CHAPTER ONE
INTRODUCTION
1.1 Overview of Project risk Management
Project in general refers to a new endeavor with specific objective and varies so widely that it
is very difficult to precisely define it. According to the AMERICAN National Standard
ANSI/PMI99-001-2004, Project is a temporary endeavor undertaken to create a unique product or
service or result. More so, project can be seen as a unique process, consisting of a set of coordinated
and controlled activities with start and finish dates, undertaken to achieve an objective confirming
to specific requirements, including the constraints of time cost and resource. (ISO10006). Hence
It may be noted that various projects differ in composition, type, scope, size and time.
In dictionary definition terms ‘risk’ means: ‘‘hazard, chance of bad consequences, loss, exposure
to chance of injury or loss ’’ (Concise Oxford Dictionary). Such definitions illustrate one problem
with the term ‘risk’—its ambiguous use as a synonym of probability or chance in relation to an
event or outcome, the nature of an outcome, or its cause. However due to the controversial of the
term; risk, the guides published by the US Project Management Institute (PMI) and the UK
Association for Project Management (APM) have adopted a broad view of risk. Their definitions
of risk are very similar, and are as follows: Risk—an uncertain event or condition that, if it occurs,
has a positive or negative effect on a project objective (PMI,2000, p127). Risk— an uncertain event
or set of circumstances that, should it occur, will have an effect on the achievement of the project’s
objectives (Simon P, Hillson D, Newland K, 1997, p 16). Hence , risk can be seen as any
unexpected event that can affect people, technology, resources, or processes (including projects).
Unlike a regular problem that may arise, risks are incidents that may occur suddenly, sometimes
entirely unexpected.
Project Risk Management process consists of identifying risks, analysing them, and
subsequently responding to any risks that may arise throughout the project life cycle. This is done
to limit the consequences of the risk as much as possible, so that objectives can be continued to be
met. Risk management is not a reactive activity, so to find out which risks may arise, risk
management is included in every planning process. Risk management is the process of identifying,
analysing, and responding to risks before they actually become problems. Although Project Risk
Management works the same for every project, it can take different forms with different types and
sizes of projects requiring a different approach to risk management. For a case of large-scale
projects, a relatively large amount of attention is paid to comprehensive risk management and
mitigation strategies for when problems arise unlike a smaller projects, where a simple prioritised
list of high, medium, and low priority risks is sufficient.
Generally speaking, project risk management consists of the following steps; Risk
identification, Risk analysis, Risk assessment, Risk management, and Risk monitoring.
The first step in Project Risk Management is identification. When identifying risks, the assessor
may work in different ways. For example, they may look up information about similar projects in
the past. Various brainstorming techniques are also used to refresh team members’ knowledge of
past projects and risks, or to share new innovative mitigation strategies.
There are different types of risks, such as operational or business risks. Different risks are borne
by different people. The risks that often directly affect a project include: Financial risks
(budgeting), Legal risks, Supplier risks, Physical risks to employee, Strategic risks.
After various risks have been identified, it is important to evaluate them. Risk analysis is usually
done in a qualitative or quantitative way. Subsequently, risks are categorised based on two criteria:
the probability that the risk will actually occur, and the severity of its impact. Both criteria are
assigned a value, ranging from high, medium, to low. The risk is then assigned a category and
processed in a matrix. For the Qualitative Risk Analysis, it is subjective evaluation of the
probability and impact of each risk. Responses are subsequently devised for the various risks, or
alternatively a risk is analysed again, but in a quantitative way. An advantage of the qualitative
Risk Analysis method is that it is relatively quick and easy to implement. It is also ideally suited
for people who do not have skills in calculating opportunities and statistics. In contrast to
qualitative risk analysis, quantitative Risk Analysis is the numerical analysis of the probability and
impact of identified risks. The main focus is on which risks and activities contribute most to
achieving the project objectives. Quantitative Risk Analysis is less ambiguous and can be easily
explained based on input: numbers. The probability and impact can be analytically combined in a
correct way. Contingency plans can be drawn up based on the data resulting from quantitative risk
analysis.
As soon as it is clear where the greatest risks come from and which is the most important to deal
with quickly, corrective measures must be taken as to how to respond to such risk. There are four
options to responding to risk; avoiding a risk, limiting the impact of the risk, transferring the risk
and accepting the risk. Avoiding a risk means that the chance that the risk will occur is reduced to
as close to zero as possible. Usually risk avoidance involves making different decisions or making
some adjustments to the original project plan. Limiting a risk means reducing the impact of a risk
incident. By mitigating risks, it means ensuring that the impact of a risk is reduced. Transferring
a risk involves moving responsibility for dealing with the consequences of a risk to someone else.
Accepting risks may be sensible if the chances of a risk are relatively low and the costs of
mitigating it are high. Accepting a risk is not the same as not deciding or hiding from a problem.
In many ways, it is a risky response to a risk, but risks are always weighed and factored in.
The fourth step is to implement responses to various risks. Each risk response is part of the project
management plan. A risk response may come in many forms;budget allocation for a specific risk,
task assigned to a specific person, and development or implementation of a new process.
In project risk management, it is important that a responsible person is assigned to each risk. It is
the person who supervises the risk and specifically works on controlling and managing a risk. As
with all control processes and roadmaps in project management or otherwise, it is important that
both measures taken and the current situation are monitored. This is important to ensure that risk
responses remain effective, fast, and efficient. The status of the risks, expected impact and
probability must be constantly monitored, it ensures dynamism in this during the project life cycle.
If the risks are too high at a certain moment, they will require swift response. At worst, risks
endanger the feasibility of a project.
In order to effectively manage project risk, there are some tools that can be used; Failure Mode
and Effect Analysis (FMAE), Risk Bow Tie diagram, Decision Analysis among others(Janse, B.
(2020). FMAE can be used in identifying risks to find cause-effect relationships of risks that may
impact a project. FMAE is also used to perform qualitative risk analysis. The advantage of FMAE
is that it adds the dimension of risk detection. The Risk Bow Tie diagram is a tool that visualises
the risk in an easy-to-understand way. The diagram is in the form of a snare, and shows a clear
division between proactive and reactive risk management. The strength of the snare diagram is that
it provides an overview of several plausible scenarios in one image. This provides a simple and
visual way of presenting risks. Decision Analysis formally identifies and analyses important
aspects of a particular risk. The method follows a specific step-by-step plan to guide the project
team through the risk decision-making process. The RACI matrix (responsible, accountable,
consulted, informed) helps to identify and define the different roles in the decision-making process.
1.2 Research Aim and objectives
Every project, from conception to completion, passes through various phases of a life cycle
synonym to life cycle of living beings. There is no universal consensus on the number of phases in
a project cycle. An understanding of the life cycle is important to successful completion of the
project as it facilitates to understand the logical sequence of events in the continuum of progress
from start to finish. Typical project consists of four phases- Conceptualization, Planning, Scope
Execution and Termination. Each phase is marked by one or more deliverables such as Concept
note, Feasibility report, Implementation Plan, HRD plan, Resource allocation plan, Evaluation
report etc. Thus the aim of this research is to propose an efficient project Risk Management Process
which will Actively Monitor and Manage Risks all through a Project life cycle.
The following objectives are set as guidelines.

