Abstract
This document outlines a risk management plan for the modernization of United Arab Emirates Public Library and Cultural Center (UAEPLCC). UAEPLCC is among several libraries, in the wider Middle East region, that serve as important cultural centers for the people of the United Arab Emirates (UAE).
This document presents the risk management plan in six parts that cover the most important parts of the risk management process. Overall, this plan serves as a model for developing risk management plans for construction projects.
Introduction
Scope
This risk management report aims to identify, analyze, and mitigate the risks associated with the modernization of the United Arab Emirates Public Library and Cultural Center (UAEPLCC). The construction of UAEPLCC ended in 1982. Since the building’s designers worked in the 1970s, most of the center’s facilities have outgrown their usefulness and need modernization.
This background informs the need to install new technology and equipments to help library users have a better experience at the center. This risk management plan encompasses the rules stipulated in the project management plan for the acquisition of capital assets by Blokdijk (2008). The plan also incorporates project best practices of other similar projects.
This risk management plan assumes the existence of risks in all facets of a project plan. The success of the risk management plan is therefore quantifiable through the identification, evaluation, and management of these risks. Thus, the goal of this risk management plan is to improve project success through the management of problem areas that may lead to the increment of project costs, or the delay of project schedule.
Indeed, Ahmed & Kayis (2007) say that project risks may cause undesirable outcomes, including (but not limited to) cost escalations, project delays and the production of poor quality project outcomes. Thus, the risk management plan will be a continuous process that addresses problem areas in all project phases.
Three characteristics explain project risks – a defined event, the existence of a probability of occurrence, and the existence of consequences, if they occur (risk severity is a function of its probability and impact) (Ahmed & Kayis, 2007). To this extent of analysis, it is equally crucial to point out that this risk management process is an important part of the planning and performance phases of the UAEPLCC project.
As such, this risk management report provides a methodology for identifying and assessing the risks associated with the project. This way, it would be easy to determine their impact and associated probability of occurrence. A mitigation plan would thereafter minimize the probability of the risks causing undesirable consequences in the project.
Overview of Risk Management Process
This risk management plan includes the following six steps:
Risk Management Planning
Before the onset of risk mitigation activities, an analysis and ascertainment of the potential problem areas surrounding the project will occur. Typically, this process outlines a risk screening exercise that evaluates the potential for every risk, by understanding its safety, environmental, security, and design faults (Caldwell, 2008). The risk management plan therefore tracks any activity that has a high vulnerability to risk.
Risk Identification
The risk identification process involves the identification of risks that may affect the successful competition of the project (usually includes risks that affect the entire project life cycle).
Questioning the assumptions, logic, and scope of the project management process usually identifies any risk that falls within this criterion. In detail, an evaluation of every risk identified in this process will occur, based on how it affects the project cost and schedule (Cervone, 2006).
Assessment of Risks
The risk assessment process aims to establish the real cost and impact of potential risks on the project schedule. A qualitative assessment of these project risks should outline how the risks affect project quality, while a quantitative assessment of these risks outline how they affect project costs and project schedule. Similarly, the ascertainment of risk probability also occurs at this stage (Caldwell, 2008).
Risk Handling
The risk handling process involves the determination of the right action to pursue when managing individual risk. Such actions may include risk prevention, risk mitigation, and risk transfer measures (among others). Some strategies also include accepting the risks.
Risk Management and Control
This stage is crucial to the risk management process because it provides an accurate assessment of how project risks may affect project success (Cervone, 2006). The risk manager uses this assessment to formulate a risk control plan that would minimize the impact of project risk on the project outcome (Cervone, 2006).
Here, the emphasis of the project control plan is to minimize the project risks on the project’s baseline performance (Ahmed & Kayis, 2007). After formulating and executing the risk control plan, the residual risk of a project appears on the project contingency plan (Davidson, 2010).
Risk Reporting and Tracking
Ahmed & Kayis (2007) say documenting project risks outline the last step of the risk management process because it provides physical evidence of the processes outlined above. One issue that arises here is the acknowledgement that the risk management process is a continuous process involving the evaluation and discovery of new risks.
By acknowledging this fact, it is easy to minimize the impact of risks on project costs, project schedules, and project progress. This iterative process continues until the process of risk identification and risk elimination ends (Cervone, 2006).
Management Approach
The UAEPLCC project management plan has established defined roles and responsibilities for the management team to ensure the project succeeds. The specific roles and responsibilities for members are as follows
Project Manager
The main role of the project manager is to oversee the cost management process and the development of the contingency plan. These roles are consistent with the change control process and the management outline provided in the project plan (Felix, 2002). Overall, the project manager should ensure the risk management contingency is equal to project risk, and that the realization of the full project scope is real.
