Project Risk Management

Risk is the possibility of an unwanted event with an undesirable impact or effect. Risk management is identifying, assessing, and evaluating potential threats that are likely to occur and developing strategies to mitigate, avoid, or reduce the impact of the risk. In projects, risks are inevitable and, if not managed well, can easily affect the outcome of projects, their quality, goals, etc. Organizations and team members must adopt risk management steps, identify potential risks, and take strategic steps to deal with them to achieve project success effectively.

Author: Asmau Mohammed Mai

Keywords:

Disaster, evaluation, exposure, loss, monitoring, project management, probability, potential, risk, strategy, threat, uncertainty.

PROJECT RISK MANAGEMENT

Introduction

There are various definitions of Risk, which include the likelihood of something unfavorable happening. It involves uncertainty about the effects or consequences of an activity with respect to something of value, with more focus on adverse or unwanted consequences. Other definitions provide that ‘risk’ is the chance of something happening that will have a negative effect.
The level of risk reflects:

• – The possibility of an unwanted event happening and the potential consequences of the undesirable event.
• – Risk is the possibility that an event will occur and adversely affect an organization’s set goals.
• In essence, risk can mean a possible danger and its consequences, thus underlining the source of the risk while also taking into account the target that will be exposed to the risk. It is the possibility of a thing happening and the effect or resulting consequence of that thing that happened.

Risk management is the process of identifying, assessing, and managing, removing or mitigating the potential risks that could impact an organization’s operations, financial performance, and reputation.  The aim of risk management is to remove or at the very least manage or minimise these risks. Risk can be high, medium of low depending on what it is and its impact. Risk can also be anywhere, it can be in an organisation, a company, the environment, etc.  For a company, for example, risk can happen in the course of its day to day business activities, which may include any basic damages that happen to a company’s resou­rces, loss of investment, their equipment malfunctioning or breakdown which can be very high risk especially in a production company because it can halt their operations leading to datelines not being met, budget overruns, project failure, etc.

Main purpose of project risk management is to identify and mitigate the threats that can affect the project. Risk challenges and the way the risk is being managed affects the quality or outcome of a project, especially in project-based companies. It explores the aspects that will certainly contribute to improving project performance and project quality because project risk management has a direct impact on, resulting in more efficient outcomes.

It is pertinent to note that risks need to be identified at the time of conception of the project, this will ensure a higher rate of success at project completion. Organisations need to make time, serious effort and also provide funds towards risk management in order to achieve a successful project. Risk can be a major obstruction and hindrance in any project, since risks are unforeseen and unwanted events that may occur during the lifecycle of a project, it can eventually lead to budget overrun, time overrun, and in the end, project goals may not be met. The implementation of effective risk management strategies leads to project success, needless to say that lack of that may lead to the failure of an entire project.
The following needs to be considered in order to identify risks:

1. – What could go wrong?
2. – How could we fail?
3. – What must go right for us to succeed?
4. – Where are we most vulnerable?
5. – Which assets do we need to protect?
6. – Do we have liquid assets or assets with alternative uses?
7. – How could someone steal from the organisation?
8. – How could someone disrupt our operations?

Examples of potential risks includes:

• – Security breaches
• – Equipment breakdown or malfunction
• – Data loss
• – Cyberattacks
• – Losses on investment
• – System failures
• – Defaults on loans owned by the company
• – Natural disasters.
• – Employee Liability
• – Product or service liability, etc.

The Importance of Risk Management in Project Success

Risk management is an essential aspect of project management, and it plays a critical role in the success of any project. Risk management aims to identify, assess, and prioritize potential risks that could impact the project’s objectives and then develop strategies to mitigate or avoid those risks.

Project success or failure is dependent on risk management. Apart from identifying the risk and assessing it, an organisation needs to also review project risk management models and select the model which best suits the identified risk in order to successfully complete the project.

Does project success get influenced with the risk management?

What is the type of the relationship between risk management and project success?

