Project Management

sulan.
lecture1.pdf
Home>Business & Finance homework help>Project Management

Lecture 1

Introduction

Prepared by Eng. Mosaab Hamed

MGM510

Risk Management

Introduction to Risk Management

Reference

Approaches to defining Risk

• The Oxford English Dictionary definition of risk is as follows:

‘a chance or possibility of danger, loss, injury or other adverse consequences’, and the definition of at risk is ‘exposed to danger’.

• In this context, risk is used to signify negative consequences. However, taking a risk can also result in a positive outcome. A third possibility is that risk is related to uncertainty of outcome.

Approaches to defining Risk

• The Institute of Risk Management (IRM) defines risk as:

“ The combination of the probability of an event and its consequence.”

• Consequences can range from positive to negative.

Approaches to defining Risk

Types of risks

• Every risk has its own characteristics that require particular management or analysis.

• Risks are divided into four categories: • compliance (or mandatory) risks

• hazard (or pure) risks

• control (or uncertainty) risks

• opportunity (or speculative) risks

Types of risks

• In general terms, organizations will seek to minimize compliance risks, mitigate hazard risks, manage control risks and embrace opportunity risks.

Types of risks

• Control risks are frequently associated with Project Management.

• Uncertainties can be associated with the benefits that the project produces, as well as uncertainty about the delivery of the project on time, within budget and to specification. The management of control risks will often be undertaken in order to ensure that the outcome from the business activities falls within the desired range. The purpose is to reduce the variance between anticipated outcomes and actual results.

Types of risks

• Opportunity risks: sometimes, organizations deliberately take risks, especially marketplace or commercial risks, in order to achieve a positive return.

• The focus of opportunity risks will be towards investment.

• Opportunity risks may not be visible or physically apparent, and they are often financial in nature. Although opportunity risks are taken with the intention of obtaining a positive outcome, this is not guaranteed.

• Opportunity risks for small businesses include moving a business to a new location, acquiring new property, expanding a business and diversifying into new products

Types of risks

• Hazard risks are the most common risks associated with operational risk management, including occupational health and safety programs.

Risk Description

• In order to fully understand a risk, a detailed description is necessary so that a common understanding of the risk can be identified and ownership/responsibilities may be clearly understood.

• The next example is intended to distinguish between these four types of risk:

Risk Description

Inherent level of risk

• It is important to understand the uncontrolled level of all risks that have been identified. This is the level of the risk before any actions have been taken to change the likelihood or magnitude of the risk.

• Identifying the inherent level of the risk makes it possible to identify the importance of the control measures in place.

Inherent level of risk

• There is considerable debate about whether to undertake risk assessment at inherent or current level, the purpose of any risk assessment remains the same. It is to identify what is believed to be the current level of the risk and identify the key controls that are in place to ensure that the current level is actually achieved.

Inherent level of risk

Risk classification System

• Risks can be classified according to the nature of the attributes of the risk, such as timescale for impact, and the nature of the impact and/or likely magnitude of the risk. They can also be classified according to the timescale of impact after the event occurs. The source of the risk can also be used as the basis of classification. In this case, a risk may be classified according to its origin, such as fire, fraudulent, etc.

Risk classification System

• A further way of classifying risks is to consider the nature of the impact. Some risks can cause detriment to the finances of the organization, whereas others will have an impact on the activities or the infrastructure. Further, risks may have an impact on the reputation of the organization, or on its status and the way it is perceived in the marketplace.

Risk classification System

• An important consideration for organizations when deciding their risk classification system is to determine whether the risks will be classified according to the source of the risk, the component impacted or of the consequences of the risk materializing.

• It is likely that each risk will need to be classified in several ways in order to clearly understand its potential impact.

Risk likelihood and magnitude

• Risk likelihood and magnitude are best demonstrated using a risk matrix.

Risk likelihood and magnitude

Risk likelihood and magnitude

• However, the more important consideration for risk managers is not the magnitude of the event, but the impact of the event and the consequences that follow.

• Because the impact (and the associated consequences) of an event is usually more important than its magnitude (or severity), every risk matrix used in the remainder of this course will plot impact against likelihood, rather than magnitude against likelihood.

Risk likelihood and magnitude

• As risks move towards the top right-hand corner of the risk matrix, they become more likely and have a greater impact. Therefore, the risk becomes more important and immediate and effective risk control measures need to be in place.