The purpose of this document is to provide an overview of risk management and how this becomes a key
factor within the organization. Another important aspect is how the risk strategy has a great influence in
risk mitigation in order to reduce the organization loses. Additionally, the introduction of the KM
(knowledge management), this concept provide a better approach for decision-making in any project.
According to Samer Alhawar, in his writing he indicates that effective RM process modeling cannot be
achieved without the assistant of a well-established KM process model (Rodriguez and Edwards, 2008).
This framework has been built based on the theory in the first three modules, textbooks and journal about
RM and KM. Therefore, risk management has growing as discipline focusing to ensure the risk will not
occur during the project execution in order to reduce losses to accept level.
1. RISK DEFINITION
In modern times, the risk has taken different approaches, the case of the safety aspect risk is related to the
danger in the project. Ergo, this is due to the losses or things that keep you away from the perfect path, with
a negative impact translating the outcome to the cost.
Risk is the probability of uncertainty of an event or condition that can affect a person, environment and
organization in a positive or negative way. A risk can also be unwanted or adverse consequences to life,
property or health, or any variable in the project that causes project failure (Padayachee, 2002).
Risk can be evaluated based on two aspects probability and impact. Probability means the possibility of
occurrence of risk, while impact is the level of measurement that risk could generate in a project.
Risk is an important topic in modern society. People are confronted with risks all the time, and it’s part of
our life. But today all governments and industries in general have integrated as part of its evolution a culture
through the Risk management.
In modern literature, the authors cover many aspects of which there is no clear categorization of the sources
of risk and common consensus about its classification. In general, the risks can be classified in two groups
Cost risk, this type of risk is the result of a project costs more than the original estimated budget.
Schedule risk, in this risk, these include unexpected delays in specifics activities will take longer than
expected.
Performance risk, this type of the risk is the result of a series of factors that impact the objectives of
the project, the five most common risks are: poor leadership, staff problems, no continuity, lack of
resources, and change in business strategy.
Safety Risk, this type of risk is the result of the lack of control procedures. This type of risk impacts
an organization on a large scale. For this reason safety is the primary aspect to identify in a project.
Technology risk, this type of risk is the result in low performance achieved with a specific technology
which impacts the project. However, this can be positive or negative depending on the controls and
objectives established in its implementation.
Risk analysis and strategies have evolved in all aspects of large organizations, searching for positive results
that reflect the productive performance of the goals established by the members of the organization
(stockholders). However, the search for efficiency in terms of cost-benefit has been a big challenge, since
companies seek a higher level of production with a major efficiency at a lower cost (cost savings). This
implies redesigning strategies that allow achieving the project's objectives in a safe and efficient manner.
This is a critical stage in planning process on risk management, in order to identify potential risks and action
taken to mitigate them. Once the risks have been identified, the next step is to classify and rating each risk
based on likelihood and impact in the project. Hence, decide which strategy can be implemented for each
individual risk to manage all of them on an ongoing basis. As a final step to establish how monitoring the
risk on a regular basis and update the plan as necessary. The desired result of risk management effort is not
to reduce all risks to zero but to move them into the normal area, in which routine risk management and
cost-benefit analysis becomes sufficient to ensure overall safety and integrity (WBGU, 2000:18–20).
Regardless of the strategy chosen, the purpose is to transform an unacceptable risk into an acceptable level
of risk. Risk can be tolerated as long as it is within the control levels defined and planned strategically for
each risk.
Once the risk strategies have been defined, a solid risk management plan must prepare a report detailing
the actions and mitigations clearly identified on each individual risk. The risk strategic report has a double
purpose aligned with the objectives of the project, which supports the strategy and the planning process as
an integral part of the risk management process.
A risk management strategy can be separated into 5 main segments as seen in the diagram below.
Planning
Risk
Risk
Monitoring
Identification
and Control
Quality and
- Experts
The benefits for effective managing risk include: improved strategic, improve operational, improve
financial and improve customer.
The goal of the analysis is to further understand each specific instance of risk, and how it could influence
the project objectives.
Based on the unit three four type of response strategies have been identified in risk management
Strategies to deal with positive risk are; exploiting when the team enhances the
opportunity to assure the risk actually occurs. Sharing, with various individuals, so
opportunities can be discussed amongst others. Enhancing, increasing the probability
or impact of an opportunity, and last ly acceptance, using the ability to adjust plans
to the risk.
