Risk Management Process and Strategies for Risk - myassignmenthelp

Question: Discuss about theRisk Management Process and Strategies for Risk Types. Answer: Introduction Risk can be any event that occurs unplanned and results into positive or negative impacts on a project. Risks result from uncertainties in outcome of project activities. In risks, there are possibilities of facing losses or undesirable outcomes. Uncertainty and risks are often used interchangeably but the two are somewhat different uncertainty is the case where possible outcomes of a situation are known but their probabilities of occurrence cannot be judged while in the case of risk , risk impacts can be quantified as well as their probabilities can be known. Risk may not always lead to a loss but it is an outcome which is unfavourable to the project in some way. This favourability is relative to what a stakeholder is expecting from the project as an outcome. Two stakeholders can have different views on the same risk. Thus, their objective are required to be integrated which presents complexities on projects. A project needs to have appropriate strategies in place to ensure that these risks are managed well otherwise, the gap between expectations and actual outcomes would keep on increasing on the project. There are several tools and strategies that are available for reducing risks but these strategies may differ from industry to industry. In a manufacturing unit set-up project, risks may be managed through the use of appropriate contract arrangements with equipment and machinery vendors. Risk management is the process using which the risks can be minimized any reducing its probability of occurrence and reducing the severity resulting from its of occurrence in least possible time. Risk management is an iterative process that involves cycles of three steps including risk identification, risk analysis, risk response, and risk control. Risk Sources Types There could be many sources of a project risk and the impacts of these risks can have infinite possibilities. However, there are certain sources of risks that are more frequently seen and thus, can be categorized as the primary sources of project risk. These include: Client Characteristics: There are certain factors related to clients that can affect the outcomes of the project such as nature of business, form of business, track record of the client on managing manufacturing development projects, availability of funding, modes of compensation, attitude towards professional services, and the history of litigation or claims. These characteristics are important as they help in identifying the risks that can occur on a project as well as defined the impacts of those risks on the project. In the current case, the client is the manufacturing organization that have sufficient funds available for establishment and has a clean record of paying companies that they outsource their services to. Project Nature: Certain project related factors such as relationships between program budget and schedule, project site, political profile, project type, and applicable laws or regulations, can also affect the types of risks and their impacts on a project. Professional Services: Many projects involve services from a third party companies including equipment suppliers, contraction contractors, and architects which makes the project dependent on the availability and experience of these third parties. Project delivery Method: Modes and methods of delivery of a project can be different with different types of projects. For instance, a construction project can be delivered through one general contractor handling all sub-contractors or through involvement of multiple prime contractors who would be delivering the project directly. Moreover, with the level of complexities and size of the project, the familiarity with the contractors and sub-contractors can vary which would affect the speed of approvals and construction. Others: There can also be other parties to contract or project that can affect the risk portfolio of a project based on their involvement and influence on the project. These parties can include employees, project team, regulatory bodies, public communities and more such internal and external stakeholders. For instance, in case of a manufacturing unit establishment is a design professional involved in a product development then the skill, experience, and the compensation offered to the contractors involved in factory set up and implementation of the manufacturing equipments would affect the wooden factory establishment. Risks can be mainly of two types that include endogenous and exogenous risks. Endogenous risks arise from the shocks within an organization while exogenous risks result from shocks received from outside the company(Danielsson, 2012). Exogenous factors can include marketing plans of an organization, its market reputation(Milhaud, 2012), Risk Assessment Once risk sources are identified, the risks that are likely to occur on a project can easily be identified and then, the next step is to assess these risks. This assessment involves understanding of the probability of the occurrence of the risk and the impact of the risk event on the project. Certain risks can have very low probability of occurrence but if they occur, they can be catastrophic in nature while some risks occurring more frequently can have very minor consequences that can be avoided on a project. Considering these two aspects, the severity of the risk can be determined by considering both the measures. A common method of facilitation for risk management is the use of risk matrix and filtering. It gives a sharper view of the risks faced a company by exploring a large set of risk scenarios that are complex in nature. The filtering breaks down risks into their sub-components such that they are individually evaluated to assess their contribution to the overall project risk. Risks are prioritized based on certain risk factors and criterias of evaluation and risk scores are calculated accordingly(SORNETTE, et al., 003). The steps followed in this method of risk assessment include: Defining risks and system scope: First step in any risk management practice involves identification of a risk question answer to which would make the goal for risk assessment. For instance, if the question is if the raw materials would be sufficiently available in the market to produce furnishing products as per the market demand, then the goal of the risk management would become assurance of appropriate selection of products for manufacturing that can be produced from the raw materials that are easily available with the suppliers that are nearby and in good quantities. The scope of the risk management practice and the system must be clearly defined at this stage such that the boundaries of project are clearly identified. Project teams can also narrow down on