Assignment 1

Module: Project Risk and Procurement Management

Student ID: @00536210

Assignment word count: Exactly 3540 words

Project Management Program
TABLE OF CONTENTS
Introduction .................................................................................................................................................. 3
1. Risk definition ....................................................................................................................................... 4
1.1 Risk Management Definition .............................................................................................................. 4
1.2 Sources of risk..................................................................................................................................... 5
1.3 Type of the risk.................................................................................................................................... 5
2. Risk management strategies ................................................................................................................. 6
2.1 Risk Identification.................................................................................................................................... 7
2.2 Risk analysis ........................................................................................................................................ 8
2.3 Risk evaluation .................................................................................................................................... 8
2.4 Risk responses ............................................................................................................................... 9
2.5 Risk monitoring and control........................................................................................................ 10
3. Objectives............................................................................................................................................ 11
3.1 Analyze and evaluate the impact of risks ................................................................................... 12
4 CONCLUSION ....................................................................................................................................... 13
List of Refences ........................................................................................................................................... 13
INTRODUCTION

The purpose of this document is to provide an overview of risk management and how this becomes a key
factor within the organization. Another important aspect is how the risk strategy has a great influence in
risk mitigation in order to reduce the organization loses. Additionally, the introduction of the KM
(knowledge management), this concept provide a better approach for decision-making in any project.
According to Samer Alhawar, in his writing he indicates that effective RM process modeling cannot be
achieved without the assistant of a well-established KM process model (Rodriguez and Edwards, 2008).
This framework has been built based on the theory in the first three modules, textbooks and journal about
RM and KM. Therefore, risk management has growing as discipline focusing to ensure the risk will not
occur during the project execution in order to reduce losses to accept level.
 1. RISK DEFINITION
In modern times, the risk has taken different approaches, the case of the safety aspect risk is related to the
danger in the project. Ergo, this is due to the losses or things that keep you away from the perfect path, with
a negative impact translating the outcome to the cost.

Risk is the probability of uncertainty of an event or condition that can affect a person, environment and
organization in a positive or negative way. A risk can also be unwanted or adverse consequences to life,
property or health, or any variable in the project that causes project failure (Padayachee, 2002).

Risk can be evaluated based on two aspects probability and impact. Probability means the possibility of
occurrence of risk, while impact is the level of measurement that risk could generate in a project.

Risk is an important topic in modern society. People are confronted with risks all the time, and it’s part of
our life. But today all governments and industries in general have integrated as part of its evolution a culture
through the Risk management.

1.1 Risk Management Definition

Risk management is an ongoing process by which risks are identified, analyzed, controlled throughout the
life of a project. Risk management has developed over the recent years as part of the PM. For this reason,
risk management is a discipline which integrates knowledge and methodologies which one are incorporated
to face on a specific problem. Risk management is essential in the development of a project, since it allows
the establishment of a process with the necessary actions to control and mitigate the losses generated by the
materialization of a risk. The process included a number of actions with the purpose to reduce the likelihood
and severity of the impact of potential risk, clearly identified with the objective to increase the chances of
a positive events and minimize the losses.
Davenport and Prusak (1998) describes knowledge as a mix of framed experience, values, contextual
information and expert insight that provides a structure for evaluating and integrating new experiences and
information. Knowledge is one of the essential aspects of risk management, this allows the formation of
strategies and procedures that allow understanding from a physical base to obtain clear knowledge of the
risk. Without a consequent knowledge of the root cause of the risk, it is not possible to identify the possible
solution. For this reason, knowledge fulfills an essential factor in the identification, analysis, and control of
risk. The only way to achieve this is through the capture of lessons learned and sharing of knowledge related
to potential risks.
1.2 Sources of risk
In a project is important to identify clearly the source of the risk such as work environment, equipment,
procedures, personnel, and material used to complete the activities in the project. However, as I mentioned
in the paragraph before knowledge is fundamental in the process of risk management, this can positively or
negatively impact the objectives of the project. In fact, lack of knowledge affects the progress and
developing of the activities results within the organization.On the other hand, the identification of the
integral knowledge that an experienced worker requires is the risk modeling knowledge (Rodriguez &
Edwards, 2008). Moreover, depending on the specific detail of the project, there are many factors that can
affect the project and its results. The main key in the success of a project is the personnel and team work,
this can influence positive or negative outcomes.

In modern literature, the authors cover many aspects of which there is no clear categorization of the sources
of risk and common consensus about its classification. In general, the risks can be classified in two groups

 Internal Risks (endogenous) i.e. from inside the organisation

• External Risks (exogenous) i.e. from outside the organisation.

This classification has been established throughout many studies in risk management which covers an
important aspect such as quality control. Nowadays, the success of a project lies in the controls that are
clearly defined to mitigate the root cause of the origin of the risk.

