Five-Step Model of Risk Management, Implementation of Strategies at Project and Operational Level - Case Study Example

Risk Management Name: University: Course: Date: Table of Contents Table of Contents 2 Introduction 3 The five-step model of risk management 4 Practical implementation 5 Implementation of strategies at project and operational level 5 Planning at project and operational level 6 Implementation of procedures at project and operational level 8 Risk procedures at project level 8 Risk procedures at the operational level 9 Challenges in the risk management program 9 Case study 10 Determination of the objectives 11 Risk identification 12 Risks Evaluation 13 Consideration of Alternatives and Selection of the Risk Treatment Device 14 Implementing the decision 15 Conclusion 16 Introduction Risk management is defined as the process of identifying, assessing and prioritizing risks to maximize realized opportunities. Effective management of the risks involves a coordinated and economic use of resources to monitor, control and minimize the likelihood and impact of unforeseeable unfortunate events. Uncertainty associated with such sectors as the financial markets, liabilities of legal nature and failures in project management are potential causes of risks. Other scenarios include natural disasters, accidents, credit risk and enemy attacks (Crockford, 1986). Risk management adopts a prioritization criterion whereby the highest likely occurring risks and risks likely to result in the greatest loss are prioritized first. Minimum loss and lower probability risks are then handle in the descending order. Such a criterion is however, not available for projects; and instead a random identification and analysis is used. Because of the occurrence of unplanned, unlikely results, the random, brainstorming fashion of assessment often becomes fatal for the success of the project. As a result, there is need for emergency measure to take care of the unexpected risks resulting from lack of organized planning and measurement. Very early in the preparation and planning stage, it is essential that potential risks are identified, categorized and evaluated rather than looking at each risk independently and randomly. It is much more effective to identify risks and then group them into categories, or, to draw up a list of categories and then to identify potential risks within each category. Consequently, it becomes possible to identify and agree upon universal factors, influences, causes and potential impacts as well as possible corrective and preventative measures (Martin & McClur, 1983). The process of categorizing risks allows for systematic identification of risks and soliciting for information, awareness and possible actions. Although each project has a unique structure and differs from other projects, certain categories remain constant for different projects. In the risk management plan, it is vital to document potential actions and related risks in the project progress. In order for lessons to be learned and improved for application in future projects, pertinent details of the actions taken and their outcomes should be recorded and reviewed during the review and closure stages (Lacity & Willcocks, 1998). During the risk management process, implementation of practical of strategies, procedures, and planning, occurs at the project and operational level of the program. Similarly, risk procedures are also applicable at the project and operational levels. The risk management program is faced by a number of challenges. The five-step model of risk management The risk management process is vital in protecting the employees, the business, and in complying with the legal requirements of the regulators. The focus in the most likely occurring risks in the organization allows the risk manager to analyse the risks that are potential harm to the business. In order to carefully examine what could cause harm in the workplace, and decide whether enough precautions have been taken to prevent harm, certain steps should be followed in the risk assessment process. First, the hazards should be identified by establishing the areas that are most harmed by walking around, asking employees, consulting professionals, referring to ill-health and accident records, and considering the long term effects of hazards to health. Secondly, a decision should be made on the most likely harmed in order for the appropriate risk management strategy to be identified. The third step of evaluating the risks and deciding on the precautions to be taken, is acknowledged by law that everything ‘reasonably practicable’ to prevent harming people (Martin & McClure, 1983). Fourth, the results of the risk assessment should be recorded and the implementation phase commenced. Communication across the workforce of the results and the likely avenues to be adopted will motivate participation by the company staff as a unit. Finally, the risk assessment initiative should be reviewed and necessary update undertaken. Practical implementation Implementation of strategies at project and operational level When focusing on the start-up stages of the projects, broad strategies are usually described that cover a wide range of risks. When dealing with problems