THEORETICAL FRAMEWORKS RELATED TO RISK IDENTIFICATION AND MITIGATION IN PROJECT MANAGEMENT INTRODUCTION
Komron Rahmanalievich Karimov
Graduate School of Business and Entrepreneurship under the Cabinet of Ministers of
the Republic of Uzbekistan k.karimov@uzbeksteel .uz
ABSTRACT
The article discusses the imperative of effective risk management in project management due to demands for higher quality, reduced time, and costs. It highlights the proliferation of risk management models and techniques but stresses the need for clarity on their appropriate application. Theoretical frameworks for categorizing risk techniques based on risk management process phase, project life cycle stage, and corporate risk maturity are proposed. The analysis illustrates how risks affect project constraints and the importance of comprehensive risk management. The discussion delves into iterative risk identification processes and qualitative and quantitative risk analyses. Risk and Opportunity Response Planning are outlined, stressing their role in addressing identified risks. Finally, the study concludes by underscoring the indispensable role of risk management in project success, its contribution to informed decision-making, stakeholder confidence, and project resilience.
Keywords: risk management, project management, risk identification, risk mitigation, project constraints, project success, triple constraint model, risk analysis.
INTRODUCTION
The demand for increased quality alongside reduced time and costs places significant importance on effective risk management in projects. Consequently, numerous models and techniques have been developed and implemented in both literature and practice. However, there is a crucial need to clarify the circumstances under which each model or technique should be applied. Simultaneously, the importance of knowledge about risk management is escalating to effectively navigate the complexities of projects. Nevertheless, communication and knowledge creation present challenges, particularly in the face of uncertainty, leading to fragmented decision-making and a lack of a comprehensive perspective on a project's goals, opportunities, and threats.
With the objective of offering guidance for selecting risk techniques, considering the key aspects characterizing the managerial and operational context of a project, there is a
March, 2024
5
theoretical framework for classifying such techniques. According to existing literature of criteria used to categorize risk techniques, three dimensions are established: the phase of the risk management process, the stage of the project life cycle, and the corporate maturity regarding risk.
LITERATURE RIVIEW
Risk is characterized as an unpredictable event or condition that, should it manifest, could yield either positive or negative consequences for project objectives [8; 10]. Currently, effective risk management is a pivotal factor influencing project success due to heightened attention to variations in actual quality, time, and cost performance compared to anticipated outcomes. This heightened focus is a result of increasing pressure to reduce both time and costs. Research has substantiated that failure to address risk adequately is a primary contributor to budget overruns, project delays, and failure to meet performance targets [3:28]. This challenge is exacerbated in industries such as construction and information and communication technology, where projects characterized by substantial investments, protracted execution processes, numerous resources and stakeholders, and unstable economic and political environments introduce a high level of complexity [7:2726].
Hence, there is a compelling need to evaluate and control risk throughout all phases of a project. Diverse perspectives, attitudes, and requirements have resulted in varied definitions and approaches to risk management. Specifically, risk management processes and supporting techniques have been extensively developed and implemented in both academic literature and practical contexts. The diversity of these methods necessitates guidance on when each should be adopted. Criteria for choosing among risk techniques have been identified, yet these criteria often fail to consider a comprehensive set of a project's unique characteristics and its surrounding environment, as well as an organization's attitude towards risk. The classification is grounded in the significant features of the context of analysis derived from an extensive literature review on project and risk management [10; 12:97]: phase of the risk management process, phase of the project life cycle, and corporate maturity towards risk. This contribution enhances the understanding of how to address risky events and, in turn, improves the risk knowledge management process to enable risk management processes to yield anticipated benefits. The research focuses on projects according to their general definition provided by the Project Management Institute: "A project is a temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a definite beginning and end. The end is reached when the project's objectives have been achieved or when the project is terminated
March, 2024
6
because its objectives will not or cannot be met, or when the need for the project no longer exists" [10].
ANALYSIS
Risks affect the main constraints of the project ("triple limitation", "iron triangle").
The triple constraint (Pic. 1.) says that just as a triangle cannot change one side without changing at least one more, so in a project it is impossible to change one parameter without affecting the others. For example, if we reduce the duration of a project, this entails a change in the scope and/or cost of the project.