The primary objective of risk management is to guide and assist project managers in anticipating and preparing for potential glitches or complications before they even happen. Project managers can take proactive procedures and actions to avoid or at the very least, mitigate risks if they by identify and assess risks in advance, this will in turn prevent interruptions, delays, cost overruns, and other unforeseen adverse effects on the project.

Project managers are able to weigh their choices and make informed decisions in order to decide what will lead them to a successful conclusion of the project as a result of risk identification and assessment at the initial stage.

Risk management translates into ensuring that the project meets its target and objectives on time, while also maintaining its budget and product quality, disruptions are avoided or minimised.

Risk management is a crucial part of project management in that it minimises adverse effects and maximises the chances of project success. In essence, the identification, assessment, and management of potential risks cannot be overemphasised in a project because it plays a vital role.

Steps in risk management Process

Risk management involves certain procedures in identifying, assessing, and managing any potential risks that may adversely affect an organization’s financial performance, daily operations and its reputation. Below are the steps taken in risk management:

1. To identify the potential risks: The first step in risk management is to identify any probable and possible threats, dangers, hazards, and weaknesses, vulnerabilities, or exposures that could possibly damage or harm the organization. A natural disaster is an example of a risk which may impact negatively on an organisation. A flood or an earthquake are some of the examples of a natural disasters, which could cause damage to an organization physically and result in disruption of its activities. These can be identified as risks.
2. To assess the identified risk for a probable effect on an organisation: the next step after identifying the risk is to assess the possibility of its impact. This is done by an evaluation on the probability of a risk happening and the impact it may have on the organization in the event that it indeed occurred.  The probability of a natural disaster happening may be assessed as low but then in the event that it occurs, the probable impact might be very high.
3. Strategies that need to be established in order to lessen or avoid risks: the next step is to outline and develop plans that can help to alleviate or stop the risks that have been identified, this is done base on the assessment of the probability of an identified risk occurring and also its possible impact. Plans and strategies need to be put in place at this point to mitigate its occurrence and impact in the event it occurs. Create a disaster management and recovery plan that will also include other measures that would safeguard an organisation, its resources, facilities and rebuild and restore businesses following the occurrence of a natural disaster.
4. Develop, execute and monitor stratagems for managing risk: the next step to take here is to develop strategies and implement them in accordance with the plans laid out for that particular risk. This is the action part where the implementation needs to be checked and monitored in order to ensure the efficacy of the plans and the steps put in place to either mitigate or totally remove the risk. This stage is also where steps are put in place to manage a disaster aftermath, this may include measures taken to protect an organization, its offices and environs and also find a way of reinstating and resuming normal activities after a disaster.
5. Evaluation, Review and updating risk management schemes:  risk management process doesn’t just happen at only one point, it is a continuous process, and strategies used also needs to be reviewed from time to time and updated. An organization must continually revise its risk management processes and change any that is not effective, this makes risk management more efficient in mitigating or avoiding risk. There are always lessons to be learned in the aftermath of a disaster, this calls for a review of existing strategies used in the recovery plan to now include new plans, processes and schemes for a better risk management.
6. Communicate and report: Risk information and management processes needs to be reported and also communicated to management and various stakeholders. This is where an identified risk information is being disseminated to all that might be affected by such risk in the event of its actual occurrence. The strategies that have been established to minimise or prevent the risks that have been identified and the process of implementing the risk management strategies will also be reported and communicated. This stage is all about informing stakeholders of what might likely happen, its effects and the steps taken to lessen the effect or remove the risk altogether and also the effectiveness of such steps taken.Organisations should keep to industry standards, accepted best practices and regulations.

For an organisation to manage risk effectively, it is important to have an established system and process in identifying, evaluating, assessing, and handling a potential risk which may adversely affect an organization’s activities and operations, its financials, and reputation. Organisations should be prepared at all times to effectively manage risks, and also risks that are already identified and assessed are better managed. All these procedures and steps needs to be a continuous process and also needs to be reviewed and updated periodically in order to effectively manage risk.

