Project Risk Management

Introduction to risk
Types of Risks Risk Management Risk management plans Role of Risk Management in Project Management Steps in Risk Management Risk Identification

Risk Analysis
Reducing Risks

What is Risk
Risk is the potential that a chosen action or activity will lead to a loss.
It can be described both qualitatively and quantitatively. Qualitatively, It is proportional to the expected losses that may be

induced by an event and to the probability of the event. Greater loss and greater event probability culminate in a greater overall risk. Quantitatively, there are various formal methods that can be used to evaluate or to "measure" risk. Some of the quantitative definitions of risk can be related to the statistics theory and naturally lead to statistical estimates, while others are more subjective. For example, in many cases, a decisive factor is human decision making

Internal factors: Risks to the project may involve labour strike, change in management, change in consumer preferences, the financial solvency of the company, the ability of the company to have the required equipment and other resources in hand in time to support the project. Personnel issues such as sickness or unanticipated termination of a key team member also can be considered as internal risks to the project. External factors: External risks are those risks that cannot be controlled by the project team and its host organisation. They are usually more difficult to foresee and control. It include key vendor going bankrupt, level of economic activities recession or boom, inflation, political development, change in credit policies, and related events. These factors may have a direct impact on project's effectiveness. Risk caused by external factors also affects the return on investment. Such risks are non diversifiable

Types of risks
Macro risk levels (1) Systematic risk:
A systematic risk cannot be controlled or foreseen in any manner,

therefore it is almost impossible to predict or protect the organisation or a project against this type of risk. It can affect the entire market. For ex. the stock market is in bear hug or in bull grip. The changes in the economic, political and the sociological conditions affect the security market. These are the factors that cannot be controlled by organisation and investor. The smartest way to tackle this risk is to simply recognise that this type of risk will occur and plan for your project to be affected by it.

(2) Unsystematic risk:

It is sometimes referred to as "specific risk". It is unique and peculiar to

a firm or an industry and can usually be eliminated through a process called diversification. Unsystematic risk stems from managerial inefficiency, technological change in the production process, availability of raw material, changes in the consumer preference, and labour problems. For example, the changes in the consumer preference affect the consumer products like TV, washing machines, refrigerators, etc more than that of consumer product industry. The nature and mode of raising finance and paying back the loans involve a risk element.

(3) Business risk: It is that portion of unsystematic risk caused by the operating environment of the business which arises from the inability of a firm to maintain its competitive edge and the growth or stability of earnings.
Variation that occurs in the operating environment is reflected on the

operating income and expected dividends. The variation in expected operating income indicates the business risk. (4) Financial risk: It refers to the variability of the income to the equity capital due to the debt capital. Financial risk in a company is associated with the capital structure of the company. Capital structure of the company consists of equity funds and borrowed funds.

Micro level risk

(1) Project risk: It is related to the uncertain events or situations that have the potential to adversely affect a planned project, usually in terms of cost, schedule, and/or product quality. Project risk is a function of two components: likelihood and consequence. (2) Country risk: It is referred to as political risk, is an important risk for investors today. With more investors investing internationally, both directly and indirectly, the political and economic stability and viability of a country's economy needs to be considered.

Factors Affecting Country Risk

(3)Market risk The price fluctuations or volatility increases and decreases in the day-today market. It is caused by the alternating forces of bull and bear market. (4) Interest rate risk It is simply the risk to which an institution is exposed because future interest rates are uncertain. The assets and liabilities of a financial institution have different maturity and liquidity. Financial institutions create assets and at the same time create liabilities. These loans are invested by the financial institutions at a certain rate of interest and similarly interest cost has to be paid to the lenders of deposit. The mismatches of interest rates of the assets and liabilities expose to interest rate risk. For example: An Indian bank borrows Rs. 200 crore from the market for 4 years @ 10% (Floating p.a.) and creates a loan asset of the same amount for 4 Year period @ 13% (Fixed p.a.). If, there is a an upward trend of interest rate after 2 years and the rate of interest goes up to 15% then Interest Loss = Crores = 200 (15% 13%)

(5) Purchasing power risk Variations in the returns are caused also by the loss of purchasing power of currency. Inflation is the reason behind the loss of purchasing power. Purchasing power risk is the probable loss in purchasing power of the returns to be received. The rise in price penalises the returns to the investor, and every potential rise in price is a risk to the investor. (6) Liquidity risks It is that part of an assets total inconsistency of returns which consequences from price discounts given or sales commissions paid in order to sell the asset without delay. It is a condition wherein it may not be possible to sell the asset. Any asset that can be bought and sold promptly is said to be liquid. Failure to realise with minimum discount to its value of an asset is called liquidity risk.

