Introduction
In a perfect business environment, any goals that are set for an investment are achieved as per book. However, in real life, the actual returns often fall short of anticipations due to unforeseen uncertainties. In business, these uncertainties are known as risks and have the potential to affect the performance of any enterprise.
Furthermore, certain scenarios that occur due to the risks can result in closure of the business, especially when huge losses are incurred. As a result, investors and business researchers have developed ways of reducing deviation of actual returns from targeted returns. This practice is known as risk management.
It is involved with identification and analysis of risks and acting appropriately to mitigate them by making feasible decisions. Depending on factors such as risk appetite among others, the level of response can vary significantly. However, some managers tend to perceive that risk management only involves setting of rules that are mandatory to employees.
Although the rules can enable reduction of the existing risk exposures, sometimes they harden detection of new threats that can pose devastating effects to the firm. For example, the credit crisis that occurred between 2007 and 2008 led to huge losses that led to termination of banks. This situation compelled many financial institutions to put risk management models in place to prevent recurrence of such situations in the future. This essay provides an insight into risk management and its implications on project management.
Evolution of Risk Management
To understand the contemporaneous and future of risk management, it is necessary to understand why corporates started mitigating risks by investing heavily in identification of the effects that they had on their investments. How did risk management start? Simona-Iulia (2014) reveals that the field of insurance management that existed before the 1970s focused on identifying and assessing business risks.
However, it was inadequate to meet the demands of business world that was evolving rapidly. As a result, there was a need to come up with new forms of management to focus on a variety of business security besides insurance. This urge led to development of risk management in the mid-1970s to focus on areas that were not covered by insurance such as electronic commerce, employment practices, offshore outsourcing, and environmental degradation among others.
This field grew rapidly until the 1980s when it was recognised as a vital component of strategic planning in companies. McShane, Nair, and Rustambekov (2011) posit that risk management involves identification of risks that are faced by corporations with a view of formulating apt decisions that enable effective business operations. It provides suitable frameworks for controlling various risks that are encountered by business organisations.
Previously, risk management only emphasised on the downside effect of the business uncertainties. However, current practices are aimed at addressing both the negative and positive effects of risks on businesses. This knowledge enables managers to avoid losses from negative exposures whilst seeking the best opportunities that accompany risks depending on factors such as economic growth, strategic position, and political stability.
Chief risk officers (CRO) head risk management departments in corporates. According to McShane et al. (2011), the CRO is charged with a responsibility of managing risks in five general categories that are itemised below:
- Business risks. These are flaws exist within the industry in which a business operates.
- Operational risks. The uncertainties come up directly from the organisation’s primary operations that are associated with shortcomings such as human errors or machinery malfunction.
- Legal risks. The organisation is a legal entity. For that reason, there should be proper planning of alleviating risks that pose potential lawsuits to the organisation.
- Credit risks. These are uncertainties that involve debtors and/or creditors to the organisation
- Market risks. The market poses some of the most challenging fears to the organisation. Abrupt price fluctuations can lead to sharp rise or fall in profits. A good example is the current oil price slump that has shed off more than 45-percent of its value within a span of 6 months.
- Other risks that are associated with the market include interest and exchange rates.
Theoretical Concepts of Risk Management and their Implementation
After the identification and assessment of the risks, the organisation should adopt suitable models to prevent and/or minimise their effects on its operations and profitability. Concepts that have been developed by various economists enable organisations to minimise the risks substantially. The theories are grouped into four major categories.
- Retention
- Sharing
- Avoidance
- Reduction
Risk Avoidance
This concept involves circumventing projects and/or activities that pose impending risks to the organisation. According to Prokop and Pfeifer (2013), it is better to avoid projects that are likely to cause harm to business operations. For instance, consider a real estate developer who is looking for a piece of land with a view of building rental houses.
In the process, the developer comes across a prime property that is being offered at a good price in spite of certain ownership and/or pollution lawsuits that have been filed against the entity. In such a case, it is advisable to avoid the risk, rather than owning the entity together with the lawsuits that can bring about losses of revenue and time value of money in the near future of the prospective project (Prokop & Pfeifer, 2013).
Risk Reduction
This concept entails minimising the exposure to risks by cutting down the activities that are likely to bring about shortcomings in the course of business operations. A project is a combination of many activities that are aimed at achieving a common goal. However, Perrenoud, Lines, and Sullivan (2014) posit that each activity can have its own risks that can be either endurable or excruciating.
Instead of facing all these shortcomings, the organisation can decide to reduce the intolerable risks. No single activity can pose all negative risks to a project. However, consideration of an activity that poses negative risks to the organisation, then it benefits should outweigh its impending losses. There is a need to evaluate the value of the positive risk as opposed to the negative one in an attempt to formulate a feasible decision that enables determination of the worth of the risk (Perrenoud et al., 2014).
For instance, consider a scenario where an office is under fire and all the documents in it are at a risk of burning down to ashes. Assuming the presence of a water extinguisher in the office, will you use it to put off the fire and bear the risk of wetting the documents or will you let the fire consume everything in the office? In this case, a need to weigh options arises.
