Risk Management Process

Risk Management Process

Various risk management process have been proposed. Boehm (cited in Raz and Michael, 2001) suggested that the process consist of two main phases: risk assessment, which includes identification, analysis and prioritization, and risk control which includes risk management planning, risk resolution and risk monitoring planning, tracking and corrective action. Chapman and Ward (cited in Tummala and Burchett, 1999) identified risk management approach as a multiphase `risk analysis’ which covers identification, evaluation, control and management of risks. Simmons, (1998) provided a definition for the risk management as the sum of all proactive management directed activities, within a program that is intended to acceptably accommodate the possibly failures in elements of the program.

“Acceptably” is as judged by the customer in the final analysis, but from a firm’s perspective a failure is anything accomplished in less than a professional manner and/or with less than-adequate result. Al-Bahar cited in (Ahmed et al, 1999) defined the risk management as a formal orderly process for systematically identifying, analyzing, and responding to risk events throughout the life of a project to obtain the optimum or acceptable degree of risk elimination or control”.

It is management’s job to do the planning that will accommodate the possibilities. The customer is the final judge, but internal goals should be to a higher level than the client or customer expectations. Risk management as a shared or centralized activity must accomplish the following tasks (Simmons, 1998):

i. Identity concerns.
ii. Identify risks & risk owners.
iii. Evaluate the risks as to likelihood and consequences.
iv. Assess the options for accommodating the risks.
v. Prioritize the risk management efforts.
vi. Develop risk management plans.
vii. Authorize the implementation of the risk management plans.
viii. Track the risk management efforts and manage accordingly.
Chapman and Ward (1997) outlined a generic risk management process consisting of nine phases:
1. Define the key aspects of the project;
2. Focus on a strategic approach to risk management;
3. Identify where risks may arise;
4. Structure the information about risk assumption and relationships;
5. Assign ownership of risks and responses;
6. Estimate the extent of uncertainty;
7. Evaluate the relative magnitude of the various risks;
8. Plan response;
9. Manage by monitoring and controlling execution.

According to the Project Management Body of Knowledge (PMI,1996), risk management forms one of the so-called nine functions of project management (the other eight being integration, communications, human resources, time, cost, scope, quality and procurement management). It is basically know that the In the PMBOK, PMI (1996) presents four phases of the risk management process: identification, quantification, responses development and control. Risk Management covers the process of identification, assessment, allocation, and management of all project risks (APM, 2000). Healy cited in (Shen, 1997) suggested a systematic process including risk identification, risk analysis and risk response, where risk response has been further divided into the four actions: risk retention, risk reduction, risk transfer and risk avoidance. Risk management is also seen as a process that accompanies the project from its definition through its planning, execution and control phases up to its completion and closure (Raz and Michael, 2001). Risk management measures the potential changes in value that will be experienced in a portfolio as a result of differences in the environment between now and some future point in time (Dembo and Freeman, 1998)”.

The Risk Management Framework

The widely accepted view is that risk management is an iterative process (see e.g. Al-Bahar and Crandall (1990), Chapman and Ward (2000) and PMI (2000)), involving risk identification, risk analysis and evaluation, risk response management, and the system administration supported by a risk management database.