the scopes by using qualitative filtering techniques. For instance, a company can filter out products based on their level of returns such that products giving low returns because of less profit margins are ruled out. Defining Risk Topics: Once the risks and project scope are clearly identified, a cross-functional team on a project can go deeper down these risks to identify head topics and subtopics. Head topics are those risk factors that are directly connected to the risk question while subtopics are those factors that can impact the risk which is associated with the head topic. These topics can be seen as the sources of project risks and these are evaluated and given risk scores. The risk sources or topics in case of factory establishment projects are production plans, quality measures, regulatory requirements, raw materials, products, and industrial procedures. Sub-topics that can come under various risk sources include: Workcentres under production units, unit operations under workcentres, and process steps under operations. Product quality under quality measures, production quality under product quality, and process quality under production quality Furniture types under products, raw material mixes under furniture types, quality under raw material mixes While it is essential to identify risk sources, it is also important to identify who would be responsible for these risks which is an outcome of mutual discussions between key stakeholders. Trade-offs has to be made between the accuracy of these details and the resources including time and human capital. Depending on the nature of a situation, the level of detail required and the quantity of resources to be used can be decided. One way to identify required level of detail is by making a comparison between the risks at different levels of details with the need for resources for risk mitigation at these levels. The severity of risk would decide the level of efforts that must be put for managing or mitigating risks. Another factor that would play a key role in determining the level of detail to be obtained is the target time that would be consumed in the assessment of specific risk component(PQRI, 2015). Evaluation Criteria: Once risk categories are sufficiently identified, an evaluation criteria has to be established which must address the concerns of probability of occurrence and severity of a risk. This criteria should be able to bridge any gap that exists between various risk components and the risk questions. A question can be asked to do this such as How can we understand the contribution that this risk component gives to the overall project risk? In the stage of evaluation, a balance has to be created between the level of details and the level of efforts required. Most simple evaluation model identifies likelihood of the component causing harm to project and the severity of the impact caused. These evaluations are mostly subjective and thus, level of details is sacrificed for attaining simplicity and speed of decision. Another model uses these two criterias for evaluation by forming a risk matrix such that both probability of risk occurrence and its impact are related to the p otential project failures(Roy Brahma, 2012). For instance, in the case of check on the quality of products produced in the furniture manufacturing unit, a risk matrix can be prepared as shown below: Figure 1: Risk Matrix A more complex and detailed evaluation method is multi-factor evaluation in which a degree of objectivity is used along with the level of details for the assessment of project risks. This would involve multiple factors that can be used for evaluating risks at the same time with additional criterias defined adding to the overall justification of severity or probability of risk occurrence. This probability may relate to the capability of the risk component to detect a defect or deviation from normal. Some of the criterias that can be used for assessing risks in a manufacturing site include last occurrence of defect, strength of quality controls, adequacy of staffing levels, and ability of audit to detect a deviation. Scoring Models: After evaluation criteria are clearly defined, a scoring model can be developed including all the identified risk criteria to arrive at a single score for each risk(Smaga, 2014). This score can be calculated using multiplication or addition of the weightages of different criteria based on their importance. Some examples of scoring models include Risk matrix that reflects scores on either side of zero to represent low and high risks. Table A: Risk Assessment Assessment criteria Scoring Score Potential for harm to project -10 to +10 +6 Non-conformance level -3 to +3 -3 Ability to detect defects -5 to +5 +4 Staff adequacy levels -3 to +3 -2 +5 Multifactor multiplicative scoring which involves multiplication or divisions between individual scored to calculate the total score Table B: Multifactor multiplicative scoring Assessment criteria Scoring Score Potential for harm to company reputation 0 to 10 8 Non-conformance to quality level 0 to 3 2 Ability to detect defects in furnitures 0 to 5 4 Staff adequacy levels 0 to 3 1 15 Weighted scoring method gives a weightage to each criterion such that these scores are added or averaged to calculate the final score which is represented using percentages. Table C: Weighted scoring Assessment criteria Score Weight Weighted score Potential for harm to company reputation 8 50% 4 Non-conformance to quality level 2 20% 0.4 Ability to detect defects in furnitures 4 30% 1.2 Staff adequacy levels 1 10% 0.1 +5 Score for Risk Components: After deciding on the risk scoring model between the project team, scoring can start. Most often, the scoring model is first pilot tested and reviewed by stakeholders to get their buy-in and later team rules are developed through multiple scoring sessions that would lead to standardization. Subtopic Filtering: Risk matrix can also be narrowed down to the subtopics such as shown in the figure below where warehousing and plant maintenance are chosen two subtopics that are identified in the matrix as producing low risk while packaging, complaints, and product release are some of the subtopics posing high risk to the project. Figure 2: Risk Probability vs Severity Ranking and filtering can help develop reviews of project risks such that based on the cumulative scores of risk components, priorities can be defined for establishing control over those risks. For instance, a low cumulative score of risk can be respondent to with lower level of control and thus, would be given a lower priority as compared to high risk topics. In the current example of manufacturing unit risks, risk control can be enhanced for the high risk categories such as release and QC lab while it can be reduced for low risk categories like warehousing and maintenance. When control over the low risk categories