Scalable Risk Management Approaches In Modern Project Management


As time is passing, the nature of projects is becoming more complex. There are various risks which are encountered to the projects. This research is conducted to analyse the risk management of projects which are managed under the complex and dynamic environment. In this research, project risk management is the centre of discussion. The aim of present research is to analyse the risk management approaches in projects and present a framework for project risk management which has wider applicability regardless of their size and complexity. This aim of this research is accomplished through five objectives. Firstly, it determines the common project risk management approached which are currently practiced. Secondly, it examines the various risks and situational factors that has potential to influence the success of the project. Thirdly, it critically analyses the commonly practiced frameworks of project risk management. Fourthly, the limitations of existing risk management approaches are determined. Lastly, the widelyapplicable risk management approach is recommended. The objectives are accomplished through qualitative research methods where systematic review of previous studies is being conducted. This research uses the secondary research and it analyses previous studies to fulfil the aim and objectives. Using the qualitative secondary data from more than hundred sources, all aim and objectives has been accomplished for this research. It is concluded that as time is passing, the nature of projects is changing, therefore, traditional risk management approaches are not applicable to the modern projects. There is a need for a framework which could be used by all projects. Considering the needs of modern projects, a framework is presented which has incorporated element of communication, knowledge management and organisational culture in risk management framework presented by ISO 31000. At the end of this research, limitations and recommendations are given.



1.Chapter One: Introduction


This chapter provides a brief background information including an evaluation of the contemporary Project Management approaches with regards to risk with the dynamic and complex nature of tomorrow’s business landscape. The evaluation will attempt to weigh whether the risk management approaches employed in contemporary project management can measure up to the anticipated future business landscape characterised by uncertainty. This will aim at justifying the sustainability or otherwise of the current project management practices in a rapidly changing business environment.  The section also provides a statement of the problem, general and specific objectives of the study, research questions to be answered by the study and a brief justification and limitations of the study

1.2.Research Background

The today and tomorrow’s turbulent business landscape, characterised by rapid changes, can be seen as a series of fast flowing rapids full of challenge, excitement, and adventure. In such an environment, risks are bound to be higher even as the rewards become greater. An organisation has to be set in such a way that it is sensitive to the prevailing forces that play out in the environment. The ever increasing complexity in the business environment, particularly featuring disruptive technologies and other changes, has in many instances rendered entire projects void bringing up the question on whether risk approaches in project management are sufficient. Risk management competence in the project-based working has become a critical success factor in ensuring that the project management approaches adopted are sufficient for safeguarding an organisation’s sustainability interests. The dynamism in environment importantly calls for approaches that can adjust to oncoming changes and adapt with continuous improvements (Suikki, Tromstedt, Haapasalo 2006). 

This study seeks to investigate whether risk management approaches in Project Management practice of today will manage to hold in the ever changing requirements for tomorrow business. With the business environment defined solely on uncertainty basis, scalable risk management approaches will be given prominence in the study. The aim of present research is to present the approach that could ensure that wide applicability of the risk management approaches for projects irrespective of their complexity and size. This research intends to analyse how traditional risk management approaches has become obsolete and modern risk management approaches has taken over the modern projects.

Project managers continually face challenging circumstances in the course of keeping their businesses afloat in the face of the progressively changing circumstances. The market reality, for instance, does not necessarily reflect the intent of an organisation’s management. Organisations operate in a business environment that is constantly characterised by occurrence of disruptive business events that are contrary to the expectations of the organisation’s management (Shimizu, et al., 2014). Organisations that are caught off-guard upon the occurrence of such risks are bound to pay a stiff price. The cut-throat competitive global business reality demands for a pro-active risk management approach. Risk management in this regards serves as a critical operational and strategic priority. In the context of volatile competitive landscapes characterised by rapidly changing customer expectations, it becomes crucial for firms to come up with comprehensive risk management programs (Park & Hong, 2012).

Risk can be defined as a combination of the probability and occurrence of harm and the severity of the particular harm. Risk factor is potent in every business environment (ISO &IEC, 1999). In the context of Project Management, a risk is defined as a possible occurrence, that if it happens, may have either desirable or undesirable impact on a project. Most of the project management issues arise from the uncertainties associated with risks (Subramanyan, et al., 2012). With a proliferation of additional variables in the business environment as contributed by among other factors: globalisation, rapidly changing technological factors, a shift in customer preferences and legislative changes, risks in projects have become larger both in terms of impact and frequency. Organisational stakeholders are therefore required to manage risks effectively by increasing issues in managing projects to contain legal and financial consequences.

Project Management purposes to foresee or predict problems and dangers as far as possible in a way that can enable planning, organising and control activities so that the project can be completed as successfully as possible in spite of the risks (Suikki, Tromstedt, Haapasalo 2006). Management of risk involvesorganisational preventive activities as well as the responsive activities that are associated with actual product accidents as well as system improvement activities after the actual product accidents.However, there exists difference in both types of risk i.e. reactive and proactive risk management, this research also analyses how proactive and reactive risk management is different from each other. It, therefore, means that risk management proactively looks out for chances of occurrence of a risk and works to significantly reduce occurrence of the risk. In the case that the unlikely happens, risk management will involve system improvements to seal the loopholes that expose the organisation. Risk at the project level, therefore, brings to the core the role of the project manager and the project approach engaged in effectively maximising a project’s chance for success by either risk mitigation, avoidance, acceptance, transference or exploitation. Therefore, this research also analyses why there is a need to manage the risks and what are potential benefits of managing the risks which are encountered to a certain project.

