Theoretical Notions of Risk Management - Coursework Example

Risk management paper Name Course Tutor Task Date Introduction Within the volatile global environment, a number of projects take place. The environment is volatile in the sense that many dangers do exist. The increasing number of dangers will affect project execution in a number of ways hence the output of the project may not be satisfactory. The evaluation, which is done, at the end of the project always indicate that the problems, which were encountered, can be easily foreseen and could be eliminated even before they occur. Risk management is, therefore, aimed at predicting the problems and giving out measures that can be taken to avert the problems hence less impact on the projects. This paper looks at the theoretical notions of risk management and how it can be adapted to a practical phenomenon. The practical phenomenon to be looked at is the software projects. This is because a number of software projects do not take place as planned. Low quality or substandard, time, and cost overruns and totally failed projects are always witnessed. The principle in the wake of risk management in the context of Information Technology project management is that the mistakes or problems can be foreseen at an early stage. Nonetheless, it is reasonable to locate any potential problem and sought for solutions to minimize or avert the consequences that are because of these problems. The project management concepts can be implemented in practice. In extension, the paper will incorporate both theory and practice. Initially, the theoretical concepts will be looked at. Then a connection with practice will be made by use of a concrete procedure for risk management. Finally, a discussion and conclusion of the outcome will be presented. Definition of risk and risk management Risk, risk exposure and risk impact Risk is defined as the prospective for recognition of unwanted, unconstructive consequences of an occurrence. The basic features or characteristics of the definition are; one, the extent of uncertainty in relation to the happening of the problem and two, unconstructive effect the risk has on the project if the problem occurs. Risk impact refers to the size of the loss. The impact can be established in a number of ways that include additional expenditure, extended lead-times, lower quality, an absence of functionality and in the extreme case total project failure. The degree of uncertainty is equated to the extent of probability. Probability is normally expressed as a number, with one implying certainty and zero implying impossibility. Measures such as small, medium, or large. The aspect of uncertainty is deep-seated in the concept of risk. For instance, in instances where the problem is unlikely, to occur then it is discarded, but in circumstances where its occurrence is visible then, normal management practices are put in place to deal with the problem (Frenkel, 2005). When looking at the possible effects and counter measures of risks two notions are of importance. The first notion is focusing on loss expectation. This is also known as risk exposure and ascertained as the product of probability multiplied by the risk impact. These mean that, impact and probability have to be considered while discussing risk. For instance, a risk that leads to a higher impact will call for more attention given that the probability for it to occur is high relative to less impact risks. The other notion is risk reduction leverage. It is founded on the previous and focuses on establishing the effectiveness of an offset measure. The effectiveness of a measure is ascertained through the comparison of its associated costs and its benefit. Risk management Risk management is the process whereby, a risk is identified then assessed and giving a priority for economical and coordinated application of resources. This will reduce the impact and possibility of unfortunate events. Risks may come from different uncertainties such floods, fires, accidents, credits and natural causes from things that we do deliberately. In this case, we find that if a risk is not managed well it could lead to enormous losses or cost us immensely much. Risk management is, however, a five-stage process which goes concurrently but which has to be followed so that a satisfactory quality risk management can be achieved. The processes are as follows: Risk Identification This is the most salient part in risk management that an individual will do nothing with until he/she has first identified the risk. In this area, we find that the identification of the risk first starts from where the problem is or location of the problem. Identification of risk in this case can be; scenario based, objective based, common risk checking and taxonomy based. Due to this case, we have to establish where the risk is, and then the solution on how to solve the risk will follow later. An example is a case whereby, when let us say we are in a car and by decomposing luck there is an accident there must be an exit for getting out of danger. In this case, we are able to manage a lot of dangers that might happen in case an accident occurs by making an exit point in a car. It comprises of the location of all the possible uncertainties that are connected with the specific project and in any case, it might negatively impact the project. The process of identification is deep rooted in an individual experience and through the use of checklist. Risk Analysis Risk Analysis involves analyzing of a risk and measuring its openness or its brunt. In this case, risk management can be either qualitative or quantitative. Quantitative analysis is the process of determining the probabilities of the events and the extent of losses, if an unexpected event happens numerically. On the other hand, a qualitative analysis is the process of defining various fears and devising countermeasures of determining the extent of the dangers the risk might expose. In this area, we find that we must analyze the risk in this case as such that if an accident happens what is the extent of the damages this accident will bring or what problems will this accident bring. In this case, we find that if a car is involved in a grisly road accident what losses will the car bring and what danger might this car expose. It seen on the basis of risk exposure. Meaning that, the analysis is carried out so as to establish if