Indy Risk School
Project Management Risk Models
Unlike Indiana Jones, organizations have been practicing risk management for many years. For example, in the financial sector, there is a highly formalized process of risk assessment and risk control in lending. Upon receiving an application for a loan, the Loans Manager would undertake a risk assessment based on the applicant's current financial position, length and stability of employment, credit rating, amount of money requested, proposed term, proposed security and so on. Risk control (reduction or containment) would then be applied to the loan including offloading the loan, insurance, monitoring of payments, late payment patterns, etc. The popularity of Peter Berstein's Against the Gods: The Remarkable Story of Risk  indicates that many organisations are beginning to see risk management as a major issue for 21st Century management.
The management risk involves four related processes [note: some experts such as Robert Charette  treat risk management as a separate component to risk assessment though most experts see risk management as the overall process]. Figure 2 summarises the various elements of risk management.
Fig. 2 - the Risk Management process
The first is generally termed Risk Assessment. This process involves the identification of risk factors that are intrinsic in the activity being undertaken. For example, in the activity of commuting from home to work, we face a number of risks:
Clearly, the more risk factors involved in the activity, the higher the risk of the activity and the lower the probability of success. If you lived in an apartment next to the building in which you work, the risk involved in getting to work on time is many times lower than that facing a person with a 20 mile commute involving driving to the station, getting kids to school, taking a pre-work study course and public transport.
The second process in risk management is the process of Risk Reduction, Minimization or Containment. This process involves planning and action to reduce the risks and, if that is not possible, to introduce strategies to minimise the impact of failure.
To manage the risks in our commute, we could reduce risk by moving closer to work, obtaining flexible working hours or undertaking community and political action to improve public transport.
Risk management also involves the evaluation and management of the impact of failure of the activity. For example, what is the impact of failing to get to work on time?
Clearly, the greater the impact of failure, the greater the need for positive risk management processes. At the same time as we are attempting to reduce the risks, we could limit the impact by establishing a good reputation at work, negotiating performance agreements not linked to being at work on time and so on.
The third and fouth processes of Project Risk Management are the Risk Monitoring and Risk Reporting of the status of risks [particularly High risk factors], the identification of new risk factors that have emerged during the project and reports on the effectiveness of containment strategies.
The assessment of risks in projects is less understood by many organisations. In fact a study by Andersen Consulting in 1998 revealed that 2/3 of the business executives surveyed indicated that they did not understand the risk assessment process as applied to projects. This is very important, as we mentioned earlier, while many organisations have established processes for assessing what we will call Business Risk; they have no formal procedures for evaluating Project Risk.
|<< Page 2||Page 4 >>|