According to Kerzner (2009), there is a marked growth of institutions of learning devoted to teaching and diffusing project management principles and standards as evidence of this change. However, only about 32% of implemented projects are implemented on time, using the proposed budget and with all functionalities. This is not in line with the desired excellence that project driven organisations strive to achieve. For a project to be considered successful, it has to be timely, fall within the budget allocated, and remain within the scope. It is only then that the project delivers on the quality promise that is expected to satisfy the customer. Therefore, this research analyses how the project management could become more successful by relying on risk management frameworks for the projects.

There are huge differences in traditional and modern risk management approaches.There is a marked increase in popularity in some project management approaches as PRINCE2, due to their capability to place projects under controlled environment for purposes of managing risk. Although initially recommended for IT related projects, the popularity of the approach as promoted by the UK government, led to its modification for use in a wider range of project situations. The framework recommends a risk management strategy to be produced by the project manager early in the project’s life-cycle at the initiation stage (Wells, 2012). It is therefore streamlined in the entire project life cycle, effectively taking control of the project future. This brings to the core the place of risk factor in the management of projects and the prominent role it plays in maximising performance of projects. In other words, poor risk management approaches increase the chances of project failure while suitable strategies increase the chances of project success (Thiry andDeguire, 2007).

Application of PRINCE2 and other structured approaches as a means of improving project performance has been downplayed by the increasingly complex market dynamics. The occurrence of peculiar disruptive business events that are contrary to the expectations of an organisation limit the application of the structured methodologies (Wells, 2012). The indifference of the methodologies makes it difficult to apply in peculiar organisation situations with varied levels of complexity. More to the increasing complexity in business environment, important to note is that, as a characteristic of projects, each project is unique in its own way. This brings up the need for scalable risk management approaches that will be applicable to any form of project irrespective of the size of the business and situation in time.  Therefore, the focus of present research is on developing a risk management framework which could be used for all modern projects.

For achieving the desired aim of the dissertation, qualitative research methods are adopted. There is no use of numerical data in this research. Moreover, this research completely relies on secondary data where books and journal articles are critically and systematically reviewed for fulfilling the aim and objectives (Cresewell, 2008).

1.3.Research Aim

The aim of present research is to analyse the risk management approaches in projects and present a framework for project risk management which has applicability for projects which are different in size and complexity level.

1.4.Research Objectives

In order to achieve the above project aim, the research objectives will be:

  • To determine the common project risk management approaches which are currently practiced
  • To examine various risks and situational factors that influence the success of the projects
  • To analyse the commonly practiced frameworks of project risk management.
  • To determine limitations of the existing risk management approaches in project management.
  • To recommend widely applicable risk management framework of project management.

1.5. Research Questions

  • What are the common project risk management approaches which are currently practices?
  • What are situational factors that can influence the success of the projects?
  • What are the most commonly used frameworks for project risk management?
  • What are the limitations of the existing project risk management approaches?
  • How previous frameworks could be expanded to present an integrated framework?

1.6.Scope and limitations of the dissertation

There are various risks which are encountered by the businesses. This research only focuses on project risk management.  Other risks are not considered for this research study. Further to this, the research only includes the research studies which are published by authentic sources. Moreover, that data is collected which is published after 2000. Hence, the studies which were published before 2000 are not part of this research study. Likewise, this research only collects the secondary data which is published in English language. This is done to have a limited scope of this research.

Moreover, it relies highly on views of others. Such studies often remains unable to provide new findings. However, it was tried by the researcher to minimise this limitation of this research study. For this, the research has presented the framework which is different from previous research studies. Moreover, the systematic analysis of previous research studies is conducted to reduce this limitation. Moreover, this research is completed in a limited time and cost hence it could not cover everything about the scalable risk management, but researcher has tried best to complete this research such that the aim and objectives are accomplished.

1.7.Guide to the contents and dissertation structure

Chapter Two: Methodology:

This is the second chapter of this dissertation. It lays down the model that will guide the study as well as the process therein. The section will also detail the sampling procedure to be used, data collection tools and the data analysis method.

Chapter Three: Project Risk Management Approaches

The section proceeding the methodology chapteris the literature review. In the section, peer reviewed journals are used to get as much information as possible to give form to the research. The aim of this chapter is to analyse the current project risk management approaches. It introduces the main concepts related to this dissertations.

Chapter Four: Risk Management Frameworks and its limitations

This chapter analyses the commonly used risk management frameworks. Further to this, this chapter analyses the loopholes, weaknesses or limitations of the existing project management approaches. Basically, this chapter discusses the frameworks and limitations of risk management approaches. 

Chapter Five: Integrated Project Risk Management Framework

The purpose of this chapter is to present an integrated risk management framework. Firstly, it analyses how the modern projects’ nature is changing. This chapter compares the traditional and modern risk management approaches. After analysis, it presents the integrated risk management framework which integrates various components from other frameworks. The purpose of presenting a new framework is to expand its scalability so projects with different size and complexity could utilise this.

