management. Journal of risk and insurance, 78(4), 795-822. Lemke, F., & Petersen, H. L. (2013). Teaching reputational risk management in the supply chain. Supply Chain Management: An International Journal, 18(4), 413-429. Manuj, I., & Mentzer, J. T. (2008). Global supply chain risk management strategies. International Journal of Physical Distribution & Logistics Management, 38(3), 192-223. McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press. Ward, S. C. (1999). Requirements for an effective project risk management process. Project Management Journal, 30(3), 37-43. Ward, S., & Chapman, C. (2003). Transforming project risk management into project uncertainty management. International Journal of Project Management, 21(2), 97-105. Read More