Perceptions of Project Risk
As previously indicated, project risk is socially constructed according to a range of perceptions. Among them are those discussed below.
Risk should not be perceived as a standalone concept but rather one that is determined by issues giving rise to risk. This can be illustrated by a metaphor. When a person decides to embark on an exercise programme, he or she will have to consider various issues, such as the level of exercise (strenuous or not), as well as possible consequences (e.g. injury caused by over-exercising) and the probability of this occurring (e.g. by considering their current level of fitness). The objective of gaining fitness is rarely possible without taking risks and being aware of issues giving rise to risk.
According to Thompson (2007), to determine if an event represents a risk can only be viewed as a 'value-free' technical analysis if it is conducted by a scientist isolated from the actual decision-making process. Risk is viewed as function of hazard (consequence) and exposure (probability that the event will occur) and from a rational perspective. When considering the separation of analysis and decision-making, Thompson (2007) pointed out that risk is a verb (more dearly expressed in German as riskieren) which is 'value-laden' because it is tied to responsible action. Hence, the person identifying the risk is also the one making decisions about it. For example, the exerciser referred to in the earlier example 'risks' getting injured by over-exercising unless he/she takes the probability and consequences of this into account when deciding on the level of exercise.
Similarly, the consequence and probability factors associated with risks are determined by humans. Renn (2010) supported this view by pointing to choices: the risk analyst has to distinguish between the possible and the chosen action and has the ability to design different futures. The way a risk event is viewed and responded to influence the estimation of consequence and probability. The conclusion is that perceptions of project risk are not value free.
Barkley's (2004) Customer-Driven Risk Management approach looks at project task accomplishment as the customer sees it. Risk is therefore associated with customer expectation, empowerment of the project team, and the effectiveness of continuous process improvement. The customer perspective is closely linked with the quality perspective in that it equates to Total Quality Management and as such would result in the reduction of risk. According to Barkley (2004), the inherent risks in a customer-driven approach are: disappointing customers, losing the commitment and support of sponsors, and users' resistance to change.
Chapman and Ward (2004: 620) focused on risk efficiency, which they defined as 'the minimum risk decision choice for a given level of expected performance'. By 'expected performance' they meant a best estimate of what should happen on average, with 'risk' being the possibility of adverse departures from expectations. To achieve risk efficiency the organisation has to change its existing practices as follows:
• From bottom-up focus on events to top-down focus on accumulated effects. Individual risks do not give sufficient insight into the significance of project risks; only when they are accumulated does the overall impact of risk on the project become dear.
• From focus on response to a specific event to a focus on collection of sources of risk. Again, a broad view on risk should be taken but this time on the sources of risks. In other words, treat the risk causes rather than their symptoms.
• From qualitative to quantitative probability impact. While qualitative approaches to risk analysis have a place (e.g. lack of data to support the quantitative approach), the quantitative approach provides more objective insights into risk. The recommended approach is to carry out a qualitative analysis first to establish the risk factors, followed by the quantitative approach to get certainty.
• From a process-based approach to an iterative approach. Risk management is similar to quality management. It has to be repeated rather than carried out once. By practising a continuous, iterative approach, project risks are reviewed, monitored and responded to.
• From constraining scope and risk to enlarging scope and risk. Organisations should not adopt a negative attitude to risk since this inhibits them and may lead to lost opportunities. The scope of the
project should reflect the needs of the business, and associated risk should be accepted as being part of a project and managed accordingly.
• From focus on threats to focus on opportunities. As discussed earlier, there are negative as well as positive risks. While the focus is often on the former, the latter provide new opportunities to an organisation. The saying 'high risks - high returns' also applies to projects.
• From focus on technical fixes to focus on cultural changes. Attitude to risk, expressed as risk appetite and tolerance, is an important factor to be managed. Risk management should be pervasive in the culture of organisations.
Regev et al. (2006) associated risk with the knowledge gap, where the gap equals what we should know to succeed less what we really know. The difference is perceived as project risk. Risk is reduced as the knowledge gap is narrowed. The topic of what is 'known' and 'unknown' about project risk is covered in the uncertainty spectrum presented earlier. Perfect knowledge results in no uncertainty and therefore a successful project. Knowledge is largely derived from past experience, which heightens the probability of achieving success.