Project risk management is already a well-documented topic. However, risks are not always managed with the recommended approach.
Because of this, we have decided to provide you with a technical overview on the subject. From the origin of risk management to common risk characteristics, we will explain why proper risk management is so important and then close with a summary of the PMI (Project Management Institute) risk management process.
01. Origins of Risk Management
Risk has always existed. Every living being is familiar with the notion of risk and the impact it has on survival, on plans, etc.
In all circumstances, whether individual or collective, we have developed reflexes, mechanisms, and tools that over time have proven to be more and more effective at controlling risk. In fact, we owe our very survival to our ability to effectively manage risk. From generation to generation, we pass down the lessons we have learned regarding risk.
For example, the sexual division of labour and even the beginning of human civilization in general are just two of the many examples illustrating how humanity has managed risk for the survival of the species.
Risk management tools and methods are always adapting and evolving; therefore, continuous learning and process improvement are intrinsic to risk management.
It is important to remember that for as long as humans have been developing projects, they have also been managing the risks involved. In fact, project management is not a new concept. There are many examples of projects throughout history: the construction of the Egyptian Pyramids, the Ancient Greek Acropolis of Athens, the historic city of Timbuktu in Mali, the conquest of the New World by European explorers, and the space race between the United States and the former USSR.
The terms uncertainty and probability, which underline the concept of risk, go back several centuries to mathematicians like Pascal. However, it was not until after World War II that risk management slowly became modernized, specifically between 1950 and 1970. It was first introduced in insurance, and then in financial products (Dionne G, 2013, Risk Management: History, Definition and Criticism, pp. 1-9), before it was officially implemented in project management around the 1980s.
02. Where Does Project Risk Come From ?
Risk is present in ALL projects. It is an essential project element that stems from the interaction between the project objectives and the associated uncertainty. On the one hand, objectives represent what SHOULD happen (what you want to accomplish) and on the other hand, uncertainty represents what COULD happen.
This interaction opens the door to an infinite number of possibilities, some of which are understood as risks. There are in fact more things that could happen in the future than what actually happens. Depending on the context, the organizational culture, and the degree of individual or organizational tolerance to risk, the perception of risk will vary considerably.
In fact, risks are present in everything we do. As soon as we talk about the future, risk is brought into the picture.
03. The Two Dimensions of Risk
Risk has two dimensions: uncertainty and the way it affects objectives. Uncertainty is measured in terms of probabilities, while the way it affects objectives is measured in terms of impact. In short, risk is what connects uncertainty to objectives.
Uncertainty contains both opportunities (which can help) and threats (which can hurt). Therefore, you must understand the context of your project and control it.
The decision to carry out a project is generally justified by the ratio of the business objectives and benefits. As soon as the business benefits outweigh the risk, the risk is accepted. Projects are often fraught with potential pitfalls and problems that pose as project risks, but you can continue with the project as soon as you are certain that the benefits outweigh the risks; the objectives justify the projects and above all we want to obtain the benefits.
To paraphrase William G.T. Shedd (John A Shedd, Salt from my Attic, 1928, p. 63), is it not the case that the ship is safer in harbor than at sea? But the ship is not built to stay in harbor. She must brave the waters (take risks) to yield greater benefits than the risks that come with the sea.
04. The Link Between Uncertainty and Risk
Uncertainty is everywhere. This is particularly true for projects because with projects come change. However, uncertainty is different from risk.
In fact, risk is defined as uncertainty that brings concern (i.e., that may influence the intended objectives). For example, if we learn that there will be a heavy rainstorm sometime in the next two months, not many people will be concerned. But if the exact date is specified and you realize that it coincides with the date of the town parade, the weather forecast would now be of real concern!
In fact, this uncertainty (the fact that it may or may not rain) puts the event at risk because if it really does rain on that day, there will be impacts.
Simply put, risk is an event or a set of circumstances that, if occurring, influences the outcome of one or more of the project objectives.
It is the combination of the probability of the event and its consequences (impacts). This explains why risk can be represented in a Cartesian plane with :
- an abscissa, a given value on the X-axis called “impact” (or risk effect)
- and an ordinate, a given value on the Y-axis called “probability” of occurrence.
05. What is project risk management ?
According to the PMBOK, the PMI project management body of knowledge, the objectives of project risk management are to increase the probability and impact of positive events, and to decrease the probability and impact of negative events.
Projects are surrounded by multiple uncertainties regarding their key parameters (budget, timeline, specifications) that make it difficult to predict the degree of variation.
There are in fact countless possible project risks, including: financial risks, cost overruns, delays, risks to quality, legal, health and safety, communication, reputational, political, environmental or ecological risks. Therefore, it is important that risk management is adequately considered to reduce its impact or probability.
06. Why Worry About It ?
Projects evolve in constrained environments and are often beset with difficulties. These constraints and difficulties are sources of risk. Risk management answers the following question: How can you manage and control risks to make them bearable?
When risks are managed improperly, there is a danger that either some or all project objectives will not be achieved.
To avoid this, we adopt various risk response strategies that are classified into four different categories: avoid, transfer, mitigate, accept. These different groups of strategies have two distinct effects: protection (against risk impact) or prevention (of the probability of the risk occurring).
07. How do we manage project risk ?
To manage risks, you must first prepare by planning risk management activities. Next, carefully identity them (using different techniques), analyze them qualitatively, and if necessary, analyze them quantitatively (in certain cases only). Then, define and implement an appropriate response strategy for each risk before having it monitored and evaluated. We will return to the qualitative and quantitative analyses of project risk in a future publication.
Good project risk management requires a risk log (usually a simple Excel table is sufficient) where each risk is recorded with an assessment of its probability of occurrence and impact, as well as the appropriate response actions.
The purpose of the risk log is to have an eye on each risk and to ensure that each is managed properly until the risk is resolved, or the project is completed.
Finally, whenever necessary, represent the risks from the risk log on a risk criticality matrix (a cartesian graph also called a probability-impact matrix). This graphical representation allows you to better appreciate the extent of the overall criticality of the project.
If you liked this article, let us know by rating and/or commenting on this blog.
Interested in our publications? Subscribe today and get advance notice about each new publication sent directly to your inbox.
If you are also interested in our conferences or taining sessions on project management, or if you would like to learn more about the concepts mentioned in this article, contact us anytime by visiting our website at www.bernacheconseil.com/ .