Project Management Unit 7

Unit 7 Project Risk Management

Structure:
7.1 Introduction
Objectives
7.2 Risk
Types of Risks
7.3 Risk Management
Risk management plans
7.4 Role of Risk Management in Overall Project Management
7.5 Steps in Risk Management
7.6 Risk Identification
7.7 Risk Analysis
7.8 Reducing Risks
7.9 Summary
7.10 Glossary
7.11 Terminal Questions
7.12 Answers
7.13 Case Study

7.1 Introduction
Risks are the inherent part of every project. There should be proper project
planning and assessment to reduce the impact of risks. There are risks of
cost over-runs, jobs taking too long, insufficient product or service quality,
etc.
In the previous unit, we dealt with resource allocation, scheduling, project
cost estimate and budgets, and cost forecasts. In this unit, we will deal with
the concept of risk, types of risks, risk management, role of risk
management in overall project management, steps in risk management, risk
identification, risk analysis, and strategies to reduce risks.
In any project, you can avoid the potential impact of risks. The unit covers
the different types of risk and risk management strategies. Risk refers to the
possibility that the expected return may not materialise. There may be loss
of capital, i.e., investment has to be sold for an amount less than the amount
paid for it. There may be no income from investment or the income may be
less than expected. The natural query is “why does the investor go for risky
Sikkim Manipal University Page No. 160
Project Management Unit 7

investment”? The answer is that the desire for higher returns entices them to
go for risky investment.
The success of any project is based on the future estimates by the project
management team. Project risk management is a discipline for dealing with
the possibility that some future event will cause harm. Project risk relates to
the uncertain events or situations that can potentially affect a planned
project adversely, usually in terms of cost, schedule, and/or product quality.
Project risk is a function of two components: likelihood and consequence.
You will also study about the key strategies and techniques in recognising
and confronting any threat faced by an organisation at different project
levels.

Objectives:
After studying this unit, you should be able to:
 define risk and uncertainty
 identify different types of risks
 recognise the role of risk management in overall project management
 identify the steps necessary in risk management
 describe the process of risk identification and analysis
 list the key strategies to mitigate risks

7.2 Risk
Risk is the potential that a chosen action or activity will
lead to a loss (an undesirable outcome).. Potential loss
itself may also be called "risks". Almost any human
endeavor carries some risk, but some are risky than the
others. Risk marks a potential negative impact to some
characteristic value that may arise from a future event.
Exposure to the consequences of uncertainty constitutes
a risk. In general, risk is often used synonymously with
the chance of an expected loss.
Two factors that are essential to all human decision making are risk
communication and risk perception.
There are various definitions of risk that differ by specific application and
context. Risk can be described both qualitatively and quantitatively.

Sikkim Manipal University Page No. 161

Project Management Unit 7

 Qualitatively, risk is proportional to the expected losses that may be

induced by an event and to the probability of the event. Greater loss and
greater event probability culminate in a greater overall risk.
 Quantitatively, there are various formal methods that can be used to
evaluate or to "measure" risk. Some of the quantitative definitions of risk
can be related to the statistics theory and naturally lead to statistical
estimates, while others are more subjective. For example, in many
cases, a decisive factor is human decision making.
As a matter of fact, risk is defined in pseudo-formal forms where the
components of the definition are vague and ill-defined. For example, risk is
considered as an indicator of threat or depends on threats, vulnerability,
impact, and uncertainty.
There are many reasons for which risks occur. Some of the reasons are
internal to the project, and some are external. The project environment, the
planning process, the project management process, scarce resources, etc.
add to risk. There are risks that you can foresee and make plans to handle
them, while there are some that occur unexpectedly during a project. For
example, financial risks can be foreseen but risks arising out of natural
calamities or any key member falling sick during the project are unexpected.
Risk is affected by both, internal and external factors. It is vital to
understand, as a part of the project plan, the internal and external risks in
project management. Usually, internal risks can easily be identified ad
managed while external risks are more elusive.
 Internal factors: Project managers must identify and prioritise the
risks to the project at hand that are internal to the organisation. When
looking internally, risks to the project may involve labour strike, change
in management, change in consumer preferences, the financial solvency
of the company, the ability of the company to have the required
equipment and other resources in hand in time to support the project.
Personnel issues such as sickness or unanticipated termination of a key
team member also can be considered as internal risks to the project.
 External factors: External risks are those risks that cannot be controlled
by the project team and its host organisation. Due to this, external risks
are usually more difficult to foresee and control. External risks include
key vendor going bankrupt, level of economic activities – recession or

Sikkim Manipal University Page No. 162

Project Management Unit 7

boom, inflation, political development, change in credit policies, and

related events. These factors may have a direct impact on project's
effectiveness. Some risks may be hard to predict such as a plant in a
foreign country providing necessary elements for the project being taken
over by a radical government. An event like this can not only directly
threaten the project, but it often takes project managers by surprise
because of a poor analysis of external threats. Risk caused by external
factors also affects the return on investment. Such risks are non-
diversifiable.