Project Risk Manager
The main role of the project risk manager is to ensure the full implementation of the project risk plan. Essentially, the project manager is the main point of contact between the risk management plan and the project itself. His responsibility also involves starting consultations with quality and safety officers to ensure the full implementation of the risk management plan (Felix, 2002).
Broadly, the scope of responsibilities of the risk manager includes eliciting risks, registering them, performing risk analyses, and informing the project manager about the impact of these risk exposures on the project.
He will also formulate abatement strategies and use them to reduce risk exposures (Felix, 2002). Lastly, the project risk manager will inform the project manager about the effectiveness of these abatement plans in reducing risks.
Communication Plan
The purpose of the communication plan is to ensure the UAEPLCC project builds trust and confidence among all the stakeholders of the project. To do this, the communication plan abides by the principles of UAEPLCC’s “no surprise” policy where all stakeholders know the events surrounding the project’s progress.
This communication plan also highlights UAEPLCC as the main source of information, regardless of whether the information is appealing to the stakeholders, or not. The adoption of this communication strategy is critical to the project’s success because it ensures the dissemination of timely and accurate information to all project stakeholders.
External Communications Plan
At every stage of the project’s progress there will be a communications plan to inform all stakeholders and departments of the project’s progress. This plan should demonstrate compliance with the best standards in the formulation of project communication plans (Williams & Bertsch, 2006).
There are six key pillars of this plan. The first pillar is the identification and engagement of all public relations and media specialists who will manage public communication between the project manager and external stakeholders.
The main task of this communication team is to ensure the dissemination of consistent and accurate messaging that should eliminate the possibility of multiple voices emanating from the project team. The second tenet of this communication plan includes the dissemination of information regarding how the construction project minimizes any negative environmental impact.
This way, the community should feel the project is essential to their existence (acceptability). The third facet of the communication plan should convey accurate information regarding traffic and commuter transport. The aim of this information is to encourage the community to understand the impact of the project on the society.
The fourth plan of the communication plan involves the development of a feedback mechanism for project managers to understand any stakeholder concerns that have an impact on the entire project management process. This plan is important to the communication plan because it outlines how the risk management process includes stakeholder input.
The fifth facet of the communication strategy is the proactive conveyance of the project’s cost, scheduling, and contracting opportunities to the public. The same strategy involves the dissemination of information to external stakeholders and the media so that they can relay the same information to other agencies that may have missed the initial communication message. The last pillar of the communication plan is the assessment of all the objectives of the communication plan, alongside any opportunities that may arise from the same.
Internal Communications
The main purpose of formulating the internal communication plan is to ensure the easy communication of project plans among project team members. In detail, this communication plan ensures all functional team members have an open line of communication for coordinating the activities of the risk management plan.
The process of creating this open line of communication involves the identification of interfaces for integrating the activities of the risk management team and the project management plan.
Tools and Techniques
The main tools and techniques for ensuring there is an easy and open line of communication among project team members will be the incorporation of monthly all-program team meetings, UAEPLCC project all-staff meetings, project update e-mails, communications protocol documents, and external communications tracking plan.
The external communications plan involves the collection of all external contacts and schedule updates. This information will be later stored in one centralized spreadsheet (Williams & Bertsch, 2006). This process should provide an opportunity for project team members to achieve strategic coordination among all project departments.
Alongside this strategy will be the formulation of a protocol document that approves all appropriate standards of communication, to avoid any possibility of conflicts or confusion in the internal communication strategy. This strategy should streamline all internal communication strategies.
Lastly, the all-staff and all-program team meeting will be useful in updating team members about the progresses made. This strategy also aligns with the “no surprise” policy that forms part of the external communication strategy.
Risk Identification and Assessment
The risk identification process is a comprehensive plan that identifies all possible problem areas in the project. With such a comprehensive methodological plan, every person in the risk management plan identifies possible risks that affect his/her department. This process includes a graded approach for identifying all risks that have the potential for costing the project more than $100,000.
Similarly, the process identifies any risk that poses a technical challenge for the continuation of the project. Conventional risk management processes encourage project managers to use areas of common risk as the first places for risk identification (Ahmed & Kayis, 2007). However, the departmental heads have the liberty of identifying risks that do not fall within this framework. The table below identifies these common risk areas.
Risk Categories
The risks associated with the UAEPLCC project fall within the following five categories – cost, schedule, environmental/safety/health, technical, and management. The risk management process may include configuration processes, interface management, procurement processes, and programmatic processes (Dey & Ogunlana, 2004).