To establish a scale that reflects the perceived likelihood of a risk in a construction or
software related project implementation.

To validate actions that delineate the consequences of the risk identified.

To measure the overall accuracy of the suggested risk projection technique used in the
course the study.
The set guideline will be used in exploring the terms of risk, risk management, project risk management
critical success factors. The exploring the terms of project lifecycle and construction projects success
criteria will be factored in the course of the study, so as to investigate the effects of critical success
factors on project risk management processes.
1.3 Research Significance
The practical significance of the research is to enhance the switching from reactive to proactive
risk management strategies. The reactive risk management is a response based risk management
approach, which is dependent on accident evaluation and audit based findings while proactive risk
management is an adaptive, closed-loop feedback control strategy based on measurement and
observation. Proactive risk management improves an organization’s ability to avoid or manage
both existing and emerging risks and helps adapt quickly to unwanted events or crisis. It helps
build an understanding required to measure and manage emerging risks which give organizations
a better view of tomorrow’s risk and how it impacts their business. What differentiates proactive
risk management approach from a reactive approach is the way risks are assessed, reported and
mitigated. It involves carefully analyzing a situation or assessing processes to determine the
potential risks, identifying drivers of risks to understand the root cause, assessing probability and
impact to prioritize risks and accordingly preparing a contingency plan.
1.4 Research Scope and Delimitation
The study uses combination of quantitative and qualitative research approach. Review of literature
was first used to gather previous data and information regarding the research topic. This study set
explore the terms of risk, risk management, project risk management critical success factors. The
exploring the terms of project lifecycle and construction projects success criteria will be factored
during the study, to investigate the effects of critical success factors on project risk management
processes. Since constraints in time, budget and data collection will be encountered, the amount of
research information collected from many secondary sources are limited. Its noteworthy for
readers to bear in mind that surveys are conducted only in based location of study in which results
obtained from this research maybe unable to generalize on other types of project industries and in
other countries.