CHAPTER ONE INTRODUCTION 1.1 Overview of Project risk Management Project in general refers to a new endeavor with specific objective and varies so widely that it is very difficult to precisely define it. According to the AMERICAN National Standard ANSI/PMI99-001-2004, Project is a temporary endeavor undertaken to create a unique product or service or result. More so, project can be seen as a unique process, consisting of a set of coordinated and controlled activities with start and finish dates, undertaken to achieve an objective confirming to specific requirements, including the constraints of time cost and resource. (ISO10006). Hence It may be noted that various projects differ in composition, type, scope, size and time. In dictionary definition terms ‘risk’ means: ‘‘hazard, chance of bad consequences, loss, exposure to chance of injury or loss ’’ (Concise Oxford Dictionary). Such definitions illustrate one problem with the term ‘risk’—its ambiguous use as a synonym of probability or chance in relation to an event or outcome, the nature of an outcome, or its cause. However due to the controversial of the term; risk, the guides published by the US Project Management Institute (PMI) and the UK Association for Project Management (APM) have adopted a broad view of risk. Their definitions of risk are very similar, and are as follows: Risk—an uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective (PMI,2000, p127). Risk— an uncertain event or set of circumstances that, should it occur, will have an effect on the achievement of the project’s objectives (Simon P, Hillson D, Newland K, 1997, p 16). Hence , risk can be seen as any unexpected event that can affect people, technology, resources, or processes (including projects). Unlike a regular problem that may arise, risks are incidents that may occur suddenly, sometimes entirely unexpected. Project Risk Management process consists of identifying risks, analysing them, and subsequently responding to any risks that may arise throughout the project life cycle. This is done to limit the consequences of the risk as much as possible, so that objectives can be continued to be met. Risk management is not a reactive activity, so to find out which risks may arise, risk management is included in every planning process. Risk management is the process of identifying, analysing, and responding to risks before they actually become problems. Although Project Risk Management works the same for every project, it can take different forms with different types and sizes of projects requiring a different approach to risk management. For a case of large-scale projects, a relatively large amount of attention is paid to comprehensive risk management and mitigation strategies for when problems arise unlike a smaller projects, where a simple prioritised list of high, medium, and low priority risks is sufficient. Generally speaking, project risk management consists of the following steps; Risk identification, Risk analysis, Risk assessment, Risk management, and Risk monitoring. The first step in Project Risk Management is identification. When identifying risks, the assessor may work in different ways. For example, they may look up information about similar projects in the past. Various brainstorming techniques are also used to refresh team members’ knowledge of past projects and risks, or to share new innovative mitigation strategies. There are different types of risks, such as operational or business risks. Different risks are borne by different people. The risks that often directly affect a project include: Financial risks (budgeting), Legal risks, Supplier risks, Physical risks to employee, Strategic risks. After various risks have been identified, it is important to evaluate them. Risk analysis is usually done in a qualitative or quantitative way. Subsequently, risks are categorised based on two criteria: the probability that the risk will actually occur, and the severity of its impact. Both criteria are assigned a value, ranging from high, medium, to low. The risk is then assigned a category and processed in a matrix. For the Qualitative Risk Analysis, it is subjective evaluation of the probability and impact of each risk. Responses are subsequently devised for the various risks, or alternatively a risk is analysed again, but in a quantitative way. An advantage of the qualitative Risk Analysis method is that it is relatively quick and easy to implement. It is also ideally suited for people who do not have skills in calculating opportunities and statistics. In contrast to qualitative risk analysis, quantitative Risk Analysis is the numerical analysis of the probability and impact of identified risks. The main focus is on which risks and activities contribute most to achieving the project objectives. Quantitative Risk Analysis is less ambiguous and can be easily explained based on input: numbers. The probability and impact can be analytically combined in a correct way. Contingency plans can be drawn up based on the data resulting from quantitative risk analysis. As soon as it is clear where the greatest risks come from and which is the most important to deal with quickly, corrective measures must be taken as to how to respond to such risk. There are four options to responding to risk; avoiding a risk, limiting the impact of the risk, transferring the risk and accepting the risk. Avoiding a risk means that the chance that the risk will occur is reduced to as close to zero as possible. Usually risk avoidance involves making different decisions or making some adjustments to the original project plan. Limiting a risk means reducing the impact of a risk incident. By mitigating risks, it means ensuring that the impact of a risk is reduced. Transferring a risk involves moving responsibility for dealing with the consequences of a risk to someone else. Accepting risks may be sensible if the chances of a risk are relatively low and the costs of mitigating it are high. Accepting a risk is