Activity
How risk can be diversified? List few examples of quantitative and
qualitative risks?
7.2.1 Types of risks
There are various types of risk that can affect business project. While some
of these risks can be controlled through a number of options, some of them
simply have to be accepted and planned for any project environment.
Before discussing the concept of risk management, we should be aware
about various types of risks that can affect a project. Let’s look at the
various types of risks:
Macro risk levels
A chance of a loss or injury is called risk. It has two components the
systematic risk and unsystematic risk. Risks that are caused by factors
external to the particular organisation and cannot be controlled by the
company are termed as systematic risks. Such a risk affects the market as
a whole. On the other hand, in case of unsystematic risk the factors are
unique, specific and related to the particular industry or organisation.
 Systematic risk: A systematic risk cannot be controlled or foreseen in
any manner, therefore it is almost impossible to predict or protect the
organisation or a project against this type of risk. Such a risk affects the
entire market. Often we hear that the stock market is in bear hug or in
bull grip. This shows that the whole market is moving in particular
direction either downward or upward. The changes in the economic,
political and the sociological conditions affect the security market. These
are the factors that cannot be controlled by the organisation and

Sikkim Manipal University Page No. 163

Project Management Unit 7

investor. The smartest way to tackle this risk is to simply recognise that
this type of risk will occur and plan for your project to be affected by it.
 Unsystematic risk: Unsystematic risk is sometimes referred to as
"specific risk". It is unique and peculiar to a firm or an industry and can
usually be eliminated through a process called diversification.
Unsystematic risk stems from managerial inefficiency, technological
change in the production process, availability of raw material, changes in
the consumer preference, and labour problems. For example, the
changes in the consumer preference affect the consumer products like
TV, washing machines, refrigerators, etc more than that of consumer
product industry.
The nature and mode of raising finance and paying back the loans involve a
risk element.
 Business risk: It is that portion of unsystematic risk caused by the
operating environment of the business which arises from the inability of
a firm to maintain its competitive edge and the growth or stability of
earnings. Variation that occurs in the operating environment is reflected
on the operating income and expected dividends. The variation in
expected operating income indicates the business risk.

 Financial risk: It refers to the variability of the income to the equity

capital due to the debt capital. Financial risk in a company is associated
with the capital structure of the company. Capital structure of the
company consists of equity funds and borrowed funds.
Micro risk levels
The types of risks discussed above were the macro scale levels of risk, but
in addition to these, there are some more significant micro (small-scale)
types of risks that are vital when talking about a business.
 Project risk: Project risk relates to the uncertain events or situations
that have the potential to adversely affect a planned project, usually in
terms of cost, schedule, and/or product quality. Project risk is a function
of two components: likelihood and consequence.
 Country risk: Country risk, also referred to as political risk, is an
important risk for investors today. With more investors investing
internationally, both directly and indirectly, the political and economic
stability and viability of a country's economy needs to be considered.
Sikkim Manipal University Page No. 164
Project Management Unit 7

The United States has the lowest country risk, and other countries can
be judged on a relative basis using the United States as a benchmark.
For example, the countries that needed careful monitoring in the 1990s
because of country risk included the former Soviet Union and
Yugoslavia, China, Hong Kong, and South Africa.
Factors affecting CR can be classified into four broad groups. Table 7.1
depicts the factors affecting country risk.
Table 7.1: Factors Affecting Country Risk
Category Risk Factors
Political 1. Stability, maturity, and functioning of the political system
climate 2. Representativeness and collectiveness of the
government
3. The scale of domestic conflict: racial relations; civil war
or insurgence; conditions of international relations;
sanctions imposed due to political reasons; border
disputes or military conflict with neighbouring countries,,
etc
Economic 1. Economic development stages: GDP growth; GDP per
environment capita
2. Economic stability: inflation, unemployment and
provision of social security
3. Taxation: consistency in tax charges, tax levels, tax
incentives for foreign investment and industries
4. Macroeconomic Management: Formulation;
implementation and efficiency of monetary policy and
fiscal policy
Financial 1. Stability, regulation, and supervision of the financial
conditions system
2. Capital market functioning: efficiency, liquidity,
resiliency, and transparency of the capital market
3. Operation of foreign exchange market: Stability,
resilience, and central bank intervention
4. Corporate sector: Maturity, information disclosure, and
corporate governance.
Social 1. Legal system: Independence, transparency and
institution enforcement, crime and security in the society
2. Legislations and regulations: Consistency, fairness, and
effectiveness
3. Work organisation and corporate governance:
Functioning, compatibility, and harmony
4. Influence of Interest groups: Professional groups, trade
unions, and employers organisations