The best option will be to put off the fire using the water extinguisher to damage the documents partially rather than letting the fire destroy them. Briefly, the risk is reduced by choosing a less undesirable outcome as opposed to picking out an utterly objectionable decision (Perrenoud et al., 2014).
The application of the above scenario in a real project results in incurrence of some extra costs for the project in an attempt to realise its success (Perrenoud et al., 2014). Companies reduce risks by outsourcing parts of the projects to other firms that specialise on the particular type of undertaking that seems unfeasible to them.
For instance, in the oil exploration industry, the drilling company rarely handles the transportation of rigs from one site to another. However, it outsources this part of the job to firms that have specialised in the transportation of the machines. They have the better capacity and expertise to handle such work than that of the drilling company. As a result, the drilling company has to pay the transportation companies.
This situation results in incurrence of an additional cost to the exploration cost, which is much better than risking loss and/or destruction of the rigs during the transportation process. Perrenoud et al. (2014) reveal that outsourcing is a very powerful and practical way of reducing the project risks.
Risk Sharing
Simona-Iulia (2014) posits that ‘a problem shared is a problem half-solved’. This saying is widely used in social life to encourage people to speak out of their problems to seek assistance. According to Simona-Iulia (2014), this strategy can also be applied in risk management.
Risk sharing involves convergence of two or more parties with a view of improving coordination of the benefits and/or losses that arise from tentative activities in a business. They also consolidate the methods of risk management of the individual firm. As a result, it is an effective way of reducing the burden of loss that can emerge of from the risk (Simona-Iulia, 2014).
Therefore, there is a need for organisations to share high-risk opportunities that can bring about good returns. Independent undertaking of such opportunities results in financial catastrophes in the event that the risk occurs. Consequently, organisations that are faced with high-risk business opportunities should look for interested partners who have better capacities to undertake such projects (Simona-Iulia, 2014).
In such situations, the parties enter an agreement that specifies liability roles and benefits of each organisation in case the risk occurs. The idea behind this theoretical model is to share the cost of risk. The organisations also benefit from the positive outcomes of risk when it occurs.
According to Prokop and Pfeifer (2013), risk sharing does not only occur between firms that come together to work on a project jointly. Insurance companies also offer risk covers. The focus of insurance firms on organisations is to share unforeseen risks that can occur in the course of a business.
When an organisation is insured against a certain risk such as fire or political instability, it can comfortably pursue its activities without the fear of incurring unbearable losses that can lead to closure. However, this undertaking requires adherence to the policies of insurance firms to meet all the precautionary measures that qualify the organisation to be awarded an insurance cover (Prokop & Pfeifer, 2013).
The first step before you start your project is to get in touch with an insurance company to obtain a policy to protect it against unforeseen risks. Although meeting premium insurance requirements mostly seem expensive, the probability of knowing the fate of the project is always very low regardless of the risk forecasting measures that are put in place to detect future financial trends (Amin, 2014).
Risk Retention
Amin (2014) reveals that risk retention is a theoretical model that is applied in organisations in case they face the consequences of unplanned business occurrences that have the likelihood of causing losses. This strategy is an important part of risk management that any organisation should take into consideration. A good example of risk retention is found in the case of the BP oil spill that arose from offshore drilling in 2010.
Although the CEO had put strict rules in place to ensure that the company reduced any kind of risks, the catastrophic event happened abruptly and unexpectedly. In such cases, the organisation has to accept the risks and the accompanying losses that come along with them.
The lessons that are gathered from such situations should be taken as lessons to make better decisions pertaining to risk assessment and management in future to prevent their recurrence (Amin, 2014). According to Amin (2014), sometimes organisations are aware of the risks but the cost of mitigating them are too high for them to accept the impending losses.
For instance, a country such as Syria that has experienced a relatively long period of political stability abruptly succumbed to a civil war in an attempt to oust the sitting president. Many companies that had their businesses in the country faced a challenge of obtaining insurance cover at the onset of the war that led to destruction of multi-billion dollar properties. The war has continued for several years. Consequently, an organisation that has insurance cover will most likely pay very high premiums for a business that has been destroyed. In this case, it is advisable to retain the risk that occurs in course of the business operations (Amin, 2014).
Key Challenges in Risk Management
Anderson, Christ, Dekker, and Sedatole (2014) posit that risk management is not ‘a walk in the park’. It has some key challenges that risk managers have to deal with both at the project level and at the strategic levels. These challenges are itemised below.
Project/Operational Level
Risk management is paramount to the success of a project. However, overemphasising the process of accomplishing the goals can have negative effects on the project (Anderson et al., 2014). Spending too much time on the assessment of the potential risk identified can also cause costly delays to the organisation. According to Anderson et al. (2014), such situations can render the project unviable.
At times, projects need to be executed quickly and appropriately to solve specific problems. However, if the period that is needed to implement a solution expires, then the project needs to be stopped. If the process of risk management took long to be completed, it results in project delays. This situation leads to incompletion of a project. As a result, the organisation succumbs into losses (Anderson et al., 2014).
Another challenge is the abrupt changes in the nature of risks. This situation leads to emergence of new risks that are not anticipated. A good example of such risk is the Malaysian Airlines flight MH307 that went missing in the middle of a journey.
