Risk Management
eBook - ePub

Risk Management

Concepts and Guidance, Fifth Edition

  1. 474 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Risk Management

Concepts and Guidance, Fifth Edition

Book details
Book preview
Table of contents
Citations

About This Book

This new edition of Risk Management: Concepts and Guidance supplies a look at risk in light of current information, yet remains grounded in the history of risk practice. Taking a holistic approach, it examines risk as a blend of environmental, programmatic, and situational concerns. Supplying comprehensive coverage of risk management tools, practices, and protocols, the book presents powerful techniques that can enhance organizational risk identification, assessment, and managementā€”all within the project and program environments. Updated to reflect the Project Management Institute's A Guide to the Project Management Body of Knowledge (PMBOKĀ® Guide), Fifth Edition, this edition is an ideal resource for those seeking Project Management Professional and Risk Management Professional certification. Emphasizing greater clarity on risk practice, this edition maintains a focus on the ability to apply "planned clairvoyance" to peer into the future. The book begins by analyzing the various systems that can be used to apply risk management. It provides a fundamental introduction to the basics associated with particular techniques, clarifying the essential concepts of risk and how they apply in projects. The second part of the book presents the specific techniques necessary to successfully implement the systems described in Part I. The text addresses project risk management from the project manager's perspective. It adopts PMI's perspective that risk is both a threat and an opportunity, and it acknowledges that any effective risk management practice must look at the potential positive events that may befall a project, as well as the negatives.Providing coverage of the concepts that many project management texts ignore, such as the risk response matrix and risk models, the book includes appendices filled with additional reference materials and supporting details that simplifying some of the most complex aspects of risk management.

Frequently asked questions

Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Risk Management by Carl L. Pritchard, PMP, PMI-RMP, EVP in PDF and/or ePUB format, as well as other popular books in Business & Project Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Auerbach Publications
Year
2014
ISBN
9780429798566
Edition
5
Topic
Business
Subtopic
Project Management
Index
Business

PART I
Risk Processes and Practices

Why Risk Management?

The first part of Risk Management: Concepts and Guidance reviews the basic processes and practices associated with risk management in the project environment. It does so in depth, assessing the ā€œrules of the roadā€ in planning for, identifying, assessing, developing responses to, and controlling risk. It is a conceptual overview of how risk should be addressed.
In institutionalizing risk management in an organization, there is inevitably a dread of ā€œanalysis paralysis,ā€ the fear that so much time will be spent examining concerns and potential problems that none of them is ever resolved. There is also anxiety with regard to administrative overburden. Project managers are frequently among the busiest people in an organization. They are apprehensive that they will have to do even more, and risk management is just one more administrative function they donā€™t have time for.
As a result, risk sometimes becomes a secondary issue. In organizations where success is the norm and failure is a rarity, risk management is relegated to obscurity in the hope that project managers will be able to handle project issues and problems as they occur. Nevertheless, these organizations should embrace risk management. Risk remains a secondary issue only as long as an organizationā€™s luck holds out or until a grand opportunity is missed. Sooner or later, bad things happen to good projects, and a project manager without a clear strategy will eventually pay a price. Regardless of whether calculated in terms of lost resources, a blown schedule, or a budget overrun, the repercussions of such failure fall directly on the project manager.
Needless to say, there is also a stigma associated with risk management. It is perceived as the ā€œdark sideā€ of a project, and the project manager becomes the prophet of doom and gloom. When applied inconsistently, risk management makes good risk managers appear to be pessimists and naysayers, whereas those who take no proactive posture on risk are regarded as team players. Therefore, the only time a project manager can really succeed as a risk manager, both individually and organizationally, is when that manager has the support of the organization and its practices. That is why a clear, well-developed set of risk practices and protocols is vital to the long-term survival of any project organization.

1

Risk Management Practices

Even the simplest business decision involves some risk. Since every project involves some measure of risk, it is the projectā€™s success criteria that often serve as the determining factors for which risks are worth taking and which risks are not. Consider, for example, the decision to drive or fly on a business trip. If cost is the success criterion, then risk determination is simple: compare the costs of flying and driving (compounded by potential inflationary factors). However, another success criterion might be safety, and thus statistics concerning accidents should be evaluated. If punctual arrival is added as a third criterion, then airline on-time statistics, automobile dependability, and road conditions should be evaluated. As other success criteria are added, decision making becomes more complicated and involves more judgment. In the business trip example, increased cost is perhaps an acceptable risk, being late may be unacceptable, and not arriving safely is certainly unacceptable. If project managers do not know what success criteria are driving the project, then they cannot hope to identify the risks that may impede their road to success.
Increasing technical complexity, in turn, increases risk. Every new generation of technology is layered on the old. Nevertheless, most organizations tend to weight decisions heavily toward cost and schedule goals because they are easy to understand. But the effect of cost and schedule decisions related to technical performance risk frequently is unclear. Thus, a formal methodology for evaluating the effects of decision making and foreseeable problems is indispensable and should also help to identify practical and effective workarounds for achieving project goals.