Conclusion and recommendation:The study conclusion will then be detailed in qualitative terms. This chapter analyses the limitations of the present research and provides recommendations.

1.8.Significance of the study

Globalisation and technological advancement are important aspects that have contributed to the revamp of the global economy. This evolution immensely influences the shape of the present markets. The current knowledge-based economy does not support the traditional strategies and tactics of project management. This is because most business activities should be flexible to respond to the needs, demands and requirements of proposed, formulated and implemented projects. Therefore, change (project) is paramount in the current turbulent markets.

The rate of failure in projects is on the rise, partly due to increase in the variables at play in business environment, increasing complexity of business landscape and mechanistic approaches applied in the management of the projects. It may be impossible to be a hundred percent in control of the factors in play in a project environment. The success rate however may be boosted significant reduction in the number of uncertain factors at play in a project in a way that places control of the project at the hands of the project manager. This study therefore becomes significant for project management practitioners as a way of improving success rates of the projects. This will in-turn lead to less wastage of resources, better project outcomes/quality and satisfied customers. The study will offer window of knowledge to those not in the know and act as a guide to help understand how to overcome project failure in the face of complex project environment. By adopting the approaches suggested by this study, project managers will be able to carry the projects into the future by ensuring that projects are sustainable in the long-term. This research study will therefore be of benefit to all project stakeholders in a research project since the success rate of the project will be significantly increased. The two main stakeholders who will directly benefit from the study findings are project managers and project sponsors.

1.8.1.Project Managers

Project managers are required to employ cutting edge strategies in manipulation of resource to come up with tangible value as determined by the time taken, quality produced and within the required scope. For project managers, time, being one of the main triple bottom line factors, will be saved as they will not be required to come up with new risk management strategies. They can effectively employ the risk management strategies suggested in this study regardless of the size, age, and type of project.  

1.8.2.Project Sponsors

Project sponsors entrust their resources with project managers to be turned into tangible goods. Project sponsors’ main interest is to see efficient utilisation of their resources and that the resources they contribute are not diverted to other side objectives out of the project scope. For project sponsors, therefore, by the insistence of utilisation of the strategies suggested in this study, they will be assured of timely delivery of their projects as risk management is a major component that influences project success.     

1.9.The Definitions

Table 1: Definitions



Project Management

Project management is defined as a comprehensive and systematic process of controlling the achievement of the project objectives.


Risk is basically any uncertain condition or event which has the potential to influence the objectives of the project.

Risk Management

Risk management is defined as the policy of an organisation to optimise the risks such that possibility of failure is reduced.

Scalable Risk

Scalable risk management is the solution for managing risk which is adjustable to the size and complexity of the project.

Situational factors

Situational factors refer to the internal and external threats and opportunities which are encountered to any particular project.

Integrated Framework

A comprehensive framework in which various tools are combined to manage the strategic objective of the organisation.




2.Chapter Two: Methodology

In this chapter, research methodologies which has been used for this research are explained. the rationale for this chapter is to provide every possible detail on how this research is conducted so it could be replicated by other researchers, if needed. For every method, the justification for selection is provided. Limitations are also discussed.

2.1.Available research methodologies

A research can be conducted through two different research methods or through mixture of both methods. These research methods are quantitative and qualitative research methods. There are various pros and cons of both research methods. In this section, a detail of both research methods is given and then justification of selected research method is given.

2.1.1.Qualitative Research Method

Qualitative research method assists in translating or analysing true meaning of terms relevant to various issues (Bryman, 2004). In order to do detailed analysis, qualitative research method is used (Gummenson, 2000). After collection of data, analysis could be done done through debriefing, content analysis and behavioural observations (Cooper and Schindler, 2007). In order to generate detailed information, qualitative research method is considered to be helpful (Smith, 2008). This helps in developing knowledge through detailed information (Cresswell, 2007). This approach allows to create openness hence the research study can explore new topic areas which are not initially considered. This research methods help in providing a detailed picture of the research problem. Moreover, the pre-judgments of the researchers could be avoided in the qualitative research methods (Kumar and Phrommathed, 2005).

2.1.2.Quantitative Research Method

The other method of research is quantitative research method in which quantification of data collected is done. Different techniques and methods could be used by researcher for quantifying different concepts and events related to the research issue (Bodgan and Bilikan, Undated; Cresswell and Miller, 2000). The quantitative method is not appropriate for this research is that it often focuses on superficial and narrower dataset. Instead of detailed narrative and elaborative analysis, focus remains on the numerical descriptions. Quantitative research approach might not be feasible for few studies as it is conducted in unnatural and artificial environment. The pre-set notions, answers and variables are used in quantitative research methods, hence, it becomes difficult to critically explore the research issue. Moreover, the chances of structural bias is high in quantitative research methods. Quantitative research methodologies emphasises too much on theory testing and hypothesis generation, and in doing so, the chances for confirmation bias also increase. Likewise, quantitative research methods produce abstract knowledge which is often difficult to be applied in certain situations (Merriam, 1998). 

