Abstract

As time is passing, the nature of projects is becoming more complex. There are various risks which are encountered to the projects. This research is conducted to analyse the risk management of projects which are managed under the complex and dynamic environment. In this research, project risk management is the centre of discussion. The aim of present research is to analyse the risk management approaches in projects and present a framework for project risk management which has wider applicability regardless of their size and complexity. This aim of this research is accomplished through five objectives. Firstly, it determines the common project risk management approached which are currently practiced. Secondly, it examines the various risks and situational factors that has potential to influence the success of the project. Thirdly, it critically analyses the commonly practiced frameworks of project risk management. Fourthly, the limitations of existing risk management approaches are determined. Lastly, the widelyapplicable risk management approach is recommended. The objectives are accomplished through qualitative research methods where systematic review of previous studies is being conducted. This research uses the secondary research and it analyses previous studies to fulfil the aim and objectives. Using the qualitative secondary data from more than hundred sources, all aim and objectives has been accomplished for this research. It is concluded that as time is passing, the nature of projects is changing, therefore, traditional risk management approaches are not applicable to the modern projects. There is a need for a framework which could be used by all projects. Considering the needs of modern projects, a framework is presented which has incorporated element of communication, knowledge management and organisational culture in risk management framework presented by ISO 31000. At the end of this research, limitations and recommendations are given.

 

 

1.Chapter One: Introduction

1.1.Introduction

This chapter provides a brief background information including an evaluation of the contemporary Project Management approaches with regards to risk with the dynamic and complex nature of tomorrow’s business landscape. The evaluation will attempt to weigh whether the risk management approaches employed in contemporary project management can measure up to the anticipated future business landscape characterised by uncertainty. This will aim at justifying the sustainability or otherwise of the current project management practices in a rapidly changing business environment.  The section also provides a statement of the problem, general and specific objectives of the study, research questions to be answered by the study and a brief justification and limitations of the study

1.2.Research Background

The today and tomorrow’s turbulent business landscape, characterised by rapid changes, can be seen as a series of fast flowing rapids full of challenge, excitement, and adventure. In such an environment, risks are bound to be higher even as the rewards become greater. An organisation has to be set in such a way that it is sensitive to the prevailing forces that play out in the environment. The ever increasing complexity in the business environment, particularly featuring disruptive technologies and other changes, has in many instances rendered entire projects void bringing up the question on whether risk approaches in project management are sufficient. Risk management competence in the project-based working has become a critical success factor in ensuring that the project management approaches adopted are sufficient for safeguarding an organisation’s sustainability interests. The dynamism in environment importantly calls for approaches that can adjust to oncoming changes and adapt with continuous improvements (Suikki, Tromstedt, Haapasalo 2006). 

This study seeks to investigate whether risk management approaches in Project Management practice of today will manage to hold in the ever changing requirements for tomorrow business. With the business environment defined solely on uncertainty basis, scalable risk management approaches will be given prominence in the study. The aim of present research is to present the approach that could ensure that wide applicability of the risk management approaches for projects irrespective of their complexity and size. This research intends to analyse how traditional risk management approaches has become obsolete and modern risk management approaches has taken over the modern projects.

Project managers continually face challenging circumstances in the course of keeping their businesses afloat in the face of the progressively changing circumstances. The market reality, for instance, does not necessarily reflect the intent of an organisation’s management. Organisations operate in a business environment that is constantly characterised by occurrence of disruptive business events that are contrary to the expectations of the organisation’s management (Shimizu, et al., 2014). Organisations that are caught off-guard upon the occurrence of such risks are bound to pay a stiff price. The cut-throat competitive global business reality demands for a pro-active risk management approach. Risk management in this regards serves as a critical operational and strategic priority. In the context of volatile competitive landscapes characterised by rapidly changing customer expectations, it becomes crucial for firms to come up with comprehensive risk management programs (Park & Hong, 2012).

Risk can be defined as a combination of the probability and occurrence of harm and the severity of the particular harm. Risk factor is potent in every business environment (ISO &IEC, 1999). In the context of Project Management, a risk is defined as a possible occurrence, that if it happens, may have either desirable or undesirable impact on a project. Most of the project management issues arise from the uncertainties associated with risks (Subramanyan, et al., 2012). With a proliferation of additional variables in the business environment as contributed by among other factors: globalisation, rapidly changing technological factors, a shift in customer preferences and legislative changes, risks in projects have become larger both in terms of impact and frequency. Organisational stakeholders are therefore required to manage risks effectively by increasing issues in managing projects to contain legal and financial consequences.

Project Management purposes to foresee or predict problems and dangers as far as possible in a way that can enable planning, organising and control activities so that the project can be completed as successfully as possible in spite of the risks (Suikki, Tromstedt, Haapasalo 2006). Management of risk involvesorganisational preventive activities as well as the responsive activities that are associated with actual product accidents as well as system improvement activities after the actual product accidents.However, there exists difference in both types of risk i.e. reactive and proactive risk management, this research also analyses how proactive and reactive risk management is different from each other. It, therefore, means that risk management proactively looks out for chances of occurrence of a risk and works to significantly reduce occurrence of the risk. In the case that the unlikely happens, risk management will involve system improvements to seal the loopholes that expose the organisation. Risk at the project level, therefore, brings to the core the role of the project manager and the project approach engaged in effectively maximising a project’s chance for success by either risk mitigation, avoidance, acceptance, transference or exploitation. Therefore, this research also analyses why there is a need to manage the risks and what are potential benefits of managing the risks which are encountered to a certain project.

According to Kerzner (2009), there is a marked growth of institutions of learning devoted to teaching and diffusing project management principles and standards as evidence of this change. However, only about 32% of implemented projects are implemented on time, using the proposed budget and with all functionalities. This is not in line with the desired excellence that project driven organisations strive to achieve. For a project to be considered successful, it has to be timely, fall within the budget allocated, and remain within the scope. It is only then that the project delivers on the quality promise that is expected to satisfy the customer. Therefore, this research analyses how the project management could become more successful by relying on risk management frameworks for the projects.

There are huge differences in traditional and modern risk management approaches.There is a marked increase in popularity in some project management approaches as PRINCE2, due to their capability to place projects under controlled environment for purposes of managing risk. Although initially recommended for IT related projects, the popularity of the approach as promoted by the UK government, led to its modification for use in a wider range of project situations. The framework recommends a risk management strategy to be produced by the project manager early in the project’s life-cycle at the initiation stage (Wells, 2012). It is therefore streamlined in the entire project life cycle, effectively taking control of the project future. This brings to the core the place of risk factor in the management of projects and the prominent role it plays in maximising performance of projects. In other words, poor risk management approaches increase the chances of project failure while suitable strategies increase the chances of project success (Thiry andDeguire, 2007).

Application of PRINCE2 and other structured approaches as a means of improving project performance has been downplayed by the increasingly complex market dynamics. The occurrence of peculiar disruptive business events that are contrary to the expectations of an organisation limit the application of the structured methodologies (Wells, 2012). The indifference of the methodologies makes it difficult to apply in peculiar organisation situations with varied levels of complexity. More to the increasing complexity in business environment, important to note is that, as a characteristic of projects, each project is unique in its own way. This brings up the need for scalable risk management approaches that will be applicable to any form of project irrespective of the size of the business and situation in time.  Therefore, the focus of present research is on developing a risk management framework which could be used for all modern projects.

For achieving the desired aim of the dissertation, qualitative research methods are adopted. There is no use of numerical data in this research. Moreover, this research completely relies on secondary data where books and journal articles are critically and systematically reviewed for fulfilling the aim and objectives (Cresewell, 2008).

1.3.Research Aim

The aim of present research is to analyse the risk management approaches in projects and present a framework for project risk management which has applicability for projects which are different in size and complexity level.

1.4.Research Objectives

In order to achieve the above project aim, the research objectives will be:

• To determine the common project risk management approaches which are currently practiced
• To examine various risks and situational factors that influence the success of the projects
• To analyse the commonly practiced frameworks of project risk management.
• To determine limitations of the existing risk management approaches in project management.
• To recommend widely applicable risk management framework of project management.

1.5. Research Questions

• What are the common project risk management approaches which are currently practices?
• What are situational factors that can influence the success of the projects?
• What are the most commonly used frameworks for project risk management?
• What are the limitations of the existing project risk management approaches?
• How previous frameworks could be expanded to present an integrated framework?

1.6.Scope and limitations of the dissertation

There are various risks which are encountered by the businesses. This research only focuses on project risk management.  Other risks are not considered for this research study. Further to this, the research only includes the research studies which are published by authentic sources. Moreover, that data is collected which is published after 2000. Hence, the studies which were published before 2000 are not part of this research study. Likewise, this research only collects the secondary data which is published in English language. This is done to have a limited scope of this research.

Moreover, it relies highly on views of others. Such studies often remains unable to provide new findings. However, it was tried by the researcher to minimise this limitation of this research study. For this, the research has presented the framework which is different from previous research studies. Moreover, the systematic analysis of previous research studies is conducted to reduce this limitation. Moreover, this research is completed in a limited time and cost hence it could not cover everything about the scalable risk management, but researcher has tried best to complete this research such that the aim and objectives are accomplished.

