Project management
- A project is a work effort with a clear beginning and an end. It results in the creation of a unique product.
- While good project management does not guarantee the success of a project, poor management invariable leads to a project’s failure.
- One of the key Components of Project management is Risk Assessment and Management.
The Project Management Institute (PMI) defines a project as a one time work effort that has “a clear beginning and end and is intended to create a unique product or knowledge”. Projects vary in size and they may involve the effort of a single individual or even hundreds of people working in collaboration.
Project management involves “application of knowledge, skills, tools and techniques” so as to achieve the desired end result. While small projects may be undertaken without project management, a significant project must involve project management.
All experts agree that “while good project management does not guarantee the success of a project, poor management invariable leads to a project’s failure. For this reason, the project management component is very essential for any sizable IT project.
What is Risk
- Risk is often referred to as the presence of potential or actual threats or opportunities that influence the objectives of a project;
- All projects have their potential consequences that can be regarded as benefits or threats to success;
- Risk Management is normally ignored since most project managers deem it as unnecessary paperwork;
- This notion leads to firefighting approaches to dealing with problems that appear in the life of the project.
The Institute of Risk Management (2002, p.2) defines risk as a combination of the probability of an event and its consequences. As such, risk is often referred to as the presence of potential or actual threats or opportunities that influence the objectives of a project.
Risk Management
- Bearing in mind that all projects have risks, risk management should play a central role in project management.
- Risk management involves the Project manager methodically addressing the risks attached to various activities.
- Due to the uncertainties that are in each project, there is no standardized approach to dealing with risks.
- Good risk management aims at assessing the project to identify what could go wrong.
- This analysis and management results in increased likelihood of project:
- Completion on time;
- Completion within budget;
- Delivery of quality product.
- Risk management also results in reduction in the probability of failure and uncertainty of success that is as a result of risk probability.
Risks arise as a result of the uncertainties that are inherent in each project. One of the things which makes risk management hard is that there is no standardized approach to dealing with risks (Norris, Perry & Simon 2000, p.2). This is because no two projects are alike and as such, each project had its own unique environment and variables which leads to differing risks.
Norris, Perry and Simon (2000, p.1) assert that project risk analysis and management if properly undertaken increases the likelihood of successful completion of a project on time and within cost.
Value of Risk Management
- Provides a framework through which the project activities can take place.
- Improves decision making, planning and prioritizing.
- Contributes to the efficient allocation of project resources.
- Optimizes operational efficiency of overall project.
By performing risk management, the project manager increases his/her control of the project as risk management provides a framework which enables the future activities to be undertaken in a consistent manner (The Institute of Risk Management 2002, p4).
In addition to this, risk management stipulates that project risks be identified beforehand. This will lead to an improvement in decision making since the decisions will be based on facts.
The efficiency with which the project will be undertaken will therefore be increased as project activities will occur in a consistent and controlled manner and capital and resources allocation will be efficiently performed.
Risk Analysis Process
- Risk Identification:
- Risk Analysis begins with the Identification of the risks that a project faces;
- This action is indiscriminate i.e. significant and insignificant risks are outlined;
- Risk Identification Techniques:
- Brainstorming;
- Questionnaires;
- Scenario Analysais;
- Incident investigation;
- Risk Description:
- This process includes the elaboration on the risk in order to allow for its assessment.
- Project manager may elicit the use of a structured format such as a table to do this.
- This comprehensive description can be used as a basis for prioritizing the risks.
The concept of risk management involves conducting a detailed assessment of a particular project so as to identify significant things that could go wrong with the project.
Risk Estimation
- The “risk value” attached to an activity can be calculated on.
- Qualitative estimations include terming risks probabilities as “high”, “medium” or “low”.
- Quantitative estimations include assigning numerical value to the risk e.g. a project manager may use a 5×5 matrix to evaluate risk. a quantitative or qualitative manner.
Profiling Risks
- Not all risks elicit the same attention.
- Risks can be measured in terms of:
- Likelihood of failure on project;
- Impact of failure on project;
- The higher the likelihood, the more care the PM should take to mitigate the failure.
- If the impact of failure is very high and the likelihood of failure is equally high, one may consider reassessing project validity.
Jenkins (2006, p.31) suggests that the risks in a project can be measured on two major axes, that is, “likelihood of failure and the impact of failure.” As such, the more likely a problem is to occur during the project, the greater the risk it poses to the project and the greater the consequences that a problems occurrence can have on the project, the more emphasis one should place on the problem.
If it is established from the risk assessment stage that a certain project issue risk likelihood and risk impacts are high, the issue becomes a critical issue. The risk posed by such an issue represents a significant threat to the project and in a worse case scenario, it may actually lead to the collapse of the project. This is because such an issue is projected to recur frequently and with a serious impact. Such issues must be dealt with immediately if the project’s success is to be guaranteed (Jenkins 2006, p.31) .
Risk Evaluation
- After running the risk analysis process, the estimated risks should be compared against some predetermined criteria.
- This standard criteria include the concerns of the stakeholders, legal requirements and associated costs and benefits.
- Risk evaluation involves the determination of the significance of a risk to the project.
- The task of risk evaluation lies with the project manager or other top managers who are directly responsible for project’s success.
Risk Treatment
- The fundamental goal of risk evaluation is to be able to reduce or altogether eliminate risk.
- Once one had identified the risks and categorized them as “major” or “minor”, one can proceed with resolution actions. to resolve the risk.