Risks affect all major project constraints. Therefore, risk management is the management of all significant project parameters. The triple constraint method is one of the simplest ways to evaluate the success of a project.
According to a study by The Standish Group International, respondents classified 29% of projects as successful, 53% as unsuccessful (one of the project goals was not achieved), and failed (projects were not completed at all or were completed, but their results are not used) - 18 %. One of the main reasons for project failure is the lack of project risk management.
A project risk is an uncertain event that, if it occurs, has a positive or negative impact on at least one of the project objectives (for example, schedule, cost, scope or quality).
Let's analyze the above definition of project risk.
Pic. 1. Triple project limitation and risks
Source: Adopted from Project risk management, V. E. Shkurko, 2014
1. In this definition, the interpretation of risk includes not only the negative side, but also the positive one. The fact is that
March, 2024
In English, risk is understood as "chance".
2. An uncertain event is an event that can happen with some probability. If we know for sure that an event will happen, then it is not a risk. Likewise, if we know for sure that an event will not happen, then this is also not a risk.
3. Project risk affects project goals. If an event (for example, an earthquake on another continent) does not affect the goals of the project, then it is not a risk.
Any risk has two parameters: impact and probability of occurrence.
In the literature devoted to risk management, a significant number of approaches have emerged that consider risks based on the nature of their occurrence, the period of manifestation, etc. Classifications of risks have been proposed by various domestic and foreign researchers [1; 2; 4; 5; 6; 9; 11].
We can manage risk throughout the entire project (Pic.3.). But the closer a project gets to completion, the more difficult it is to manage risk. In this case, an analogy with archery would be appropriate. When we aim, we can control the trajectory of the arrow. But when the arrow has already been released and is flying, we practically cannot control its flight.
Magnitude of risk
--Prob ability
Impact v of
occurrence
Pic. 2. Magnitude risk
Source: Adopted from Project risk management, V. E. Shkurko, 2014
Risk and cost
Initiation
Finishing
-**
Pic. 3.Possibilities management risks and damage from risks
Source: Adopted from Project risk management, V. E. Shkurko, 2014
Time
With damage resulting from a risk event, the opposite is true: for most projects, damage increases towards the end of the
March, 2024
project. As for positive risks, the positive effect, on the contrary, decreases as the end of the project approaches. For example, there is a positive risk of a decrease in the cost of purchased raw materials. If this reduction occurred at the beginning of the project, then the positive effect is high, if at the end, then the effect will be lower.
The risk management cycle includes the following processes:
1) risk management planning;
2) identification of risks;
3) qualitative risk analysis;
4) quantitative risk analysis;
5) risk response planning;
6) monitoring and risk management.
Risk management planning is the process of determining approaches and planning activities to manage project risks.
To develop a risk management plan, documents such as a project scope statement, a project cost management plan, a project schedule management plan, a project communications management plan, enterprise environmental factors, and organizational process assets are required.
DISCUSSION
Risk identification is an iterative process because as the project progresses through its life cycle, new risks may be discovered. The frequency of iteration and the composition of participants in each cycle may be different in each case. Project team members should participate in this process so that they develop a sense of ownership and responsibility for risks and actions to respond to them. Project participants who are not part of the project team can provide additional objective information.
When identifying risks, it is necessary to analyze documents. When analyzing documentation, the following methods of collecting and processing information can be used:
S Brainstorm;
S Delphi method;
S Nominal group method;
S Crawford cards;
S Analysis of strengths and weaknesses, opportunities and threats;
S Checklist analysis;
S Analogy method;
S Analysis of assumptions;
March, 2024
Qualitative risk analysis is usually a quick and inexpensive way to set priorities in the risk response planning process and, if necessary, serves as a basis for conducting quantitative risk analysis. A qualitative risk analysis is subject to refinement throughout the project life cycle and should reflect all changes related to project risks.
Quantitative risk analysis is a quantitative analysis of the potential impact of identified risks on the overall objectives of the project. Quantitative analysis is carried out in relation to those risks that, during the qualitative risk analysis process, were qualified as potentially or significantly affecting the project. In the process of quantitative risk analysis, the effect of such risk events is assessed and such risks are assigned a numerical rating. This analysis also presents a quantitative approach to decision making under uncertainty. During this process, methods such as sensitivity analysis, scenario analysis, Monte Carlo simulation and others can be used, which will be discussed in detail in the next chapter.
