1.
RISK MANAGEMENT
EMCM5103 TOPIC 5

2.
Risk Management
ØRisk
• Uncertain or chance events that planning could not overcome or control.
ØRisk Management
• A proactive attempt to recognize and manage internal events and external
threats that affect the likelihood of a project’s success.
• What can go wrong (risk event).
• How to minimize the risk event’s impact (consequences).
• What can be done before an event occurs (anticipation).
• What to do when an event occurs (contingency plans).

3.
7–3
Risk Management’s Benefits
Ø Minimize management by crisis
Ø Encourage proactive management
Ø Minimize surprises and problems/negative consequences
Ø Gain competitive advantage
Ø Decrease overall probability of project variances
Ø Increase probability of project success
Ø Improves chances of reaching project performance objectives within budget and on time.
Ø Focus on building the right product the first time
Ø Prevent problems from occurring, or if they occur, from escalating/better control in future

4.
DEFINITIONS OF RISK, RISK TOLERANCE
AND UNCERTAINTY
Ø Risk is a very crucial integral part of project management.
Ø Unforeseen that never be static
Ø Projects are prone to risks and often incorporate new techniques and procedures,
and risks have to be identified from the start.
Ø Effect of the uncertainty on objectives.
Ø As the cumulative effect of the probability of uncertain occurrences that may affect
the project objectives.
Ø Uncertain event or condition occurring which can certainly affect project objectives
( positively or negatively)
Ø Unmanaged risks are mostly the primary cause of project failure.

5.
RISK AND UNCERTAINTY
RISK
• is concerned with objective probabilities
• can be assigned a probability value
UNCERTAINTY
• requires consideration of subjective
probabilities
• uncertainty is completely immeasurable
• defined as the sum of the unknown and
unknowable aspects of the project, the
consequences could threaten the achievement
of one or more project goals.
• It is the intangible measure of what is not
known about the project

6.
Uncertainty and risk should not be defined only in terms of threats to
success but also in a broader sense to include having potential
positive outcomes.
Risks = Unfavourable events/outcomes , lack of knowledge of future
events /conditions – negative risks
Opportunities = future events/outcomes that are favourable to a
project - positive risks
2 types of risk

7.
MANAGING UNCERTAINTY
Diagram shows 9 steps of uncertainty management framework
STEP 1&2-
PREPARING THE
PROCESS
STEP 3-7 : Process for
identifying, analysing and
developing measures for
exploiting or controlling
the uncertainty
STEP 8 & 9 : RISK
RESPONSE
-Following up the
uncertainty over
the project life
cycle

8.
RISK TOLERANCE
• Risk tolerance: the specific maximum risk that an organization is willing to take
regarding each relevant risk. Risk target: the optimal level of risk that an organization
wants to take in pursuit of a specific business goal.
• Risk tolerance can be defined accurately if we really understand the manager’s
inclination towards risk-taking of good and bad outcomes.
• It is a subjective notion that is influenced by many circumstantial attitudes towards risk.
• Risk tolerance concerns both the probabilities of inherent risk occurrences taking place
and the resulting impact of those occurrences.
• Risk tolerance is very important in a sense that it leads to more efficient use of
resources because the project team has a better understanding of how much of the
project’s risks should be remedied.

9.
DEVELOPING RISK MANAGEMENT PLAN
ØRisk management plan provides documented guidance for contract risk
management process which includes conducting risk assessment from all
perspectives and other contract activities inclusive of contract risk as well.
ØRisk assessment should be performed at the initial stage during planning as well
as at relevant intervals throughout the project to ascertain potential project
risk impacts with the intent to either remove the risk threat or to plan actions
that reduce the impact in the event of risk occurrences.

10.
RISK ASSESSMENT TECHNIQUES
RISK
ASSESSMENT
TECHNIQUES
CHECKLIST
DELPHI
TECHNIQUE
BRAINSTORM
ING
NOMINAL
GROUP
TECHNIQUE
MONTE
CARLO
SIMULATION
OTHER
During risk assessment, project
team members must also be
careful to differentiate
between describing a risk event
and describing the cause of a
risk event.
This Table describes a few risk
assessment techniques which
are commonly practiced.

11.
RISK ASSESSMENT TECHNIQUES

12.
RISK ASSESSMENT
Risk assessment component can be divided into risk identification and risk analysis.
Generally, the risk management plan documents the risk management process.
The purpose of this practice is to provide the project manager, project team and other
relevant stakeholders with an approach to develop the planning documentation that is
needed to conduct risk management activities across all contract stages.

13.
RISK ASSESSMENT
It should address the following:
(a) The personnel responsible for managing the various aspects of the project and
contract risks;
(b) Specify how the initial risk identification, analysis and prioritisation of output
will be maintained;
(c) State what the specific response strategies are, including any contingency
plans to be implemented; and
(d) Whether a management reserve for such plans will be allocated.

14.
RISK MANAGEMENT PLAN
The risk management plan is usually developed during project planning (planning
phase). The plan and its content can be reviewed and updated throughout the stages or
phases of the contract formation until the project is completed.
However, in the risk management plan, a brief summary of the process that leads to the
contract and references to source the documents will be the main content apart from
risk management process and activities embedded within. In short, the plan should
include a resume of the risk management plan which will define all the scope and areas
in which risk management applies, particularly the risk types to be investigated.