Approaches used in Managing Risks

These are methods used in identifying, assessing, and managing possible risks that could generally affect an organization’s performance. Below are strategies that can be used by an organisation in managing risks:

1. Avoiding risk: this is a strategy whereby a risk is identified for the purpose of avoiding possible situations that may lead to potential risk occurring.
2. Reducing risk: this involves taking steps to reduce the probability of a risk occurring after identifying it in order to minimise its impact in the event of its occurrence.
3. Transferring risk: this is an instance where risk is transferred, like purchasing insurance, as an example of where risk is transferred to another entity, like the insurance company.
4. Accepting risk: this is where a potential risk is accepted and because of that no, mitigating or avoiding steps are taken.
5. Sharing risk: a joint venture, partnership, concession or PPPs are examples of how potential risks are shred, in that it is not only the responsibility of one entity and affects all the parties.
6. Mitigation risk: this is where measures, steps and plans are developed and applied in order to reduce the possibility of a risk happening or reducing the impact in the event that it actually occurs. This strategy involves taking steps to reduce the likelihood of a risk occurring or to minimize the potential impact if it does occur.
7. Contingency planning: contingency planning involves putting strategies in place after identifying a risk in order to respond to it if it did occur.
8. Monitoring risk: this stage is very vital because it involves monitoring of identified risk, the likelihood of its occurrence and its impact if it occurs. The effectiveness or otherwise of the strategies put in place are also monitored at this stage.

Risk management schemes as discussed earlier are techniques and procedures used in identifying, assessing, and managing possible risks that may have an effect on an organization’s operations and daily activities. These strategies vary from organisation to organisation, subject to their goals and objectives and also specific needs.

The role of risk management

Risk management is important because it assists organizations in identifying, assessing, and managing the likelihood of a risk occurring and the impact it may have on an organisation and its daily operations. Organizations are better equipped to manage and control risk as a result of the awareness and preparedness for the risk way before it happens. Where risks are not identified, assessed and managed, it may lead to adverse impact on the organisation.

Essentials of risk management:

1. Protects the organization’s assets: Risk management helps organizations identify potential risks that could cause financial loss and develop strategies to mitigate or avoid those risks, this way, financial loss is avoided or minimised and the company assets are protected.
2. Well-informed decisions are made: when risks are identified and assessed, better informed decisions can be made regarding its avoidance or at most mitigating it. This is a more effective way of managing the company’s resources. organizations can make more informed decisions about mitigating or avoiding those risks. This helps ensure that the organization’s resources are used in the most effective way possible.
3. Improves operational efficiency: Effective risk management help companies identify and address potential issues that may affect operations even before they happen, this in turn reduces disruptions and improve productivity.
4. Enhances reputation: companies protect their reputation by way of risk management strategies. Risk has the potentials to damage an organisation’s reputation, so by identifying risks that could damage their reputation and developing strategies to mitigate or avoid those risks, the company is protected.
5. Compliance: companies are required to comply with various regulations, guidelines and standards relating to risk management, failure to comply with these regulations can lead to penalties such as fines and damage to reputation and brand.
6. Aid companies in achieving goal:  identifying, assessing, and managing potential risks helps companies in ensuring that their programmes, projects, objective stay on target and are duly achieved.

When should risk assessment be carried out

Risk assessment should be carried out at different stages of a project or an organization’s operations, depending on the specific needs and objectives of the project or organization. Here are some examples of when risk assessment should be carried out:

1. At the planning phase of a project: Risk assessment should be carried out at the beginning of the project planning phase to identify potential risks that could impact the project’s objectives and to develop strategies to mitigate or avoid those risks.
2. During the execution phase of a project: Risk assessment should be carried out periodically during the execution phase of the project to identify new risks that have arisen and to assess the effectiveness of existing risk management strategies.
3. When a new project or initiative is proposed: Risk assessment should be carried out when a new project or initiative is proposed to identify potential risks and to determine whether the project or initiative is viable.
4. When a new regulation or standard is introduced: Risk assessment should be carried out when a new regulation or standard is introduced to ensure compliance and identify any potential risks that may arise from the new regulation or standard.
5. When a significant change occurs within the organization: Risk assessment should be carried out when a significant change occurs within the organization, such as a merger or acquisition, to identify potential risks and to develop strategies to mitigate or avoid those risks.
6. When an incident or event occurs: Risk assessment should be carried out when an incident or event occurs, such as a natural disaster, to identify potential risks and to develop strategies to mitigate or avoid those risks.