The technical risk category includes design functional requirements, design equipment complexities, and installation and integration complexities. The environment/safety/health category includes regulatory controls, environmental controls, operational safeguards, and security controls. Finally, the cost category includes the resources used to fund and hire staff (Gupta, 2011).
Risk Assessment and Quantification
The risk assessment level is a product of the probability of a risk occurring and its impact on the cost and schedule of normal project management operations.
An evaluation of the consequence of each project risk occurs as a function of its impact on the scope, cost, and schedule of the project. Regarding the implications of every risk, the risk assessment and quantification methods evaluate risk categories, based on three consequence levels discussed below.
Technical Consequence Level
The technical consequence level has only four categories of risk identification. They outline below:
Schedule Consequence Level
Like the technical consequence level, the schedule consequence level also has only four levels of risk. The outline appears below
Cost Consequence Level
Like the technical consequence level and the schedule consequence level, the cost consequence level has only four levels of risk. They appear below.
Risk Probabilities
The risk probability standard often underscores the probability of different levels of risk occurring. There are only four risk probability measures (P0, P1, P2, and P3) as shown below.
Risk Severities
This risk assessment stage outlines the impact of every risk on the project plan. The product provides an overall assessment of each probable risk as described by the diagram below.
The risk severity matrix described above shows that the risks that have a consequence level of more than two should appear in the risk management profile. They should also appear in the contingency analysis.
Risk Management Impact and Control
Risk Handling
The risk management process involves the identification and mitigation of project risks. The strategies for mitigating these risks generally fall within four broad categories – risk avoidance, risk transfer, risk reduction, and risk acceptance (Egbuji, 1999). These methods are widely accepted (in many risk management exercises) as the main methods for managing identified risks (Egbuji, 1999).
After the identification of every risk, a risk management strategy should suffice. Each risk should have its management risk. For every management strategy selected, a control strategy supports it (only accepted risks do not have a control strategy). For every control action specified in the risk management plan, there is a defined period for the control of the identified risks.
The same plan also includes an estimation of the cost of controlling the identified risks, the status of the risks (if they exist, or not). The risk control action identified for every risk should also appear in the risk register. This process should include a baseline budget for the realization of the control plans. The confidence level set out by every project should thereafter suffice (Khalid & Amjad, 2012).
Risk Impact Determination
The process of risk impact determination includes the evaluation and quantification of project risks (Khalid & Amjad, 2012). Based on the nature of the UAEPLCC project, its risks are likely to affect the project in two ways. The first way is the handling strategy implementation.
This method involves the management of risks using a risk reduction and risk mitigation strategy that has several cost and schedule implications on the project management process (the cost of managing the risk should appear in the baseline analysis of project costs and scheduling) (Massingham, 2010).
The risk impact determination process also outlines that project risks may affect project progress through residual risk. This process occurs after the execution of all risk impact mitigation strategies (although there may be some residual risks lingering in the project management process) (Mills, 2001).
A Monte Carlo process outlines how the distribution of the probability of residual risk occurs (Mills, 2001). Standard risk management practice dictates that the contingency plan should cover any residual impact associated with project risks (Ahmed & Kayis, 2007).
Risk Abatement
The risk abatement process involves the process of developing risk abatement strategies for minimizing or eliminating risks. The process of risk elicitation captures the risk abatement process because it underlies the process that management uses to handle risks. The abatement strategy works on mitigated risks (Khalid & Amjad, 2012).
These abatement strategies broadly define the course of action that the project management process takes to mitigate identifiable risks. Khalid & Amjad (2012) say project managers are keen on understanding the duration of the abatement actions because their timely execution of a project action ensures a reduction of risk impact.
After the execution of the risk abatement process, the risk register should reflect the nature and probability of residual risk. This risk management plan already identifies three main types of risks – technical risks, schedule risks, and cost risks. All these types of risks have a special abatement strategy for reducing their impact and consequence in the risk mitigation plan.
For example, the reduction of technical risks could occur through the judicious determination of contractor roles. The specification of construction drawings could also be another strategy for achieving the same result. Similarly, the mitigation of costs risks could occur by stipulating a fixed price for contractual obligations and promoting competition during the contract bidding process (Paton, 2003).
Overall, the monitoring process of the three types of risks should occur to ensure the early detection of cost or schedule variance (Ghioca, 2012). These activities should occur in a change control process, which monitors all aspects of the project plan (Stackpole, 2012). The following diagram explains the risk abatement strategies for employing in the risk management plan.