15.
EXAMPLE OF RISK MANAGEMENT PLAN

16.
CONTRACT RISK MANAGEMENT
FRAMEWORK
Successful contract outcomes are more likely to be the result of defining and
managing activities according to a logical and structured contracting process
framework suitable for the proposed activities.
Figure : Risk management framework in contract management

17.
(i) Identify the need of
the contract and the
extent of risk
assessment required.
(ii) Plan the contract
process and set
criteria.
(iii) Develop the type
of contract, conditions
and specifications so
that there is clarity in
risk identification.
(i) Invite and receive
offers:
(ii) Evaluate offers:
(iii) Negotiate and apply
due diligence:
(iv) Finalise and award
the contract.
(i) Manage the
transition:
(ii) Manage the
operation and evaluate
performance:
(iii) Review contract
options (Complete,
extend, renew):

18.
RISK MANAGEMENT PROCESS
Risk management requires a proactive rather than a reactive approach. It is a
preventive process designed to ensure that unpredictability is reduced and any
negative consequences associated with unwanted events are minimised. The risk
management process supports decision-making in all steps of the contracting process
and aims to enhance assurance that the contract has adequate specifications and
terms, the right contractor is chosen and key risks are managed at all stages.
Managing risks in contract management requires an understanding
of two factors:
(a) The risk management process itself; and
(b) How risk management is applied to the contracting process. The
management of risks is required throughout the contracting process because
the nature of risks being managed will differ along the process

19.
Figure: Risk management process
Figure shows the steps that
need to be embedded and
practised in the risk
management process.
The clear boxes indicate that
the process is likely to occur
regularly, while the dotted
lines indicate the possibility
that the contingency planning
might occur.

20.
RISK MANAGEMENT PROCESS
(a) Step 1 Establish the Risk Context
The clarity on internal and external risk context is very crucial in this step as
organisations operate in an environment of risk. The same understanding
and clarity should be applied across all internal processes in the organisation
whilst including contract management. Internal risk context is defined as the
internal environment within which the organisation seeks its objectives
whilst external risk context refers to understanding the external environment
in which the organisation operates to enable the recognition of what
potential risks may exist.

21.
RISK MANAGEMENT PROCESS
(b) Step 2 Risk Identification
The risk management process begins by generating a list of all the possible risks that
have the potential to affect the project. The brainstorming session and other
problem-identifying techniques to identify potential risks have to be pulled together
to ensure this step can be done efficiently.

22.
7–27
The Risk Breakdown Structure (RBS)
FIGURE 7.3

23.
Risk analysis
(c) Step 3 Risk Analysis
Risk analysis, on the other hand, involves developing a clear understanding about
an identified potential risk. In carrying out the analysis, the probability and
impact of the risk will be determined via various techniques.
Documentation of risk analysis can be done in various templates but must be
documented together in a risk management plan.

24.
(d) Step 4 Risk Evaluation
Risk evaluation is actually part of risk analysis as it is a further in-depth analysis to
evaluate the overall risk rating of each risk and to decide which risk poses a higher threat
to the project.
(e) Step 5 Risk Treatment
In this step, the project team explores the options available for the project manager to
reduce the risk profile of each risks identified which will be subsequently monitored.
This step also contains the rating of risks in the risk register which include details of:
(i) The rating of risk probability;
(ii) The impact of the risk;
(iii) The overall risk rating; and
(iv) The scale and weightage that will be applied to all project risks.

25.
Step 6 Contingency Planning
This step involves the use of alternative plans if a possible foreseen risk event
becomes a reality. It represents actions that will reduce or mitigate the negative
impact of the risk event. The contingency plan only materialises after the risk is
recognised and becomes an issue. Contingency planning evaluates alternative
remedies for possible foreseen events before the risk event occurs and selects the
best plan among alternatives.

26.
The Risk Management Process
Step 1: Risk Identification
Generate a list of possible
risks through
brainstorming, problem
identification and risk
profiling.
Macro risks first, then
specific events
Step 2: Risk Assessment
Scenario analysis for
event probability and
impact
Risk assessment matrix
Failure Mode and
Effects Analysis (FMEA)
Probability analysis
Decision trees,
NPV, and PERT
Semiquantitative
scenario analysis
Step 3: Risk Response
Development 1.Mitigating Risk
2.Avoiding Risk
3.Transferring Risk
4. Retaining Risk
Contingency Plan :An alternative
plan that will be used if a possible
foreseen risk event actually
occurs.
Step 4: Risk Response Control
Risk control :
• Execution of the risk response strategy
• Monitoring of triggering events
• Initiating contingency plans
• Watching for new risks
Establishing a Change Management System
• Monitoring, tracking, and reporting risk
• Fostering an open organization environment
• Repeating risk identification/assessment
exercises
• Assigning and documenting responsibility for
managing risk

27.
Risk Response Development
• Mitigating Risk
Reducing the likelihood an adverse event will occur.
impact of adverse event.
• Avoiding Risk
Changing the project plan to eliminate the risk or condition.
• Transferring Risk
Paying a premium to pass the risk to another party.
Build-Own-Operate-Transfer (BOOT) provisions.
• Retaining Risk
Making a conscious decision to accept the risk.
RISK RESPONSE

28.
• Risk response planning phase is to develop suitable responses to the identified risks which
are appropriate, achievable and affordable.
• Risk owners are also allocated accordingly to each risk response.
• This is to be responsible for strategy implementation and for monitoring its effectiveness.
• This significant phase of the risk response planning is very important since a majority of
decisions are taken at this point that will directly affect the risk exposure of the project.
• And critical for this phase to also deal effectively with opportunities in addition to the
threats, if the associated profits, values or benefits are to be realised by the project and
the organisation respectively.
RISK RESPONSE

29.
THANK YOU