1.3 Type of the risk

The fundamental aspect in the identification of risks, depends on the development of the process in the risk
analysis phase, this is necessary to develop the framework for the identification of the risks: sources of risk,
risk factor and resources exposed to risk. A classification is proposed according to which the sources of
risk are given by the physical, social, political, operational, economic, legal, and environmental. These risks
can impact in different levels of the objectives and results for the organization.This classification allows
covering a broad spectrum of all types of risks an organization can face.

The most common risks to be considerate in a project will be:

 Cost risk, this type of risk is the result of a project costs more than the original estimated budget.
 Schedule risk, in this risk, these include unexpected delays in specifics activities will take longer than
expected.
  Performance risk, this type of the risk is the result of a series of factors that impact the objectives of
the project, the five most common risks are: poor leadership, staff problems, no continuity, lack of
resources, and change in business strategy.
 Safety Risk, this type of risk is the result of the lack of control procedures. This type of risk impacts
an organization on a large scale. For this reason safety is the primary aspect to identify in a project.
 Technology risk, this type of risk is the result in low performance achieved with a specific technology
which impacts the project. However, this can be positive or negative depending on the controls and
objectives established in its implementation.

2. RISK MANAGEMENT STRATEGIES

Risk analysis and strategies have evolved in all aspects of large organizations, searching for positive results
that reflect the productive performance of the goals established by the members of the organization
(stockholders). However, the search for efficiency in terms of cost-benefit has been a big challenge, since
companies seek a higher level of production with a major efficiency at a lower cost (cost savings). This
implies redesigning strategies that allow achieving the project's objectives in a safe and efficient manner.

This is a critical stage in planning process on risk management, in order to identify potential risks and action
taken to mitigate them. Once the risks have been identified, the next step is to classify and rating each risk
based on likelihood and impact in the project. Hence, decide which strategy can be implemented for each
individual risk to manage all of them on an ongoing basis. As a final step to establish how monitoring the
risk on a regular basis and update the plan as necessary. The desired result of risk management effort is not
to reduce all risks to zero but to move them into the normal area, in which routine risk management and
cost-benefit analysis becomes sufficient to ensure overall safety and integrity (WBGU, 2000:18–20).
Regardless of the strategy chosen, the purpose is to transform an unacceptable risk into an acceptable level
of risk. Risk can be tolerated as long as it is within the control levels defined and planned strategically for
each risk.

Once the risk strategies have been defined, a solid risk management plan must prepare a report detailing
the actions and mitigations clearly identified on each individual risk. The risk strategic report has a double
purpose aligned with the objectives of the project, which supports the strategy and the planning process as
an integral part of the risk management process.
A risk management strategy can be separated into 5 main segments as seen in the diagram below.

Planning

Risk
Risk
Monitoring
Identification
and Control
Quality and

Risk Response Risk Analysis

Strategy

Figure 1. Risk management strategy process applied in projects by Occidental Petroleum.

2.1 RISK IDENTIFICATION

Risk identification process determines which possible risks might affect the project and documents their
characteristics (PMBOK, 2004). Therefore, the risk is captured from historical data taken from reports,
lessons learned and experiences, this data allows to broaden the knowledge about the status and risk
profile. In this phase important to determinate the potential and possible sources of risks, analyzing the
factors that are key to the project achieving success. Additionally, reviewing the weakness of the project
and the threats it has to deal. In order to achieve the goals of the organization, activity or initiative process
of the project.
The most useful system of identification in a project are:
- Brainstorming
- Interviews
- Workshops
- Comparison with other organization.

- Experts
The benefits for effective managing risk include: improved strategic, improve operational, improve
financial and improve customer.

2.2 Risk analysis

Risk analysis involves many aspects to prioritize the risks for further analysis in order to determine their
consequences, their probability of occurrence and their impacts.
The level of risk is analyzed by combining estimate of likelihood and consequences to determine the priority
level of the risk.
The table below is an example of a simple Risk Scoring Matrix that provides a standard method to calculate
grading based upon combination of probability and impact ratings.

Figure 2. Risk Rating. source risk analysis system by Ecopetrol

The goal of the analysis is to further understand each specific instance of risk, and how it could influence
the project objectives.

2.3 Risk evaluation

The stage of the risk evaluation gives an opportunity to define the probability and impact for each risk.
Additional this can be used to define the project contingencies in terms of time and cost. The evaluation
can be conducted before and after defining the risk exposure and response actions from the list of the risk
clearly identified in the project. The risk undertaken will classified in the range or “as a result of the defined
response actions and assuming that they will be 100% effective (or wherever percentage is appropriate)
when implemented, the risk exposure will be on the range. Reporting an overly optimistic mitigation
success rate early in a project (as has occurred on government projects) can lead to underfunding and
interruption of project’s progress.