a small risk experienced now can be magnified in the near future hence causing devastating effects. Risk Control This is the process whereby companies or organizations have to manage all the risks that might arise by use of procedures, systems, and policies. After analyzing the risk, the organization management then decides on how the risk can be controlled. We find that if a risk can be controlled within the organization then it will be the better but if it cannot be controlled. Then, a method is devised for controlling it by transferring the risk. Risk control can be easily achieved if a company can put in place better procedures to be followed in case a risk occurs. Like, if a company is nearly going bankrupt there must be some procedures, for the company to follow for it not to be bankrupt like by borrowing loans from banks or by selling its shares to people so that it can get finance for the company to go on operating. Other, further actions such as monitoring is required so as to ensure that the risks are fully dealt with or if other measures need to be in place so as to avert the risk. Dealing with risk Risk control has to do with the following activities; one, establishing the most appropriate way of plummeting the potential risks. When the knowledge about potential risk is scarce then actions such as buying information through expenditure on simulation, prototyping, benchmarks, surveys, and reference checks are encouraged. However, when dealing with known risks items, a number of offset measures can be visualized. The measures can be classified into four main categories: Risk elimination; this involves doing away with the root course of the risk Risk reduction; this involves taking the necessary steps to mitigate losses if the risk occurs. Risk transfer; this involves shifting the risk to the hands of a third party. Risk compensation; it deals with the acceptance of risk existence and pledge to deal with it if it occurs. Two: developing risk management procedures. The use of risk management plans as part of the request process and negotiation among customers and supplier is being utilized, and welcomed by a number of organizations, due to its ability to deal with projects that are risky. Risk management procedures specifically those addressing certain project risks ought to be co-coordinated together and plus the project plan in which the generic risks has been dealt with properly. This is necessary when both time or schedule and resources are supposed to be utilized. Finally, set up a starting point for controlling the lasting risks. When sufficient risk reduction and assessment are performed at the beginning of the project then, with the preceding actions of project implementation will ensure that the potential mitigation will be ensured. Risk monitoring focuses on ensuring that risks are being controlled fully, foreseeing new risks and locating those risks, which has not been noticed, yet they have caused a lot of problems. The main activities associated with risk monitoring are: Risk reporting; it makes out responsibility of exposing to senior management and customers of the organization. The reporting is grounded on the assessment of the present, threatening risks. Risk reassessment; it involves a continuous process which forms the risk management control circle. The circle rely on risk monitoring which incorporates risk reassessment, remedial measures and modifications to risk management procedures to keep on in control of the alleged risks. Risk Transfer This is process that if one is not able to manage the risk he or she is free to channel it to a third party. This is the place whereby an insurance company comes in and insurance will be willing to handle those risks that a company cannot cope with. An example is a case whereby an organization goes to an insurance company for a cover in case an accident occurs within that organization. Practically we find that most organizations go to insurance covers against fire outbreaks and general accidents within the organization that involves its workers. Risk Review This is the last step in risk management in which all the previous methods, which have been mentioned, will be evaluated. This review must always be done regularly because the conditions and circumstances of a company might change within no time. This should always be done, so that the results of the risk management can be seen, if they are achieved or not. If they are not achieved, identification of the problem can be done promptly on areas it actually happened and changes done to where this problem occurred. In this case, we find the main cause of a problem. Then, we look into what can be done so that the problem can be averted in that it will not occur the next time. Practically an organization will find the main cause of a problem, for example, if fire breaks out within an organization regularly it will look into account as to where that problem always occur and come up with a solution to that problem. Risk management and project management It is of the essence to derive an understanding of the relationship between project management and risk management. Traditionally project management focuses on the mitigation of pervasive risks such as availability of workforce using systematic strategies for instance network planning to plan and estimate work, direct and lead staff, examine progress and manage the project through reassignment and re-planning of resources as required. This continues as the essential foundations of project management and, therefore, not nullified by any thoughts of risk management. Nonetheless, it is a guideline for problem management. This is because complicated decisions are tackled and actions taken whenever a problem occurs and becomes evident at the top management level. Risk management is not identical with project management, a replacement, or a separate concept, but it is an extension of project management, closely entangled with collection of information and decision-making. The success of a project is attained when the desired targets were accomplished and any problems encountered are dealt with properly. On the other hand, the presence risk management does not necessitate success, but it plays an essential role of locating and responding to possible problems within the exact time so as to avert a difficult situation, hence making it possible for project management to attain