The paper discusses content and scope of project risk management. The purpose of the paper is to reflect future trends in the field of project risk management. Understanding evolution in a historical time span is essential to be able to draw conclusions of potential trends of future developments. The fifteen years in the topic of the paper refers to the length of the author’s past experience in the project risk management field.

Keywords Project management, risk management, risk analysis, quantification, project company, organizing for risk management, risk history, risk knowledge base

An appropriate project risk management content is sought for. New aspects of project risk management are introduced. Also, a wider perspective is provided with a discussion about the role and content of risk management in a project company.

There are several project management standards that provide a definition of project risk management. The project risk management content defined according to Project Management Institute’s (PMI) definition is shown in Fig. 1 [1]. Risk management content is also reported in recent documentation for the project management quality guideline ISO [2] that recognize following risk related processes:

In the beginning of the 80’s, project risk management was a well recognized area in project management literature. The content consisting of risk identification, estimation, risk response development and risk control was generally known. In the discussion of risk management at that time, quantitative risk analysis was emphasized. For example, the stochastic three point estimate features of the PERT methodology vere widely referred to. The PERT methodology with a probabilistic interpretation of optimistic, pessimistic and most probable value estimates has its origin in developing the PERT methodology in the 50’s.

Applications in industries were mainly time and cost risk analysis applications. In many cases, a software with subjective time and cost probability distributions was used to support risk analysis. Process plant construction and engineering industries were the users of main risk management and risk analysis. In the author’s own risk management development efforts in 80’s, risk management was developed for electric utility and energy system construction projects. Further, while developing the risk management in mid-80’s, the author visited, among others, British Petroleum (BP) in the UK and Norwegian Petroleum Consultants in Norway. At that time, BP developed CATRAP (Cost and Time Risk Analysis Program) software for in-house use only. The software allowed modeling risks with several distribution forms of subjective probability distributions as inputs. The software was used in e.g. North Sea oil platform construction projects. For the same use, Norwegian Petroleum Consultants developed NPC software for Norwegian construction and engineering companies and oil platform and related system suppliers. The software was developed for certain consortium of Norwegian companies, and accordingly, was not a commercial product. NPC allowed also risk modeling and quantifying risks by using different probability distributions. An interesting feature in the software was that besides subjective distributions, also objective (frequency based) probability distributions were calculated from durations or cost data. The software allowed combining subjective and objective distributions by using pre-determined weights, and the integration of time and cost risks was enabled in modeling features.

A common feature for a majority of commercially distributed risk management software is that they allow building complex risk models. In the software, inputs are subjective time and cost or other quantity probability distributions.

Although risk analysis and risk quantification were emphasized in the risk management development in the 80’s, it is true that many other risk management methodologies used today were known already in the 80’s. For example, when visiting BP in mid-80’s, the author recognized that influence diagramming, risk check lists and questionnaires, and risk-response diagramming methods were in use. Further, important principles associated with risk sharing by construction contracts were defined. Such methodologies were recognized also in literature, e.g. in those risk management overviews referred to above in context of risk analysis and quantification (see e.g. [5] [6] and [7]).

The approach of risk check lists and questionnaires of the 80’s has been developed further till today. And development will continue in this field. The direction is toward the creating of risk management knowledge bases. However, recent developments show that risk knowledge bases do not comprise only a description of risks to be used as check list items, but there might be other valuable data such as suggestions about responses to be used for risk response planning. The author’s forecast is that the development and growth of applying such knowledge bases will continue. Risk knowledge bases are used as organizational memories where experience about risks and e.g. potential risk responses is continuously recorded during the project execution in a multi-project environment of e.g. a project company. Real-life cases of risks occurred in projects may be included in the knowledge base. The knowledge base then provides access to the organization’s understanding about risks in real time. The knowledge base is easily accessible for risk management procedures, and it may contain possibilities to make different selections concerning e.g. the project type, or the content of information retrieved.

The use of risk-response diagramming in BP already in the 80’s was based on the rationale that risks cannot be explicitly modeled or quantified without taking risk responses into account. There are three reasons why the including of risk responses is important already at the risk analysis and quantification stage. First, the estimate of the risk remaining will be different in case of different response scenarios. Second, responses consume time and cost, and adjustments to schedules and cost estimates are required accordingly. Third, perhaps the most natural phase for risk response planning is when committed simultaneously with risk analysis considerations. The author’s forecast is that risk response planning will be more emphasized in many future developments. The new systematic forms of risk response planning might be based on solutions for integrating the planning with risk estimation. The ‘decision support’ oriented software referred to above as one category differ from standard modeling software by having features that provide better support for interactive risk modeling with understanding the nature of the risks and this way better enable simultaneous choices and decision making about resp...