Risk Management
It is a field of management that deals with the possibility that various

future events may cause harm or threat to the organisation. It comprises of strategies and techniques to recognise and confront any threat faced by a business in fulfilling its mission. Risk management information systems/services (RMIS) are often used by enterprises to provide expert advice and cost-effective information management solutions. It deals with key processes such as: Risk identification and assessment Risk quantification Risk control

Risk management plans

Creation Select appropriate controls & counter measures to quantify each risk. Risk mitigation must also be approved by the suitable level of management as per the level/domain of risk. It must suggest valid and effectual security controls for managing the risks. For ex, If there is high risk of computer viruses then it could be mitigated by installing an antivirus software on the system. It consists of a schedule for control operation and people accountable for those actions. It must clearly state the decisions about how each of the identified risks should be dealt with. Implementation Take measures for mitigating the effect of the risks. Purchase insurance policies for all those risks that could be insured. Try to avoid and minimise all risks without sacrificing the entity's goals. The risks left after all these are retained.

Review and evaluation of the plan Initial risk management plans may not be perfect. So actual risk control measures are based on a number of factors & hence there is a high probability that management might change the plan. Risk results and management plans must be periodically updated. It is done basically for two underlying reasons: To find out if the previously selected security measures are still valid and effective, and To determine the possible risk level changes in the business atmosphere. For ex, Market risks are an example of rapidly changing business environment.

Risk Identification
It is done at each stage of a project life cycle. During risk identification, risks are identified and categorised. It must be done by the concerned people such as IT people, marketing managers or top level

management. Business risks: It is related to business activity. For example, if a key team member becomes unavailable or sick then it may delay the project and the organisation might not be able to complete the project in the given financial year. Generic risks: Generic risks are those risks that are common to all projects. For example, system failure or flaw may cause the project to be delayed. Risks must be defined in two parts. The first part must define the cause of the risk and the other must define the impact of the risk. For example, a risk may be defined as "The supplier not meeting deadline will mean that budget will exceed". For comprehensive identification of risks, we may adopt risk matrix as suggested by Well-Stam et al. Vertical axis of matrix represents various phases of the project and horizontal axis represents various points of view or perspective. For each class proven risk identification techniques are used which includes: Assumption analysis: Assumptions made in planning stage of the project are taken as true, real, or certain. A closure scrutiny of these may reveal possible risks. Brain storming: Brain storming is a useful tool to generate the possible risk events in quick time. It is performed by a cross-function team following set procedures (see chapter 8 for details)

Risk identification techniques :

Assumption analysis: Assumptions made in planning stage of the project are taken as true, real, or certain. A closure scrutiny of these may reveal possible risks. Brain storming: Brain storming is a useful tool to generate the possible risk events in quick time. It is performed by a cross-function team following set procedures. Checklist: The checklist is developed based on past experience. It provides a useful guide in listing foreseeable risks. Delphi: Delphi study is carried out with the help of a group of experts. Since the experts are people who have a deep insight into the system functioning, it is possible to gather useful information in this way. Interview: Interview may be held with knowledgeable people to identify or to gain more in-depth knowledge of certain risks or to create a list of control measures. Observations: It is possible to visualise the risks by directly examining/ observing the current process. Previous documentation: Past experiences recorded in company files, reports, third party reports, or news paper reports on electronic or paper format provide help in listing risks. Modelling: Use of risk tool kits or simulation by computer or other aids may uncover risks. There are a number of diagrams like cause and effect diagram, fault tree, event tree, influence diagram, etc to capture risks

Reducing Risks
Risk avoidance: It includes not performing an activity that could carry risk. For example, not buying a property or business to avoid the liability attached to it or not flying an airplane to avoid the risk of a crash. It is very easy but also means losing out on the potential gain that performing the activities with risk may have allowed. For example, not entering a business to avoid the risk of loss also ends the possibility of earning profits. Risk reduction: It involves methods that reduce the severity of loss from occurring. For example, use of sprinklers to put out a fire to reduce the risk of loss by fire.

Risk retention: It involves accepting the loss as when it arises. For ex. self insurance It is a feasible strategy for small risks where the cost of insuring against the risk is higher than the total losses sustained. Risks which are not avoided or transferred are retained by default. For ex. during a war, most property was not insured against war, so the loss caused by war is retained by the insured. Risk transfer: It means causing another party to accept the risk, usually by means of contract or by hedging like insurance. In other cases, it may involve contract language that transfers a risk to the other party without the payment of an insurance premium. The liability among construction or other contractors is transferred this way. Taking offsetting positions in derivatives is normally how firms use hedging to financially manage risk.

THE END