2.1.3.Research Method Adopted

In current study, qualitative research methods has been used in accordance with the nature of the research. This mixed method helps in exploring the problems (Patton, 2002).  As per recommendation of Peffers et al., (2007), the use of  qualitative research methods has helped in creating in-depth knowledge about the scalable risk in management approaches in modern project management science.  Hence, with this approach researcher has become capable of exploring issue of risk management approaches and their use in project management. By focusing on qualitative methods, this research has analysed the common project management approaches which are current practiced by project managers. Moreover, using the qualitative methods, limitations of the existing risk management is also explored. At the end, this qualitative method usage allows to recommend widely applicable risk management approaches in project management. Through out this research, researcher wanted to be critically in achieving the research objectives. By this, it means that only description through certain numbers was never seek out. Therefore, the qualitative research methods were adopted and this has allowed to explore the research problem in a critical manner and complete an in-depth analysis for this research issue.

2.2.Data Collection Method

There are two types of procedures with the help of which the collection of data can be done. These two procedures are termed as primary data collection method and secondary data collection method (Marczyk et al, 2005). In this research, the collection of secondary data is done for deriving valid results (Peffers et al, 2007).

Primary data collection is to use the first hand data for the research. this could be collected through surveys, interviews, observation or similar methods (Kothari, 2004). The present research has not relied on the primary research methods. The rationale for not using primary methods is that it is associated with certain limitations which were not possible to overcome in this research study. most importantly, the process of collecting primary data is quite costly and time consuming (Tashakkori and Creswell, 2007). As compared to secondary research, it needs significant amount of time and cost to prepare and carry out the research using the primary data methods (Babbie, 2015). Likewise, the research plan of primary research methods need critical time for development and implementation. Next to this, primary research methods are not always feasible. The research theme is to find an appropriate project risk management method framework aiming at the possible time and cost risks in project management. This research theme was based on three objectives. Firstly, it aimed to determine the common project risk management approaches currently practiced by project managers. secondly, it aimed to determine the limitations of the existing risk management approaches in project management. Finally, it aimed to recommend widely applicable risk management approaches in project management. None of these objectives require the collection of primary data. Therefore, it was not necessary to use the primary data collection methods.

The secondary data collection method is selected because it always results in the saving of time. There was a time when to use the secondary method was also quite time consuming process (Remenyi et al., 1998). Though, in the Internet era, secondary data collection is always known as the time effective manner. It has become quite simple and easy to collect the relevant secondary data through internet using the digitalised methods (Blaikie, 2000). Previously, accessibility of secondary data was only through particular institutions and libraries. But now the accessibility of secondary data is increased and it was possible to find an appropriate project risk management method framework aiming at the possible time and cost risks in project management using the secondary data collection method. Moreover, this a cost effective manner (Denzin and Lincoln, 2003). This research is completed in a limited time period which was provided for this dissertation and it was not a funded project, hence, it was more feasible to use the secondary methods. As Eriksson and Kovalainen (2008) recommended the availability of international comparative and longitudinal studies which have been organised in various countries allow to complete the research using the data collected by these research studies. In this research, the collected secondary data is reanalysed for different purpose which is to find an appropriate project risk management method framework aiming at the possible time and cost risks in project management. This has helped in exploring the new research themes. The data which is collected by other researchers is analysed such that a widelyapplicable framework could be presented.

2.3.Data Collection Process - Search strategy

For this research, secondary data is collected from authentic sources. Only peer reviewed journals and books are used for this research. The keywords of ‘risk management in projects’, ‘project risk management’, ‘risk management in modern projects’, project risk management framework’ and ‘scalable project risk management’ were used for searching the relevant secondary data. the rationale for selecting these keywords is their relevancy with the aim and objectives of this research. This approach helped the researcher to ensure the refined filter for systematic literature review in this research. This allowed the researcher to consider only those sources which are relevant for this study. This also helped to save time and access the relevant sources. It is worth to mention that this research has not used any report or secondary data which is published by unauthentic sources. Online blogs and web blogs were not considered as the secondary data for this research. The rationale for excluding such data sources is that their authenticity is low. Therefore, it could have a negative impact on reliability and validity of findings of this research. Therefore, such data sources not analysed for this research. Moreover, in this research, previous student reports are not considered. Usually, there are plenty of secondary data which is available in form of student reports or projects. As these student projects are not published after review, therefore, their credibility is often low. Hence, these were not considered. However, MPhil and Doctoral level dissertations published by the universities are considered for this research.

Google Scholar is used for searching the peer-reviewed sources. The rationale for using this search engine was that it provides the academic research material only. Instead of blogs and articles of unauthentic authors, it provides relatively authentic research data.  For Google Scholar, time filer was also being used. Using the time duration filer only recent studies are used for this research study. Other than this, the academic database of ebscohost, Science Direct, Emerald and JStore is also used. These data bases allowed to filter research using the checkboxes of ‘peer reviewed’. For the critical analysis of the main content, it was ensured that core research papers are those which could help to achieve the risk management approaches in the modern project. The core papers were those research studies that has explored the risk management in modern projects. As this research is completely based on the literature review for achieving the objectives, so three sections were developed in this chapter. These all three sections are developed considering the three objectives of this research.