its goal. Introducing, application and control of a risk management procedure The introduction of a procedure of risk management takes quiets some time and effort. This necessitates the presence of a good introduction within an organization. The introduction is essential since it will play a pivotal role of convincing all the parties to the identification and control of risks. For it to be fully accepted in the organization, it should match with the present risk approaches, operational procedures, and project control techniques within the organization. It implies that the new procedures should adapt to the organization definitions, language, and ideas. Practically, pilot project is of immense importance to beginning the introduction. Costs and benefits Risk management does not apply to a given set of projects, but it is universally used. Therefore, the cost outlay to be incurred must be in proportion to the total cost that will be incurred when the project is complete. The procedural expense should not be more than the cost of the entire project. There is a monumental difficulty in the ascertainment of benefits. The manager is in a position of dealing with uncertainties in a proper way within an organization when there is a proper use of risk management. This will limit the occurrence of uncertainties hence there is a towering possibility of the task yielding satisfactory results. Control There should be an evaluation of the risk management procedure applicable within an organization. It will give room for the adjustment of the procedures to suit the changing opinions and circumstances. This means that the results of evaluation must be put together, fresh releases have to be distributed, and that changes have to be realized. For these to be achieved, a central point, which can twofold, as a help desk within the organization should be established. Design of a risk management method After the theoretical description of the risk management relevant to an IT project, a method or strategy is necessary for the implementation of the ideas. First, some design choices has to be considered. Design choices In the process of designing a strategy in relation to certain theoretical thoughts, a number of design choices will be reached at. Some will be either obvious or trivial. In our approach, a number of choices are made which are considered useful in our discussion and perceived to be the source of success in this approach. First choice involves an approach where individuals who are part of the problem are all included in looking for the solution to the problem. The responsibility of managing risk cannot be solely executed by an individual even if the individual has a wealth of experience in project management. In that, one, participation will boost commitment and guarantee professional acceptance among staff, two, the presence of development staff will guarantee a proper insight to the whole process, and three, the information involved and the risk entailed cannot be handled properly by a single individual (Brindley, 2004). The different parties coming together also have other responsibilities within the project hence it necessitate the addition of a risk advisor who will oversee the risk management process. The advisor should have a firm knowledge on systems development, information analysis, and the organization and possess skills such as social skills so as to be able to lead meetings, convince individuals, and organize activities. The other choice can be the use of a checklist where data on previous projects are compared with that of this project. Nonetheless, there exists no checklist which is complete hence the approach used has a relatively small number of significant risks factors were chosen. It is considered due to its ability to give detailed information (Jeynes, 2002). A risk management method The method described in this approach is divided into three principal phases with each containing a number of steps. The initial phase is the execution phase that incorporates two steps; one, identification of individuals who will form the risk management group, and two, elucidation of the strategy to the team and organizing the risk activities. Phase 2 is known as the execution phase where such activities as identification of risks, analysis of risks and monitoring of risks are carried out. It incorporates the following steps; one, identification of risks, two, pre-selection of known risks, three, final identification and selection of risk through a meeting held by a joint risk management group and lastly, risk monitoring, which entails, a repetition of the second and third step. The final phase is known as the evaluation phase and comprise of one-step namely; writing a report on risk management evaluation. After the last step of evaluation, the team responsible for risk management is given training so as to give them with the required hands on experience so as to facilitate the implementation of the method (Figlewski, 2002). Discussion The different design choices focused on has limitations and advantages namely; the checklist, the risk advisor and the group aspect. The checklist The main advantage of the checklist is that it ensures an extensive and in-depth coverage of the risks affecting the project; hence, assist in the identification of risks that affect a project in a simple way. On the other hand, individuals will concentrate on those factors in the checklist hence overlooking other factors, which may affect the project in one way or another. However, the advantages of the method override its limitations hence a manageable checklist is preferred. Group aspect Group participation provides a clear overview of the relevant risks that may certainly affect a project relative to an individual involvement in the analysis of risks. In addition, the identification of a number of risks by the group leads to a consensus on the most relevant problems that are closely associated with the project. This will ensure an enormous commitment to the possible measures hence improved final effectiveness. The risk advisor The presence of a risk advisor softens the risk management process through his or her mediation skills and ensuring that the process is footed on the right business path. The person concern ensures planned activities take place as scheduled and within the right period. Since, the advisor is an outsider it will limit the possibility of