Sikkim Manipal University Page No. 165

Project Management Unit 7

 Market risk
The price fluctuations or volatility increases and decreases in the day-to-
day market. It is defined as that portion of total variability of return
caused by the alternating forces of bull and bear market. When the
security index moves upward haltingly for a significant period of time, it
is known as bull market. In bull market, the index moves from a low level
to the peak. Bear market is just a reverse to the bull market.
 Interest rate risk
Interest rate risk is simply the risk to which an institution is exposed
because future interest rates are uncertain. The assets and liabilities of
a financial institution have different maturity and liquidity. Financial
institutions create assets and at the same time create liabilities. These
loans are invested by the financial institutions at a certain rate of interest
and similarly interest cost has to be paid to the lenders of deposit. The
mismatches of interest rates of the assets and liabilities expose to
interest rate risk.
For example: An Indian bank borrows Rs. 200 crore from the market for
4 years @ 10% (Floating p.a.) and creates a loan asset of the same
amount for 4 Year period @ 13% (Fixed p.a.). If, there is a an upward
trend of interest rate after 2 years and the rate of interest goes up to
15% then
Interest Loss = Crores = 200 (15% – 13%)
 Purchasing power risk
Variations in the returns are caused also by the loss of purchasing
power of currency. Inflation is the reason behind the loss of purchasing
power. The level of inflation proceeds faster than the increase in capital
value. Purchasing power risk is the probable loss in purchasing power of
the returns to be received. The rise in price penalises the returns to the
investor, and every potential rise in price is a risk to the investor.
For example, the table 7.2 depicts the risks associated with each
investment from the perspective of an Indian investor:

Sikkim Manipal University Page No. 166

Project Management Unit 7

Table 7.2: Risks involved in different investments

Investments Equity Risk Interest Currency Commodity
Rate Risk Risk Risk
IBM stock

Bangkok Bank stock

5yr GE bond 8.25%

5yr Indian T-Note

Gold (MCX)

 Liquidity risks
Liquidity risk is that part of an asset’s total inconsistency of returns which
consequences from price discounts given or sales commissions paid in
order to sell the asset without delay. It is a condition wherein it may not
be possible to sell the asset. Assets are inclined at great inconvenience
and cost in terms of money and time. Any asset that can be bought and
sold promptly is said to be liquid. Failure to realise with minimum
discount to its value of an asset is called liquidity risk.

Self Assessment Questions

1. Risk communication and risk ______________ are essential factors for
all human decision making.
2. Project risk is a function of two components: likelihood and
______________.
3. The unsystematic risk affects the entire market. (True/false)
4. Financial risk refers to the variability of the income to the equity capital
due to the debt capital. (True/false)

7.3 Risk Management

Risk Management is a field of management that deals with
the possibility that various future events may cause harm
or threat to the organisation. Risk Management comprises
of strategies and techniques to recognise and confront any
threat faced by a business in fulfilling its mission.

Sikkim Manipal University Page No. 167

Project Management Unit 7

Risk management deals with following three basic questions:

 What might go wrong?
 What can we do (both preventive and corrective measures to deal with
the incident must be thought of)?
 If something occurs, how are we going to tone down its effect?

Risk Management is concerned with the effective management of risk data

and information of an organisation's.
Risk management information systems/services (RMIS) are often used by
enterprises to provide expert advice and cost-effective information
management solutions. It deals with key processes such as:
 Risk identification and assessment
 Risk quantification
 Risk control

These points are being explained in greater detail in sections 7.6, 7.7 and
7.8, respectively.
7.3.1 Risk management plans
An effective risk management plan comprises of following steps:
 Creation
To create a risk management plan, you must carefully select appropriate
controls and counter measures to quantify each risk. Risk mitigation
must also be approved by the suitable level of management as per the
level/domain of risk.
For example: Let us suppose there is a risk concerned with the
reputation of the organisation then it should be dealt by the top
management. Whereas if there is risk to computer system or information
system because of a computer virus then the IT department would have
the authority to deal with it.
The risk management plan must also suggest valid and effectual
security controls for managing the risks. For example, If there is high risk
of computer viruses then it could be mitigated by installing an antivirus
software on the system.
A good quality risk management plan consists of a schedule for control
operation and people accountable for those actions.