Risk management tools

As the field of risk management expands, so does the variety of tools at an organization’s disposal. Below are various types of risk management tools that are common in recent years:

1. Risk Assessment Templates and Checklists: These are basic yet effective tools for identifying and recording potential risks in a structured format.
2. Risk Analysis Software: These advanced software applications use  simulations (like Monte Carlo simulations) to analyse risk scenarios and their potential impacts.
3. Project Management Software: These integrated risk management tools offer risk management features within a broader framework, allowing seamless risk tracking alongside project milestones.
4. Financial Risk Management Tools: These risk management tools focus on identifying and mitigating risks related to financial operations, such as market risk, credit risk, and liquidity risk.
5. Enterprise Risk Management (ERM) Software: These comprehensive platforms facilitate identifying, assessing, and managing risks across an organization by integrating risk management into corporate strategy.
6. Compliance Risk Management Tools: These tools are crucial for mitigating legal risks. They are designed to ensure that organizations meet legal and regulatory requirements.
7. Disaster Recovery and Business Continuity Planning: These are essential risk management tools to ensure businesses can recover quickly from unforeseen events and resume normal operations. They focus on protecting assets and minimizing downtime.
8. Risk Intelligence Platforms: These platforms provide predictive insights into potential risks, allowing for more nuanced risk management strategies by using artificial intelligence and machine learning
9. Cybersecurity Assessment Tools: Considering the increasing threat of cyber attacks, these tools are essential for identifying vulnerabilities in an organization’s digital infrastructure.
10. Scenario Analysis Tools: These risk management tools allow organizations to assess various hypothetical scenarios and their potential impacts, aiding in strategic planning and resilience building.

Risk management tools are very important and necessary in managing risks effectively and has become even more so due to the rapid advancement in technology and also global changes. The following tools are also used and have numerous advantages:

1. Pre-emptive Risk Identification: these tools assist organizations in identifying risks and develop proactive measures instead of working on reactive responses.
2. Making Informed Decisions: Risk management tools aid in making decisions by examining possible impact of the risk and also weighing the risk against returns.
3. Optimises Resources: resources are more effectively allocated, and risks are prioritised according to the level of their threats.
4. Compliance and Governance: legal liabilities are less when risk management tools are used, because they ensure compliance with legal and regulatory frameworks and best practice by organizations.
5. Improved Communication: Risk management tools improve the communication among teams and stakeholders, and it also offers a better avenue for reviewing and considering risk.

Jira is a common example of a risk Management tool used in project management, it is an all-in-one tool that helps in planning, reporting, delivering work by team members. It also allows team members track their work progress. Tasks can be allocated, challenges can be resolved, incompetencies checked and addressed. Jira has two core templates, Scrum or Kanban designed to support very active teams.

Jira can facilitate efficient resource planning and collaborative efforts among team members. Its features facilitate efficient resource allocation and effective communication, serving as a prime hub for collaboration among team members. This tool can be used to identifypotential risks, assessthe impact of those risks, developand implement strategies to mitigateor avoid those risks. The following are some examples of using Jira in risk management:

1. Identify potential risks: Jira can be used to create and manage a risk register, a document listing all potential risks that are likely to impact a project or an organization. The register tracks the level and status of each risk, detailing if the risk has been identified, assessed, or mitigated.
2. Assess impact of identified risks: customised fields can be created in the risk register to track the likelihood and potential impact of each risk. This prioritizes risks and aid in developing strategies to manage the risks.
3. Develop and implement strategies to mitigate or avoid risks: tasks are assigned plans for mitigating risk factors are created and progress tracked to ensure timely completion.
4. Communicate and report: information relating to risk is shared with stakeholders and senior management. It displays a risk dashboard showing status of identified risks, strategies developed to mitigate or avoid these risks, how effective the strategies are.
5. Monitor and review: Review and update the Jira risk register as required.