conflicting interest hence the project will realize its desired success. Risks associated with new product development Product development is essential to any business success. However, if forms that part of business operations where the two sides of project management is demonstrated. It creates the necessary opportunities for progress and the threats that can build or damage the organization (Barkley, 2007). Some of the risks associated with product development include: Opportunity risks; normally search for opportunities to boost customer satisfaction, attain a comparative advantage over competitors, and recompense business owners. When opportunities are, well utilized it indicates or demonstrates the constructive part of risk management. When the risks concerning opportunities are managed successfully, it shows that there is a high probability for the new product attaining the desired results. Product development entails the application of engineering and market research to come up with improved or fresh products that rally customer requirements and needs. Tangible products require costly tooling during their development and in extension may lead to the use of customized hardware and software applications coupled with wide coverage training for the support and supply of products (Gallati, 2003). Investment risks; comprises of issues such as the source of essential data and assumptions to be made. Normally, assumptions made do not have a factual or a scientific truth associated with it, they are based on the varying expectations and attitudes that are of them same circumstances. For instance, a product may incorporate certain features, which the, designer believe that it would appeal to fresh customers, but, on the other hand, the marketing representatives may design an advert which is focused on the present customers. Data can originate from an outdated or secondary source. This renders the data inconsistent and unreliable. For instance, the market research can be used wrongly in the calculation of the outcomes of assumptions on revenues or costs. Some data especially those concerning customers and marketing are difficult to verify (Heer, 1998). Project management risk; the new product development projects are destined to success so as to put on market position, satisfy the changing customer needs and maximize the emerging opportunities. Similar to other projects, new product development projects are not sealed from the key resource constraints that include; funds, time and the standard features and quality. Managers dealing with projects should try to strike a balance between the three key constraints. The project should also include a risk assessment plan that will facilitate the process of identification and prevention of potential risks that are linked to resource constraints by project managers (Merna, 2008). Human factors Corporate governance The watch aligned with operational losses and risks, stems from the utmost level of the business structure, that is, the top management and the board of directors. The business owners are not only interested with the good performance of the business but also with the risk, exposure of the organization will be distributed among them. Therefore, the presence of appreciable governance in an organization will not only look at the final performance of the organization, but it should also focus on the management of risks. The top management will have control over those factors that are associated with risks that are confined to their day-to-day operations (Power, 2004). Moreover, other factors such as market failure will necessitate intervention of other stakeholder, which include; regulatory bodies and the government. In addition, the government plus the regulatory authorities plays another essential role of ensuring that those within the top management are restrained from certain behaviors and their decisions guided toward the management of risks. Corporate governance by extension offers other measures, which reduce expropriating behaviors, among managers such as career plans, compensation, and incentives. Teamwork There is a need for teamwork skills in risk management in that it certainly helps in solving many problems within an organization. Like in an organization, a Human Resource Manager will have two roles in risk management. First he or she must oversee that there is no shortage of employees within an organization or are the people doing a shoddy job within an organization or are they are avoiding what they were assigned what to do as people are first risk within an organization (Jones, 2008). The other thing is that people are the ones who handle the risks, and it is the work of the human resource manager to make sure that this risk does not occur. Conclusion Risk management coupled with project management plays an essential part in contribution towards the success of a project. The risks underlining a project should be acknowledged at an untimely stage with systems that monitor and evaluate their possibility. The approach identified in this paper can be useful in practice. The theoretical importance of risk management is compatible with solving the problems that surround an information technology project. The remedies or offset measures are achieved at a low cost using the above approach. A customized checklist is vital in the implementation of a project since the implementation team and the risk advisor can support it. The approach can be useful in other projects under varying circumstances. References Barkley, B. (2007). Project Management in New Product Development. New York: McGraw- Hill Professional. Brindley, C. (2004). Supply chain risk. New York: Ashgate Publishing, Ltd. Figlewski, S. (2002). Risk management: the state of the art. New York: Springer. Frenkel, M. (2005). Risk management: challenge and opportunity. London: Springer. Gallati, R. R. (2003). Risk management and capital adequacy. New York: McGraw-Hill Professional. Heer, R. D. (1998). Risk Management. London: Dearborn Trade Publishing. Jones, J. (2008). Risk management: principles and guidelines on implementation. New York: IOS. Jeynes, J. (2002). Risk management: 10 principles. New York: Butterworth-Heinemann. Merna, T. (2008). Corporate risk management. New York: John Wiley and Sons. Power, M. (2004). The risk management of everything: rethinking the politics of uncertainty. New Jersey: Demos. Read More