1.7.Guide to the contents and dissertation structure

Chapter Two: Methodology:

This is the second chapter of this dissertation. It lays down the model that will guide the study as well as the process therein. The section will also detail the sampling procedure to be used, data collection tools and the data analysis method.

Chapter Three: Project Risk Management Approaches

The section proceeding the methodology chapteris the literature review. In the section, peer reviewed journals are used to get as much information as possible to give form to the research. The aim of this chapter is to analyse the current project risk management approaches. It introduces the main concepts related to this dissertations.

Chapter Four: Risk Management Frameworks and its limitations

This chapter analyses the commonly used risk management frameworks. Further to this, this chapter analyses the loopholes, weaknesses or limitations of the existing project management approaches. Basically, this chapter discusses the frameworks and limitations of risk management approaches. 

Chapter Five: Integrated Project Risk Management Framework

The purpose of this chapter is to present an integrated risk management framework. Firstly, it analyses how the modern projects’ nature is changing. This chapter compares the traditional and modern risk management approaches. After analysis, it presents the integrated risk management framework which integrates various components from other frameworks. The purpose of presenting a new framework is to expand its scalability so projects with different size and complexity could utilise this.

Conclusion and recommendation:The study conclusion will then be detailed in qualitative terms. This chapter analyses the limitations of the present research and provides recommendations.

1.8.Significance of the study

Globalisation and technological advancement are important aspects that have contributed to the revamp of the global economy. This evolution immensely influences the shape of the present markets. The current knowledge-based economy does not support the traditional strategies and tactics of project management. This is because most business activities should be flexible to respond to the needs, demands and requirements of proposed, formulated and implemented projects. Therefore, change (project) is paramount in the current turbulent markets.

The rate of failure in projects is on the rise, partly due to increase in the variables at play in business environment, increasing complexity of business landscape and mechanistic approaches applied in the management of the projects. It may be impossible to be a hundred percent in control of the factors in play in a project environment. The success rate however may be boosted significant reduction in the number of uncertain factors at play in a project in a way that places control of the project at the hands of the project manager. This study therefore becomes significant for project management practitioners as a way of improving success rates of the projects. This will in-turn lead to less wastage of resources, better project outcomes/quality and satisfied customers. The study will offer window of knowledge to those not in the know and act as a guide to help understand how to overcome project failure in the face of complex project environment. By adopting the approaches suggested by this study, project managers will be able to carry the projects into the future by ensuring that projects are sustainable in the long-term. This research study will therefore be of benefit to all project stakeholders in a research project since the success rate of the project will be significantly increased. The two main stakeholders who will directly benefit from the study findings are project managers and project sponsors.

1.8.1.Project Managers

Project managers are required to employ cutting edge strategies in manipulation of resource to come up with tangible value as determined by the time taken, quality produced and within the required scope. For project managers, time, being one of the main triple bottom line factors, will be saved as they will not be required to come up with new risk management strategies. They can effectively employ the risk management strategies suggested in this study regardless of the size, age, and type of project.  

1.8.2.Project Sponsors

Project sponsors entrust their resources with project managers to be turned into tangible goods. Project sponsors’ main interest is to see efficient utilisation of their resources and that the resources they contribute are not diverted to other side objectives out of the project scope. For project sponsors, therefore, by the insistence of utilisation of the strategies suggested in this study, they will be assured of timely delivery of their projects as risk management is a major component that influences project success.     

1.9.The Definitions

Table 1: Definitions

Terminology	Definition
Project Management	Project management is defined as a comprehensive and systematic process of controlling the achievement of the project objectives.
Risk	Risk is basically any uncertain condition or event which has the potential to influence the objectives of the project.
Risk Management	Risk management is defined as the policy of an organisation to optimise the risks such that possibility of failure is reduced.
Scalable Risk	Scalable risk management is the solution for managing risk which is adjustable to the size and complexity of the project.
Situational factors	Situational factors refer to the internal and external threats and opportunities which are encountered to any particular project.
Integrated Framework	A comprehensive framework in which various tools are combined to manage the strategic objective of the organisation.

 

 

 

2.Chapter Two: Methodology

In this chapter, research methodologies which has been used for this research are explained. the rationale for this chapter is to provide every possible detail on how this research is conducted so it could be replicated by other researchers, if needed. For every method, the justification for selection is provided. Limitations are also discussed.

2.1.Available research methodologies

A research can be conducted through two different research methods or through mixture of both methods. These research methods are quantitative and qualitative research methods. There are various pros and cons of both research methods. In this section, a detail of both research methods is given and then justification of selected research method is given.

2.1.1.Qualitative Research Method

Qualitative research method assists in translating or analysing true meaning of terms relevant to various issues (Bryman, 2004). In order to do detailed analysis, qualitative research method is used (Gummenson, 2000). After collection of data, analysis could be done done through debriefing, content analysis and behavioural observations (Cooper and Schindler, 2007). In order to generate detailed information, qualitative research method is considered to be helpful (Smith, 2008). This helps in developing knowledge through detailed information (Cresswell, 2007). This approach allows to create openness hence the research study can explore new topic areas which are not initially considered. This research methods help in providing a detailed picture of the research problem. Moreover, the pre-judgments of the researchers could be avoided in the qualitative research methods (Kumar and Phrommathed, 2005).

2.1.2.Quantitative Research Method

The other method of research is quantitative research method in which quantification of data collected is done. Different techniques and methods could be used by researcher for quantifying different concepts and events related to the research issue (Bodgan and Bilikan, Undated; Cresswell and Miller, 2000). The quantitative method is not appropriate for this research is that it often focuses on superficial and narrower dataset. Instead of detailed narrative and elaborative analysis, focus remains on the numerical descriptions. Quantitative research approach might not be feasible for few studies as it is conducted in unnatural and artificial environment. The pre-set notions, answers and variables are used in quantitative research methods, hence, it becomes difficult to critically explore the research issue. Moreover, the chances of structural bias is high in quantitative research methods. Quantitative research methodologies emphasises too much on theory testing and hypothesis generation, and in doing so, the chances for confirmation bias also increase. Likewise, quantitative research methods produce abstract knowledge which is often difficult to be applied in certain situations (Merriam, 1998). 

2.1.3.Research Method Adopted

In current study, qualitative research methods has been used in accordance with the nature of the research. This mixed method helps in exploring the problems (Patton, 2002).  As per recommendation of Peffers et al., (2007), the use of  qualitative research methods has helped in creating in-depth knowledge about the scalable risk in management approaches in modern project management science.  Hence, with this approach researcher has become capable of exploring issue of risk management approaches and their use in project management. By focusing on qualitative methods, this research has analysed the common project management approaches which are current practiced by project managers. Moreover, using the qualitative methods, limitations of the existing risk management is also explored. At the end, this qualitative method usage allows to recommend widely applicable risk management approaches in project management. Through out this research, researcher wanted to be critically in achieving the research objectives. By this, it means that only description through certain numbers was never seek out. Therefore, the qualitative research methods were adopted and this has allowed to explore the research problem in a critical manner and complete an in-depth analysis for this research issue.

2.2.Data Collection Method

There are two types of procedures with the help of which the collection of data can be done. These two procedures are termed as primary data collection method and secondary data collection method (Marczyk et al, 2005). In this research, the collection of secondary data is done for deriving valid results (Peffers et al, 2007).

Primary data collection is to use the first hand data for the research. this could be collected through surveys, interviews, observation or similar methods (Kothari, 2004). The present research has not relied on the primary research methods. The rationale for not using primary methods is that it is associated with certain limitations which were not possible to overcome in this research study. most importantly, the process of collecting primary data is quite costly and time consuming (Tashakkori and Creswell, 2007). As compared to secondary research, it needs significant amount of time and cost to prepare and carry out the research using the primary data methods (Babbie, 2015). Likewise, the research plan of primary research methods need critical time for development and implementation. Next to this, primary research methods are not always feasible. The research theme is to find an appropriate project risk management method framework aiming at the possible time and cost risks in project management. This research theme was based on three objectives. Firstly, it aimed to determine the common project risk management approaches currently practiced by project managers. secondly, it aimed to determine the limitations of the existing risk management approaches in project management. Finally, it aimed to recommend widely applicable risk management approaches in project management. None of these objectives require the collection of primary data. Therefore, it was not necessary to use the primary data collection methods.

The secondary data collection method is selected because it always results in the saving of time. There was a time when to use the secondary method was also quite time consuming process (Remenyi et al., 1998). Though, in the Internet era, secondary data collection is always known as the time effective manner. It has become quite simple and easy to collect the relevant secondary data through internet using the digitalised methods (Blaikie, 2000). Previously, accessibility of secondary data was only through particular institutions and libraries. But now the accessibility of secondary data is increased and it was possible to find an appropriate project risk management method framework aiming at the possible time and cost risks in project management using the secondary data collection method. Moreover, this a cost effective manner (Denzin and Lincoln, 2003). This research is completed in a limited time period which was provided for this dissertation and it was not a funded project, hence, it was more feasible to use the secondary methods. As Eriksson and Kovalainen (2008) recommended the availability of international comparative and longitudinal studies which have been organised in various countries allow to complete the research using the data collected by these research studies. In this research, the collected secondary data is reanalysed for different purpose which is to find an appropriate project risk management method framework aiming at the possible time and cost risks in project management. This has helped in exploring the new research themes. The data which is collected by other researchers is analysed such that a widelyapplicable framework could be presented.