Risk management certification

There are many certifications for risk management depending on individual needs and career objectives. Below are some reputable risk management certifications for consideration:

1. Certified Risk Management Professional (CRMP) is offered by the Institute of Risk Management (IRM) and it is a globally recognized certification that provides a comprehensive understanding of risk management and covers the full range of risk management techniques, concepts, and practices.
2. Professional Risk Manager (PRM) is offered by the Professional Risk Managers’ International Association (PRMIA) and it is a comprehensive certification that covers the full spectrum of risk management, including market, credit, operational and integrated risk.
3. Certified in the Governance of Enterprise IT (CGEIT) is offered by the ISACA, this certification covers the full range of governance-related topics, including IT governance, risk management, compliance, and assurance.
4. Certified in the Risk Management Assurance (CRMA) is also offered by ISACA, it provides an understanding of the internal audit’s role in risk management.
5. ISO 31000 Risk Manager is offered by the International Standards Organization (ISO) and it is a globally recognized certification that provides an understanding of the ISO 31000 standard for risk management.
6. Certified in the Control Self-Assessment (CCSA) is offered by ISACA, it focuses on the control self-assessment process and how it can be used to identify and manage risks.

It is pertinent to note that some certifications differ in terms of requirements such as experience, education, and testing. Furthermore, the certification should align with individual career goals and the relevant business or sector.

Conclusion

Risk management is an essential part of project management because it helps organizations identify and manage potential risks that could impact the success of a project. By identifying and managing risks, organizations can ensure that their projects are completed on time, within budget, and to the desired level of quality. Additionally, risk management enables organizations to make better-informed decisions and to respond more effectively to unexpected events.

In summary, risk assessment should be carried out at different stages of a project or an organization’s operations, depending on the specific needs and objectives of the project or organization. It is an ongoing process that should be carried out periodically, when a new project or initiative is proposed, when a new regulation or standard is introduced, when a significant change occurs within the organization, and when an incident or event occurs.

Managing risks effectively has become essential due to rapid technological advancements and global uncertainties.

These tools provide several key benefits:

1. Proactive Risk Identification: Risk management tools help organizations identify potential risks and formulate proactive measures rather than working on reactive responses.
2. Informed Decision Making: Risk management tools help make informed decisions by analyzing potential impacts and balancing risks against rewards.
3. Resource Optimization: Risk management tools assist in allocating resources more effectively by prioritizing risks that are a more significant threat.
4. Compliance and Governance: Many of the risk management tools ensure organizations comply with legal regulations and governance standards, reducing legal liabilities.
5. Enhanced Communication: Risk management tools foster better communication between teams and stakeholders by offering a common framework for discussing risks.

References

1. Datta, S. & Mukherjee, S. K. (2001). Developing a risk management matrix for effective project planning–an empirical study. Project Management Journal, 32(2), 45–57Accessed August, 2024.
2. Sharma,  A (2024), The importance of risk management in project success.
3. Simplilearn 15 risk management tools and techniques, 2024. Accessed August, 2024
4. Zaidan, A. S., Khaw, K. W., Xinying, C., Alnoor, A., Ganesan, Y., Sadaa, A. M.   (2023).Influence of organizational contingencies on financial performance: mediating role of crisis management. Central European Business Review, 2023, 12(2): 37-59 | DOI: 10.18267/j.cebr.320
5. Murad, M. H. (2018). Risk management in relation to project success on the construction projects in UAE. Accessed September, 2024
6.  Marker, A. (2020) Models and Theories to improve Crisis Management.
7. Okoro, U., & Amadi, J. (2022). The impact of pandemic-induced restrictions on project timelines and costs in Nigeria. Nigerian Journal of Construction Management, 5(3), 87-102
8. Raz, T., Shenhar, A. J. and Dvir, D. (2002). Risk management, project success, and technological uncertainty. R&D Management, Vol. 32(2), pp.101-109

 Zwikael, O. and Ahn, M. (2011). The effectiveness of risk management: An analysis of project risk planning across industries and Countries. Risk Analysis, Vol. 31(1), pp.25-37