The risk was not planned regardless of its occurrence in the course of the business activity. In a similar case, the ANA Boeing 787 that indicated some smoke from its left wing while on the parking bay due to battery problems led to grounding of other 787 airliners worldwide for several months.
The airline did not expect such a risk airlines since it had been operating for a long time while using the same batteries. This situation led to unanticipated losses to the company. Unforeseeable risks cause delays in projects once they occur. Elsewhere, they ruin the entire project process in ways that are not even controllable by the best risk managers (Anderson et al., 2014).
Strategic/Corporate Level
These are the boardroom challenges (Anderson et al., 2014). The primary sources of these challenges are the managers of the organisation who fail to allocate funds and resources to enable identification and assessment of future risks. Such managers fail to focus on the threats that certain projects pose to the company.
Instead, they put more emphasis on the benefits of the projects to the organisation. A risk manager who has insufficient resources to handle challenges is likely to bring an organisation down (Prokop & Pfeifer, 2013). Generalisation of risks is also another challenge that faces many organisations. In project management teams, members have their own perceptions about risks.
However, majority of them usually underestimate the impact of the impending risks on the organisation (Anderson et al., 2014). This situation usually leads to failure of projects; hence, the organisation incurs huge losses. As a result, risk managers should be in a position to assess feasible decisions that are perceived as valid by the team members to avoid generalised solutions that can result in unsuccessful projects (Prokop & Pfeifer, 2013).
Risk Management Strategies and Plans
The strategies that are used by different organisations to manage risks largely depend on three factors namely risk appetite, tolerance, and capacity (Anderson et al., 2014). Risk appetite refers to the amount of uncertainty that an entity is willing to accept. According to McShane et al. (2011), it is the attitude of the entity towards taking risks.
A low risk investment fund will most likely compel an organisation to invest in secure government bonds unlike a high-risk fund that will engage the entity in superior frequency trading (McShane et al., 2011). On the other hand, risk tolerance is the quantitative value that shows the extent of uncertainty that an entity is willing to take in all its projects.
Not anything above that level of risk the entity will be willing to risk any further. Lastly, risk capacity strategies determine the amount of improbability that the organisation can manage without adversely affecting its operation. Liquid entities have capacities to take high risks (McShane et al., 2011).
Effective Project Risk Models
Scenario planning
This project model of planning against risk is used for projects that have a life of more than five years. It analyses long-term risks in broader perspectives such as economic growth, political stability and technological advancements. McShane et al. (2011) reveal that the factors that have the biggest impact on the project are selected to assess the probability of different outcomes.
The outcomes are combined in an attempt to choose the plausible ones that guide the formulation of feasible project goals. Scenario planning also provides exit strategies that can be applied in case the outcomes become unfavourable for the project. This situation enables maintenance of the organisations profitability (Prokop & Pfeifer, 2013).
War-gaming
Prokop and Pfeifer (2013) reveal that organisations operate in competitive environments that sometimes lead to emergence of price wars or other activities that counter their expectations. Such situations pose some risks to the organisations.
To alleviate such challenges, teams are chosen to identify short-term changes that competitors are likely to undertake to gain competitiveness in the market. This strategy enables managers to formulate apt decisions that are aimed at mitigating the risks that are posed to them by their competitors (Prokop & Pfeifer, 2013).
Conclusion
Assumption of risks can have tremendous effects on the operations of an organisation. Therefore, there is a need for organisations to adopt apt decisions towards risk management. For instance, the 2007-2008 financial meltdowns were caused by banks that failed to manage their risks appropriately.
These situations result in worldwide recessions. This state of affairs shows how simple ignorance such as failure to acknowledge the importance of risk management can be costly not only to the organisation but also to the external environment. People are likely to think twice before they take certain foods because of the harm they can cause to their health.
In a similar manner, organisations need to assess the risks thoroughly. Consequently, resources should be allocated appropriately to overcome risks. Risk management departments should be created within the organisations. Such measures facilitate the achievement of the organisation’s goals.
Reference List
Amin, Z. (2014). Operational Risk Modelling and Management. Journal of Risk & Insurance, 81(4), 969-73.
Anderson, S.W., Christ, M.H., Dekker, H.C., & Sedatole, K.L. (2014). The Use of Management Controls to Mitigate Risk in Strategic Alliances: Field and Survey Evidence. Journal of Management Accounting Research, 26(1), 1-32.
McShane, M. K., Nair, A., & Rustambekov, E. (2011). Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing & Finance, 26(4), 641-58.
Perrenoud, A., Lines, B., & Sullivan, K. (2014). Measuring risk management performance within a capital programme. Journal of Facilities Management, 12(2), 158-71.
Prokop, J., & Pfeifer, D. (2013). How do you Deal with Operational Risk? A Survey of Risk Management Practices in the German Insurance Sector. Journal of Risk Management in Financial Institutions, 6(4), 444-54.
Simona-Iulia, C. (2014). Comparative Study Between Traditional and Enterprise Risk Management – A Theoretical Approach. Annals of The University of Oradea, Economic Science Series, 23(1), 276-82.