Risk Management System

Uncategorized 2 Minutes

There must be a management system to manage risk on a project to give it a disciplined structure, which is essential to avoid missing risks and/or not considering them properly.

The definition of risk management provides indicators of the activities to be performed with its mention of identification, quantification and deliberate action in response to the risk.

A system that identifies and quantifies the risks to which a project is exposed so that a conscious decision can be taken on how to manage the risk.

Like all management systems, it must be provide control, but it must also be practical, realistic, and cost effective, otherwise it will fall into disuse or fail to perform properly. IEC/ISO31000 Risk Management – Risk Assessment technique emphasises that the risk management process aids decision-making by taking account of uncertainty and the possibility of future events or circumstances (intended or unintended) and their effects on agreed objectives. It introduces the process involved in risk management.

In this model, risk is identified through communication and consultation, which leads to a risk assessment cycle that is monitored and reviewed. The cycle has five steps: establishing the context; risk identification; risk analysis; risk evaluation; and risk treatment. 

Risk Management Process [IEC/ISO31000]

Note: IEC/ISO31000 is an international standard for Risk Assessment Techniques, reviewed every five years. You can read more about this on the International Organization Standards website.

This process is at the core of the risk management system. Its essence is:

A three-step chain that reads: risk identification; risk analysis; risk response. Risk analysis is broken down into two tasks: probability of occurrence, and impact of occurrence. 

Risk Management Process.

The Figure below shows the same process, but elaborated to include more information concerning the activities that are undertaken at each stage in the process.

A model with six major steps. 1-Establish the context: develop criteria; define the structure. 2-Identify: what can happen? How can it happen? 3-Analyse: determine probability and impact; estimate level of risk; compare against criteria. 4-Evaluate; identify treatment options: avoid, accept, reduce, transfer, share. Evaluate treatment options. 5-Allocate: select treatment options; allocate responsibility. 6-Mitigate: prepare treatment options; implement plans. 

Risk Management System (Parsons Brinkerhoff)

All risk management systems have the same constituent activities, so the challenge for the project manager, especially at the start-up of the project, is to ensure that:

  1. The process is in place;
  2. The activities are present;
  3. The activities are being carried out effectively;
  4. It is possible to monitor the performance of the risk management system.

Residual and Secondary Risks

In addition to the risks identified by the risk management system, the system itself also generates risks; these are termed residual and secondary risks.

  • Residual risks are risks that remain after all of the response strategies have been implemented. It is not possible to eliminate a risk entirely, or to make the project risk free. Some risk consequently remains after it has been managed.
  • Secondary risks are a direct result of implementing a risk response. By taking action to address a risk, additional risks are generated that arise from the actions taken.

The project manager and those directly engaged with the management of risk and operating the risk management process must ensure that both residual and secondary risks are properly managed. In practice, this means that both must be treated as risks in their own right and be subject to the same full risk management process and considerations as every other risk. A risk management system that does not specifically have the mechanism to identify and manage these risks should automatically raise alarms with the project manager. Conversely, the project manager must ensure that this aspect is included when specifying the risk management system.

Published by vswami11

I am learner who wish to help others who intend to learn

Published

Leave a comment