arising during the implementation of the project, managers typically can draw on the same set of possible strategies to address the problems that will be faced. Strategies in the first category like control can typically be applied in those situations that the project managers are directly within their locus of control, and are mainly described in situations and contexts relating to the risks grouped in the project management risk theme, namely vendor staffing resources, change management, schedule and budget, documentation control, client sign-off control, and third-party deliverables control. Control of this type of risk is by being at the heart of a project manager’s skill set, and, strong management of the schedule and budget as the foundation for project success. At operational level the environment risks related to multiple countries, departments and non-local and multiple third parties can partly be addressed by control strategies (Koh et al., 2004). The second category, negotiation, describes strategies used in situations seen only partly within the locus of control. This strategy solves situations that are typically the soft situations involving inter-personal interactions and relationship issues. At operational level risks related to change management issues can be addressed both with strong control strategies and also with careful negotiation (Klein et al., 1989). The third set of strategies is research at the project level its applied in situations that the respondents regarded as fully within the control, namely situations that require further information in order to determine what action to take. In implementation level its particular applied when any of the technology risks has been identified, and also when there is lack of vendor understanding of the client requirements (Keil et al., 1998). Finally, Hubbard (2009) has established that a large number of risks fail to use mitigation strategies at all, and instead adopt a monitoring strategy. Most of these risks fall into the environmental risk theme where potential problems form the context of the project, and this could influence the approach used for a particular project situation, but they are not risks that managers actively attempt to address or change. At the operational level monitoring strategy is used to address one risk each from the relationship and technology/solution risk themes like client top management support and development choice respectively. These two risks are viewed as non-negotiable parts of the project environment that there is little control or influence over, and, just like contract terms and conditions, which is something to be accepted and monitored. Planning at project and operational level Planning being part of the Project Planning phase, and Risk Monitoring continues throughout the project implementation phase. The planned actions may be to eliminate, mitigate, or accept risks depending on their priority; and contingent actions should also be planned to address problems that arise in spite of any eliminating or mitigating actions that may have been taken (Flanagan, 1954). According to Dorfman (2007), Practical implementation of plan helps during the planning stage where there is risk identification, risk quantification and risk response development. At the project level reporting and planning of the progress within the project environment adopts such schedules as Gantt charts. Planning is defined and the appropriate methods for completing the project are determined to avoid risks. Planning involves durations for various tasks, work breakdown structure, logical dependencies, activity network diagrams, estimated costs and resource usage. The conceptual proposal and the project charter are vital inputs of the project phase; while the project management plan, project schedule and project requirements are the outputs of the project planning phase. According to Heemstra and Kusters (1996), the operational level project a well planned project helps bring out a list of risks identified. The nature of the project and the risks determine their fate. For instance, the list of low uncertainty risks may be kept as a list of red flag items for noncomplex low-cost projects. At this stage, individual team members can each be individually assigned for monitoring during the project development process; and eventually be used in the risk allocation purposes. However, on the rather complex, high-cost projects coupled with relatively high uncertainty, the universal, assessment, analysis, reduction, planning, allocation, monitoring and updating, stages can be adopted. Identified risks can be used to counter redundancy and lay a foundation for better management of similar risks in the later stages of the risks management and even in future projects. Checklists, databases and risk registers for use in future projects can be generated during the risk classification process. Implementation of procedures at project and operational level Corporate senior leaders establish project risk management procedures as tools for minimizing and preventing losses. Latest developments in the regulatory guidelines, professional standards and industry practices are made available to the project staff members through the