Sikkim Manipal University Page No. 168

Project Management Unit 7

As per ISO/IEC 27001, after the commencement of risk assessment

phase, a risk treatment plan must be designed. A risk treatment plan
must clearly state the decisions about how each of the identified risks
should be dealt with. Mitigation of risks seldom means the selection of
apt security controls that must be documented in a statement of
applicability. this statement of applicability identifies which particular
control objectives and controls from the standard have been selected,
and the reasons for its selection.
 Implementation
The next step is the implementation of the plan. Firstly, you must
undertake measures for mitigating the effect of the risks. You must
purchase insurance policies for all those risks that could be insured. You
must try to avoid and minimise all risks without sacrificing the entity's
goals. The risks left after all these are retained.
 Review and evaluation of the plan
Initial risk management plans are certainly not going to be perfect. The
actual risk control measures are largely based on a number of factors
and hence there is always a high probability that management might
have to consider to change its plan.
Also, it is necessary that the risk results and management plans must be
periodically updated. It is done basically for two underlying reasons:
 To find out if the previously selected security measures are still valid and
effective, and
 To determine the possible risk level changes in the business
atmosphere.
For example, Market risks are an example of rapidly changing business
environment.

Self Assessment Questions

5. _______________ is a discipline for dealing with the possibility that
some future event will cause harm.
6. ____________ needs to be approved by the appropriate level of
management.

Sikkim Manipal University Page No. 169

Project Management Unit 7

7.4 Role of Risk Management in Overall Project Management

Risk analysis and management is a process which enables the analysis and
management of the risks associated with a project. Properly undertaken, it
will increase the likelihood of successful completion of a project to cost,
time, and performance objectives. There are a lot of benefits of proper risk
management in projects. Organisations can generate a lot of profit if they
deal with uncertain project events in a proactive manner. You can deliver a
project on time, on budget, and with proper quality if you are able to manage
the risks properly. The proper risk management can increase the
productivity and efficiency of the project team.
A project life cycle includes the key phases like initiating, planning,
executing, controlling, and closing. The probability of project risk depends
on the project life cycle. Figure 7.1 depicts the relationship between the risks
and their probability of happening.

Probability

Fig. 7.1: Probability of Risks versus Stages of Project Life Cycle

Source: Mishra Rajendra (2012), Project Management: Excel Books, New Delhi

Figure 7.1 explains the probability of risk in different stages of project life
cycle. It shows that the probability of risks is higher in the initial phases in

Sikkim Manipal University Page No. 170

Project Management Unit 7

comparison to closing phases. The highlighted point shows the maximum

probability of risk happening.
In comparison to probability of risk, the impact of risks is opposite. The
impact of risks is less in the initial stages of a project life cycle and higher in
the closing phases. Figure 7.2 depicts the impact of risks on various stages
of a project life cycle.

Impact

Fig. 7.2: Impact of Risks Versus Stages of Project Life Cycle

Source: Mishra Rajendra (2012), Project Management: Excel Books, New Delhi

In Figure 7.2, the highlighted point shows the maximum impact area of a
project life cycle.
Self Assessment Questions
7. The probability of project risk depends on the project life cycle.
(True/False)
8. The impact of risks is higher in the initial stages of a project life cycle.
(True/False)
9. The probability of risks is less in the initial phases in comparison to
closing phases. (True/False)
10. Proper risk management can increase the productivity and efficiency of
the project team. (True/False)

Sikkim Manipal University Page No. 171

Project Management Unit 7

7.5 Steps in Risk Management

In risk management, the following steps should be considered for effective
risk management:
Step 1 – Recognition of assets at risk: The foremost step in the risk
management technique is to carefully identify the assets which might
generate risks in project operations. These assets may fall under various
groups, such as tangible and intangible assets, movable and immovable
assets etc.
Step 2 – Valuation of assets: The assets identified and grouped in the
previous step are to be valued and categorised into different classes such
as critical and essential.
Step 3 – Identifying the intimidation: Threats can be distinct as anything
that contributes to the intermission or devastation of any service/product.
Various compulsions can be grouped into environmental, internal, and
external threats.
Step 4 – Risk consideration: The process of risk appraisal includes not
only assessment as to the provability of occurrence but also the assessment
as to the impending severity of loss, if risk materialises. This will support in
determining the appropriate risk lessening strategy, the residual risk, and
the investment required to alleviate the risk.
Step 5 – Emergent strategies for risk management: After risks
identification and assessment, one must apply various risk management
techniques such as risk avoidance, risk reduction, risk retention and risk
transfer etc.
The detailed explanations of risk reducing strategies are given under
section 7.8.