not the same as not deciding or hiding from a problem. In many ways, it is a risky response to a risk, but risks are always weighed and factored in. The fourth step is to implement responses to various risks. Each risk response is part of the project management plan. A risk response may come in many forms;budget allocation for a specific risk, task assigned to a specific person, and development or implementation of a new process. In project risk management, it is important that a responsible person is assigned to each risk. It is the person who supervises the risk and specifically works on controlling and managing a risk. As with all control processes and roadmaps in project management or otherwise, it is important that both measures taken and the current situation are monitored. This is important to ensure that risk responses remain effective, fast, and efficient. The status of the risks, expected impact and probability must be constantly monitored, it ensures dynamism in this during the project life cycle. If the risks are too high at a certain moment, they will require swift response. At worst, risks endanger the feasibility of a project. In order to effectively manage project risk, there are some tools that can be used; Failure Mode and Effect Analysis (FMAE), Risk Bow Tie diagram, Decision Analysis among others(Janse, B. (2020). FMAE can be used in identifying risks to find cause-effect relationships of risks that may impact a project. FMAE is also used to perform qualitative risk analysis. The advantage of FMAE is that it adds the dimension of risk detection. The Risk Bow Tie diagram is a tool that visualises the risk in an easy-to-understand way. The diagram is in the form of a snare, and shows a clear division between proactive and reactive risk management. The strength of the snare diagram is that it provides an overview of several plausible scenarios in one image. This provides a simple and visual way of presenting risks. Decision Analysis formally identifies and analyses important aspects of a particular risk. The method follows a specific step-by-step plan to guide the project team through the risk decision-making process. The RACI matrix (responsible, accountable, consulted, informed) helps to identify and define the different roles in the decision-making process. 1.2 Research Aim and objectives Every project, from conception to completion, passes through various phases of a life cycle synonym to life cycle of living beings. There is no universal consensus on the number of phases in a project cycle. An understanding of the life cycle is important to successful completion of the project as it facilitates to understand the logical sequence of events in the continuum of progress from start to finish. Typical project consists of four phases- Conceptualization, Planning, Scope Execution and Termination. Each phase is marked by one or more deliverables such as Concept note, Feasibility report, Implementation Plan, HRD plan, Resource allocation plan, Evaluation report etc. Thus the aim of this research is to propose an efficient project Risk Management Process which will Actively Monitor and Manage Risks all through a Project life cycle. The following objectives are set as guidelines. To establish a scale that reflects the perceived likelihood of a risk in a construction or software related project implementation. To validate actions that delineate the consequences of the risk identified. To measure the overall accuracy of the suggested risk projection technique used in the course the study. The set guideline will be used in exploring the terms of risk, risk management, project risk management critical success factors. The exploring the terms of project lifecycle and construction projects success criteria will be factored in the course of the study, so as to investigate the effects of critical success factors on project risk management processes. 1.3 Research Significance The practical significance of the research is to enhance the switching from reactive to proactive risk management strategies. The reactive risk management is a response based risk management approach, which is dependent on accident evaluation and audit based findings while proactive risk management is an adaptive, closed-loop feedback control strategy based on measurement and observation. Proactive risk management improves an organization’s ability to avoid or manage both existing and emerging risks and helps adapt quickly to unwanted events or crisis. It helps build an understanding required to measure and manage emerging risks which give organizations a better view of tomorrow’s risk and how it impacts their business. What differentiates proactive risk management approach from a reactive approach is the way risks are assessed, reported and mitigated. It involves carefully analyzing a situation or assessing processes to determine the potential risks, identifying drivers of risks to understand the root cause, assessing probability and impact to prioritize risks and accordingly preparing a contingency plan. 1.4 Research Scope and Delimitation The study uses combination of quantitative and qualitative research approach. Review of literature was first used to gather previous data and information regarding the research topic. This study set explore the terms of risk, risk management, project risk management critical success factors. The exploring the terms of project lifecycle and construction projects success criteria will be factored during the study, to investigate the effects of critical success factors on project risk management processes. Since constraints in time, budget and data collection will be encountered, the amount of research information collected from many secondary sources are limited. Its noteworthy for readers to bear in mind that surveys are conducted only in based location of study in which results obtained from this research maybe unable to generalize on other types of project industries and in other countries.