2.4.Validity and Reliability

As per the recommendation of Merriam (2002), the researcher has done the validity testing of data collected through secondary sources. The validity of secondary data has been tested by taking the expert opinion of supervisor of this dissertation. Other than this, the consultation of other teachers of department is also taken. The data has been tested that whether or not data is measuring what it is supposed to measure. The validity of articles and books used in the research for data collection is tested in order to know that whether or not information presented in that is consistent with the research issue (Smith, 2008).

Reliability is linked with the data consistency. In secondary research, Saunders et al., (2009) stated that for reliability there should not be any influence of collected data over research quality. Moreover, there should not be solidification of facts through data. As per recommendation of Sekaran and Bougie (2009) and Healy and Perry (2000), the reliability of research is measured by analysing previous studies’ methods. The reliability of research is ensured by assuring that there is a possibility of replicating the research and it can produce similar kind of result as in previous studies.

2.5.Data analysis

As per recommendation of Miles and Huberman (1994), the secondary data collected through articles, books, journals and internet sources has been critically analysed. The researcher did critical analysis of findings of previous researchers related to risk management approaches and project management. This helped the researcher in identifying the importance of various risk management approaches for the purpose of project management. From the analysis of data collected from previous studies, researcher draw valid findings and conclusions. To be more specific about data analysis technique, content and thematic analysis is done for each article which is used for this research. As recommended by Patton (1990), after analysing the content, themes are identified from the research articles. These themes are then critically analysed to fulfil the aim and objectives of this research study.

2.6.Limitations in data collection and data analysis

However, one of the major disadvantages of this method is biasness of researcher. In qualitative research method, there are a lot of chances of bias. It is really difficult to control researcher’s biasness. Due to this problem, the generalizability and reliability of research is low. Different questions can be raised on outcomes generated from research conducted through qualitative research method (Saunders et al., 2007). In this research, this limitation is overcome through ensuring that researcher does not bring the bias while collecting and analysing the data. The researcher adopted the objective approach where there was no room for pre-conceived notions while collecting and analysing the data for the scale risk management in modern projects. 



3.Chapter Three: Project Risk Management Approaches


This chapter of literature review sets sets the foundation of next chapters. It could be said that it introduces the main content of this dissertation. One objective of this research is to determine the project management risk approaches which are currently practiced. Therefore, the aim of this chapter is to introduce the project management risk approaches. It uses the general to specific approach where discussion starts from project management then it subsequently leads to the project risk management approaches.

3.2.Project management

According to Kerzner (2013), from the last five to six decades, project management has emerged as an efficient tool for handling and managing the complex activities. Burke (2013) stated that the project management is considered quite efficient as compared to the traditional models of managing different business activities. For example, it is much more efficient than formal hierarchical structures which were introduced to handle and manage the business activities. Schwalbe (2015) stated that when new projects are introduced, it imposes new demands on the organisations which requires them to introduce various management techniques so that day to day project related work activities could be managed efficiently. Therefore, whenever organisations have to deal with the finite, unfamiliar and unique understandings, it is often recommended by researchers like Leach (2014)and Marchewka (2014) to use the project management techniques for the successful implementation of the project. This results in better and faster decision making as compared to the normal business operations. Moreover, the appropriate and feasible decisions also lead to the success of the company.

According to Turner (2016), the favourable outcome of project management is often associated with the project outcome. However, it has also become clear that project management and project success are not related to each other. The objectives of both project and project management are often confused, hence, project management is often considered to be associated with the project success. Heagney (2012) told that there is a possibility of getting favourable outcomes of a project without project management and vice versa.  There are various examples of the projects which enjoyed success even without the success of project management. For example, in terms of time and budget, few projects were never successfully completed but they were successful project, in actual. The examples include Fulmar North Sea oil project and the Thames Barrier (Chia, 2013). Therefore, before moving to further discussion, it could be concluded that success of the project and project management are two different aspects, therefore, there must not be an existence of any kind of confusion among these two aspects.

After differentiating between project and project management, this section provides various definitions of project management. Binder (2016) stated that it is defined as a comprehensive and systematic process of checking the projects objectives attainment. On the basis of current organisational structure and resources, project management aims to apply various relevant tools and techniques for managing the project without having any adverse affects on the routine operations of the organisation. As per assertion of Reiss (2013), project management includes the definition of work requirement, specifying the scope of the work, resource allocation, planning the implementation, observing the work in progress and adjustments for variances from the plan.

According to Oisen (1971), project management is defined as the useof techniques and tools of the project management such that diverse resources are used for accomplishing distinct, one time and difficult tasks within the prescribed quality, cost and time limitations. Every project needs different techniques and tools for achieving the task.According to Reiss (1993), it is defined as a human activity which has clear objectives for a certain period of time where combination of planning, management and change techniques are implemented. Lock (1994) stated that there are three aspects of the project management and those are planning, coordination, control of diverse and complex activities of the modern projects. According to the definition of Burke (1993) project management is a specialised technique of management which revolves around the planning and controlling the projects considering the single point of responsibility. According to Nokes (2007), project management is a discipline which is related to the initiation, plan, execution, control and end of the project for achieving the specific goals such that set criteria could be achieved. From these definitions, it could be analysed that though project management is defined in different manner by different authors, there are some overlapping aspects which is the criteria of its success. The project success depends on the cost, quality and time and every project management uses these dimensions for measuring the success of project management. Hence, it could be analysed that even traditional project management definition are applicable these days. As it could be analysed from the definition of Oisen (1971), project management’s definition has not revolutionised over decades.

