Order Number |
78346cbf74hybrvd |
Type of Project |
ESSAY |
Writer Level |
PHD VERIFIED |
Format |
APA |
Academic Sources |
10 |
Page Count |
3-12 PAGES |
Running head: RISK MANAGEMENT PLANNING
INTRODUCTION
This paper aims to discuss the topic of risk management that is applicable at different levels of management from projects to strategic management and corporate governance. The issues involved include the basic risk management process, management of risks based on the various project phases, different approaches to the risk management process, and the best practices involved in risk management. Resolving risk management in a project is essential to avoid unforeseen circumstances that might prevent the success of the project. It also helps to identify positive risks that can be beneficial to the stakeholders. Early identification of risks also saves time as risk mitigation is planned as well as contingency plans which can easily be put in place to avoid disruption of the project.
Answering these issues will help us to handle projects confidently. It will also help us to reduce losses that are likely to occur due to unforeseen circumstances. Risk management planning will provide a continuity plan for projects which saves time. A proper risk management plan will significantly reduce the costs of running a project as the best options will be used that have less risks. It will also allow projects to be finished faster without much interruption as contingency plans will be used where mitigation plans fail.
REVIEW OF THE LITERATURE
According to Watt, (2014) projects can always encounter unexpected issues no matter how well they are planned. Risk management is therefore necessary. A risk plan will identify the potential issues that could arise, analysis of the likelihood of occurrence will estimate the response needed, and risks can also be avoided or minimized. A risk management plan will specify the way in which a risk is to be handled in the project. This involves the specification of risk assessment, the person responsible, and frequency of the risk planning. A risk management plan should have an impact assessment and classification of the magnitude of the impact from low to very high.
The probability of each risk should also be estimated on a scale as some risks are more likely to occur while others are very unlikely. Watt (2014) lists four ways in which risks can be handled. It is always best to avoid risks if they are preventable. In case this is not an option, then the risk should be mitigated. This is achieved by minimizing the damage caused to the project. The third option is transferring the risk to someone else. This can be done through insurance. The last way to handle a risk is by accepting it. This is the ultimate choice when the risk can neither be avoided, mitigated, or transferred.
Watt, (2014) goes ahead to suggest a risk management process. This includes a risk assessment and mitigation strategy for the risks involved. In the risk assessment phase, the potential risk has to be identified as well as the potential impact. The mitigation plan is then developed to eliminate or reduce the impact of the risk involved. The identification of risks is done through brainstorming which requires creativity and discipline. A risk checklist may also be developed from the experience gained from past projects. As a result, the experience of the team, experts, and projects in a company are valuable resources in risk identification. Risks can also be identified by category such as technical, cost, client, financial, environmental, political, weather, etc.
This framework can also be used as a work breakdown structure to develop a risk breakdown structure. (Watt, 2014). The risk breakdown structure further subdivides the identified risk category into associated risks with higher specificity. For example, client risk in a project involving two clients can be categorized as one client or the other backs out. The consequence is that this classification provides a proper understanding of the highest risks to the project. The downside is that whereas known risks may be easily identified, the unknown risks outside the category may not be identified.
Afterwards, a risk evaluation is done on the identified risks. This entails evaluation of the chance of occurrence of each of the risks and potential impact it would have on the project. It is important to have a criterion for identifying high impact risks so as to focus specifically on the critical risks that are likely to occur and have high negative impact on the project. Some project managers may not conduct formal risk assessment due to lack of understanding of the tools involved as well as the benefits of such structural analysis of risks. Lack of formal tools in risk management is also a hindrance towards the implementation of risk management program. A risk mitigation plan is developed after identification and evaluation of the risk. This is meant to reduce the impact of the risk. It is achieved by avoidance, sharing, reduction, or transfer of the risk. In risk avoidance, an alternative strategy is developed that has a higher chance of success for the project.
For instance, a company can use proven existing techniques which carry less risks compared to new techniques. Risk sharing involves sharing the risk burden in risky activities to reduce the impact. This can be done through joint ventures for international companies so as to reduce legal, political, and labor risks that come with international projects. Risk reduction involves investing funds so as to minimize the project risk. International companies will buy a guarantee on a specific currency rate to minimize the risk of fluctuating currency exchange rate. Risk transfer is achieved mostly through insurance against the potential risk.
A contingency plan should also be developed once the risk has been identified that may prevent the accomplishment of the project. This is an alternative method to accomplish the goals of the project. This may require setting aside contingency funds to deal with unforeseen events. This requires the approval of the project manager.