Self Assessment Questions

11. The process of ____________ includes not only assessment as to the
provability of occurrence but also the assessment as to the impending
severity of loss, if risk materialises.
12. After risks identification and assessment, one must apply various risk
management techniques such as risk avoidance, risk reduction,
____________ and risk transfer etc.

Sikkim Manipal University Page No. 172

Project Management Unit 7

7.6 Risk Identification

The risk identification is done at each stage of a project life cycle.
During risk identification, we identify and categorise the risks.
Risks must be carefully identified with the help of techniques
such as brainstorming or reviewing a standard list of risks. Risk
identification must be done by the concerned people such as IT people,
marketing managers or top level management.
There are basically two different sorts of risks. These are as follows:
 Business risks: These are the ongoing risks that are best handled by
the business. For example, if a key team member becomes unavailable
or sick then it may delay the project and the organisation might not be
able to complete the project in the given financial year.
 Generic risks: Generic risks are those risks that are common to all
projects. For example, system failure or flaw may cause the project to be
delayed.
Risks must be defined in two parts. The first part must define the cause of
the risk and the other must define the impact of the risk. For example, a risk
may be defined as "The supplier not meeting deadline will mean that budget
will exceed". If the above format is used, then it would be much easier to
remove duplicates, and understand the risk.
For comprehensive identification of risks, we may adopt risk matrix as
suggested by Well-Stam et al. Vertical axis of matrix represents various
phases of the project and horizontal axis represents various points of view
or perspective. Points of view for infrastructure project may include:
technical, organisational, zoning, political, administrative, legal/legislative,
financial/economic, social/community related.
For each class (phase and point of view), we may use some proven risk
identification techniques quoted in the literature to identify the possible risks.
These techniques include:
 Assumption analysis: Assumptions made in planning stage of the
project are taken as true, real, or certain. A closure scrutiny of these may
reveal possible risks.
 Brain storming: Brain storming is a useful tool to generate the possible
risk events in quick time. It is performed by a cross-function team
following set procedures (see chapter 8 for details).
Sikkim Manipal University Page No. 173
Project Management Unit 7

 Checklist: The checklist is developed based on past experience. It

provides a useful guide in listing foreseeable risks.
 Delphi: Delphi study is carried out with the help of a group of experts.
Since the experts are people who have a deep insight into the system
functioning, it is possible to gather useful information in this way.
 Interview: Interview may be held with knowledgeable people to identify
or to gain more in-depth knowledge of certain risks or to create a list of
control measures.
 Observations: We may visualise the risks by directly examining/
observing the current process.
 Previous documentation: Past experiences recorded in company files,
reports, third party reports, or news paper reports on electronic or paper
format provide help in listing risks.
 Modelling: Use of risk tool kits or simulation by computer or other aids
may uncover risks.
There are a number of diagrams like cause and effect diagram, fault tree,
event tree, influence diagram, etc to capture risks.

Self Assessment Questions

13. Business risks are ongoing risks that are best handled by the business.
(True/False)
14. Generic risks are risks to all projects. (True/False)
15. The checklist is developed based on _____________________.

7.7 Risk Analysis

During the identification process, a large number of risks may emerge. It is
not prudent to focus equal attention on all the identified risks. Hence, there
is a need to evaluate and prioritise them. The risk need to be quantified in
two dimensions -the impact and probability of the risks occurring . For
simplicity, rate each on a 1 to 4 scale. The larger the number, the larger is
the impact or probability. By using a matrix, a priority can be established.
Figure 7.3 depicts the risk analysis.

Sikkim Manipal University Page No. 174

Project Management Unit 7

Fig. 7.3: Risk Analysis

Source: Mishra Rajendra (2012), Project Management: Excel Books, New Delhi

It must be noted that when probability is high, and impact is low, it is a

medium risk. Contrary to this, if impact is high, and probability low, it is high
risk. Even the slightest chance of a disaster requires more attention than a
high chance of a hiccup.