is eliminating, it results into reduction of the scope of risk management. Also, elimination of the products that can lead to high risks can further reduce the project portfolio size. High focus on the high risk areas can also help in evaluating the mitigation options. Risk Review: The results can then be revaluated through the scoring model to identify best mitigation options. For this cross-system scores can be gathered on topics for evaluation for re-scoring. An operational feedback would further confirm if the risk control strategies are sufficiently addressing the risk question. The feedback would also ensure that assumptions about the residual risks hold true. Residual risks are those risks that remain even after the risk control procedures have been applied. In the process, new risks can also appear that may not have been identified earlier in the control measures in which case, the control measures have to be updated based on the feedback Risk Communication: The risk ranking and filtering output has to be communication sufficiently to decision makers who are authorized and a standard operating procedure has to be documented which would provide a way to implement the decided control measures. This can be useful not only in controlling specific project risks but also the portfolio of risks for enhancing control Project risk management strategies Risk management is not just about elimination of risks but it plays a more crucial role by strengthening the management practices which is fundamental to any organization. This could be a reason why organizations have started to give more value to the risk management practices. A 2011 survey conducted by McKinsey found that boards only take reviews and approve proposed risk management strategies as per 44% of the survey respondents. Only 14% of the respondents in the survey had observed companies using risk management practices or were having a complete knowledge of risks faced by an organization. Many directors still felt that the information they received through reviews was only short term. Different types of risks that can be identified on the manufacturing unit establishment project include financial risks, equipment risks, outsourcing risks, environmental risks, and safety or health related risks. For managing most risks, companies adopt a governance framework that provides some risk management principles, standards, codes, and incentives. Most times, risk governance falls into a state level or national level practice with codes defined by commissions for establishing an internal control over risks in an organization. COSO has a guidance published for risk assessment which gives guidance on certain risk related issues(Pasztor, 2011). International Organization for Standardization gives guidance on implementation of the risk management practice. ISO 31000 is a de facto standard used for risk management guidelines which has a variety of different methodologies and practices defined in it. One of the risk governance practices defined includes thematic peer reviews which are defined by a Financial Stability Board. . However, organizational heads still feel that there is a lack of guidance on risk management which is adequate for specific project purposes. There are certain gaps in frameworks and risk governance codes making it difficult for companies to create a strong risk management structure with effective appetite for risks. However, use of sound risk governance practices can still help companies regulate their project resources. The rules and agreements are defined for specific jurisdictions following specific laws such as company laws of Germany and Austria and stock exchange laws of Mexico. These governing laws mostly deal with the issues of project audits. Turnbull guidance is a specific audit guidance provided by UK government while risk governance guidance has been provided for the listed boards by the Corporate Governance council of Singapore (OECD, 2014). At the organizational level, there can be four strategies to respond to risks including ignorance of risk, transfer of risk to a third party, avoiding of risk and its mitigation(Alfiana, et al., 2016). Depending on the risk score, the severity of risk is assessed and appropriate response strategy is selected. For instance, in case of risks posing high severity, the risk is best avoided through appropriate control measures. There would be certain residual risks that would still occur despite all control measures taken and these risk impacts have to be mitigation by identifying appropriate method chosen from unlimited possibilities. Most endogenous risks can be avoided as the probabilities are better known while exogenous risks that occur because of external factors have to be respondent with a mitigation strategy or through transfer of the risk to the external party(Shogren Crocker, 2000). Conclusions The objective of this report was to explore how risk management practices are used in a manufacturing unit establishment project including the different steps involved such as risk definition, risk source identification, risk assessment, risk scoring, and risk management strategies development for risk minimization their risks. Some common risk sources were identified including client characteristics, project nature, professional services and project delivery methods. The exploration of risk management process lead to the discovery of some risk management steps that are used in organizations risk definition, risk topics identification, risk evaluation, scoring, subtopic filtering, risk review, and risk communication. The report also identified some scoring models such as risk matrix, multiplicative scoring, and weighted scoring. It was found that companies can use risk control strategies that are given priority based on risk score for avoiding the risks but there can still be some re sidual risks for which mitigation plan has to be made. References Alfiana, E., Sule, T., Sutisna Masyita, D., 2016. Impact Of Exogenous And Endogenous Risks On Systemic Risk In Indonesian Banking. INTERNATIONAL JOURNAL OF SCIENTIFIC TECHNOLOGY RESEARCH, pp. 77-82. Danielsson, J., 2012. Endogenous Risk , s.l.: Hyun Song Shin. Milhaud, X., 2012. Exogenous and endogenous risk factors management to predict surrender behaviours, s.l.: HAL. OECD, 2014. Risk Management and Corporate Governance, s.l.: OECD. Pasztor, J., 2011. Endogenous Risk and Dangers to Market Stability , s.l.: College of Financial Planning. PQRI, 2015. Risk Ranking and Filtering, s.l.: PQRI. Roy, S. K. Brahma, R., 2012. RISK MANAGEMENT IN PROJECT AN INSIGHT, s.l.: Nalco. Shogren, J. F. Crocker, T. D., 2000. Endogenous Risk and Environmental Policy, s.l.: Iowa State University. Smaga, P., 2014. The Concept of Systemic Risk , s.l.: LSE. SORNETTE, D. et al., 003. Endogenous versus exogenous dynamics and scaling laws in Cyber-risks , Zurich, Switzerland: ETH.