Watt, (2014) also categorizes risks according to the phases of the project. Each risk will be dealt with separately depending on the project phase. In the initiation phase, the unknown parts of the project pose a major risk. As a result, the risk must be considered and compared to the anticipated benefit of the project. This will help to make a decision if the project is to be done or not. In the planning phase, the project has been approved and a risk breakdown structure can be applied in the identification of the detailed levels of risk analysis.
In the implementation phase, the risk of the project reduces as activities are completed. There is need to update the risk plan and check off those risks that are associated with completed activities. In the closeout phase, the risk sharing and transfer agreements are concluded. It is also advisable to check the risk breakdown structure to ensure all risks have been either avoided, mitigated, or dealt with accordingly. The estimated loss in the project can be calculated and documented. These results can be compared to those predicted by Monte Carlo simulation. (Watt, 2014).
Scavetta, (2019) presents the way to make a risk management plan. Risks form an inherent section in every project. They have to be identified, recorded and monitored as well as being planned for. Risk management will help to deal with both negative and positive impacts of risks. Risk management is therefore one of the most important parts of a project. Lack of a proper risk management strategy may put the entire project in jeopardy. There are many risks in the project that need assessment and discussion with stakeholders. Scavetta, (2019) suggests that risk management need to be both proactive and reactive. This involves identification, analysis, and response to the emerging risks in the project. Scavetta, (2019) lists the elements involved in risk management planning. The first element is identification of risks.
This is done at the beginning of a project and equally throughout the project. Most risks are known but some risks may need additional research in order to be discovered. The risk identification process requires a risk checklist which can be developed by interviewing the stakeholders and experts in the project or industry. A risk repository needs also to be created. This can be used to share the identified risks with all the stakeholders interviewed in the identification process at a centralized place. Risks can also be divided into categories such as technical, organizational, or sub-categories such as technology, logistics, etc. In the next phase, the impact of the risks is then mapped out and compared to the likelihood of occurrence. This involves both qualitative and quantitative risk impacts such as likelihood and impact on the project. This is achieved by assigning a likelihood score from low to high.
The impact will then be mapped out from low, medium to high and the scores assigned. As a result, one will have an idea of how likely risks will affect the success of the project and the urgency needed to handle those risks. An overall risk score can be assigned by multiplying the impact and the likelihood risk scores. This will make it easier for the team members and stakeholders to comprehend the matrix. The third element is planning risk response. This entails three concepts. The elimination of risk, lowering the risk on the project, and lowering the risk of occurrence. This will require time and cost allocation to create. The next step will be assigning the owner to the risk. This is a specific process in which the owner of each risk is identified.
This will prevent confusion on the implementation of responses during or after occurrence of the risk. The owners of the risks will also be able to take immediate action once the risk occurs. It is therefore, important to record the specific response that needs to be taken which should also be approved by the relevant stakeholders. This not only records the issues but also provides a resolution that can be reviewed once the project is complete. It is also important to understand the triggers to the risks involved. Furthermore, a backup plan needs to be developed. As risks can change during the project, it is important to come up with a contingency plan in the risk management plan.
This entails discovering of emerging risks as the project is ongoing. The initial risks need also to be reevaluated to check their status in the project. The contingency plan will need to be adjusted if there is any reclassification of risks. The final element is measuring the risk threshold. This is evaluation of the risk based on the severity. The stakeholders should be consulted on matters such as time, scope, and costs to establish whether or not it is worth continuing with the project.
Ray, (2017) provides a six step outline of risk management process. The first step is identification of the risk. This is done through the various available methods and recorded in a risk register. The risk is the analyzed. This will be determination of the likelihood of each risk identified which is also to be recorded in the risk register. The risks are then prioritized depending on likelihood, urgency, and possibility of mitigation. Risks will also be assigned to the owners so as provide clear guidelines of who will oversee the risks.
Once this has been done, you are ready to respond to the risk and create mitigation and contingency plans. The last step is monitoring the risk to track its progress. According to him, risks can either be positive or negative. Positive risks are mostly opportunities which are beneficial to the project. However, a positive risk may turn into a negative risk. Ray, (2017) proposes a few ways to respond to a positive risk. The first tip given is evaluating whether the risk has an opportunity that can be exploited. This will enable one to establish new ways to increase the chance of occurrence of that risk.
A positive risk may also be shared. This is most suitable in situations where one company may not fully exploit the advantage offered by a risk. In such a situation, involving other stakeholders increases the chance of gaining the maximum out of the positive risk. The last option in a positive risk is doing nothing about it. This applies when the first two options have failed and may as well apply to a negative risk.
