Log in / Register
Home arrow Business & Finance arrow Project Risk Governance


The merit of the research lies in a number of areas. First, an expert sampling approach was taken, i.e. respondents were chosen because of their expertise in the phenomenon being studied. Thus, their opinions on risk issues have a high level of credibility. Second, by choosing a ranking approach, participants had to determine the importance of risk issues relative to one another, i.e. the relationship between issues is measured, thereby producing a list of risk issues in order of their importance. A limitation of the approach, however, is that it does not give a statistical measure of the interval between issues. Third, the forward-looking approach used in the study enables project managers to concentrate their attention on the risk issues found to be most critical in the foreseeable future.

The issues that attracted most attention were about the nature of project risk. Considering that the majority of respondents were employed as consultants and contractors, with projects typically lasting between six and 20 months, gaining an understanding of project risk issues becomes critical since there has to be agreement with the project client about the existence of project risk. Issues ranked below the top three reflect a mixture of those relating to planning (developing a risk management approach and plan), the organisation (determining risk tolerance and risk processes) and risk analysis (estimating risk severity, preparing the risk breakdown structure and risk register).

What is noticeable is that the nature of risk analysis (qualitative and quantitative), as well as risk monitoring and control, were not highly ranked.

It may be that because they continue throughout the project they did not attract specific attention. As one participant insightfully commented, 'I felt the linear mode of the survey just a little arbitrary in reflecting a clear view.' This indicates that even our best attempts to manage project risk are not uniform, as various perspedives will exist. These surface when risks are identified, and especially during risk analysis. Risk may be very dear to some but not to others and hence consensus is difficult to achieve.

The above condusion permits suggestions to be made about the direction of future research into gaining greater understanding of the nature of project risk. Qualitative research is best suited for this since it provides the ability to ask insightful questions on 'how' and 'why' project risk is difficult to operationalise. In contrast to the quantitative approach, the selection of qualitative research samples would be non-random, purposeful and small since it is desirable to interview experienced project risk managers who have given their profession much thought. A semi-structured interview method would be most appropriate since it provides structure (to focus on the research construct) as well as the opportunity to ask participants in-depth questions about their understanding of project risk. Flexibility is allowed through additional probing questions designed to encourage participants to clarify their responses, an outcome that would not have been available in a purely structured interview. Participants would be encouraged to freely share their relevant experiences or ideas if these were not covered in the structured questions. Questions would be developed from the findings of this study and a further literature review.


This appendix is an extract, reproduced, with permission, from the following publication:

Fink, D. (2012) 'Effective Risk Management: Insights from Australian Project Managers', Proceedings of the Academy of World Business, Marketing and Management Development Conference, 5(1), Budapest, Hungary.

Table A1.2 Randomised issues in project risk management

Developing Organisational Risk Processes

Organisational processes are required to determine levels of risk in a project. They are incorporated in policies and cover risk tolerance, terms and concepts, templates and methodologies and allocation of responsibilities for risk management.

Preparing the Risk Breakdown Structure (RBS)

To manage risk, it is broken down into categories, subcategories and risk issues. The Work Breakdown Structure (WBS) helps to define risk at the lowest level because risk is associated with project tasks, activity duration, project constraints, etc.

Identifying Specific Risk Events

Project risk is difficult to determine since it can take many forms and can have a positive or negative effect on the project. The process itself is a continuous and iterative process throughout the project life cycle.

Simulating Project Risk

A project simulation uses a model that translates the uncertainties specified at a detailed level into their potential impact on objectives that are expressed at the level of the total project. Monte Carlo analysis is such an example and requires quantitative skills.

Considering Project Change Requests

These are requests to change the project and hence can result in new risks or new impacts of risks previously identified. They need to be analysed and documented for any changes required in the risk register, risk response plan, or risk management plan.

Creating and Updating the Risk Register

The risk register is a document, often in table form, that contains the results of various risk management processes. It is created at the start of the project and progressively updated with potential risk events and related information such as risk triggers and responses.

Conducting Qualitative Risk Analysis

When the organisation finds it is unable to put specific numbers on values it can use scales instead of specific estimates of risk. Estimates, however, are subjectively determined and processed and data quality depends on the expertise of the risk analyst.

Developing a Risk Management Approach

Project risk management can be approached from many perspectives. For example, the risk focus of a project can be on satisfying the client's requirements at any cost or maximising risk efficiency by taking a cost-benefit perspective.