procedures. The procedures are equally important to the employees in ensuring adherence to the generally accepted standards and stipulated risk management principles (Davis, 1982). Risk procedures at project level Risks can be implemented by use of risk and control assessment tools like computer credit models and stress testing. As the project progresses, the tools will be instrumental in the identification, measurement and monitoring of the operational, technical and financial risks of the project. In the project manager’s view, the financial risks inherent to the project activities are relatively indicative of the project progress compared to the ratings. On the other hand, external and internal auditors test the state of the internal guidelines and controls while ensuring their effectiveness, adequacy and conformity with industry regulations and practices. Loss prevention from such factors as fraud, technological breakdowns and adverse regulatory initiatives is conducted through an assortment of group directives provided by the controls (Crockford, 1986). Risk procedures at the operational level A risk management procedure helps a project leader evaluate risks implicit in short term project or long term initiative at the operational level. A risk manager establishes complex risk control methodologies and tools using statistical skills and arithmetical expertise. A project manager prepares a risk and control self-assessment (RCSA) report to ensure that senior management is aware of major risks implicit in operating activities. Risks implicit in the corporate operation of a progressing project can managed through project auditing activities. Similarly, staff members receive clear instructions on task performance and potential problems reporting through adequate control procedures. Such a control procedure, is consequently, effective if it generates appropriate corrections for short term and long term breakdowns in the internal controls. Challenges in the risk management program Challenges in the risk management process are implicit within organizations because of the uncertainty associated with risk events. Although the corporate activities’ risks and financial risks can be measured and mitigated through the use of stress testing and computer models, unfavourable investments due to economic trends and securities markets may maintain the high risk levels. If a company does not enact proper decision-making mechanism and inadequate/functional internal controls, significant challenges will gravely impact on the risk management process. While a functional procedure ensures that problems internal to a corporation are appropriately solved, an adequate policy provides employees with direction on performing tasks and reporting problems. Therefore, risk management challenges will include technological problems due to advancing hardware or software; noncompliance with enacted rules and regulations by the staff; and inaccuracies or errors in the financial market information (Hubbard, 2009). The corporate risk management systems are faced by such challenges associated with technological, operational and compliance risks. For instance a company intending to install an online risk management program for the compliance with the Securities and Exchange Commission regulations, will fail in the compliance in case the employees are lazy at adopting the internet technology. Similarly, failure of the New York Stock Exchange web portal to allow direct import, will pose a risk management challenge to the employees in need of accessing online data. Case study Risk management program by Paramount Canada’s Wonderful (PCW) change management Toronto’s PCW is an outdoor theme park providing guests with more than 200 attractions in its location outside the city of Toronto, Ontario. In addition to the attractions (Arthur's Baye Stunt Show and Victoria Falls High Divers) are a selection of roller-casters, wild rides (Drop Zone Stunt Tower and Shockwave TM), and a whole-family 20-acre water park. Depending on the weather, the part is usually open beginning the end of May and closes in early October. A risk management plan would be vital in the park’s plan to remain fully operational and ensure safety for the consumer base as well as the employees involved in the operating the amusement park. The plan will in addition to protecting the revelers, but also the stunt show performers, the employees around the gates and even the Chief Executive Officer. The successful insurance and retain PCW, certain areas should be attended to in the development of a risk management plan. The six areas include determination of objectives, risk identification, risks evaluation, finding alternatives and selecting the appropriate risk treatment device, implementation of the chosen alternative, and evaluation and preview. PCW will be at a better position dealing with any possible risks, if the above six areas are attended to in detail. Determination of the objectives The amusement park industry has recently reported increasing number of accidents. It is therefore imperative that risk management be adopted for Toronto’s PCW, just as other amusement parks should be. In addition to reducing tension within the daily environment, risk management is