February 2013
The need for project risk management What is risk? Risk concepts What is risk management? Risk models Risk classification Risk and life cycles The bigger picture Corporate Governance Black Swans Case studies
Slide 1 of 37
1.1 The Need for Risk Management If something can go wrong, it will go wrong!
(Murphys law, www.murphy.com)
Every project is risky! There is a chance that things won't go according to plan Risk Management is about trying to prevent things from going wrong, or to reduce the impact if 'things' do go wrong
Jan-13 Slide 2 of 37
IRM 801
1.1
University of Pretoria
February 2013
These failures had severe consequences for companies, projects and governments
Jan-13 Slide 3 of 37
IRM 801
1.2
University of Pretoria
February 2013
Project Risk
"The cumulative effect of the probability of uncertain occurrences that may positively or negatively affect project objectives" (Pritchard, 2001) "An uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective"
(PMBoK, 2000)
Jan-13 Slide 6 of 37
IRM 801
1.3
University of Pretoria
February 2013
The Risk Value can be represented on a 2-D grid of probability (P) and consequence (C) Risk or Risk Value should be interpreted carefully!
Jan-13 Slide 7 of 37
Probability-Consequence Grid
Probability
Medium Risk
High Risk
Low Risk
Medium Risk?
Increasing Risk
Consequence
Jan-13 Slide 8 of 37
IRM 801
1.4
University of Pretoria
February 2013
Low probability but high consequence High probability but low consequence
Jan-13
Slide 9 of 37
Risk Interpretation
Risk is part of our daily lives Everyone is confronted with risk and must learn to cope with it, e.g.
purchasing some asset (house, car, computer, etc.) driving a car traveling overseas (plane crash, theft, SARS, etc.) investing money (shares, unit trusts, policy, etc.) Living in a house/flat
IRM 801
1.5
University of Pretoria
February 2013
Risk Interpretation
People cope with risk through conscious and subconscious actions, e.g. making a career change braking to avoid a car accident People are willing to pay money to manage (reduce or transfer) risks, e.g. life/ health/ property insurance burglar alarm air bags and seatbelts in cars Risk management is about balancing risk and reward
Jan-13 Slide 11 of 37
IRM 801
1.6
University of Pretoria
February 2013
Slide 13 of 37
Why companies fail in managing risk The antithesis of risk management: Firefighting How much risk management? Risk as an ally Attitudes toward risk
(Refer Smith & Merritt, Chapter 1)
Jan-13 Slide 14 of 37
IRM 801
1.7
University of Pretoria
February 2013
Each model has certain benefits, as well as disadvantages The Standard Risk Model is preferred, but the simple risk model is adequate for most uses
(Refer Smith & Merritt, Chapter 2)
Jan-13 Slide 15 of 37
IRM 801
1.8
University of Pretoria
February 2013
IRM 801
1.9
University of Pretoria
February 2013
IRM 801
1.10
University of Pretoria
February 2013
Design/ Development
Construction/ Manufacture
Operation/ Maintenance
Phase-out
Close-out
Support
Total Risk
Deficiency in one phase may influence the next phase, e.g. Poor design can influence construction or manufacture Poor construction can influence operation (low reliability)
Determine need
Concept exploration
Detail design
Project implementation
Jan-13
Slide 22 of 37
IRM 801
1.11
University of Pretoria
February 2013
PRM PM PRM
PM PRM
PM
IRM 801
1.12
University of Pretoria
February 2013
HRM
PRM
Environment risk
Quality manage.
Jan-13
Slide 25 of 37
The King Report on Corporate Governance was published in 1994 and this was followed by the King II report in 2000 Risk management is also addressed in this report
Jan-13 Slide 26 of 37
IRM 801
1.13
University of Pretoria
February 2013
Jan-13
Slide 28 of 37
IRM 801
1.14
University of Pretoria
February 2013
King II Report
3.1.5 The board is responsible for ensuring that a systematic, documented assessment of the processes and outcomes surrounding key risks is undertaken, at least annually, for the purpose of making its public statement on risk management. This risk assessment should address the companys exposure to at least the following:
physical and operational risks; human resource risks; technology risks; business continuity and disaster recovery; credit and market risks; and compliance risks
Jan-13 Slide 29 of 37
IRM 801
1.15
University of Pretoria
February 2013
Fatalities
Ye llo w
Ri ve r, Ch ina No rth Ch Ka ina ife ng ,C UK hin & a Ne the rla nd s Ne the rla nd s
Jan-13
Me ko ng De lta ,
IRM 801
1.16
University of Pretoria
February 2013
Fatalities
Jan-13
Slide 33 of 37
IRM 801
1.17
University of Pretoria
February 2013
Severe shortfall in overall project performance Project risk management was adequately addressed High-level recommendations were made
Jan-13
Slide 35 of 37
Jan-13
Slide 36 of 37
IRM 801
1.18
University of Pretoria
February 2013
IRM 801
1.19