Case Study On Risk Management Management Essay

A risk is defined by the Australia/New Zealand Standard for Risk Management (AS/NZS 4360:2004) as the possibility of something happening that impacts on your objectives. It is the chance to either make a gain or a loss. It is measured in terms of likelihood and consequence.”

A risk is something that may happen and if it happens, will have an impact on the project which can either be positive or negative. An issue is managed in a very different manner than a risk ,A risk must always have a probability which is greater than zero .there might be a chance of occurrence or else it cannot be considered as a risk. Risk management is a process of thinking systematically about all possible risks,problems or disasters before they happen and setting up procedures that will avoid , minimize or cope with its impact. It is basically setting up a process where you can identify the risk and set up a strategy to control or deal with it. Risk management applies to all decision-making activities, including policy development and advice, outsourcing and outsourced services, contract management, program delivery, public events and enabling services. Risk Management enables us to minimize the barriers in meeting our business objectives. Risk Management is not just about decisions and behaviors that affect expenditure or expose ourselves to liability instead its about the smart management of project.

The risk will have a positive or negative impact on the project. Most people dive into the negative risks ,and wont even consider the probability of positive risks .”take the example where we identified a project finishing ahead of schedule as a risk. It might seem to be a bonus but the completion date happened to occur at the busiest time of the year for the company. The last thing they needed was a project going live in their peak period. The mitigation was that if we were ahead of schedule, we would slow the project down by reducing resources.”[1]

Risk management is also about making a realistic evaluation of the true level of risk. Risk management begins with three basic questions:

In this stage, we are supposed to identify and name the risks. The best approach for identifying the risk is a workshop with business and IT people to carry out the risk identification. Use a combination of brainstorming and reviewing of standard risk lists to identify various risks. There are different sorts of risks ,and we need to decide on a project by project basis about each type of risk identified in particular project .

Business risks are ongoing risks that are best handled by the business. An example is that if the project cannot meet end of financial year deadline, the business area may need to retain their existing accounting system for another year. The response is likely to be a contingency plan developed by the business, to use the existing system for another year.

Generic risks are risks to all projects. For example the risk that business users might not be available and requirements may be incomplete. Each organisation will develop standard responses to generic risks.

Risks should be defined in two parts. The first is the cause of the situation (Vendor not meeting deadline, Business users not available, etc.). The second part is the impact (Budget will be exceeded, Milestones not achieved, etc.). Hence a risk might be defined as “The vendor not meeting deadline will mean that budget will be exceeded”. If this format is used, it is easy to remove duplicates, and understand the risk.

Risk need to be quantified in two dimensions. The impact of the risk needs to be assessed. The probability of the risk occurring needs to be assessed. For simplicity, rate each on a 1 to 4 scale. The larger the number, the larger the impact or probability. By using a matrix, a priority can be established.

Note that if probability is high, and impact is low, it is a Medium risk. On the other hand if impact is high, and probability low, it is High priority. A remote chance of a catastrophe warrants more attention than a high chance of a hiccup.

As a project unfolds, there will be a number of times over the course of the project’s respective life cycle that the project management team and or the project management team leader will find themselves in a position in which they realize that a particular component as to the project and or a particular facet of that project does in fact come with a set or series of inherent risk. After all of these likely and potential risks have been properly organized and categorized, it is up to the project management team and or the project manager to effectively determine the best way to deal with these risks. As the team fully identifies and recognizes the risks that are involved, the next step involves figuring out the best response. This is where risk response planning comes into practice.Risk response planning refers specifically to the act of developing and listing a series of options in hopes of reducing any threats that may exist to the predefined program objectives.

There are four things we can do about a risk. The strategies for risk response are:

A risk response plan should include the strategies and the actions to address the strategy. The actions should include what needs to be done to overcome the risk, who is doing the risk response , and when it should be completed in order to avoid or overcome the risk.

Risk Control

The final step is to continually monitor risks to identify any change in the status of the risk to prevent them from turning into an issue. It is best to hold regular risk reviews to identify actions outstanding that needs to be completed, risk probability reviews and impact. Need to remove risks that have passed, and identify new risks which are developing in the on going project. Avoiding the risk by discontinuing the activity that generates it ,which is rarely an option when providing services to the public. The methodology for controlling the risk includes:

Potential treatment options for a particular risk is developed according to the selected treatment strategy. The selection of the preferred treatment options takes into account factors such as the costs and effectiveness of the proposed method.

The determination of the preferred treatments also includes the documentation of implementation details such as responsibilities, timetable for implementation and monitoring requirements. The intention of these risk treatments is to reduce the risk level of unacceptable risks to an acceptable level or to the target risk level. Use the Risk Matrix to determine the expected reduction in level of risk resulting from the successful implementation of the treatment.