Shemek, et al. (2009) provides four essential strategic steps that should be used to build a comprehensive risk management plan. The first step is to assess the legal liabilities that a company is likely to be exposed to. This entails being aware of the laws that are applicable in the specific field of the company. The second step is the development of risk management strategies. The risk management strategies should be in line with the existing laws and practice. These strategies can be in the form of preventing losses, reducing losses, or transfer of the risks under a contract. The third step is the implementation of the risk management plan. The plan can be used for training of the stakeholders in preparation for the project. The risk management plan needs also to be evaluated. Shemek, et al. classifies this process into two. The formative evaluation entails continuous evaluation of the risk throughout the project while summative evaluation is the review of the risk once the project is complete.
Ennouri, (2013) classifies risk management methods into two. The deterministic approach uses quantitative, qualitative, and hybrid techniques to analyze risks. On the other hand, the stochastic approach uses classic statistical and the accident forecasting models. Risks are classified into several categories such as strategic risks, operation risks, reputation risks, financial risks, and legal risks. A four step process is used in the risk management process. This involves risk identification, risk assessment, risk management, and risk monitoring.
Hillson, (2016) provides the best practices in risk management. In his article, he appreciates that there are different approaches to risk management processes and suggests that no single best practice in risk management can be common for all the risks. He also acknowledges that the basic steps followed in risk management are the same. The best practices include making sure that the objectives of the project are understood and agreed on by all the stakeholders in the initiation phase. The scope of the risk and the output from the initiation phase should also be included in the risk management plan.
He also includes risk identification as the second best practice. This can be achieved by brainstorming, checklists, interviews, workshops, questionnaires, etc. Both threats and opportunities should be included in the risk identification. Several techniques can be used to capture as many risks as possible. The third step should be assessment. This process can be qualitative or quantitative. Different methods such as Monte Carlo simulation and sensitivity analysis can be used to prioritize the risks. The next step is response planning. This involves risk allocation to owners and evaluation of the effectiveness of the actions. Risk implementation involves modification of risk exposures and adjustment of effectiveness in risk mitigation. Lastly, all risk processes should be reviewed and updated. This is because risks are dynamic and should therefore, be regularly reviewed for exposure, new risks, and appropriate responses.
DISCUSSION
Risks should be approached in a basic process involving identification, assessment, and mitigation. These should be reviewed and updated throughout the project. Watt, (2014) presents the basic methods of risk management which include risk identification, assessment, evaluation, and mitigation. He also provides four major ways to handle risks including avoiding, mitigating, transfer, and acceptance. Watt, (2014) also presents the different ways risks can be identified and the projects risks based on phases. Scavetta, (2019) provides basic elements in risk management such as assigning risks to owners.
Ray, (2017) provides the framework for management of positive risks in a project such as sharing and exploiting the risk. Shemek, et al. (2009) provides the necessary strategic steps in risk management such as assessing legal liabilities. Ennouri, (2013) classifies risks into different classes and provides different methods by which risks can be approached. Finally, Hillson, (2016) provides the best practices in risk management such as reviewing and updating the risk management plan.
CONCLUSION
Risks need to be identified, assessed and mitigated in any project. (Watt, 2014). In risk management, it is important to specify the risk depending on who will handle it. (Scavetta, 2019). Positive risks should also be identified in the risk management plan so as to benefit from them. (Ray, 2017). It is important to monitor the legal liabilities in risk management. (Shemek et al. (2009). Risks can be approached either quantitatively or qualitatively. (Ennouri, 2013). Finally, reviewing and updating the risk management plan is mandatory for all risk management plans. (Hillson, 2016).
This conclusion requires that project manager rethink how to handle their risk management plans. This will result in proper risk management plans that will minimize costs and increase the chance of project success. These implications are significant for information technology project managers to prevent risks such as hack attacks, downtime, and loss of data that can cost companies dearly.
DOCUMENTATION
Ennouri, W. (2013). Risk Management. Retrieved from:
http://oaji.net/articles/2014/1384-1416476647.pdf
Hillson, D. (2016). Risk management: Best practice and future developments. Retrieved from https://journal.iaccm.com/contracting-excellence-journal/risk-management-best-practice-and-future-developments
Ray, S. (2017, October 19). The risk management process in project management. Retrieved from https://www.projectmanager.com/blog/risk-management-process-steps
Scavetta, A. (2019, December 3). How to make a risk management plan. (2019, December 3). Retrieved from https://www.projectmanager.com/blog/risk-management-plan
Shemek, E., JoAnn, M., David, L., & Daniel, P. (2009). Building a comprehensive risk management plan: Four… : ACSM’s health & fitness journal. (n.d.). Retrieved from https://journals.lww.com/acsm-healthfitness/fulltext/2009/01000/building_a_comprehensive
Watt. A. (2014). Risk Management Planning.