A Systematic Process

Not all projects require a formal risk management approach, but to get the maximum benefit, risk management must become a systematic process applied in a disciplined manner. Put more simply, not every project has to follow every step, but implementing the basic practices should be rote.
Many project managers use intuitive reasoning (guessing) as the starting point in the decision-making process. Thatā€™s not a bad place to start. However, truly effective managers will look beyond simple reasoning and experience in making decisions that involve significant risk. Even the most experienced project managers have not encountered every risk. There are some risks that they cannot imagine or that do not match their paradigm; and there are still others they just cannot predict. Some risks are so far outside any individualā€™s expectations or experience that those risks cannot possibly be considered without any external inputs.
Numerous inhibitions restrain implementing risk management as a standard project practice. Itā€™s unpopular. It points out the negative. It primarily focuses on potentially bad news.
The Project Management Institute, Inc. (PMIĀ®)* has established a six-step set of processes and practices. The PMI approach to risk comprises:
  • Plan risk management. In this area, we establish project risk infrastructure and a project-specific risk management plan. This includes creating risk language, tolerances, and thresholds.
  • Identify risks. We describe events that will have potentially negative or positive impacts on projects, with descriptions that include the event that may happen and its specific impact.
  • Qualify risks. We evaluate risk according to nonnumeric assessment protocols.
  • Quantify risks. We evaluate the most significant risks and/or the project as a whole according to their numeric probability and impact.
  • Plan risk responses. We determine, evaluate, and communicate strategies to deal with or preclude risks.
  • Monitor and control risks. We put risk management and response plans into action.
The six-step process is not in lockstep with every other process in every other organization. But for the most part, the differences are semantic in nature. In earlier editions of PMIā€™s A Guide to the Project Management Body of Knowledge (PMBOKĀ® Guide, second edition)*, risk management was a four-step process. The U.S. militaryā€™s Defense Acquisition University applies a six-step process that includes planning, identification, analysis, handling, monitoring, and implementation.ā€  The Australian governmentā€™s Department of Commerce applies a six-step process involving establishing context, identifying and defining risks, conducting analysis, conducting evaluations, developing and implementing treatments, and monitoring, reporting, updating, and managing risks.ā€” Regardless of the labels applied, all the processes designed seem to encourage more flexible, adaptive approaches within an organizationā€™s project methodology and to facilitate risk management implementation.
All project managers should perform some documented risk management activity, either qualitative or quantitative. All significant projects should include formal, intense risk management activities; smaller, less critical projects may require only a scaled-down risk effort. Thus, the ultimate authority on risk is the project manager, who must make determinations based on the projectā€™s cost, schedule, and performance challenges.

Summary

  • Risk management is essential for every project.
  • Risk management should be a systematic process.
  • All projects should have some documented risk management activity.
*ā€œPMIā€ is a service and trademark of the Project Management Institute, Inc., which is registered in the United States and other nations.
*ā€œPMBOKā€ is a trademark of the PMI, which is registered in the United States and other nations.
ā€ https://acc.dau.mil/CommunityBrowser.aspx?id=17607
ā€”http://infostore.saiglobal.com/store/Details.aspx?ProductID=1378670

2

Risk Concepts

Although the terms risk and uncertainty are often used interchangeably, they are not the same. Risk is defined as the ā€œcumulative effect of the probability of uncertain occurrences that may positively or negatively affect project objectivesā€ (Ward 2008, 353). This is unlike uncertainty, which considers only the event and where the probability is completely unknown. The traditional view says that risk is a situation where an event may happen and the frequency of occurrence can be evaluated based on a probability distribution of past occurrences or environmental considerations. Although that observation has limited utility in project management, it does distinguish between risk and uncertainty. With risk, there is a sense of the relative level of event probability. With uncertainty, however, that probability is completely unknown.
To understand whether an event is truly ā€œrisky,ā€ the project manager must understand the potential effects resulting from its occurrence or nonoccurrence. Determining risk in this manner requires judgment. For example, although an event may have a low likelihood of occurring, the consequences, if it does occur, can be catastrophic. A commercial airline flight illustrates this type of situation: Although the probability of a crash is low, the consequences are generally grave. Although many people feel uncomfortable about flying because of the consequences of failure, most people do not consider flying a high risk. This example also emphasizes the principle that risk greatly depends on individual perception.
The nature of any given risk is composed of three fundamental elements: the event, the probability, and the severity (or impact) (see Figure 2.1). The event is the description of the risk as it may occur. Event descriptions are crucial. The probability and impact of a plane crash at the gate are far different from the probability and impact of a plane crash from an altitude of 30,000 feet. Thus, risk managers must explore the nature of the risk event itself before they can begin to examine risk probability and impact. Without a clear definition of the risk event, ascertaining probability and impact become far more difficult. As a rule, risk events should be described in full sentences. A template for such a sentence can be as simple as: (Event) may happen to the project, causing (impact to the project objectives). Such a consistent approach to the risk definition affords a...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Table of Contents
  6. List of Figures
  7. List of Tables
  8. Preface
  9. Author
  10. Introduction
  11. Part I Risk Processes and Practices: Why Risk Management?
  12. Part II Risk Management Techniques
  13. Glossary
  14. Appendix A: Contractor Risk Management
  15. Appendix B: An Abbreviated List of Risk Sources
  16. Appendix C: Basic Probability Concepts
  17. Appendix D: Quantifying Expert Judgment
  18. Appendix E: Special Notes on Software Risk
  19. Index