also a value-addition avenue as patrons visiting the PCW will have a renewed feeling of safety. Similarly, the risk management program will be crucial in achieving the company’s greatest objectives; including maintaining the profitability of the park and ensuring safety for the patrons, through a well properly implemented risk management program. A satisfied patron base will be confident with the safety and will keep returning; thus increasing the profitability of the park. In spite of benefiting PCW and the stakeholders, the safety is an obligation to the park in providing to the society with minimal risk of injuries; thus the business has a social responsibility towards the society as acknowledged by law. The CSR initiative for PCW can be achieved through: a. Making an explicit commitment to the community by meeting community demands by providing cost-effective services and products; attending to community needs philanthropically; partnering with community-based organisations to foster business prosperity; and participate in long-term strategic partnerships in the community. b. Gather and respond promptly to complaints within the community, and strive for employee safety by taking into consideration the stress and anxiety level of employees across the business departments. Risk identification An assessment plan is crucial for the risks implicit to the park to be identified, measured and managed. Thus, it is fundamental that the PCW risk manager should access the park’s operations in an effort to identify the risks threatening PCW’s operations. The process of surveying the park, the risk manager should keenly pursue common risks that are easily identified. For instance, he should ensure that instructional and safety signs are visible; enough emergency exits that are easily accessible; and functioning safety restraints for roller coasters and attractions. Next, the risk manager should focus on the prerequisites and training procedures for all staff; such as staff working in the stunt shows or Water Park lifeguards, and establish the likely risks resulting from poor performance due to maintenance, personal relations, inspection of equipment, and finance department. The water park for example should be checked for proper chlorination levels by maintenance, are the Super Soaker rafts in good working condition; are customer concerns attended to by the PR; and are proper insurance covers maintained by the finance department. Risks apart from the common cases in the rides can also be reported in the hygiene procedures and during food preparation. Risks Evaluation According to Covello and Allen (1988), evaluation can be conducted successfully if risks are pooled into 3 categories on the basis of their severity; important, critical and unimportant risks. An example of critical risk to PCW is the exposure that would cause the business to become bankrupt. PCW would therefore assume such critical risks as riding-related severe injury or death incidents of patrons; although as a precautionary measure, safety should always be taken to reduce injury to employees. Another potentially avoidable risk is training and/or failing to ensure that employees have not only the appropriate, but also the up-to-date training for a particular job specification, especially during the recruitment process. Secondly, risks that would force PCW to solicit for external sources of funds are considered important risks. For example, the restaurant employees serving food that causes several customers to be sick, despite having known that the food were overdue; discrimination in the hiring procedure by the upper management; or in the event that one of the PR staff was involved in a fist fight; would all amount to important risks. Unimportant risks unlike the above risks are calculable in instances and would eventually lead to losses to the business. For instance a harassment lawsuit by a subordinate staff against a top management staff in the marketing department; loss of numerous dissatisfied customers because of poor quality service or services that are not affordable for most customers; increasing spending due to an accounting error by the accounting department; all amount to the calculable unimportant risks; specifically increase in costs for PCW. A precautionary measure that would warn PCW of the likely risks and their monetary values can be achieved by citing examples and categorizing them into each of the categories, critical, important or unimportant risks (Flanagan, 1954). Consideration of Alternatives and Selection of the Risk Treatment Device At this stage, where specific risks are analysed and the appropriate solutions are adopted, the risk management program occurs in two levels; risk control and risk financing. The latter of the risk management program further subdivides into risk avoidance and risk reduction. In order for PCW to implement the strategies into their risk management program, the risk manager should preview the various sectors of the park in search for risks that can be avoidable. Two outstanding character traits of avoidable risks are high frequency of occurrence and high severity (impact). For example if roller coaster exhibits the features of avoidable risks, PCW either discontinue the