Cost and Schedule Impact (According to Monte Carlo Simulation)
The cost and schedule impact analysis uses crystal ball softwares to establish likely project costs and delays that project risks pose to the project management process. The software offers a simulation for establishing the likelihood of a risk occurring. These probabilities stem from a three-point analysis linear model that spans through “optimistic,” “pessimistic,” and “most likely” indices for evaluating project risk.
The Monte Carlo simulation technique should thereafter compare expert analysis of project risks and their impact on the project contingency. The Monte Carlo simulated schedule delay should also track possible delays that project risks would cause the entire project plan. The contingency analysis should contain all the results derived from the Monte Carlo simulation technique.
Risk Monitoring, Control, and Documentation
Risk Registry
The risk registry is the overall center of reporting that includes the status of every risk management plan. The same document also contains the results of the products of the probabilities and consequences of every risk (Tchankova, 2002). Any details surrounding risk control actions also appear in this document. This process includes a continuous re-evaluation of individual risks to establish their impacts on the project process.
The use of the risk registry is therefore vital for the project. The risk manager reserves the role of managing the risk register. He may undertake the same role with the project manager and the integrated project team (but his role always includes regular updates of risk management actions). Through this process, the identification of any new risk should occur in the risk registry.
The registry does not include any risks perceived to lack credibility from the registry. However, the same document should contain credible risks. Often, risk registries do not include risks that have occurred and have no residual values on the project (White, 1995).
Overall, it is important to understand that level two (or above) risks should appear in the contingency plan (this process occurs after assessing the probability and impact of every risk). This process should also produce a quantitative assessment of the level of risk associated with the project.
Risk Contingency Budgeting
The purpose of including the risk contingency budget in this plan is to prepare for the improper management of any risk. This risk contingency budget should contain extra funds for preventing the project from surpassing its financial target. The risk contingency budget plan covers the financial budget for different aspects of the risk management plan, including risk identification, risk handling, risk control, and risk planning.
Risk Documentation
Gupta (2011) says the process of risk documentation appears in a risk report worksheet. In detail, this document includes the consequences and the probability of risks, as the main details needed to assess the project. The risk management worksheet also documents the risk handling strategy for every identified risk (Gupta, 2011).
The risk documentation process provides a reference point for the management of future project risks and the correction of poorly managed risks. Such documents also provide a platform for comparing the risk management practices for different risks and searching for better ways of doing the same.
References
Ahmed, A., & Kayis, B. (2007). A review of techniques for risk management in projects. Benchmarking: An International Journal, 14(1), 22 – 36.
Blokdijk, G. (2008). PMP/PMBOK 100 Success Secrets. New York, NY: Lulu.
Caldwell, F. (2008). Risk intelligence: applying KM to information risk management. VINE, 38(2), 163 – 166.
Cervone, H. (2006). Project risk management. OCLC Systems & Services, 22(4), 256 – 262.
Davidson, M. (2010). Risk management in a pure unit root. Journal of Risk Finance, 11(2), 224 – 234.
Dey, P., & Ogunlana, S. (2004). Selection and application of risk management tools and techniques for build-operate-transfer projects. Industrial Management & Data Systems, 104(4), 334 – 346.
Egbuji, A. (1999). Risk management of organisational records. Records Management Journal, 9(2), 93 – 116.
Felix, D. (2002). Managing Project Integration. London, UK: Management Concepts.
Ghioca, T. (2012). Time Management in Project Management. Web.
Gupta, P. (2011). Risk management in Indian companies: EWRM concerns and issues. Journal of Risk Finance, 12(2), 121 – 139.
Khalid, S., & Amjad, S. (2012). Risk management practices in Islamic banks of Pakistan. Journal of Risk Finance, 13(2), 148 – 159.
Massingham, P. (2010). Knowledge risk management: a framework. Journal of Knowledge Management, 14(3), 464 – 485.
Mills, A. (2001). A systematic approach to risk management for construction. Structural Survey, 19(5), 245 – 252.
Paton, D. (2003). Stress in disaster response: a risk management approach. Disaster Prevention and Management, 12(3), 203 – 209.
Stackpole, C. (2012). A User’s Manual to the PMBOK Guide. London, UK: John Wiley & Sons.
Tchankova, L. (2002). Risk identification – basic stage in risk management. Environmental Management and Health, 13(3), 290 – 297.
White, D. (1995). Application of systems thinking to risk management: a review of the literature. Management Decision, 33(10), 35 – 45.
Williams, R., & Bertsch, B. (2006). Quality and risk management: what are the key issues? The TQM Magazine, 18(1), 67 – 86.