2.3.Data Collection Process - Search strategy

For this research, secondary data is collected from authentic sources. Only peer reviewed journals and books are used for this research. The keywords of ‘risk management in projects’, ‘project risk management’, ‘risk management in modern projects’, project risk management framework’ and ‘scalable project risk management’ were used for searching the relevant secondary data. the rationale for selecting these keywords is their relevancy with the aim and objectives of this research. This approach helped the researcher to ensure the refined filter for systematic literature review in this research. This allowed the researcher to consider only those sources which are relevant for this study. This also helped to save time and access the relevant sources. It is worth to mention that this research has not used any report or secondary data which is published by unauthentic sources. Online blogs and web blogs were not considered as the secondary data for this research. The rationale for excluding such data sources is that their authenticity is low. Therefore, it could have a negative impact on reliability and validity of findings of this research. Therefore, such data sources not analysed for this research. Moreover, in this research, previous student reports are not considered. Usually, there are plenty of secondary data which is available in form of student reports or projects. As these student projects are not published after review, therefore, their credibility is often low. Hence, these were not considered. However, MPhil and Doctoral level dissertations published by the universities are considered for this research.

Google Scholar is used for searching the peer-reviewed sources. The rationale for using this search engine was that it provides the academic research material only. Instead of blogs and articles of unauthentic authors, it provides relatively authentic research data.  For Google Scholar, time filer was also being used. Using the time duration filer only recent studies are used for this research study. Other than this, the academic database of ebscohost, Science Direct, Emerald and JStore is also used. These data bases allowed to filter research using the checkboxes of ‘peer reviewed’. For the critical analysis of the main content, it was ensured that core research papers are those which could help to achieve the risk management approaches in the modern project. The core papers were those research studies that has explored the risk management in modern projects. As this research is completely based on the literature review for achieving the objectives, so three sections were developed in this chapter. These all three sections are developed considering the three objectives of this research.

2.4.Validity and Reliability

As per the recommendation of Merriam (2002), the researcher has done the validity testing of data collected through secondary sources. The validity of secondary data has been tested by taking the expert opinion of supervisor of this dissertation. Other than this, the consultation of other teachers of department is also taken. The data has been tested that whether or not data is measuring what it is supposed to measure. The validity of articles and books used in the research for data collection is tested in order to know that whether or not information presented in that is consistent with the research issue (Smith, 2008).

Reliability is linked with the data consistency. In secondary research, Saunders et al., (2009) stated that for reliability there should not be any influence of collected data over research quality. Moreover, there should not be solidification of facts through data. As per recommendation of Sekaran and Bougie (2009) and Healy and Perry (2000), the reliability of research is measured by analysing previous studies’ methods. The reliability of research is ensured by assuring that there is a possibility of replicating the research and it can produce similar kind of result as in previous studies.

2.5.Data analysis

As per recommendation of Miles and Huberman (1994), the secondary data collected through articles, books, journals and internet sources has been critically analysed. The researcher did critical analysis of findings of previous researchers related to risk management approaches and project management. This helped the researcher in identifying the importance of various risk management approaches for the purpose of project management. From the analysis of data collected from previous studies, researcher draw valid findings and conclusions. To be more specific about data analysis technique, content and thematic analysis is done for each article which is used for this research. As recommended by Patton (1990), after analysing the content, themes are identified from the research articles. These themes are then critically analysed to fulfil the aim and objectives of this research study.

2.6.Limitations in data collection and data analysis

However, one of the major disadvantages of this method is biasness of researcher. In qualitative research method, there are a lot of chances of bias. It is really difficult to control researcher’s biasness. Due to this problem, the generalizability and reliability of research is low. Different questions can be raised on outcomes generated from research conducted through qualitative research method (Saunders et al., 2007). In this research, this limitation is overcome through ensuring that researcher does not bring the bias while collecting and analysing the data. The researcher adopted the objective approach where there was no room for pre-conceived notions while collecting and analysing the data for the scale risk management in modern projects. 

 

 

3.Chapter Three: Project Risk Management Approaches

3.1.Introduction

This chapter of literature review sets sets the foundation of next chapters. It could be said that it introduces the main content of this dissertation. One objective of this research is to determine the project management risk approaches which are currently practiced. Therefore, the aim of this chapter is to introduce the project management risk approaches. It uses the general to specific approach where discussion starts from project management then it subsequently leads to the project risk management approaches.

3.2.Project management

According to Kerzner (2013), from the last five to six decades, project management has emerged as an efficient tool for handling and managing the complex activities. Burke (2013) stated that the project management is considered quite efficient as compared to the traditional models of managing different business activities. For example, it is much more efficient than formal hierarchical structures which were introduced to handle and manage the business activities. Schwalbe (2015) stated that when new projects are introduced, it imposes new demands on the organisations which requires them to introduce various management techniques so that day to day project related work activities could be managed efficiently. Therefore, whenever organisations have to deal with the finite, unfamiliar and unique understandings, it is often recommended by researchers like Leach (2014)and Marchewka (2014) to use the project management techniques for the successful implementation of the project. This results in better and faster decision making as compared to the normal business operations. Moreover, the appropriate and feasible decisions also lead to the success of the company.

According to Turner (2016), the favourable outcome of project management is often associated with the project outcome. However, it has also become clear that project management and project success are not related to each other. The objectives of both project and project management are often confused, hence, project management is often considered to be associated with the project success. Heagney (2012) told that there is a possibility of getting favourable outcomes of a project without project management and vice versa.  There are various examples of the projects which enjoyed success even without the success of project management. For example, in terms of time and budget, few projects were never successfully completed but they were successful project, in actual. The examples include Fulmar North Sea oil project and the Thames Barrier (Chia, 2013). Therefore, before moving to further discussion, it could be concluded that success of the project and project management are two different aspects, therefore, there must not be an existence of any kind of confusion among these two aspects.

After differentiating between project and project management, this section provides various definitions of project management. Binder (2016) stated that it is defined as a comprehensive and systematic process of checking the projects objectives attainment. On the basis of current organisational structure and resources, project management aims to apply various relevant tools and techniques for managing the project without having any adverse affects on the routine operations of the organisation. As per assertion of Reiss (2013), project management includes the definition of work requirement, specifying the scope of the work, resource allocation, planning the implementation, observing the work in progress and adjustments for variances from the plan.

According to Oisen (1971), project management is defined as the useof techniques and tools of the project management such that diverse resources are used for accomplishing distinct, one time and difficult tasks within the prescribed quality, cost and time limitations. Every project needs different techniques and tools for achieving the task.According to Reiss (1993), it is defined as a human activity which has clear objectives for a certain period of time where combination of planning, management and change techniques are implemented. Lock (1994) stated that there are three aspects of the project management and those are planning, coordination, control of diverse and complex activities of the modern projects. According to the definition of Burke (1993) project management is a specialised technique of management which revolves around the planning and controlling the projects considering the single point of responsibility. According to Nokes (2007), project management is a discipline which is related to the initiation, plan, execution, control and end of the project for achieving the specific goals such that set criteria could be achieved. From these definitions, it could be analysed that though project management is defined in different manner by different authors, there are some overlapping aspects which is the criteria of its success. The project success depends on the cost, quality and time and every project management uses these dimensions for measuring the success of project management. Hence, it could be analysed that even traditional project management definition are applicable these days. As it could be analysed from the definition of Oisen (1971), project management’s definition has not revolutionised over decades.

3.3.Situational factors influencing the success of projects

According to Hoang and Rothaermel (2010), there are many factors which have the capability of influencing the success of projects. These factors can be both internal as well as external risk factors. This is the utmost important responsibility of project managers to recognise and prioritise risks which are encountered to the project. The internal factors involve the risks like financial solvency of the company, ability to have advanced and required technological equipment and availability of other resources (Tsai et al., 2011). Likewise, personnel issues like unanticipated termination or sickness of a key team member is also considered as few of the internal factors which can have an impact on the success of the projects. In a similar manner, the infrastructure of an organisation is also linked with the internal risks of the project (Sumner, 2000). In short, it could be analysed that all factors which are inside the organisation are the internal factors which has potential to influence the success of the organisation.

On the other hand, Hoang and Rothaermel (2010) told that there are few external risks which are important for every project and its host organisation. These are those factors which cannot be controlled by the organisation. These situational factors are difficult to predict and control. The examples of such external risks are bankruptcy of the key vendor, wars, crime, economic upheaval, all such factors can have a direct impact of the effectiveness of the project (Wallace, Keil and Rai, 2004).  Even the external factors all involve those factors which are difficult to foresee like situation in a foreign country influencing the project functioning (Tah and Carr, 2000). From this, it can be analysed that every project faces certain external and internal risk factors and these must be managed by the project managers for effective implementation of project management. By adopting various project management approaches, these external and internal risk factors need to be managed. There is a need for such environment which is conducive for risk management as every project faces certain risks which must need to be handled through appropriate risk management approaches.