2.4 Risk responses

The objective of a risk response plan is to adopt a plan and systematic approach to the risk through processes
and procedures defined to face the risk in a project. For this reason, a clear risk response plan is an important
activity within the planning phase to mitigate all critical risks prior to entering the execution phase of the
project. Developing appropriate options and action plan are two aspects that will reduce the threats of
specific risks to a project objectives. Ergo, it’s important to conduct periodic risk reviews to develop
strategies for responding to risks clearly identified.

Based on the unit three four type of response strategies have been identified in risk management

Avoid Transfer Mitigate Accept

• AVOID : in some cases, risk avoidance can be achieved by making changes to

the project management plan. For instance, adjusting the schedule, modifying the
project strategies implemented, or minimizing the scope of the project.

• TRANSFER : risk transfers the responsibility to other individual(s). This under

no circumstances eliminates the risk, it solely passes the responsibility to another
individual(s) to handle the risk through a different perspective. For instance, risk
transfer includes insurance, per formance bonds, warranties, fixed price contracts,
and guarantees.

• MITIGATE : risk mitigation focuses on decreasing the chance or consequences

of a risk. Examples of risk mitigation incorporate proper protection discipline,
simplifying processes, choosing a stable supplier, and redundant activities.

• ACCEPT : risk acceptance is when a team chooses not to plan on methods to

resolve the risk or they are incapable of recognizing other methods to deal with a
 certain risk. This approach can be redesigned where the team chooses to resolve risk
if it occurs. Conversely, it may also occur that the team may be active where the
project team has an unexpected incident allocated and intend to the resolve risk
occurred at the time.

Strategies to deal with positive risk are; exploiting when the team enhances the
opportunity to assure the risk actually occurs. Sharing, with various individuals, so
opportunities can be discussed amongst others. Enhancing, increasing the probability
or impact of an opportunity, and last ly acceptance, using the ability to adjust plans
to the risk.

Exploit Share Enhance Accept

 EXPLOIT— Take actions to make sure the important objectives happen.

 SHARE— Share with another group the opportunity to work with a better strategy.
 ENHANCE—Take the opportunity to increase the probability of success, increasing the
impact value.
ACCEPT—Take advantage of the opportunity to pursue and achieve the better value.

2.5 Risk monitoring and control

Risk monitoring and control are another important stage within the risk management process.
Basically, this process allows monitoring and reviewing the risk state, based on the following aspects:
- Risk Update
- Risk Treatment
- Risk feedback
- Seek new risks and sources
- Effective actions

During the process, the risk shall be monitored and reviewed continuously to ensure that all control
measures are working. The monitoring and review process should be incorporated within the planning of
the risk management process. Despite the fact that both processes are similar, knowing the distinction
between the reviews and monitoring process is essential in risk management. Monitoring is focused on the
consistent analysis and examination of both internal and external environmental factors, while the review
is the recurrent examination of the current status or circumstance, which may have a precise focus. The data
collected from the monitoring and review process allows to determine if the risk management process is
adequate to accomplish the expected outcomes. Such as, being aware of inefficiency, douts, and
possibilities for improvement.

Activities involved in Risk Monitoring include:

• Set continues revisions and incorporate them in the project plan.
• Ensure that every condition of the Risk Management Plan is executed.
• Evaluate the current defined risk within the Risk Register.
• Assess the quality and efficiency of the actions practiced.
• Recognize the state of operations that will be taken.
• Verify past risk evaluations, their probability, and impact.
• Approve earlier hypotheses and discuss any new hypotheses.
• Recognize different risks.
• Follow the risk response.

3. OBJECTIVES
 The objective of the research is to formulate appropriate strategies to manage each of the identified
risk factors facing the University, in order to assist the achievements of the University’s strategies
through pro-active risk management. Although the premise is that the developed methodology will
apply to construction projects in general.
 Identify potential risks. Understand the scope of potential risks identified as developing realistic
and profitable strategies to address them..
 Make clear who is responsible for what risk and accountabilities for risk management

3.1 Analyze and evaluate the impact of risks

Impact – A fundamental aspect of the risk analysis is to establish the magnitude of the impact, and how
the decisions to resolve it can create an impact on the organization. It is important to consider the types
of impacts, both financial and non-financial of the project. Some non-financial impacts can be critical,
which may require additional strategies to mitigate their potential social, physical, operational and
environmental impacts. A form of qualitatively evaluative degree of impact is establishing "high,
medium and low" impact levels. The risk management process can highly reduce the changes of failure,
the advantage of using a comprehensive risk analysis could be expensive and difficult for the less
developed projects. Likewise, the risk management process should be able to adjust to the project and
the complexity of an organization's programs.