Activity
What are the dimensions for quantifying different risk in investment
projects? Elaborate with example?
Evaluation / prioritisation of risks under multi-objective situation is illustrated
through an example. Let there are 5 risks – A, B, C, D and E for a project.
The project has three objectives-time, cost and quality. The steps for
evaluation/prioritisation include:
Step 1: Choose nominal scale for probability and consequence for each
objective.
Scale for probability
Verbal Judgment to Denote Probability of Occurrence Numerical Rating
of a Risk
Unlikely (< 5%) 1
Probable (5 – 25%) 2
Likely (25 – 50%) 3
More Likely (50 – 100%) 4

Sikkim Manipal University Page No. 175

Project Management Unit 7

Scale to measure consequence for various objectives:

Project duration
Verbal Judgment to Denote Corresponding Delay Numerical Rating
Negligible (< 5%) 1
Moderate (5 – 10%) 2
High (10 – 20%) 3
Very High (> 20%) 4

Cost
Verbal Judgment to Denote Corresponding Increase in Numerical Rating
Cost
Negligible (< 5%) 1
Moderate (5 – 10%) 2
High (10 – 20%) 3
Very High (> 20%) 4

Quality
Verbal Judgment to Denote Corresponding Reduction Numerical Rating
in Quality
Negligible (< 5%) 1
Moderate (5 – 10%) 2
High (10 – 20%) 3
Very High (> 20%) 4

Step 2: Obtain measure of probability and consequence under various

objectives for each risk.
Probability measure and consequence for each objective for all risks may be
obtained by using any of the techniques discussed in the previous section.
Table 7.3 depicts the outcome.
Table 7.3: Calculation of Total Weighted Measure of a Risk
Risk Probability Measure of Consequence for a Risk Total
Rating under Various Objective Weighted
Duration Cost Quality (0.2) Measure
(0.5)* (0.3) of Risk

A 1 2(1.0) 1(0.3) 3(0.6) 1.9(5)

B 3 1(0.5)** 3(0.9) 2(0.4) 5.4(4)

Sikkim Manipal University Page No. 176

Project Management Unit 7

C 2 4(2.0) 3(0.9) 2(0.4) 6.6(3)

D 5 3(1.5) 2(0.6) 1(0.2) 11.5(1)***
E 4 2(1.0) 1(0.3) 2(0.4) 6.8(2)
*denote weighted attached to objective, duration.
**denote weighted measure of consequence of risk B under objective duration (0.5 = 1 x 0.5).
***denotes total weight and rank of risk D.

Step 3: Weightage to each objective

Weightage to each objective may be determined by a group of experienced
persons related to the project using Delphi or other techniques. For this
example, weightage attached to each objective are given below:

Objective: Duration Cost Quality

Weightage: 0.5 0.3 0.2

Step 4: Calculate total weighted measure of a risk and its rank.

Total weighted measure of a risk and its rank is calculated as,
Total weighted measure of a risk = Probability x
each objective x weightage of each objective)
For risk A, refer table 7.3, Total weighted measure of risk = 1 x [2 x 0.5 + 1 x
0.3 + 3 x 0.2] = 1.9
Calculations of total weighted measure of all risks have been done and are
shown in column 6 of table 7.3. Figure in the bracket in column 6 indicates
the rank of the risk.
In place of using rank, Buttrick uses ‘category of risk’ to measure risk. For
determining risk category, he has suggested the use of risk matrix (table
7.4). Here, X-axis represents probability of occurrence of risk and Y-axis
represents severity of impact of risk. Each cell denotes risk category. Table
7.4 depicts the risk matrix.
Table 7.4: Risk Matrix
Severity of Category of Risk
Impact Probability of Occurrence of Risk
Low Medium High
High Low High High
Medium Low Medium Low
Low Low Low Low
Sikkim Manipal University Page No. 177
Project Management Unit 7

Risk log is used to record description, probability, impact on project, and

rank or category of risks. Table 7.5 depicts a typical risk log.
Table 7.5: Typical Risk Log
S. Description Date Category/Rank Risk By
No. raised of Risk Management
1. A: 5
2. B: 4
3. C: 3
4. D: 1
5. E: Delay in 1.1.2001 2 Close By
supply of monitoring of project
critical manufacturing manager.
equipment. schedule of the
equipment.
Note: Category/Rank 1 indicates the highest risk.

Self Assessment Questions

16. If probability is high, and impact is low, it is a _________________ risk.
17. If impact is high, and probability low, it is ______________ risk.