From this, it can also be analysed that internal risk factors are easier to recognise and manage as compared to the external risks. However, this is also important to recognise the both risks so that

3.4.Risk management in projects

Vareilles et al., (2012) stated that project management has an important aspect which is related to the risk management of the projects. Project Management Institute stated that one of the knowledge areas in which project manager must be expert is the risk management. Risk is basically any uncertain condition or event which has the potential to influence the objectives of the project. According to Sharbatoghlie and Sepehri (2015), risk refers to any factor due to which success of a project can be negatively affected. A risk is about forecasting an activity which might or might not occur. If this occurs, it leads to the loss for the business. In certain situations, it is beneficial for organisations to take the risks, and it is not always possible to avoid risks in this world of cut throat competition (Garel, 2013). Therefore, efforts are always done to mitigate the risk or reduce its impact. Diego, Cédrick and Daniel (2013) stated that even undertaking careful and comprehensive planning and preparation, risks cannot be eliminated in a complete manner. sometimes, it is important for organisations to take risk so that they could compete in the competitive business environment. For progressing, taking risk is essential. The important thing is learning ways of balancing bad consequences with potential advantages and opportunities (Bresnen, 2016). According toAlquier et al., (2000), risk is defined as the probability of occurrence of loss or damage. There are three factors of this probability.

1. The chance of occurrence of loss or damage
2. The expected time of occurrence
3. The magnitude of negative impact which will result from the occurrence or damage or loss

The seriousness of a risk could be figured out through the product of probability of the event and magnitude of the negative impact (Bresnen, 2016). Risk value is equal to probability of occurrence of potential impact.Therefore, when there is a higher chance of occurring a certain risk but it is having the potential low impact, the risk value is not high. Therefore, it is not considered significant risk for the project which must be mitigated. Likewise, when both probability of occurrence and its impact is between medium to high, it is of utmost importance to mitigate such risks. For such risks, it becomes very important to use the formal project management approaches so these could be mitigated in an effective manner (Teller, Kock and Gemünden, 2014).

According to Phillips (2013), risk is defined as the likelihood that a project will not meet its objectives, hence, it will fail. A risk could be due to any single event, action or other component which results in the risk. Teller and Kock (2013) stated that risk management is defined as the policy of an organisation to optimise the risks such that possibility of failure is reduced. This definition of risk management could be improved with the addition of a future date in the definition of the risk. In mathematical form, risk is the probability which is multiplied with the impact considering the future impact and critical dates. With the addition of future data, the risk management approach becomes predictive (Greiman,  2013).

Usually, the understanding of risk is influenced with three aspects. These three aspects refer to the possibility of occurring, what will occur along with the consequences. These are also depicted in the below diagram (GuledDange and Chawan, 2012)

Figure 1: Understanding risk

 

Source: GuledDange and Chawan (2012)

There are certain types of risks which must be analysed before proceeding to next section. Total risk refers to the the sum of the identified and unidentified risk. The risk which has been determined using the different techniques of analysis is known as the identified risk. For every system, it is important to first identify the risks so that all possible risks within the limitations are known. The unidentified risk is about those risks which are not identified yet. Few of the unidentified risks could be identified in case when mishap or problem occurs. However, there are few risks which could never be identified (Wallace and Keil, 2004). The other type is unacceptable risk and this is the risk which cannot be tolerated with the help of any management activity.  These are part of the identified risk which must be controlled and eliminated. The acceptable risk is another type and it is also the subset of identified risk which could be allowed to persist and it does not need any managerial action for reducing it. Though, it is difficult but a necessary responsibility of managers to identify the acceptable risks. However, the user must be aware of the fact that this risk is encountered (GuledDange and Chawan, 2012). Residual risk is referred to that risk which persists even after the necessary measurement for managing the risks has been undertaken. This is not the acceptable risk, though. This risk is also the summation of unidentified and acceptable risk. This is also the total risk which is passed to the user (Kaplan and Mikes, 2012).

Thamhain (2013) stated that an effective risk management is always supported by the relevant organisational factors and there are clearer roles and responsibilities. Moreover, it also depends on the technical analysis. The process of risk management starts when and opportunity or threat is examined. The example includes the new product launch by the competitors. The risk management does not have a formal definition, therefore, it is often performed using the qualitative or semi-quantitative methods. The possible solutions of the identified threat or opportunity are prioritised (Fewings, 2013).Hancock (2014) stated that risk management also starts with the analysis of alternative solutions As per the alternatives, associated costs and developments, the potential solution is selected. Once the approach for risk management is selected, its time to start using the risk management tools which is based on the general risk management process. According to Haimes (2015), generally, the risk management process involves doing the proper planning for risk management identifying risk; performing the qualitative analysis, involving the stakeholders by communicating the risks; refining the process as per the changing situations and monitoring and controlling the risks. The project risk tolerance is based on type of the project and corporate culture. It is the project type which requires the understanding and matrices for risk tolerance (Marcelino-Sádaba et al., 2014). For example, the risk management for software project might be different than research and development projects. The general risk management process allows to reduce the individual risks of a specific project. It is important to mention that every project might be needing the tailor made risk management technique as all risks could not be managed in a same manner (Unab and Kundi, 2014).

The risk management involves three cycles which are interconnected to each other. These cycles are relevance, design and rigor cycles. This depicts that elaborated risks are encountered. As showed in the below figure, the ‘people, organisation and technology’ are the external resources that interact with the risk cycle. Importantly, it could be analysed that it is not possible to eliminate the risk, it can only be minimised and reduced. Important to mention is that present research study focuses on scalable risk management. Scalable risk management is the solution for managing risk which is adjustable to the size and complexity of the project.

Figure 2: Risk Cycle

Source: GuledDange and Chawan (2012)

3.5.Importance of risk management

According to McNeil, Frey and Embrechts (2015), with the help of risk management strategies, managers become able to identify the strengths, opportunities, weaknesses and threats which are related to the project. The risk management plans for the unexpected events allows to be prepared for those events which might occur in future. Risk management practices allows to ensure the success of the project by planning how the potential risks will be identified and mitigated. The risk management process allows to achieve the project goals in an effective manner through, planning, preparation, results and evaluation steps which are involved in the risk management process. This ultimately allows the firms to meet the strategic objectives of the projects. As per words ofDorfman and Cather (2012),when managers make plans for risk management, this actually contributes in the success of the project as this allows the managers to establish the list of external and internal risks. In this plan, risks are identified along with their possibility of occurrence and consequences. Moreover, the action plans are also proposed at this stage. In the preparation stage, it is ensured that projects are actually running in a smooth manner and plan is communicated to the relevant stakeholders, involving project sponsors and team members. Glendon, Clarke and McKenna (2016) stated that when everyone is aware of the potential risks, all stakeholders respond to the risk if it emerges during the project. As plan is already communicated, hence, stakeholders can also take the mandatory steps for managing the risk. Moreover, when risk management is done in an effective manner, the success is ensured through the reduction of negative risks hence the project could be completed on time. Moreover, with this budget objectives could also be accomplished. Likewise, other targeted objectives could also be achieved through effective risk management process. When there is no risk management for any project or organisation, it results in various problems for the project which might be vulnerable for the success of the project (Lam, 2014). Hopkin (2014) stated that with effective risk management, profits could be maximised while the expenses could be reduced as focus is shifted to those activities only which produces a significance return on investment. The risk management also permits the managers to do the prioritisation of ongoing activities, hence, the best results could be produced. The evaluation of the project is also beneficial for the project management. The evaluation stage allows to analyse the best practices which has resulted in the success of the project. Moreover, the improvement areas could also be identified. These learnt lessons could be used in further projects. In this way, it becomes clearer that importance of risk management cannot be denied for the success of projects and organisations.

According to Reason (2000), risk management increases the chances of the success of the project. When risk management plan is implemented in an effective manner, it helps in avoiding the big disaster. It enhances the revenues of the organisation. Moreover, it results in reduced expenses. The project could be completed within the given time. Lin Moe and Pathranarakul(2006) stated that effective risk management practices provides the competitive edge over the competitors. It improves the accountability and sense of responsibility of all project team members. Kwak and Stoddard (2004) told that many new opportunities could be explored with the effective risk management.

Teller, Kock and Gemünden (2014) studied the importance of risk management in project managing by studying the ways of contribution of project risk management to success of project portfolio. Moreover, the authors aimed to analyse the interaction of formal risk management at the level of project with having linkage with information of risk at portfolio level. The research also identified some contextual factors through which the relationship between risk management and success of project portfolio is affected. It has been found from the research that the aim of project risk management is to reduce the potential of getting failure in a project. For managing the risk in a project, it is suggested by the research that a wider perspective must be adopted as compared to individual project risk. The analysis was done through hierarchical multiple regressions with using 177 project portfolios as a sample and it was found that there is a positive relationship between formal risk management with linkage of risk information and success of a project portfolio. This positive relationship becomes strong at simultaneous risk management at both stages. Moreover, for projects that have dominance of R&D, there is more importance of risk management at the level of project, whereas it is also significant to focus on linking risk information with different dynamics of project portfolio.