3.3.Situational factors influencing the success of projects

According to Hoang and Rothaermel (2010), there are many factors which have the capability of influencing the success of projects. These factors can be both internal as well as external risk factors. This is the utmost important responsibility of project managers to recognise and prioritise risks which are encountered to the project. The internal factors involve the risks like financial solvency of the company, ability to have advanced and required technological equipment and availability of other resources (Tsai et al., 2011). Likewise, personnel issues like unanticipated termination or sickness of a key team member is also considered as few of the internal factors which can have an impact on the success of the projects. In a similar manner, the infrastructure of an organisation is also linked with the internal risks of the project (Sumner, 2000). In short, it could be analysed that all factors which are inside the organisation are the internal factors which has potential to influence the success of the organisation.

On the other hand, Hoang and Rothaermel (2010) told that there are few external risks which are important for every project and its host organisation. These are those factors which cannot be controlled by the organisation. These situational factors are difficult to predict and control. The examples of such external risks are bankruptcy of the key vendor, wars, crime, economic upheaval, all such factors can have a direct impact of the effectiveness of the project (Wallace, Keil and Rai, 2004).  Even the external factors all involve those factors which are difficult to foresee like situation in a foreign country influencing the project functioning (Tah and Carr, 2000). From this, it can be analysed that every project faces certain external and internal risk factors and these must be managed by the project managers for effective implementation of project management. By adopting various project management approaches, these external and internal risk factors need to be managed. There is a need for such environment which is conducive for risk management as every project faces certain risks which must need to be handled through appropriate risk management approaches.

From this, it can also be analysed that internal risk factors are easier to recognise and manage as compared to the external risks. However, this is also important to recognise the both risks so that

3.4.Risk management in projects

Vareilles et al., (2012) stated that project management has an important aspect which is related to the risk management of the projects. Project Management Institute stated that one of the knowledge areas in which project manager must be expert is the risk management. Risk is basically any uncertain condition or event which has the potential to influence the objectives of the project. According to Sharbatoghlie and Sepehri (2015), risk refers to any factor due to which success of a project can be negatively affected. A risk is about forecasting an activity which might or might not occur. If this occurs, it leads to the loss for the business. In certain situations, it is beneficial for organisations to take the risks, and it is not always possible to avoid risks in this world of cut throat competition (Garel, 2013). Therefore, efforts are always done to mitigate the risk or reduce its impact. Diego, Cédrick and Daniel (2013) stated that even undertaking careful and comprehensive planning and preparation, risks cannot be eliminated in a complete manner. sometimes, it is important for organisations to take risk so that they could compete in the competitive business environment. For progressing, taking risk is essential. The important thing is learning ways of balancing bad consequences with potential advantages and opportunities (Bresnen, 2016). According toAlquier et al., (2000), risk is defined as the probability of occurrence of loss or damage. There are three factors of this probability.

  1. The chance of occurrence of loss or damage
  2. The expected time of occurrence
  3. The magnitude of negative impact which will result from the occurrence or damage or loss

The seriousness of a risk could be figured out through the product of probability of the event and magnitude of the negative impact (Bresnen, 2016). Risk value is equal to probability of occurrence of potential impact.Therefore, when there is a higher chance of occurring a certain risk but it is having the potential low impact, the risk value is not high. Therefore, it is not considered significant risk for the project which must be mitigated. Likewise, when both probability of occurrence and its impact is between medium to high, it is of utmost importance to mitigate such risks. For such risks, it becomes very important to use the formal project management approaches so these could be mitigated in an effective manner (Teller, Kock and Gemünden, 2014).

According to Phillips (2013), risk is defined as the likelihood that a project will not meet its objectives, hence, it will fail. A risk could be due to any single event, action or other component which results in the risk. Teller and Kock (2013) stated that risk management is defined as the policy of an organisation to optimise the risks such that possibility of failure is reduced. This definition of risk management could be improved with the addition of a future date in the definition of the risk. In mathematical form, risk is the probability which is multiplied with the impact considering the future impact and critical dates. With the addition of future data, the risk management approach becomes predictive (Greiman,  2013).

Usually, the understanding of risk is influenced with three aspects. These three aspects refer to the possibility of occurring, what will occur along with the consequences. These are also depicted in the below diagram (GuledDange and Chawan, 2012)

Figure 1: Understanding risk


Source: GuledDange and Chawan (2012)

There are certain types of risks which must be analysed before proceeding to next section. Total risk refers to the the sum of the identified and unidentified risk. The risk which has been determined using the different techniques of analysis is known as the identified risk. For every system, it is important to first identify the risks so that all possible risks within the limitations are known. The unidentified risk is about those risks which are not identified yet. Few of the unidentified risks could be identified in case when mishap or problem occurs. However, there are few risks which could never be identified (Wallace and Keil, 2004). The other type is unacceptable risk and this is the risk which cannot be tolerated with the help of any management activity.  These are part of the identified risk which must be controlled and eliminated. The acceptable risk is another type and it is also the subset of identified risk which could be allowed to persist and it does not need any managerial action for reducing it. Though, it is difficult but a necessary responsibility of managers to identify the acceptable risks. However, the user must be aware of the fact that this risk is encountered (GuledDange and Chawan, 2012). Residual risk is referred to that risk which persists even after the necessary measurement for managing the risks has been undertaken. This is not the acceptable risk, though. This risk is also the summation of unidentified and acceptable risk. This is also the total risk which is passed to the user (Kaplan and Mikes, 2012).