- Risk Resolving Actions:
- Research;
- Acceptance;
- Reduction;
- Elimination.
Once the risks involved in the project have been identified and subsequently classified according to their frequency of occurrence and the impact that their occurrence may have on the overall project, risk resolution activities should be undertaken.
In most cases, the project team only has a vague idea as to the nature of the risk, as such, further research on the risk should be carried out for the project team to have an intimate understanding of the same.
Some risks are inevitable in the project and they should therefore be accepted as a part of the project. The project team should however anticipate this risks and have measures put in place for dealing with the same.
Some risks are deemed as being too high and for the project to proceed favorably, measures must be taken to mitigate the same and establish contingency plans in case the risks arise.
Elimination of risks is necessary in cases where the risks are unacceptable.
Risk Management Process Monitoring and Review
- Effective risk management includes a reporting and review component.
- Reports and reviews help to ensure that on identifying risks, appropriate controls and responses are in place to deal with them.
Monitoring and Review Goals
- To determine whether the measures adopted to mitigate risks were successful.
- To access if improved knowledge as a result of risk identification led to better decisions being made.
- Identify what lessons future risk assessments can contribute to the project.
Tenovis Company Case Study
- Project was aimed at producing a unified, integrated software tool to support service personnel.
- Risk was brought about by use of new and challenging technologies and need for innovative technologies.
- The risk management process made use of Riskit; a specific risk management method.
- Risk management involved:
- Risk identification;
- Risk analysis and;
- Risk monitoring.
- The project manager was intimately involved in the risk management process which is part of the reason why the risk assessment was successful.
- As with other risk management processes, it was hard to quantify the benefits that cane about as a result of risk management in tangible terms.
- While risk management and assessment added to the cost of the project, project managers deemed this costs as acceptable.
Bosch Telecom is a German telecommunication Company dealing in a wide range or products. In the year 1999,k the company was considering undertaking a software development project aimed at coming up with a product that would support service personnel in their administrative tasks (Freimut 2001, p.3).
The duration of the project was to span one year and it involved the use of new and challenging technologies that led to high risk.
The project made use of the Riskit method which is defined as “a comprehensive risk management method that is based on sound theoretical principles, designed to have sufficiently low overhead and complexity so that it can be used in real, time-constrained projects.” (Freimut 2001, p.2).
NASA/JPL Genesis Mission Case Study
- The Genesis Mission included various system components including software component.
- Risk Identification was deemed the most critical step in risk management:
- Brainstorming exercises were used for Risk Identification;
- Complexity of the risk forms used in Risk Identification resulted in leaving out of some risks;
- Risk mitigation actions proposed where the greatest knowledge of the risk lay.
- Project risk assessment tools were in the beginning simplistic but with time, more sophisticated tools were required.
- The benefits of risk assessment included:
- Mitigation of risks by turning high risk to media or low risks through proactive actions;
- This lead to an increase in confidence by project managers and project team;
- The Success of the Genesis mission was partly credited to the good risk management process employed.
The Genesis mission was aimed at sending a spacecraft close to the sum to observe solar winds and collect some of this dust for experimentation on earth. The project involved many components, hardware and software and the critical nature of the project meant that the functionality of each component was to be absolute.
Risk identification was deemed to the a critical step in risk management and as such, a lot of effort was dedicated to collect as many possible risks as could be thought up. Complex forms were given to project members to help in the identification of risks. However, it was noted that the risk forms used to elicit risks from the project members were deemed to be complex by many thus leading to some risks not being documented (Barney & Bennett 2000).
In the Genesis project by NASA, analytical data, models and quantitative information was used for decision making concerning risks (Barney & Bennett 2000, p.5). This led to a reduction in the risk impacts and overall good decisions throughout the project.
Barney B R & Bennett (2000, p.7) note that while the project in its early stages required only simplified tools to perform the risk analysis and monitoring, more sophisticated tools were required as thh project matured.
Conclusion
- Project management is an essential part of any substantial project and it involves planning, identification of risks and progress tracking.
- Risk management which involves addressing the risks attached to the project activities is crucial to the success of a project.
- In the end, it is the project managers obligation to access the risks and make decisions as to the path that the project takes.
Discussion Questions
- Why is project management referred to as the “thankless job”? ie. Why is the project manager not credited with the success of the project?
- When doing Risk assessment, who should decide what should be classified as “major” or “minor” risks?
- There are positive and negative risks in a project. What are positive risks?
- Project management is referred to as a thankless job since the success is not noticeable. As such, there is little evidence that the manager did anything as the project generally looks simple in retrospective.
- Ideally, all the team members should be involved in the risk assessment. They should give their view on the level of risk they think a particular issue represents and from their opinions, classifications can be made.
- Positive risk include a risk taken by the project risk that may lead to gains in the future. E.g. use of a new technology that has some risk but will cut cost and efforts.
References
Barney B R & Bennett R B. 2000. Risk Management for the NASA/JPL Genesis Mission: A Case Study. Web.
Freimut B et. al. 2001. An Industrial case Study of Implementing Software Risk Management. Web.
Jenkins N. 2006. A Project Management Primer. Web.
Larsen D. 2005. Project Management Process. Web.
Norris C Perry J & Simon P. 2000. Project Risk Analysis and Management. The Association for Project Management.
The Institute of Risk Management. 2002. A Risk Management Standard. AIRMIC.