attraction or completely remove it. However, if risks are unavoidable; with high frequency but low severity, the only alternative is reducing them. For instance if parents frequently complain that their children are denied certain rides because of certain height requirements, avoiding such a risk would necessitate posting height restriction signs at the gates for specific attraction sites, so that the parents are fore-warned; thus end the complaints and dissatisfied patrons (Assen & Gable, 1996). Considering that safety is their primary priority, PCW is entitled to deciding on the ride eligibility; through height or even age requirements. The stipulated eligibility criteria should be strictly enforced and all patrons, including the parents accompanying the kids, ought to comply to the latter with the posted guidelines, in order to be granted a chance to ride. As a result, the business’s strict policy and guidelines will either be complied with by parents that are cautious with regulations or violated hence sent off, for parents that are less cautious of safety and regulations. Either way, uneventful occurrence will not amount to a severe risk. Losses that result from the above mentioned risks can be compensated for through risk financing. PCW’s first step in risk financing is retention. For instance, the money-back guarantees or assuming refunds as a policy of the company will protect customers in the consequence of a bad experience. However, if the guarantees do not yield much, the company should resort to insurance as the last option. In this way, PCW would transfer risk to the ticket holder, thus passing liability to the patron. Additionally, PCW could adopt the hold-harmless agreement, which if the business is proven to be legally negligent, it would be expected to pay damages to the aggrieved patron. Implementing the decision Once PCW has attained employee and patron safety, it would indicative of the safe work environment and attraction site, hence a less anxious workforce and a satisfied customer base. The outcome of the positive re-enforcement by the line employees and staff, translates to reduced injuries and productivity will be increased. After considering alternatives, giving the underwriter, the broker and PCW a copy of compiles in report form should be completed. As a result, value-added will continue, and gains increases once the employees have identified the grey areas of operation. Reducing risks and liabilities can be further achieved by establishing compulsory certified training programs for all newly recruited employees. Conclusion The risk management process is vital in the operation of businesses considering the ever-changing economic climate. The unpredictable nature of business events necessitates effective management of risks in order to ensure the safety of employees as well as customers. The five step risk assessment process ensures that risk mitigation strategies are effective in ensuring profitability and success of organizational objectives. Organizations should also practically implement strategies, procedures and plans at various levels of the project life. However, the success of the risk management process will be determined by the pace at which challenges in workplace are countered; thus motivating the workforce to participate in the process, and ensure the prosperity of the organization. Reference list Assen, Van Gorcum & Gable, G. G 1996, A Multidimensional Model of client Success When Engaging External. Consultants. Management Science, 42, 1175-1198. Covello, V. T. & Allen, F. H 1988, Seven Cardinal Rules of Risk Communication. Crockford, N 1986, An Introduction to Risk Management (2 ed.). Cambridge, UK: Woodhead-Faulkner. p. 18. Crockford, N 1986, An Introduction to Risk Management, (2nd ed.). UK: Cambridge University Press. Davis, G. B 1982, Strategies for information requirements determination. IBM Systems Journal, 21(1): 4-31. Dorfman, Mark S 2007, Introduction to Risk Management and Insurance (9 ed.). Englewood Cliffs, N.J: Prentice Hall. Flanagan, JC 1954, The Critical Incident Technique. Psychological Bulletin, 51.4, 327-359. Heemstra, F.J. & Kusters, R.J 1996, Dealing with risk: a practical approach. Journal of Information Technology, 11(), 333-346. Hubbard, D 2009, "The Failure of Risk Management: Why It's Broken and How to Fix IT" John Wiley & Sons, pg. 46. Keil, M, Cule, P, Lyytinen, K & Schmidt, R 1998, "A framework for identifying software project risks", Communications of the ACM, Vol. 41 (11), pp. 76-83. Klein, G.A., Calderwood, R., & MacGregor, D 1989, Critical decision method for eliciting knowledge, IEEE Trans. Syst., Man, Cybern., 19, 462–472. Koh, C., Ang, S., & Straub, D.W 2004, "IT Outsourcing Success: A Psychological Contract Perspective," Information Systems. Research, 15(4), 356. Lacity, M. C. & Willcocks, L 1998, “An Empirical Investigation of Information Technology. Sourcing Practices: Lessons from Experience”, MIS Quarterly, Sept. Levina, N. & Ross, J. W 2003, From the vendor's Perspective: Exploring the Value Proposition in IT Outsourcing, MIS Quarterly, 27(3) Martin, J., & McClure, C 1983, "Buying Software off the Rack: Packages can be the Solution to the Software. Shortage," Harvard Business Review, 61(6) Read More