During the planning stage, it is important to define the strategies and actions, in order to treat the risks
from the highest to the lowest level. It is advisable to evaluate the levels of strategic alignment and the
probability of success of each action taken. With regard to the risk of ID 1, for example, the mitigation
actions listed in Table 3.

Table 3. Examples of mitigation actions related to the risk:

ID Strategic action Strategic alignment Success probability
A Hiring of personnel 2 1
B Restructuring and staff training 3 2
C Process automation 3 3

Figure 3. Decision matrix of actions related to the risk: ‘Sudden reduction in headcount by Ecopetrol.

The decision matrix allows to have a clear vision of the ranking and degree of importance of each
previously established action, at least the moderate recommendation actions must be considered, the
"C" and "B" actions could be implemented respectively. On the other hand, action "A" could be
discarded due to its low recommendation (low score). The selection of actions may vary according to
the resources available in the company.
4 CONCLUSION

A well-defined risk management process with a clear understanding of the environment can help to
significantly increase the success of an organization's projects. The way in which the correct identification
of the risks is carried out in order to clearly establish the source and the root cause of the risks is
fundamental, which will allow to understand and develop well-defined strategic plans in order to mitigate
or reduce the risks.
The risk management process does not have to be complicated or take long to be effective. The risk
management process should not be compromised at any time, if ignored it can cause harmful effects. The
entire management team of an organization must know clearly the methodologies, procedures and
techniques of risk management. Of course, as long as the protocols are followed, to achieve the success of
a project it can be clearly achieved..
To conclude, this research contributes to the understanding of the process of new strategies that
organizations are adopting with a new vision and challenges. These enrich the research allowing guidelines
to be more specific with a greater justification of a set of inter-relations between important factors. Hence
this deepens the research which is guided to address the risk management through the use of tools and
techniques currently defined in knowledge management, as discussed throughout this document.
The continuous and adequate monitoring of strategic risks, through key risk indicators allows the
organization to foresee any possibility before the risk arises. Therefore, allowing the organization to
previously identify the factors of the risk during the evaluation of the risk management process. If the risk
tolerance tends to exceed the parameters and guidelines established, this will activate the risk alarms.
Consequently, organizations have the opportunity to review the treatment strategy given for the risk, which
in the end improves financial performance.

LIST OF REFENCES
Barry, B (199). Software Risk Management: Principles and Practices. IEEE software.vol 8. N.1. Pages
426 - 435. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Software+Risk+Management%3A+Princip
les+and+Practices&btnG=. 12 February, 2019

Isabela Ribeiro Damaso Maia. (2016). Integration of Risk Management into Strategic Planning: A New
Comprehensive Approach. Pages 4-13. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Integration+of+Risk+Management+into+S
trategic+Planning%3A+A+New+Comprehensive+Approach.+&btnG=. 10,February, 2019
Kamalesh Panthi, Ph.D. Candidate and Syed M. Ahmed, Ph.D./ Risk Matrix as a Guide to Develop Risk
Response Strategies. Florida International University Miami, Florida. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Risk+Matrix+as+a+Guide+to+Develop+Ri
sk+Response+Strategies&btnG=. 11 February, 2019

Margaret Rose. (2005), Risk Management, Pages15-45. Retrived from

https://searchcompliance.techtarget.com/definition/risk-management, 12 February, 2019.
Parker, D., & Mobey, A. (2004). Action Research to Explore Perceptions of Risk in Project
Management. International Journal of Productivity and Performance Management 53(1), 18–32. Available
at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Action+Research+to+Explore+Perceptions
+of+Risk+in+Project+Management&btnG=. 08 February, 2019

Robert J. Chapma.(2016). Simple Tools and techniques for enterprise risk management. Second Edition.
2016 Enterprise Risk Management Symposium. Available at
https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Simple+Tools+and+techniques+for+enterp
rise+risk+management&btnG=. 08 January, 2019

Rodriguez, E., & Edwards, J. (2008). Before and after modeling: Risk knowledge management
is required. In Paper presented at the 6th Annual premier global event on ERM, Chicago, IL.

Szabo Alina /RISK MANAGEMENT: AN INTEGRATED APPROACH TO RISK

MANAGEMENT AND ASSESSMENT. Member of the Institute of Internal Auditors (IIA)

STANCA COSTEL and ANGHEL ELENA-CRISTI. (2013), ASPECTS RELATED TO RISK

MANAGEMENT IN OIL AND GAS INDUSTRY. Constanta Maritime University, 2Atlas Research,
Romania

Samer, A, Louay, K., Amine, N., Ebrahim, M. (2012). Knowledge-Based Risk Management framework
for Information Technology project. International Journal of Information Management 32. Pages 50– 65.
Available at https://scholar.google.com/scholar?hl=es&as_sdt=0%2C5&q=Knowledge-
Based+Risk+Management+framework+for+Information+Technology+project&btnG=. 15 February, 2019