3.6.Risk management approaches

According to Tait and Levidow (2010), in the reactive risk management approach, project managers are required to react to the risks as they emerge. For mitigating the risks, planning is done. Additional resources are arranged and basically fire fighting is done in this approach. The failures which has occurred are fixed and resources are investigated and used when the risk strikes. Moreover, crisis management is done in the reactive risk management approach. Here, project is in jeopardy where failure is not required to respond to the applied resources. This approach is often rarely used by the project managers. The reactive risk management approach is based on the accident evaluation and it is also dependent on the audit based findings. The reactive risk management aims to minimise the tendency of similar accidents, which has occurred in past, to occur again in future (Spitzmuller and Van Dyne, 2013). To be specific about the time frame of reactive risk management, it is solely based on past accidental analysis. Reactive risk management have no place for creativity, prediction and problem-solving ability of humans to manage the changes and challenges. It provides no flexibility to be adaptable for external environmental changes (Walecdzik, Manadziuk, and Zadrozny, 2014).

Tait and Levidow (2010) stated that on the other hand, there is proactive risk management in which all relevant risks are identified at the earlier stages. Before the risk occurs, there is proper plan that how it will be managed. Now, there is rapid environmental change which is continuously occurring in the external business environment. Moreover, the competition has also become fierce. Therefore, this proactive risk management approach adopts the future orientation and it is often defined as the adaptive approach which also considers the feedback control which is based on measurement, observation of the current certainty level and it makes appropriate level plan for dealing with the safety with the creative intellectual. From this definition of proactive risk management, it becomes observable that humans who have creative intellectual power has an important role to play in proactive risk management. The aspects of closed loop strategy defines the boundaries of the risks. By this, it means that proactive risk management is considered in safe performance level. This is related to the present research as it also focuses on scalable  risk management where boundaries are defined for the risk that it must be scalable. The proactive risk management is about minimising the tendency of any event to occur in future through the identification of boundaries of activities, where breaching the boundaries could lead to the accident (Spitzmuller, and Van Dyne, 2013). To be specific about the time frame of proactive risk management, it uses the mixed methods where past, present and future is used for predicting the solutions for the expected risks such that risks could be minimised or mitigated. In proactive risk management, there is a room for prediction and creative thinking. It encourages the role of human beings where source of accident is investigated to reduce the risks for future. The proactive risk management is quite adaptive to external dynamic changes (Walecdzik, Manadziuk, and Zadrozny, 2014). The present research is about the proactive risk management approach. It does not focuses on the reactive risk management approaches and framework for further analysis.

3.7.Conclusion

In this chapter, project risk management is critically analysed. This chapter reviews the literature related to the basic aspects of the project risk management. It has analysed in this chapter that importance of project management is critical for all organisations. However, there are many internal and external factors that has an influence on the working of the projects. The projects are influenced with internal and external factors which must be considered in an effective manner through risk management. It has been analysed that risk management practices has numerous advantages which can lead to the success of the organisation. The project risk management should be utilised in an effective manner.

It is found that though project management is defined differently, its main ideas and themes match with the traditional concept of project management. In this chapter, it is found that project management revolves around three things which are named cost, quality and time. The analysis has revealed that situational factors could be internal or external to the project and organization. The internal factors involve financial solvency of the company, ability to have advanced and required technological equipment and availability of other resources and personnel and infrastructure related issues.  The examples of external risks are bankruptcy of the key vendor, wars, crime, economic upheaval, etc. From analysis, it was found that though both internal and external risk are important to be managed, however, it is more crucial to look at the external risk factors as they are more riskier for the success of the project.

It is found that to manage the external and internal factors which might have impact on the success of the project, risk management approaches are important for the success of projects. Though, different researchers have defined it in a different manner, but it is found that risk is basically any uncertain condition or event which has the potential to influence the objectives of the project. Risk could be understood through analysing what will occur, its possibility and consequences. Likewise, it is found that risk management is crucial and the success of project and organisation depends on the effectiveness of risk management approaches. In this chapter, it is also found that traditionally reactive risk management approaches were used but now this is the time where proactive approach for managing risk allows to become successful.

 

 

4.Chapter Four: Risk Management Frameworks and its Limitations

4.1.Introduction

This chapter discusses whether or not the existing project management approaches are suitable for the modern projects. Firstly, it introduces the commonly used risk management frameworks then it discusses their limitations. As time is passing, the nature of projects is becoming more complex. This research aims to understand what are loopholes, weaknesses or limitations of the existing project management approaches. Therefore, the aim of this chapter is to discussing the limitations of risk management approaches.

4.2.Risk management frameworks

Every project must be based on some risk management framework. For the success of project, it is important to incorporate the risks management framework in the project management process. The risk management must an important part of the project management. The availability of risk management framework further guides the process of doing the project. It provides the guidelines for assisting in the process of analysing the risk elements for a project (Abuswer, Amyotte and Khan, 2013). Glendon, Clarke and McKenna (2016) stated that the risk management framework also allows to categorise the risks which are related to each other and important for certain stakeholders. Risk management framework further provides the opportunity to undertake the formal risk analysis such that risks could be mitigated. Moreover, through a proper framework, key risk factors, outcomes and reactions could be identified. Moreover, appropriate actions plans could also be prepared for mitigating the risks such that resources are utilised in a manner that their payoff is greatest (Kaplan and Mikes, 2012). Further to this, risk management frameworks are ongoing re-assessment processes that provide the opportunity to monitor and review the risk elements in a continuous manner during the project. Every aspect of the organisation is influenced with the risks. Therefore, it is important to understand the risks which are encountered by the organisation and project. This allow it to manage it effectively which results in better decision making. The risk management framework allows to safeguard the assets and improve the ability to provide products and services such that project objectives are accomplished (Nachtigal, 2009). Karadsheh (2010) stated that effective risk management framework is important for the organisational resilience, benefits and confidence. An effective risk management framework helps in rigorous decision making and planning process. further to this, unexpected threats could be managed in a flexible manner. The available opportunities could be exploited easily, if an effective risk management framework is used. This ultimately allows to achieve the competitive advantage. According to Harris and McCaffer (2013), when decisions are based on risk management framework, managers are equipped with necessary tools to anticipate threats and other changes and allocate the resources in an effective manner. the risk management framework is a source of assurance that critical risks are properly managed and it also enable the compliance management and business resilience. Hence, when risk management is based on a certain framework, it becomes easier to manage the risk. This research aims to analyse various risk management framework, therefore, the subsequent sub sections will review the available risk management framework. Indeed, there are hundreds of the frameworks, but this research will only include the famous and most commonly used frameworks.

4.2.1.General Framework of Project Risk Management

The purpose of risk management is to reduce the crisis. This is very usual that unanticipated things can occur while managing the project, therefore, it is important to manage the risk in the most appropriate manner. generally, there are ten steps of the project risk management. These steps could be found in all risk management frameworks, in one way or the other. The below given ten steps were presented by Stanleigh (2010).

1. The first step is to identify the risks which a project can have during its operations. At this step, list of possible risk sources is to be reviewed. The knowledge and experience of all team members is also analysed. Basically, at this step, it is important to brainstorm all potential risks and missed opportunities if project is not completed as per the plans. Here, it is also important to clear the responsibilities of the individuals who are managing the risk (Aebi, Sabato and Schmid, 2012).
2. The second step is about communication the risks. Here, it is communicated to all stakeholders that risk management is crucial for the success of the project. Every relevant stakeholder must be aware of the potential risks which might occur during the project (Pritchardand PMP, 2014).
3. The third step is to consider both opportunities and threats. Indeed, risk are connoted as harmful for projects. it is important to consider that there are also positive risks which could be beneficial for the project. therefore, it must be ensured that there is appropriate consideration given to the opportunities. The identification of opportunities can result in completing the project in a faster manner where project could show better results as per the expectations. Moreover, the available threats of the environment should not be ignored (Hopkin, 2014).
4. In the forth step, it is important to do the prioritisation of the risks. There are certain risks which has a higher impact and probability than others. Therefore, it is of utmost importance to spend time and efforts on such risks. Using the evaluation instrument or mechanism, risks should be categorised and prioritised (Glendon, Clarke and McKenna, 2016). Likewise, there is possibility that there are so many risks that the number of risks exceed the time capacity of the project team, hence, contingencies could not be developed for all risks.  In this situation, it is important to manage those risks which has high impact and a high probability of occurrence. For this, prioritisation is mandatory (Cole et al., 2013).
5. In the fifth step, risk assessment is being done. Instead of looking for the solutions of the problem, it is crucial to find out the root causes of the identified risks. Moreover, there should be efforts which must be directed towards understanding the risk that what effect a particular risk could have on the project. In short, both cause and impact of the risk should be assessed. The gathered information should set the foundation for optimising the risks (Hull,  2012).
6. Once risks are assessed, the next step is related with the development of risk response plan for the project. It must be planned that how likelihood of each risk could be reduced, how to manage each risk, and how available opportunities could be exploited (Dorfman and Cather, 2012).
7. The seventh step is about developing the preventative measure tasks for each risk which is identified. The appropriate measures should be taken that prevent a risk so it is ensured that this risk will not occur. If it is not possible to prevent its occurrence, then efforts should be done to reduce the likelihood of its occurrence. For doing so, tasks should be planned which could help to reduce and eliminate the likelihood of the risk (Bessis and O'Kelly, 2015).
8. At the eight step, contingency plan for each risk needs to be prepared. This contingency plan will help to manage the risk if it occurs. So as soon the risk will occur, the contingency plan will be turned into the action, so the crisis situation will be avoided through proper risk management (Islam, Mouratidis and Weippl, 2014).
9. At the ninth step, it is recommended to register the project risks. This will prove helpful in viewing the progress and ensuring that any risk is forgotten. This will also help in ensuring a smooth communication between project team members. With the recording of project risks and responses which are implemented, a track record is developed which could not be denied and will prove helpful in future (Chance and Brooks, 2015).
10. At the tenth step, it is important to tack the risks and associated tasks such that these are integrated into the day to day tasks of the project team and managers. the risk tasks could be about identification and analysis of risks along with its implementation. The integration of these tasks into daily routine activity will help to manage the risk in a continuous manner (Christoffersen, 2012).