Estimating Risk Probability

For each project risk event the probability or likelihood that the event will occur has to be established. This requires in-depth expertise with the project and/or extensive experiences with similar projects and associated risk management.

Integrating Project Risk

Project risk is integrated with the other project activities such as time and resource scheduling to ensure the successful completion of the project. This is complex and requires ongoing project monitoring, making adjustments to project activities as required, etc.

Preparing the Risk Management Plan

The plan provides a model on how to conduct project risk management. There are many aspects to consider. What should the plan include? What methods and tools are to be used? Who is doing what and how often? How will risk be reported, monitored, tracked?

Understanding the Risk Concept

Determining risk is not well understood as it requires the consideration of different factors that give rise to risk. Risk is about identifying vulnerability and assessing vulnerability according to its likelihood and consequence.

Estimating Risk Impact

For each project risk event the impact or amount of pain or gain the risk event poses to the project has to be established. This requires in-depth expertise with the project and/or extensive experience with similar projects and associated risk management.

Complying with the Project Scope Statement

Risk management contributes to the project by ensuring that it is completed within the agreed project scope, i.e. the deliverables of the project are produced, the work required to create those deliverables is completed within expected time and cost budget, etc.

Selecting the Project Risk Team

Successful project risk management depends on the performance of the project members operating a team. Dysfunction among the team can arise due to conflict, disagreement, lack of commitment, avoidance of accountability, etc.

Establishing Project Success and Failure

Determining and then measuring success for a project requires defining what is success and failure, agreement among stakeholders and ongoing measurement of success or failure during the life of the project.

Carrying out Sensitivity Analysis

This approach, also called a 'what if?' analysis, measures the sensitivity of project objectives to changes in one variable while holding all other variables constant. Sensitivity analysis determines which risks have the most potential impact on project objectives.

Managing Project Risk People

The effectiveness of the project risk team should be maintained by drawing on research from psychologists and management theorists into managing people at work and include motivation theories and the social aspects of project teams.

Agreeing on Project Risk

The risk of a project sometimes may be very clear to some but not to others and hence consensus is difficult to achieve. Furthermore, the process of assessing and managing risk can be complex, time consuming and its value and benefits are not always obvious.

Determining Risk Tolerance

Risk tolerance is the amount of satisfaction or pleasure received from a potential payoff. Utility rises at a decreasing rate for organisations that are risk-averse. The organisation needs to determine its risk tolerance ranging from risk-seeking to being risk-averse.

Distinguishing Types of Risk

The concept of risk is usually related to an uncertain event or condition which, if it occurs, has a negative effect on the project objective. However, it is less understood that risk can have a positive effect on the project outcome, termed a positive risk.

Defining the Project

A project is a temporary endeavour undertaken to produce a unique product or service. It is difficult, however, to precisely determine either a definitive beginning and end or project uniqueness because every project is a new undertaking, often covering unfamiliar ground.

Auditing the Project

The project auditor is another project manager since he/she independently gathers information and documents about the project as it progresses. The focus of audit is on project effectiveness and efficiency, including project risk management.

Monitoring and Controlling Project Risk

Risk monitoring and control is a continuous, iterative process and, if done right, the project risk should 'never' occur. Responsibility has to be allocated for identifying risk triggers, responding to risk events and constantly evaluating existing and new project risk.

Assessing Risk Data Quality

Risk data is used to estimate risk probability and impact and requires accuracy, reliability and integrity of risk data. This can be assessed quantitatively (e.g. reliance on past data) or qualitatively (e.g. consulting experts).

Examining Environmental Factors

Project risk arises from the environment in which the project is completed. This is becoming increasingly complex, as has the impact on project risk. An approach used to examine the environment is a SWOT analysis.

Identifying Lessons Learned

Lessons learned enable the organisation to improve its project management, including risk management, performance during subsequent projects. Experiences of the project team are established and recorded, and recommendations are made for future projects.

Responding to Project Risk

Fundamental project risk response techniques/strategies include avoidance (eliminate risk), transference (pawn it off), mitigation (reduce its probability or impact) and acceptance (do nothing). The cost of response should not exceed its benefit.

Conducting Quantitative Risk Analysis

This analysis focuses on numbers and uses numerical and/or statistical analysis. It is often preceded by qualitative risk analysis to identify the highest risks and risk thresholds, which are then subjected to the quantitative risk analysis approach.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science