Risk and Opportunity Response Planning is the process of developing ways and identifying actions to increase opportunities and reduce threats to project objectives. This process begins after conducting a qualitative and quantitative risk analysis. It involves identifying and appointing one or more responsible individuals ("risk responders") who are responsible for responding to each agreed and budgeted risk. Risk response planning addresses risks according to their priorities; New resources and activities are added to cost, schedule, and project management plans as needed.
Effective risk management is indispensable in the project management process as it serves as a proactive strategy to anticipate and address uncertainties that could jeopardize project success. Risks, whether in the form of unexpected events or conditions, have the potential to disrupt project timelines, exceed budgets, and compromise overall objectives. By systematically identifying, assessing, and managing risks, project managers can safeguard project outcomes, minimize budget overruns, and ensure adherence to schedules. Moreover, a well-executed risk management process enhances decision-making by providing critical information for informed choices, ultimately boosting stakeholder confidence and fostering a positive project environment. It enables project teams to allocate resources efficiently, comply with regulations and standards, and meet stakeholder expectations. Overall, risk management contributes to project resilience, allowing teams to adapt to changing circumstances, mitigate threats, and capitalize on opportunities, thereby enhancing the likelihood of project success.
March, 2024
CONCLUSION
In conclusion, effective risk management is paramount in project management, particularly amidst the growing demand for enhanced quality within constrained timeframes and budgets. The theoretical frameworks surrounding risk identification and mitigation provide valuable insights into navigating uncertainties inherent in projects. Through a comprehensive understanding of risk techniques and their applicability within the project context, project managers can proactively address potential threats and capitalize on opportunities. However, challenges persist in communication and knowledge dissemination, hindering the comprehensive management of risks. By integrating risk management processes into project lifecycles and corporate strategies, organizations can mitigate the adverse effects of risks and foster a culture of resilience and innovation. The triple constraint model illustrates the interconnectedness of project parameters and the impact of risks on project success, highlighting the need for effective risk management throughout all project phases. Furthermore, the risk management cycle, encompassing planning, identification, analysis, response planning, and monitoring, provides a structured approach to managing risks and maximizing project outcomes. Ultimately, effective risk management enhances decision-making, stakeholder confidence, and project resilience, positioning organizations for success in today's dynamic business environment.
REFERENCES
1. Barton T., Shenkir U., Walker P. An integrated approach to risk management: is it worth doing: trans. from English M.: Publishing house. Williams House, 2003.
2. Buyanov V.P., Kirsanov K.A., Mikhailov L.M. Riskology (risk management). pp. 63-107.
3. Carbone, T.A. and Tippett, D.D. (2004) Project Risk Management Using the Project Risk FMEA. Engineering Management Journal, 16, 28-35.
4. Chernova G.V. Risk management practice at the enterprise level. SPb. : Peter, 2000.
5. DeMarco T. Waltzing with the bears: risk management in software development projects: trans. from English M.: Company p.m. Office, 2005.
6. Granaturov V. M. Economic risk: essence, measurement methods, ways of reduction: textbook. allowance. M.: Publishing house "Business and Service", 1999.
7. Guofeng, W., Min, W., & Weiwei, Z. (2011). Study on the existing problems and countermeasures of project risk management in China. Energy Procedía, (13), 2726-2733.
8. Hillson D. A. & Simon P. W. (2007) Practical Project Risk
March, 2024
11
Management: The ATOM Methodology. Vienna, VA, USA: Management Concepts.
9. Khokhlov N.V. Risk management: textbook. allowance. M.: UNITIDAN, 1999.
10. Project Management Institute (2005) Combined Standards Glossary (second edition). Newtown Square, PA, USA: Project Management Institute
11. Romanov V. S. Risk classification: principles and criteria: [website]. URL: http://www.aup.ru/articles/finance/4.htm (access date: 10/01/2013).
12. Ward, S., & Chapman, C. (2003). Transforming project risk management into project uncertainty management. International journal ofproject management, 21(2),
97-105.
March, 2024