4.2.2.The ProRisk Management Framework

This risk management framework is provided by GuledDange and Chawan (2012). It focuses on business and operational domain of the project. The business domain is considered important because it helps in identifying the opportunity in the economic environment in which the project is working. It also proves helpful to analyse the exposure to external risk factor. The business domain is also helpful for estimating the experience and knowledge for the project along with confidence level that the project could be a success. On the basis of these two factors, formal model of risk could be described (De Wet and Visser, 2013).

In the operational domain, there is formal modelling of the risks. In this domain, the risk values are measured as per the organisational views and policies. The detailed assessment of the risk factors is also completed. moreover, the action plan is described to reduce the key risk values. This plan is ultimately implemented and reassessment of risk factors is done. Lastly, these steps are wrapped up and continuous cyclic process is applied on the project (Roy, Dasgupta and Chaki, 2016). The below figure is demonstrating the Pro-risk management framework.

Figure 3: Pro-risk management framework

Source: GuledDange and Chawan (2012)

4.2.3.ISO 31000 risk management framework

ISO 31000 provides the implementation framework which involves mandatory steps which must be taken for managing the risk for any project in an organisation. This framework dictates the certain steps which needs to be followed. Firstly, there is ‘mandate and commitment’ by the Board which is followed by design of framework, implement risk management, monitor and review framework and improve framework (Schwalbe, 2015).  This framework provided by ISO is basically helping tool for the implementation of risk management instead of just supporting tool. This framework provides the flexibility to every organisation to design its own risk management approach using the risk architecture, protocol and strategy of the organisation. This framework also focuses on roles and responsibilities of the stakeholders for facilitating the risk management process. The risk strategy defines the objectives of the whole process of managing risk. The risk protocol focuses on the procedures which has to be adopted to accomplish the objectives of the risk management process (Choo and Goh, 2015).

Figure 4: Risk Management Framework ISO 31000

Source: AIRMIC and IRM (2010)

ISO 30001 has provided a process which is to be followed for risk management. It starts with establishing the context and moves to risk assessment.Risk assessment considers the risk identification, risk analysis and risk evaluation. In the risk identification stage, risk and uncertainty which is exposed to an organisation is identified. This involves the knowledge about all of the aspects of the organisation and project. The legal, political, social and cultural environment in which it operates is also considered. At this stage, knowledge about the objectives is also mandatory. All those factors which are critical for the success of an organisation must be considered at this stage (Matthews, 2013). Then on the basis of the risk analysis, a risk profile is generated in which every risk is given a certain rating as per its significance level. This risk profile becomes a tool for prioritisation of risk efforts. Through this, relative importance of every risk is identified. Through this risk analysis, all risks are mapped out such that all business areas which are affected with the risks become known to the managers (Choo and Goh, 2015). In short, through analysis activity, the operations of the organisations are effectively and efficiently assisted such that those risks could be identified that needs the attention of management. Once the risk is analysed, the risk management practices has to be embedded through out the project management team. After this, the risk treatment has to be decided. The available risk response treatments are tolerate, treat, transfer and terminate (Qazi, Quigley and Dickson, 2015).

Risk treatment is basically about the selection and implementation of appropriate control measures which are intended to modify the risk. The major element in risk treatment is of risk control which deals with the risk mitigation. Further to this, risk treatment also involves the activities of risk avoidance, risk financing and risk transfer. It is important for all risk treatment to provide the effective mechanism for controlling the risks. The effectiveness could be judged through the extent to which the risks are minimised and reduced with the control measures proposed in the risk treatment stage (Dallas and Director, 2013). The effectiveness related to cost is evaluated through the analysis of cost and benefit associated with the risk reduction process. Though, compliance is not an option and it must be applied by all project managers to ensure that control system is promoting the compliance with the relevant laws and regulation. The risk protection can also be obtained through risk financing, example includes insurance (Kerzner, 2013). However, few costs involve no financing opportunity like damage to employee morale. As per this risk management framework, feedback is considered a two way mechanism where performance is monitored through consultation and communication. Through the function of monitoring and review, it is ensured that risk performance is monitored and lessons are learned from the experience. In the risk management process presented by ISO 31000, the importance of communication is high (Schwalbe, 2015).

The below figure represents the risk management process which is provided by ISO 31000.

Figure 5: Risk Management Process

Source: AIRMIC and IRM (2010)

4.2.4.NIST Risk Management Framework

This framework is presented by Roger L. Caslow who is basically the head of the Risk and Information Assurance Program Division. There are six step which needs to be followed by the project managers for managing the risk related to information security. This model is basically presented for federal government and its contractors, however, it is widely used by the other project managers as well (Gordon, Loeb and Sohail, 2003).

 

 

 

Figure 6: NIST Risk Management Framework

Source: Zhang, Wuwong, Li and Zhang (2010)

4.2.5.IT Risk Management Framework

At the heart of this risk management framework, there is place for business objectives which shows that everything related to risk management should be aligned with the business objectives. Further to this, there must be continuous communication process during all three phases i.e. risk evaluation, risk response and risk governance (Matthews, 2013). The below figure represents the IT risk management framework.

 

 

 

Figure 7: IT Risk Management Framework

Source: Westerman  and Hunter (2007)

As showed in the figure, this risk management framework revolve around risk evaluation, risk governance and risk response. In the risk evaluation phase, it is ensured that risks which are related to the IT project are identified and analysed and a risk profile is developed. In the risk evaluation stage, risk scenarios are developed where it is also analysed that how each identified risk will have an impact on business (Xanthopoulos, Vlachos and Iakovou, 2012).  In the risk response phase, it is ensured that identified risks are managed as per the business objective where it is also made sure that process of mitigating the risks remain the cost effective. At this stage, key risk indicators are analysed and risk response is specified as per the prioritisation of the risk (Glendon, Clarke, McKenna, 2016). Further to this, there is the risk governance phase where it is ensured that risk management is integrated into the organisation and optimal risk adjusted results could be achieved. In the risk governance phase, the responsibility and accountability for risk is shared throughout the project team and organisation. The risk appetite and tolerance is created in all team members. The process of risk management is facilitated with the awareness and communication whereas such culture is established where everyone is ready to accept and manage the risk such that optimal risk adjust results could be accomplished (Abuswer, Amyotte and Khan, 2013).

4.3.Limitations of risk management approaches in projects

According to Guled, Dange and Chawan (2012), project risk management is an undeveloped discipline and it is not the same as it is used for managing the financial or operational risk. This is due to the factors like there is high risk aversion which individual project managers have. Moreover, understanding of risk for social activities is quite less. Risk management of project is confusing due to lack of sophisticated mechanism as fields of finance, accounts and engineering have (Glendon, Clarke and McKenna, 2016). The nature of risk management in operations and finance are quite similar hence the concepts could be used interchangeable. If risk is not managed, it either results in personnel or monetary impacts. However, the nature of project risk management is quite diverse (McNeil, Frey and Embrechts, 2015). It could be analysed that if the risks are not managed properly, it can result in impacts on capabilities, schedule, monetary and quality related objectives of the project.

In the current chapter, various traditional and contemporary risk management frameworks are analysed. The purpose of this analysis was to see how projects are managed using certain frameworks. However, as this field of project risk management is underdeveloped, there are various limitations of the risk management approaches, models and frameworks, which should not be neglected. The subsequent lines shed light on the limitation which are encountered by the discussed models. According to Ward et al., (2015),all of the risk management approaches are based on some risk prioritisation process. This process of prioritising risks is quite complex and it often shifts the focus and attention of project managers from the actual project towards managing the risks associated with the certain project. The risk management process could be completed effectively on those cases when all other tasks are suspended. Another limitation is that these models and frameworks do not allow the manager to differentiate between risk and uncertainty. It is analysed that as explained in the previous chapter, risk is something which can be measured by impact × probability, however, uncertainty cannot be measured. There are higher chances that managers often get confused between risk and uncertainty and they keep on wasting their time on managing the uncertain events. This is of great importance to assess and prioritise the risks in a timely manner and this also has to be ensured that only that much time is given to risk management that actual project is not adversely affected with the risk assessment and prioritisation process (Sadgrove, 2016). This is due to the fact that when too much time is spent on assessing and managing risks, the resources are diverted to those areas of the project which are not the most profitable ones. For example, risk might occur but for some cases it would be appropriate to retain the risk if cost of risk reduction is way too much high that benefits of the risk reduction. Further to this, all approaches of the risk management are not based on the quantifiable risk management process and this results in increased subjectivity and decreased consistency during the risk management process (Pritchard and PMP, 2014). Further to this, Mechler (2016) has identified another limitation that the only justification provided as the core rationale for risk management is bureaucratic and legal.