Thamhain (2013) stated that an effective risk management is always supported by the relevant organisational factors and there are clearer roles and responsibilities. Moreover, it also depends on the technical analysis. The process of risk management starts when and opportunity or threat is examined. The example includes the new product launch by the competitors. The risk management does not have a formal definition, therefore, it is often performed using the qualitative or semi-quantitative methods. The possible solutions of the identified threat or opportunity are prioritised (Fewings, 2013).Hancock (2014) stated that risk management also starts with the analysis of alternative solutions As per the alternatives, associated costs and developments, the potential solution is selected. Once the approach for risk management is selected, its time to start using the risk management tools which is based on the general risk management process. According to Haimes (2015), generally, the risk management process involves doing the proper planning for risk management identifying risk; performing the qualitative analysis, involving the stakeholders by communicating the risks; refining the process as per the changing situations and monitoring and controlling the risks. The project risk tolerance is based on type of the project and corporate culture. It is the project type which requires the understanding and matrices for risk tolerance (Marcelino-Sádaba et al., 2014). For example, the risk management for software project might be different than research and development projects. The general risk management process allows to reduce the individual risks of a specific project. It is important to mention that every project might be needing the tailor made risk management technique as all risks could not be managed in a same manner (Unab and Kundi, 2014).

The risk management involves three cycles which are interconnected to each other. These cycles are relevance, design and rigor cycles. This depicts that elaborated risks are encountered. As showed in the below figure, the ‘people, organisation and technology’ are the external resources that interact with the risk cycle. Importantly, it could be analysed that it is not possible to eliminate the risk, it can only be minimised and reduced. Important to mention is that present research study focuses on scalable risk management. Scalable risk management is the solution for managing risk which is adjustable to the size and complexity of the project.

Figure 2: Risk Cycle

Source: GuledDange and Chawan (2012)

3.5.Importance of risk management

According to McNeil, Frey and Embrechts (2015), with the help of risk management strategies, managers become able to identify the strengths, opportunities, weaknesses and threats which are related to the project. The risk management plans for the unexpected events allows to be prepared for those events which might occur in future. Risk management practices allows to ensure the success of the project by planning how the potential risks will be identified and mitigated. The risk management process allows to achieve the project goals in an effective manner through, planning, preparation, results and evaluation steps which are involved in the risk management process. This ultimately allows the firms to meet the strategic objectives of the projects. As per words ofDorfman and Cather (2012),when managers make plans for risk management, this actually contributes in the success of the project as this allows the managers to establish the list of external and internal risks. In this plan, risks are identified along with their possibility of occurrence and consequences. Moreover, the action plans are also proposed at this stage. In the preparation stage, it is ensured that projects are actually running in a smooth manner and plan is communicated to the relevant stakeholders, involving project sponsors and team members. Glendon, Clarke and McKenna (2016) stated that when everyone is aware of the potential risks, all stakeholders respond to the risk if it emerges during the project. As plan is already communicated, hence, stakeholders can also take the mandatory steps for managing the risk. Moreover, when risk management is done in an effective manner, the success is ensured through the reduction of negative risks hence the project could be completed on time. Moreover, with this budget objectives could also be accomplished. Likewise, other targeted objectives could also be achieved through effective risk management process. When there is no risk management for any project or organisation, it results in various problems for the project which might be vulnerable for the success of the project (Lam, 2014). Hopkin (2014) stated that with effective risk management, profits could be maximised while the expenses could be reduced as focus is shifted to those activities only which produces a significance return on investment. The risk management also permits the managers to do the prioritisation of ongoing activities, hence, the best results could be produced. The evaluation of the project is also beneficial for the project management. The evaluation stage allows to analyse the best practices which has resulted in the success of the project. Moreover, the improvement areas could also be identified. These learnt lessons could be used in further projects. In this way, it becomes clearer that importance of risk management cannot be denied for the success of projects and organisations.

According to Reason (2000), risk management increases the chances of the success of the project. When risk management plan is implemented in an effective manner, it helps in avoiding the big disaster. It enhances the revenues of the organisation. Moreover, it results in reduced expenses. The project could be completed within the given time. Lin Moe and Pathranarakul(2006) stated that effective risk management practices provides the competitive edge over the competitors. It improves the accountability and sense of responsibility of all project team members. Kwak and Stoddard (2004) told that many new opportunities could be explored with the effective risk management.

