MANAGEMENT ARTICLES

 

Risk management: Basic concepts

(Robert Sarwono - International Business Consultants of Trimitra Consultants)

 

To develop a risk analysis of a project it is important to undertake the following stages:

  •  Risk identification – at the outset and on implementation of new activities

  •  Risk analysis

  •  Risk mitigation and control

These risk reviews should be carried out at crucial stages or time intervals within the project life-cycle. Risk management activities are performed continually between risk reviews based on the analyses, strategies and plans produced by the preceding risk review.

 

Risk identification

The aims of this phase are to:

  • identify all significant types and sources of risk and uncertainty associated with each of the objectives and the key parameters relating to these objectives

  • ascertain the causes of each risk

  • assess how risks are related to other risks and how risks should be classified and grouped for evaluation

This is a crucial phase. If a risk is not identified it cannot be evaluated and managed.

Having identified as many risks as practicable, it is beneficial to classify and if appropriate group risks to assist in their evaluation.

 

Creating a risk assessment team, from key stakeholders connected to the project, can make a valuable contribution to effective project management. The team can be brought together for a brainstorming session to review the risks previously identified by the project team and to flush out further risks. As a result, the potential risks identified might be extended and revised in the light of the results of the brainstorming. The process of searching for and responding to risks is iterative.

 

Risk analysis

The risk assessment operates at two different, but related, levels:

  • Risks that could affect general project management activities such as loss of project staff

  • Risks associated within a structured framework for developing base-level provision for disabled students

Using a Risk Assessment Matrix enter the rating for the probability (P) of the risk occurring in the ‘P’ column. Consider how likely it is that this risk will happen in terms of the specific nature and context of the project.

 

Record the rating of the impact (I) of the risk should it occur in column ‘I’ on the matrix. This enables assessment of the effect this risk will have if it occurs on the achievement of the aims and objectives of the project.

 

The score is rated on a scale of 1 – 5 with 1 being the lowest probability/impact (PI) ratio.

 

To calculate the probability or impact ratio (PI), multiply the scores in each column (P x I) so you are combining the likelihood of the risk occurring with the consequence.  Therefore the highest PI ratio score possible is 25.

 

Identified potential risks should be analysed, with a tentative indication of the significance of each risk (clearly significant; PI score above 17, possibly significant; PI score above 10, and probably insignificant; PI score under 10) and inter-relationships between risks.

 

If a risk is related to one or more other risks - in the sense that they share common causes or for other reasons the occurrence of one affects the likelihood of another - the related risks should be evaluated together. The resulting assessment of each risk or group of related risks should be entered in the risk matrix.

 

The significance of risks should be reviewed and then they should be reclassified into the categories of significance. For risks, which are 'probably insignificant' (ie low score on PI ratio), the decision must be made as to whether they can be ignored.

Particular attention and care must be taken with identifying and classifying risks which could have either:

  • serious or catastrophic consequences or high expected values, or

  • exceptionally favourable consequences

All the risks in both of these categories are likely to need particular, individual attention when assessing the overall 'riskiness'.  A decision must be made about which risks are amenable to more detailed evaluation and quantification.

 

Risk mitigation/Control of risks

Mitigating risks, or lessening their adverse impacts, is at the heart of the effective management of risk. Risk mitigation should cover all phases of a project from inception to completion. There are four main ways in which risks can be dealt with within the context of a risk management strategy.

 

Risks can be:

  • reduced or eliminated

  • transferred

  • avoided

  • absorbed or pooled

The key task during this stage is the monitoring of risks included in the risk analysis matrix. Other risks also need to be monitored regularly including those in the remaining stages of the project not only the risks occurring in the present stage. Any significant changes in risk or new risks should be identified and assessed immediately.

 

Regular monitoring of risks can be undertaken by studying events, situations or changes (sometimes called 'trends'), which could potentially affect risks during the normal management and progress of a project.

Consulting Services
Management Audit
Strategic Management
Organization Development
HR Management
Marketing
Customer Service

Training Services
In-house Training
Public Workshops

Business Services
Interim Management
Corporate Services
Executive Recruitment
Project Management
Procurement Services