Haimes (2015) has also analysed the limitations of the current risk management frameworks. The have stated that risk management has relied on risk maps, risk ranking and prioritisation which means that the process of risk management is quite subjective. In these risk management frameworks, managers has to assess the impact of future events and their likelihood of occurrence in a subjective manner.  most of the times, these frameworks are used for getting an overall picture of the risks that provides a direction for managing the risks in a simple, understandable and systematic manner. through this subjective process, a rough profile of risks is generated (Doorn, 2014).

It could be analysed that all of the above mentioned risk management frameworks has relied on few components i.e. objectives drawn from business strategy providing a context for the risk assessment process, a common risk language for understanding the risk and pre-determined criteria for doing the risk assessment. Though, everyone agrees that this risk management is quite importance, it is very common that the risk assessment provides the solution to managers that what they need to do next. Indeed, it only provides the list of risks which are faced by the project or organisation while it leave the decision makers in a blank position where there is little insight for managers that how to manage the identified list of risks (Kern et al., 2012).

McManus (2012) has provided reasons for these problems in the risk management frameworks. There exists individual bias in the process of risk assessment. The risk assessment process also provides a room for ‘group think’, hence there are fewer chances to promote the out of the box thinking using these risk management approaches. Though there exists quantitative scales which has qualitative descriptions for quantifying the severity and likelihood of the risk factors, there are chances that every project manager understands and uses them in a different manner. Further to this, Lavastre, Gunasekaran and Spalanzani (2012) mentioned that the unknowledgeable participants are more likely to skew the results where they are on the middle of the road of all the available scales, which shows the inability of such participants to assess the risks using the risk management frameworks. Moreover, according to Colicchia and Strozzi (2012), in quantitative analysis of various risks, risk maps are created using the average of widely dispersed views, hence, there are higher chances that a true consensus is not showed by the participating evaluators. Many of the risk management frameworks are emphasising on the linear process which is also the point-in-time assessment that is unable to address the special and unique characteristics of the risks which are encountered by the organisation or its projects (McNeil, Frey and Embrechts, 2015). When project managers rely on any of the risk management framework for evaluating the risks that have different characteristics and time horizon aspects, it become easier to execute the process but to be neutral this is not robust enough to continuously add the value over a period of time and it may also ignore the interplay between related risks and the most important problem of limited information is never alleviated with the reliance of any of the above mentioned risk management framework (Glendon, Clarke and McKenna, 2016). Every risk management framework and process assigns different risks to the appropriate owners for taking the next logical step for solving the problem. The limitation is that even if the risk is assigned to certain owner, there is uncertainty at the end of the individuals then what step they have to take for reducing the risk. When they do not know anything to do, this leads to the frustration which is a result of integrating the risk management process with core project management processes (Edwards and Bowen, 2013).

Further to this, according to Sadgrove (2016), these risk management frameworks have reliance on the subjective assessments which are based on the past experiences. This is a dangerous limitation or shortcoming of the whole risk management process. This is because of the fact that past is a poor predictor of future, therefore, this is not always feasible to rely on past for reliable future. For example, many risks which occurred due to the global financial crisis has taught us one lesion, which states that it is more important to focus on what we don’t know than we do know. The risk assessment process becomes less effective when there is overconfidence of the simplified view of the future. This overconfidence is the result of the degree of success that is previously experienced by the managers. Moreover, the overconfidence over future is also because of quality and coherence of the story which is told by project management regarding the future risks, which often ignores the business reality (Mechler, 2016).

In a similar manner, Glendon, Clarke and McKenna (2016) told that this is not know that what can be done for the exposures to the extreme events. All risk management frameworks suggest that there is a need for deemphasising the ‘high impact and low likelihood’ risks as such risks has lower probabilities of occurring. This in turn provides the false sense  of security which arises due to the lack of historical precedence. So whenever these risks will occur, the results are quite dangerous for the whole project and these are the risks which actually need attention because when they occur unexpectedly and organisation has no preparations, it causes great trouble for project managers (Christoffersen, 2012). Therefore, this shortcoming of the risk management frameworks should be managed well where it is important to gauge the impact of such events and be prepare for such risks. The velocity and speed of impact of such high impact risks should be gauged and organisational readiness needs to be ensured. Therefore, it could be said that traditional risk assessment approaches might be effective for the purpose of awareness creation and obtaining a quick overview of risk (Pérez?González and Yun, 2013). However, when an organisation is moving towards the higher stages, the importance of traditional risk management starts to fade away. This is the time where there is a need for sophisticated risk management frameworks which could provide better insights into the management needs (Hi et al., 2012). It could be analysed from this that there are shortcomings for all risk management frameworks and these must be recognised. Every organisation needs to explore if very little is happening as a result of the risk management process of the organisation. This shows that alternative approaches need to be adopted.

4.4.Conclusion

In this chapter, one of the objectives of this research is accomplished. This chapter has reviewed various risk management frameworks and it has discussed the limitations of the available risk management frameworks. It is analysed that more or less all risk management frameworks has similar elements. Though, all of these frameworks are important for the success of the project. It cannot be ignored that there is a need for considering the limitations of these frameworks.

It is found that it is important for every project to rely on some risk management framework. The importance of the risk management framework could not be denied as it guides the project managers at every step of the project management with the intention to minimise the risk. This is analysed and found that every risk management framework is based on certain steps which lead towards the risk management. However, there are few which are complex while few are simple. There are few which are suitable for large projects while others are more feasible for smaller ones. Further to this, the current risk management approaches are having limitations which must need to be catered by contemporary risk management frameworks.

 

 

 

5.Chapter Five: Integrated project risk management framework

5.1.Introduction

One objective of this research is to recommend widelyapplicable risk management approaches. To accomplish this objective, the chapter analyses the changing nature of modern projects. It analyses how project risk management practices are changing. Then, it specifically analyses the risk management in modern projects. The modern risk management practices are reviewed by analysing the research studies which has explored this research issue in modern sector where cases of innovative, software and, green construction and energy based projects are analysed.Further to this, comparison between traditional and modern risk management approaches is also conducted in this chapter. After doing the analysis, widely applicable risk management framework is recommended.

5.2.Changing nature of modern projects

Myrelid and Olhager (2015) stated that though, project management is a dynamic discipline and it could effectively deal with the changing nature of the projects. However, as time is passing, the complexity of the environment has increased. The business environment has become quite complex as per the terminologies of the sociologist, society has reached its ‘take-off’ stage. The complex business environment is depicting certain characteristics. First one is the open system. Now, society has become a complex web of interacting open systems which are quite instable (Harris and McCaffer, 2013). Business environment is constantly changing where interrelationship and interconnection of various networks exist. Secondly, the chaos of the business environment has increased. This has resulted in increased uncertainties for the modern projects (Highsmith, 2013).  Therefore, it is often believed that traditional management approach of planning and control could not be considered appropriate for managing the complex projects of this contemporary environment. Thirdly, this is the era of self-organisation where autocatalytic processes are leading towards self steering units of the organisations. The factors like teamwork, synergy and flexibility is promoting the self-organisation (Martinsuo, 2013). Fourthly, the current environment is characterised with the interdependence which has make it difficult to use the traditional management approaches for managing the projects in a complex environments. These four characteristics of the current business environments are demonstrating that complexity which is a result of rapid technological, economical, social and global change is irreversible (Bryde, Broquetas and Volm, 2013). This complexity of society has implications for many disciplines including social sciences, arts, management and project management.  Marle, Vidal and Bocquet (2013) stated that it has changed the worldview for sciences. Therefore, this research specifically focuses on the complex nature of the modern projects. On the basis of this discussion, next discussion will explore the project management approaches for the modern projects which are working under the sphere of this complex environment.

5.3.Risk management in Modern Projects

As innovation based projects are quite famous in modern world, Bowers and Khorakian (2014) conducted a study on risk management in the innovation project. While innovation has many similarities to other forms of projects it is characterised by a high failure rate and the need to stimulate creativity. More explicit risk management could help in achieving success in innovation projects. However, too much or inappropriate risk management might stifle the creativity that is core to innovation (Kerzner, 2013). So, what project risk management should be applied and where in the innovation project? The decision points of the stage-gate innovation process model provide an effective interface for incorporating project risk concepts. The general concepts appear most relevant to innovation management though it is useful to customise them to emphasise the particular characteristics of innovation projects. The experience of using the resultant combined model in a number of diverse case studies indicates the relevance of the model in understanding attitudes towards risk management in innovation. The analysis of the case study companies which are doing innovation based projects ha suggested that risk management needs to be applied in differential manner: simple, unobtrusive techniques early in the innovation life cycle with more substantial, quantitative methods being considered for later stages (Kendrick, 2015). Hence, from this it could be analysed that now there is a need for more simple risk management model and this is the need of today’s environment which is characterised with the innovations. Further to this, as per the recommendation ofDallas and Director (2013), the risk management model must ensure to have the right balance of sophistication and simplicity. Therefore, it would be ensured that all technical aspects of the risk management framework are added into a simplified but comprehensive risk management framework.