During the process, the risk shall be monitored and reviewed continuously to ensure that all control
measures are working. The monitoring and review process should be incorporated within the planning of
the risk management process. Despite the fact that both processes are similar, knowing the distinction
between the reviews and monitoring process is essential in risk management. Monitoring is focused on the
consistent analysis and examination of both internal and external environmental factors, while the review
is the recurrent examination of the current status or circumstance, which may have a precise focus. The data
collected from the monitoring and review process allows to determine if the risk management process is
adequate to accomplish the expected outcomes. Such as, being aware of inefficiency, douts, and
possibilities for improvement.
3. OBJECTIVES
The objective of the research is to formulate appropriate strategies to manage each of the identified
risk factors facing the University, in order to assist the achievements of the University’s strategies
through pro-active risk management. Although the premise is that the developed methodology will
apply to construction projects in general.
Identify potential risks. Understand the scope of potential risks identified as developing realistic
and profitable strategies to address them..
Make clear who is responsible for what risk and accountabilities for risk management
During the planning stage, it is important to define the strategies and actions, in order to treat the risks
from the highest to the lowest level. It is advisable to evaluate the levels of strategic alignment and the
probability of success of each action taken. With regard to the risk of ID 1, for example, the mitigation
actions listed in Table 3.
Figure 3. Decision matrix of actions related to the risk: ‘Sudden reduction in headcount by Ecopetrol.
The decision matrix allows to have a clear vision of the ranking and degree of importance of each
previously established action, at least the moderate recommendation actions must be considered, the
"C" and "B" actions could be implemented respectively. On the other hand, action "A" could be
discarded due to its low recommendation (low score). The selection of actions may vary according to
the resources available in the company.
4 CONCLUSION
A well-defined risk management process with a clear understanding of the environment can help to
significantly increase the success of an organization's projects. The way in which the correct identification
of the risks is carried out in order to clearly establish the source and the root cause of the risks is
fundamental, which will allow to understand and develop well-defined strategic plans in order to mitigate
or reduce the risks.
The risk management process does not have to be complicated or take long to be effective. The risk
management process should not be compromised at any time, if ignored it can cause harmful effects. The
entire management team of an organization must know clearly the methodologies, procedures and
techniques of risk management. Of course, as long as the protocols are followed, to achieve the success of
a project it can be clearly achieved..
To conclude, this research contributes to the understanding of the process of new strategies that
organizations are adopting with a new vision and challenges. These enrich the research allowing guidelines
to be more specific with a greater justification of a set of inter-relations between important factors. Hence
this deepens the research which is guided to address the risk management through the use of tools and
techniques currently defined in knowledge management, as discussed throughout this document.
The continuous and adequate monitoring of strategic risks, through key risk indicators allows the
organization to foresee any possibility before the risk arises. Therefore, allowing the organization to
previously identify the factors of the risk during the evaluation of the risk management process. If the risk
tolerance tends to exceed the parameters and guidelines established, this will activate the risk alarms.
Consequently, organizations have the opportunity to review the treatment strategy given for the risk, which
in the end improves financial performance.
LIST OF REFENCES
Barry, B (199). Software Risk Management: Principles and Practices. IEEE software.vol 8. N.1. Pages
426 - 435. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Software+Risk+Management%3A+Princip
les+and+Practices&btnG=. 12 February, 2019
Isabela Ribeiro Damaso Maia. (2016). Integration of Risk Management into Strategic Planning: A New
Comprehensive Approach. Pages 4-13. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Integration+of+Risk+Management+into+S
trategic+Planning%3A+A+New+Comprehensive+Approach.+&btnG=. 10,February, 2019
Kamalesh Panthi, Ph.D. Candidate and Syed M. Ahmed, Ph.D./ Risk Matrix as a Guide to Develop Risk
Response Strategies. Florida International University Miami, Florida. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Risk+Matrix+as+a+Guide+to+Develop+Ri
sk+Response+Strategies&btnG=. 11 February, 2019
Robert J. Chapma.(2016). Simple Tools and techniques for enterprise risk management. Second Edition.
2016 Enterprise Risk Management Symposium. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Simple+Tools+and+techniques+for+enterp
rise+risk+management&btnG=. 08 January, 2019
Rodriguez, E., & Edwards, J. (2008). Before and after modeling: Risk knowledge management
is required. In Paper presented at the 6th Annual premier global event on ERM, Chicago, IL.
Samer, A, Louay, K., Amine, N., Ebrahim, M. (2012). Knowledge-Based Risk Management framework
for Information Technology project. International Journal of Information Management 32. Pages 50– 65.
Available at https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Knowledge-
Based+Risk+Management+framework+for+Information+Technology+project&btnG=. 15 February, 2019