7.8 Reducing Risks

To make the most of the benefits of project risk management, we must
integrate the project risk management activities into well planned project
management plan and work activities. Once risks have been identified and
measured, the strategies to control the risk fall into one or more of these
four categories:
 Risk avoidance: It includes not performing an activity that could carry
risk. For example, not buying a property or business to avoid the liability
attached to it or not flying an airplane to avoid the risk of a crash.
Avoiding activities may seem to a very easy way of dealing with risks,
but it also means losing out on the potential gain that performing the
activities with risk may have allowed. For example, not entering a
business to avoid the risk of loss also ends the possibility of earning
profits.
 Risk reduction: It involves methods that reduce the severity of loss
from occurring.

Sikkim Manipal University Page No. 178

Project Management Unit 7

For example, sprinklers are designed to put out a fire to reduce the risk
of loss by fire. This method may cause a greater loss by water damage
and therefore may not be suitable. Halon fire suppression systems may
mitigate that risk, but the cost may be prohibitive as a strategy.
 Risk retention: It involves accepting the loss as when it arises. True
self insurance is an example. Risk retention is a feasible strategy for
small risks where the cost of insuring against the risk is likely to be
higher over time than the total losses sustained. Risks which are not
avoided or transferred are retained by default. This comprises risks
that are so disastrous that they either cannot be insured against or
the premiums would not be feasible. For example, during a war,
most property was not insured against war, so the loss caused by
war is retained by the insured. Also any amount of potential loss
(risk) over the amount insured is retained risk. This can be accepted
if there is a small chance of a very large loss or if the cost to insure
for higher coverage amounts is so high it would hamper the goals of
the organisation.
 Risk transfer: It means causing another party to accept the risk,
usually by means of contract or by hedging. An example of a risk
that uses contracts is insurance. In other cases, it may involve
contract language that transfers a risk to the other party without the
payment of an insurance premium. Very often, the liability among
construction or other contractors is transferred this way. On the other
hand, taking offsetting positions in derivatives is normally how firms
use hedging to financially manage risk.

Self Assessment Questions

18. Risk avoidance involves the methods that reduce the severity of loss
from occurring. (True/False)
19. Risk retention is a viable strategy for small risks where the cost of
insuring against the risk would be greater over time than the total
losses sustained. (True/False)

Sikkim Manipal University Page No. 179

Project Management Unit 7

7.9 Summary
Let us recapitulate the important concepts discussed in this unit:
 The unit has covered the fundamentals of risk in the project
management. The unit discussed about the different types of risks that
can impact a project and the necessary steps to mitigate risk.
 Risk measurement and management is one of the imperative functions
of the project manager. The changing comprehensive environment
continuously affects his or her decisions. But effective risk measurement
and management is a must for all business organisations to carry on
profitably in the long run.
 Interest rates, recession, and wars all represent sources of systematic
risk because they influence the entire market and cannot be avoided
through diversification. Whereas this type of risk affects a broad range of
securities, unsystematic risk affects a very unambiguous group of
securities or an individual security. Systematic risk can be mitigated only
by being hedged.
 Risk analysis and management is a process which enables the analysis
and management of the risks associated with a project. Properly
undertaken, it will increase the likelihood of successful completion of a
project to cost, time, and performance objectives.
 During the identification process, a large number of risks may emerge,
but it is not prudent to focus equal attention on all the identified risks.
Hence, there is the need to evaluate and prioritise them. There are a
number of approaches for risk analysis like matrix, etc.
 The unit also covered the key tools and techniques used for managing
risk. The risks should be managed by using the strategies like risk
avoidance, risk reduction, risk retention, and risk transfer.

7.10 Glossary
Business risk: Risk caused by the operating environment of the business.
Project risk: Risk caused by uncertain events or situations that can affect a
planned project adversely.
Risk: Defined as probability or chance of occurrence of adverse effect on
project’s objectives like cost, time, and quality.

Sikkim Manipal University Page No. 180

Project Management Unit 7

Risk management : Concerned with identifying all foreseeable risks

reasonably, assessing the probability and severity of the risk, and deciding
the course of action to reduce their possible impact or avoid them
altogether.

7.11 Terminal Questions

1. In everyday usage, risk is often used synonymously with the probability
of a known loss. Discuss.
2. Define risk management. What are the different types of risks that can
affect a project?
3. Discuss the role of risk management in overall project management.
4. What are the key steps included in risk management process?
5. What are the strategies used to reduce risk?