Hwang and Ng (2013) conducted project management research on green construction industry which is one of the modern industries. This study aimed to identify challenges faced by project managers who execute green construction projects and to determine the critical knowledge areas and skills that are necessary to respond to such challenges. Through literature review, surveys and interviews with project managers, this study will help establish a knowledge base for project managers to be competitive and to effectively execute sustainable projects. It was found that global concerns over climate change and sustainability have spurred the need for green buildings in the construction industry. In Singapore, all new buildings and major building renovations should achieve the minimum Green Mark standard, as mandated by legislation in 2008 (Nachtigal, 2009). Since project managers play an important role in the success of construction projects, it is therefore essential to identify the critical knowledge and skills that a project manager needs to effectively execute a green construction project (Harris and McCaffer, 2013). Furthermore, the comparison of the knowledge areas and skills between traditional and green construction projects revealed that there are specific knowledge areas that should be strengthened in order to effectively manage green construction projects. This may be because more emphasis is placed on specific aspects of green building construction projects (Hillson and Simon, 2012). From this, it could be analysed that as per the needs of the modern projects, the aspect of training should be added in the risk management process to ensure that sufficient and required knowledge and skills are possessed by the managers of the projects which are working for the modern projects.

Alhawari et al., (2012) conducted a study to explore the field of Risk Management (RM) in relation with Knowledge Management (KM). Moreover, their focus was on the informational technology projects which are considered quite common in modern world. It attempts to present a conceptual framework, called Knowledge-Based Risk Management (KBRM) that employs KM processes to improve its effectiveness and increase the probability of success in innovative Information Technology (IT) projects. It addresses initiatives towards employing KM processes in RM processes by reviewing, interpreting the related and relevant literature and sheds light on integration with RM in the IT project. The paper exposes some pertinent elements needed for building the KBRM framework for IT projects and also suggests some instrument about the integration of KM and RM process to improve the RRP (Risk Response Planning) process efficiency.The analysis of case studies of projects which are based on information technology, it has become clear that there is a need for integration of knowledge management practices with the risk management practices (Alhawari et al., 2012). Now, the nature of projects is quite different than that of the traditional projects. The analysis has revealed that knowledge management frameworks must introduce the integration of knowledge management process. This is only with the help of knowledge management practices that the knowledge workers who are working on the knowledge based IT projects could manage the risk along with managing the knowledge.

In another research conducted by Peixoto et al., (2014), the case study of electric energy project management was considered where authors presented the developed risk management methodology and the main risk management results of a pilot project in a Portuguese electric energy organisation – EDP Distribution. Most of the project risks identified have external and technical sources, and most of the risks are rated as medium and high level. In the future, it is expected that this methodology can be used for similar projects and that a gradual standardisation on the use of the risk management methodology can be achieved in the organisation. The study of Peixoto et al., (2014) found that during the implementation of the risk management methodology twenty-one risks were identified: twenty threats, five of them secondary risks; and one opportunity. After the risks identification, the risk breakdown structure was developed, providing the project management team the sense of what types of risks can occur in the project. It was found that the major part of the identified risks had external or technical sources. From this, it is reasonable to analyse that the project risk management must has the component of technical risks which are particular to the project.  This indicated to the project management team the area of intervention that needs more attention (Birkmann et al., 2013). Therefore, along with the internal and external risks, technical risks specific to the project should also be identified. The technical source was an expected result, since this project implies a large use of new technical components, namely related to the automation equipment and the software platforms needed to manage and control the smart grid functionalities. Now days, more of the projects are based on automation equipment and software, hence, the need for technical area is important (Schwalbe, 2015). Therefore, technical risk must also be added in the risk identification process. The qualitative analysis rated most of the risks as having a medium and high impact on the project, indicating that almost every identified risk may jeopardise the project success. Consequently, risk monitoring and control needs more care and attention concerning the risk development and requires close supervising.

5.4.Comparison of traditional and modern risk management

There are certain limitations of traditional risk management approaches which make it less appealing for project managers to rely on them. the traditional risk management approaches do no allow to sufficiently identify, evaluate and manage risk (Drennan and McConnell, 2007). There is higher fragmentation level in the traditional risk management where risks are treaded as compartmentalised or disparate elements. These approaches have limited focus for uncertainties around physical and financial risks. Their main focus is on loss prevention instead of value addition. The traditional risk management approaches are unable to provide a holistic frameworks which raises the demand for redefinition of risk management value proposition in changing business environment (Fone and Young, 2005). On the other hand, modern risk management frameworks focuses on the future events where efforts are dedicated towards both opportunities and threats that exist in the external environment. The modern risk management approaches are quite proactive while traditional risk management approaches are reactive. The proactive and reactive risk management is already explained in the third chapter of this dissertation. The modern risk management is process driven and value based where project managers manage the risk in a continuous manner such that value addition could be ensured.

Therefore, in the modern time there is a need to manage the risks in a proactive manner. Therefore, the presented integrated framework is also be based on proactive risk management where there is a focus on monitoring of risk in a continuous manner such that the external environment is translated into the strategic objectives and risk management is also based on the strategic objectives of the organisation (Hopkin, 2002). The comparison of traditional and modern risk management approach also reveals that latter has permanent measurement of the severity and evolution of risks that are faced to the projects. Moreover, modern risk management practices are aligned with the strategic objectives of the organisation. This is something which is missing in the traditional risk management approaches (Van Staveren, 2009). In the traditional risk management, risk is considered as something which is not an important part while modern risk management approaches has successfully considered it as the integral part of the organisation. That is the foremost reason that the success is ensured through modern and sophisticated risk management practices. This integral approach reduces the probability of failure and helps in achieving the overall objectives of the organisation (ALARM, 2009). In traditional risk management, risk particular to specific units is considered and handled. The examples od units involve informational security, property protection and health and safety. In the traditional risk management, there is little room for information sharing (Drennan and McConnell, 2007).

Traditional risk management has focus only on the pure risks while modern risk management approaches consider all types of risks which are possible. The former is the defensive approach while other is proactive where all types of risks are managed to improve the organisational performance. According to Deloach (2000), modern risk management approach is a structured approach where there is an alignment among strategy, process, people, knowledge and technology such that threats and opportunities are assessed and managed to create value for the organisation. As per views of Padovani and Tugnoli (2005), traditional risk approaches were discontinuous, reactive, fragmented, focused on threats, functional and based on costs. On the other hand, modern risk management frameworks are continuous, logical, proactive, integrative and focused on both threats and opportunities. The framework which is presented in the next section is also based on the modern risk management practices therefore that is also logical, continuous, proactive and focused on both threats and opportunities. There is better alignment of strategy and risk management in modern risk management approaches. As per the need of modern projects, this alignment with the strategy is also ensured in the presented integrated risk management. In modern risk management approaches, it is important to ensure that the process of managing risk is repeated and formal such that threats and opportunities could be anticipated. The process of communication is very important in modern projects, therefore, this is also the need of ensuring the continuous communication in modern risk management (Power, 2007). This is also incorporated in the integrated risk management framework which is presented in the next section. Below tables also highlights the differences in traditional and modern risk management approaches.

 

 

 

Table 2: Key Dimensions identifying the differences in traditional and modern risk management practices

Source: Padovani and Tugnoli (2005)

Table 3: Differences between traditional and modern risk management

Source: De Loach (2000)

From the above two tables, major differences in traditional and modern risk management approaches could be identified. Now, when time has changed and nature of projects has become complex, there is no room for the traditional risk management approaches. Therefore, the modern risk management approaches are widely applicable, only. The framework which is presented in the next section is also based on the modern risk management features.

5.5.Integrated risk management framework

Though there are various risk management frameworks, it has been analysed in the previous chapter. From the comparison of these frameworks, it could be analysed that more or less they all are having the similar aspects. Few are of them are more comprehensive while others are more precise. Below is presented an integrated risk management framework that has combined various elements from the previous risk management frameworks. It is basically expansion of the framework which is presented by Choo and Goh (2015). This framework has its foundation of ISO 31000 framework, however further modifications are being done. The model is presented in the below figure and it is expansion of framework presented in study of Choo and Goh (2015). It is important to highlight that this framework is based on characteristics of modern risk management approaches. There is a clear linkage which is ensured between risk management and strategy. The focus is not only on threats but both threats and opportunities need to be considered which exist in the external environment. The assessment of risk is done in a repeated manner where proactivity is to be showed at all stages. The centralised risk management system is implemented. There is a need for clear and complete reports for consolidation of all risks which are encountered to the projects and organisations. The vertical coordination among top, middle and front level management is to be ensured. There exist clear responsibility for all the risks through a proper accountability system.  The next figure presents the integrated framework which is applicable to all modern projects. The presented risk management framework addresses the scalable risk management. Scalable risk management is risk management process which can be modified as per the size and complexity of the project. It cannot be said that the presented framework is for some specific size project, rather it has wider applicability and it can be modified as per size and complexity of the project.

Figure 8: Integrated Framework of Risk Management