Project risk management
Project risk management is an important aspect of project management. According to the Project Management Institute's PMBOK, Risk management is one of the ten knowledge areas in which a project manager must be competent. Project risk is defined by PMI as, "an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives."[1]
Project risk management remains a relatively undeveloped discipline, distinct from the risk management used by Operational, Financial and Underwriters' risk management. This gulf is due to several factors: Risk Aversion, especially public understanding and risk in social activities, confusion in the application of risk management to projects, and the additional sophistication of probability mechanics above those of accounting, finance and engineering.
With the above disciplines of Operational, Financial and Underwriting risk management, the concepts of risk, risk management and individual risks are nearly interchangeable; being either personnel or monetary impacts respectively. Impacts in project risk management are more diverse, overlapping monetary, schedule, capability, quality and engineering disciplines. For this reason, in project risk management, it is necessary to specify the differences (paraphrased from the "Department of Defense Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs"):
- Risk Management: Organizational policy for optimizing investments and (individual) risks to minimize the possibility of failure.
- Risk: The likelihood that a project will fail to meet its objectives.
- A risk: A single action, event or hardware component that contributes to an effort's "Risk."
An improvement on the PMBOK definition of risk management is to add a future date to the definition of a risk.[2] Mathematically, this is expressed as a probability multiplied by an impact, with the inclusion of a future impact date and critical dates. This addition of future dates allows predictive approaches.[citation needed]
Good Project Risk Management depends on supporting organizational factors, having clear roles and responsibilities, and technical analysis.
Chronologically, Project Risk Management may begin in recognizing a threat, or by examining an opportunity. For example, these may be competitor developments or novel products. Due to lack of definition, this is frequently performed qualitatively, or semi-quantitatively, using product or averaging models. This approach is used to prioritize possible solutions, where necessary.
In some instances it is possible to begin an analysis of alternatives, generating cost and development estimates for potential solutions.
Once an approach is selected, more familiar risk management tools and a general project risk management process may be used for the new projects:
- A Planning risk management
- Risk identification and monetary identification
- Performing qualitative risk analysis
- Communicating the risk to stakeholders and the funders of the project
- Refining or iterating the risk based on research and new information
- Monitoring and controlling risks
Finally, risks must be integrated to provide a complete picture, so projects should be integrated into enterprise wide risk management, to seize opportunities related to the achievement of their objectives.
See also
- Committee of Sponsoring Organizations of the Treadway Commission
- ISO 31000
- Operational risk management
- Risk Management
- Risk appetite
- Risk management tools