Project Risk Appraisal and Identifying Strategic Management Tools

Introduction

In a world of complex and constant change comes various risk factors, Frigo, M. L, Laessoe, H, (2012) write that in organizations that are implementing a risk strategy find it paramount for improving business performance. The writer also explains that combining an ERM framework such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO), “Which maps out the risk management process as five steps; Governance and Culture, Strategy & Objective Setting, Performance, Review & Revision, and Information Communication & Reporting, (COSO, 2018). And the ISO 31000 processes include; “General (that encapsulates an integrated management that embeds a risk management culture and that ties into the business processes and organization, Communication and consultation, Establishing the external and internal context, Establishing the context of the risk management process, Defining the risk criteria, Risk assessment, Risk Treatment, Monitoring and reviewing, Recording and reporting”, (ISO, 2018).  While the Project Management Institute extrapolates their process; “Template specification”,” Basic identification”, ”Detailed identification”, “external cross-check”, “internal cross-check”, “statement finalization”, (Crispin, 2003). I find, if I combine the two process, I can obtain a sense of  balance within the uncertainties and risks,” (Hayes, 2019).

Management tools

Crispin, (2003) extrapolates the PMI, (2017) risk management identification lifecycle as a fortified process to monitor and control the various acknowledged risk events. Rockwood, (2016) conveys that clearly defining the finish line to the stakeholder proves the evidence to the stakeholders that the endeavor is on track.  Crispin, (2003) also agrees with developing a risk statement to define the tasks that need to be executed throughout the risk identification process improves the success rate of a project.

As the risk statement is defined Crispin, (2003) further explains the ‘basic identification’ and ‘management’ ‘tools’ that can be utilized, such as the Strengths, Weakness, Opportunities, and Threats, (SWOT) and Analogy analysis. The author Crispin, (2003) drills down deeper to the second step of the process that involves more investigation that utilizes tools such as Interviewing, Assumptions analysis, Document reviews, Delphi technique and brainstorming.

In the project case scenario that was subject of the case study, I used the Assumptions Analysis and interviewing the stakeholders, as the vendor did an in-depth risk analysis prior to the ‘cloud printing solution rollout’.  According to Crispin, (2003) an assumptions analysis considers two rationales ‘ conscious’ and or ‘unconscious’ for decision making.  While King, (2016) explains in further detail that the strenghts of this analysis is that it ascertains the uncertainity of the risk and is able to factor the degree of incompleteness or inaccuracy. Within the early stages of the risk and impact identification awareness, which becomes apparent as early as the project scope phase of the project. Another advantage is that this method of analysis is a bottom - up approach that contributes to the stakeholder’s due dilegence in verifing ‘consequences’, (King, 2016).  The addional  weakness of this process according to King, (2016) is with complex projects and risk events, project practitioners usually become overwhelmed with the upkeep of the stakeholder variances. 

Authors Virine & Trumper, (2015) write that project schedulling is identified as either a qualitative or quantitative they found that utilizing the Monty Carlo simulations to gage their varied project schedules. In this project scenerio, I did not need to use this type of management tool to manipulate a timeline or schedule. In my experience, I used a formal and informal interview techniques to establish a deadline. As this project was long -time, many department directors and managers either left or where promoted to other departments and lost track of this project. While King, (2016) states that project professionals need to ask open-ended questions, and include fact finding measures to breakdown the congnative bias and have the stakeholders develop new innovative ideas to mitigate risks within the project. In my experience utilizing the same impact and probability matrix which is detailed in the stakeholder section of this article, is very flexible to shape to fit the business process.

Risk Register and Response Plan 

Table 1.1 Risk Register (Hayes, 2015)

Risk Response and Mitigation Strategy

Williams, (2017) writes that once the risk appetite is established the next step to the risk strategy is to response to the risk at hand, the author indicates that the risk pratitioner can choose either;

Avoid: Avoid the Risk entirely

Transfer: Transfer the risk.

Mitigate\ Reduce: Approach to reduce the probability/ impact.

Accept: Accept and develop contingencies.

While (Roseke, 2015) Monitor and prepare to the mitigation strategy, which Williams, (2017) agrees as she stated that risks need to be actively monitored to maximize the mitigation response to the event,

Stakeholder Matrix and Threshhold Analysis

The writer Weaver, (2008) extrapolates that the human dynamics are the source of most risk factors. Thus developing a stakeholder management plan that includes analysing the best stakeholders and map them to the risks events that suit their professional focus. As the author draws out a stakeholder method; ‘Identification’, ‘Prioritisation’, ‘Visualisation’, ‘Engagement’, ‘Monitoring’ and ‘reviewing’, are key-essential to a stakeholder analysis. As Moura, (2015) details that measuring the risk appetite and tolerance of a stakeholder is similar to that of measuring the risk appetite and tolerance of an entity, as the risk appetite or (impact and probability) matrix below is used. This impact and probability matrix can also be used to develop a risk matrix.

Fig. 1. Impact and Probability Risk Matrix, (Hayes, 2019).

Determining the priority of the stakeholder based on Probability\ Impact or risk tolerance would in my experience would be very demaning and I would have to focus a lot of time to manage this aspect of the process. That being said Rockwood, et al., (2016) concluded that engaging with the stakeholders and developing a bilateral channel of communication will create a collabration to combat the human resouce side of the risks.Below is a copy of a stakeholder matrix that measures the impact and influence that the stakeholder has within this particilar project.   