7.12 Answers

Self Assessment Questions

1. Perception
2. Consequence
3. False
4. True
5. Risk management
6. Risk mitigation
7. True
8. False
9. False
10. True
11. Risk appraisal
12. Risk retention
13. True
14. True

Sikkim Manipal University Page No. 181

Project Management Unit 7

15. Past experience

16. Medium
17. High
18. False
19. True
Terminal Questions
1. It is the probability of some negative impact that can happen because of
some uncertain events in the future. Risk is influenced by both internal
and external factors. Refer to section 7.2.
2. It is the process of minimising the impact of risks by using some tools
and techniques like risk avoidance, risk retention, risk transfer, etc. The
risk can be classified as project risk, country risk, systematic and
unsystematic risks, and liquidity risk. Refer to section 7.2 and 7.3.
3. Organisations can generate a lot of profit if they deal with uncertain
project events in a proactive manner. Proper risk management helps in
analysing the probability of happening risk and their impact on the
project performance. Refer to section 7.4.
4. The process of risk management includes the key steps like
identification, analysis, and risk reduction. Refer to section 7.5.
5. After the identification and analysis of a risk, the risk can be reduced by
using the key strategies like risk avoidance, risk retention, risk reduction,
and risk transfer. Refer to section 7.8.

7.13 Case Study

Reliance Industries Dials up Risk with Telecom Move: Moody's
Rating agency Moody's Investors Service has said that Reliance Industries
Ltd.'s (RIL) acquisition of Infotel has business risk and negative implications.
However, it affirmed Reliance Industries' stable outlook post the
announcement of the Infotel acquisition. On the 95% stake acquisition in
Infotel, Mr. Philipp Lotter, Senior Vice President, Moody's Investors Service,
said RIL is “dialling up risk and negative credit implications by making a
strategic move into the untested but promising fourth generation (4G)
wireless broadband spectrum technology in India.”

Sikkim Manipal University Page No. 182

Project Management Unit 7

Its strong financial balance sheet, with current cash and cash equivalents of
more than $6 billion (about Rs. 28,000 crore) and $7-8 billion in projected
annual cash flow, can easily accommodate the price tag for Infotel and the
expected $2-3 billion in additional capital outlays (excluding licence fees)
during the initial years, according to Moody's weekly credit outlook. The
credit rating agency cites certain risks in RIL's telecom move. “RIL is opting
for an unproven Long-Term Evolution (LTE) 4G technology that has had
commercial trials so far only in Norway and Sweden. Additionally,
competition among 15 players has driven calling rates in India, the world's
second largest mobile market, to less than one cent per minute, led to a
£2.3 billion write-down by mobile operator Vodafone.
“This has sparked concerns of overbidding for third generation 3G and 4G
spectrum, akin to loss-generating overpayments for 3G made a decade
earlier in Europe,” the report said. The report also pointed out the exit of the
Anil Ambani-led Reliance Communications and Vodafone from the 4G
auction, citing the high cost. Nevertheless, RIL has calculated that
nationwide access to the world's fastest growing market, which is adding up
to 20 million new mobile subscribers a month, is worth the price, the report
said. Other than the power sector, RIL may also look for minority stakes in
financial services, the report said.
(Source: www.thehindubusinessline.com)
1. Why do you think rating agency Moody's Investors Service told that
Reliance Industries Ltd.'s (RIL) acquisition of Infotel has business risk
and negative implications?
Hint: RIL is opting for an unproven Long-Term Evolution (LTE) 4G
technology that has had commercial trials till date only in Norway and
Sweden
2. Identify different risks and implication of the investment discussed under
present case?
Hint: Business, financial, credit, technology acceptance risk

References:
 Clements/Gido, Effective Project Management, Publication: Thomson.
 Gray, C. F. and Larson, E. W. Project Management, Publication: Tata
McGraw Hill.
Sikkim Manipal University Page No. 183
Project Management Unit 7

 Lock, D. Project Management, Ninth Edition, Publication: Gower.

 Nagarajan, K. Project Management, Third Edition, Publication: New Age
International.
 Chandra, P. Projects-Planning, Selection, Financing, Implementation,
and Review, Sixth Edition, Publication: Tata McGraw Hill.
 Rao, P.C.K. Project Management and Control, Publication: Sultan
Chand & Sons.
 Desai, V. Project Management, Second Revised Edition, Publication:
Himalaya Publishing House.

E-References:
 www.projectsmart.co.uk. retrieved on 27/01/2012
 www.projectmanagement.com. retrieved on 28/01/2012
 www.pmearth.com. retrieved on 29/01/2012

Sikkim Manipal University Page No. 184