Stakeholder Matrix

Table 1.2 Stakeholder Analysis Matrix, N, Hayes ; Bisits, (2019, 2014).

Current Issues in Project Risk Management

Risk Registers and Project Failures

As the landscape of business is becoming more competitive and organizations are utilizing planned project process by the PMI, Project Management Institute, (2017). With this knowledge base, entities are able to establish a more competitive edge, according to Othman, et al., (2018). The wrters Othman, et al., (2018) also explain that even with the PMI ITTOs (Input, Tool and Techniques and Outputs), there is still a high project failure rate amongst orgainizations. The author explains that companies, having an early warning sign may mitigate the issues that may lead to a project failure. In my experience working with inputs and outputs such as a risk register,  it may act as a beacon or early warning signal for the tasks that may cause issues, (Othman, et al., 2018).

As reasearch shows that with the various Risk management methods, have a simpilarity in their  systemic process (Dikmen, et al., 2004). While Dikmen, et al., (2004) write dividing the RM (Risk Management) processes into four categories;  ‘Development of a conceptual frameworks and process models for systemic risks’, ‘investigation risks, risk management trends’ and ‘perceptions, application of risk identification and analysis techniques in specific projects’ and ‘development of integrated risk management support tools’, to clarify the risk events that may occur throughout the project scope phase. But, (Duggan, 2019) reminds us of the limitations of a risk register such as, the lack of data input, or time to correctly analysis the project scope and risks. Nor the correct trained personnal to conduct the research and document the findings. In past experiences, the project practionier had a difficult time tracking the risk events in the risk register, do to the lack of stakeholder communication.

In the project scenerio, utilizing the PMI, Project Management Institute, (2017), Plan Risk Management analysis process. I was able to establish a strategic plan, Which was fairly simple to execute. The vendor that was rollingout the cloud printing solution did the first phase of the risk analysis plan. Since this project was kickedoff 8 years prior to the opening day. Agreeing with (Duggan, 2019) that a continous risk assessment is needed to be done for reason such as employee illnes, physical layout changes in a new building, not changed order recorded within the blueprints.

Taking over the project from the vendor, I reassesed the project scope and reviewed the layout plans that changed several time throughtout the endeavour. 

References

• Bisits, P., 2014. Stakeholder Analysis Matrix Template. [Online]
  Available at: http://www.tools4dev.org/resources/stakeholder-analysis-matrix-template/
  [Accessed 10 July 2019].
• Crispin, P., 2003. Risk identification combining the tools to deliver the goods. [Online]
  Available at: https://www.pmi.org/learning/library/risk-identification-life-cycle-tools-7784
  [Accessed 19 June 2019].
• Dikmen, I., Birgonul, T. M. & Arikan, E. A., 2004. A CRITICAL REVIEW OF RISK MANAGEMENT. Association of Researchers in Construction Management, 2(1), pp. 1145-1154.
• Duggan, T., 2019. Find All the Limitations of Risk Assessment Analysis Listed Here. [Online]
  Available at: https://www.brighthubpm.com/risk-management/91362-the-limitations-of-risk-assessment-analysis/
  [Accessed 2 August 2019].
• Frigo, CMA, CPA, M. L. & Laessoe, H., 2012. Strategic risk Mangement at the Lego Group. Strategic Finance, 93(8), pp. 27-35.
• Hayes, N., 2019. Unit 2 Shared Activity: Project Risk Management Planning Tools, Port Burwell: University of Roehampton.
• ISO, 2018. ISO 31000 Risk Management guideline. [Online]
  Available at: https://www.iso.org/obp/ui#iso:std:iso:31000:ed-2:v1:en
  [Accessed 12 June 2019].
• King, s., 2016. Assumptions Analysis. [Online]
  Available at: https://www.projectmanagement.com/articles/324232/Assumptions-Analysis
  [Accessed 2 Aug 2019].
• Moura, H., 2015. Understanding Stakeholders Risk Attitude. [Online]
  Available at: https://www.uci.ac.cr/global-school-project-management/understand-stakeholders-risk-attitude/
  [Accessed 2 August 2019].
• Othman, I. et al., 2018. Early Warning Signs of Project Failure. MATEC Web of conferences, 10(08), pp. 1-8.
• PMI, Project Management Institute, 2017. A guide to the project management body of knowledge. 6 ed. Pennsylvania: Project Management Instutite Inc.
• Rockwood, K. et al., 2016. A Strong Start, strategic thinking, leadership skills and business acumen can help a project team hit the ground running. PM Network, 30(4), pp. 46-51.
• Roseke, B., 2015. 5 Risk Response Strategies. [Online]
  Available at: https://www.projectengineer.net/5-risk-response-strategies/
  [Accessed 2 August 2019].
• Virine, L. & Trumper, M., 2015. Predicting the unpredictable. PM Network, 1 September, pp. 28-29.
• Weaver, P., 2008. The Meaning of Risk in an Uncertain World. Malta, PMI Global Congress Proceedings.
• Williams, C., 2017. 4 Risk Response Strategies you will have to consider after assessing risk. [Online]
  Available at: https://www.erminsightsbycarol.com/risk-response-strategies/
  [Accessed 2 August 2019].