Teller, Kock and Gemünden (2014) studied the importance of risk management in project managing by studying the ways of contribution of project risk management to success of project portfolio. Moreover, the authors aimed to analyse the interaction of formal risk management at the level of project with having linkage with information of risk at portfolio level. The research also identified some contextual factors through which the relationship between risk management and success of project portfolio is affected. It has been found from the research that the aim of project risk management is to reduce the potential of getting failure in a project. For managing the risk in a project, it is suggested by the research that a wider perspective must be adopted as compared to individual project risk. The analysis was done through hierarchical multiple regressions with using 177 project portfolios as a sample and it was found that there is a positive relationship between formal risk management with linkage of risk information and success of a project portfolio. This positive relationship becomes strong at simultaneous risk management at both stages. Moreover, for projects that have dominance of R&D, there is more importance of risk management at the level of project, whereas it is also significant to focus on linking risk information with different dynamics of project portfolio.

3.6.Risk management approaches

According to Tait and Levidow (2010), in the reactive risk management approach, project managers are required to react to the risks as they emerge. For mitigating the risks, planning is done. Additional resources are arranged and basically fire fighting is done in this approach. The failures which has occurred are fixed and resources are investigated and used when the risk strikes. Moreover, crisis management is done in the reactive risk management approach. Here, project is in jeopardy where failure is not required to respond to the applied resources. This approach is often rarely used by the project managers. The reactive risk management approach is based on the accident evaluation and it is also dependent on the audit based findings. The reactive risk management aims to minimise the tendency of similar accidents, which has occurred in past, to occur again in future (Spitzmuller and Van Dyne, 2013). To be specific about the time frame of reactive risk management, it is solely based on past accidental analysis. Reactive risk management have no place for creativity, prediction and problem-solving ability of humans to manage the changes and challenges. It provides no flexibility to be adaptable for external environmental changes (Walecdzik, Manadziuk, and Zadrozny, 2014).

Tait and Levidow (2010) stated that on the other hand, there is proactive risk management in which all relevant risks are identified at the earlier stages. Before the risk occurs, there is proper plan that how it will be managed. Now, there is rapid environmental change which is continuously occurring in the external business environment. Moreover, the competition has also become fierce. Therefore, this proactive risk management approach adopts the future orientation and it is often defined as the adaptive approach which also considers the feedback control which is based on measurement, observation of the current certainty level and it makes appropriate level plan for dealing with the safety with the creative intellectual. From this definition of proactive risk management, it becomes observable that humans who have creative intellectual power has an important role to play in proactive risk management. The aspects of closed loop strategy defines the boundaries of the risks. By this, it means that proactive risk management is considered in safe performance level. This is related to the present research as it also focuses on scalable  risk management where boundaries are defined for the risk that it must be scalable. The proactive risk management is about minimising the tendency of any event to occur in future through the identification of boundaries of activities, where breaching the boundaries could lead to the accident (Spitzmuller, and Van Dyne, 2013). To be specific about the time frame of proactive risk management, it uses the mixed methods where past, present and future is used for predicting the solutions for the expected risks such that risks could be minimised or mitigated. In proactive risk management, there is a room for prediction and creative thinking. It encourages the role of human beings where source of accident is investigated to reduce the risks for future. The proactive risk management is quite adaptive to external dynamic changes (Walecdzik, Manadziuk, and Zadrozny, 2014). The present research is about the proactive risk management approach. It does not focuses on the reactive risk management approaches and framework for further analysis.


In this chapter, project risk management is critically analysed. This chapter reviews the literature related to the basic aspects of the project risk management. It has analysed in this chapter that importance of project management is critical for all organisations. However, there are many internal and external factors that has an influence on the working of the projects. The projects are influenced with internal and external factors which must be considered in an effective manner through risk management. It has been analysed that risk management practices has numerous advantages which can lead to the success of the organisation. The project risk management should be utilised in an effective manner.

It is found that though project management is defined differently, its main ideas and themes match with the traditional concept of project management. In this chapter, it is found that project management revolves around three things which are named cost, quality and time. The analysis has revealed that situational factors could be internal or external to the project and organization. The internal factors involve financial solvency of the company, ability to have advanced and required technological equipment and availability of other resources and personnel and infrastructure related issues.  The examples of external risks are bankruptcy of the key vendor, wars, crime, economic upheaval, etc. From analysis, it was found that though both internal and external risk are important to be managed, however, it is more crucial to look at the external risk factors as they are more riskier for the success of the project.

It is found that to manage the external and internal factors which might have impact on the success of the project, risk management approaches are important for the success of projects. Though, different researchers have defined it in a different manner, but it is found that risk is basically any uncertain condition or event which has the potential to influence the objectives of the project. Risk could be understood through analysing what will occur, its possibility and consequences. Likewise, it is found that risk management is crucial and the success of project and organisation depends on the effectiveness of risk management approaches. In this chapter, it is also found that traditionally reactive risk management approaches were used but now this is the time where proactive approach for managing risk allows to become successful.



4.Chapter Four: Risk Management Frameworks and its Limitations


This chapter discusses whether or not the existing project management approaches are suitable for the modern projects. Firstly, it introduces the commonly used risk management frameworks then it discusses their limitations. As time is passing, the nature of projects is becoming more complex. This research aims to understand what are loopholes, weaknesses or limitations of the existing project management approaches. Therefore, the aim of this chapter is to discussing the limitations of risk management approaches.

4.2.Risk management frameworks

Every project must be based on some risk management framework. For the success of project, it is important to incorporate the risks management framework in the project management process. The risk management must an important part of the project management. The availability of risk management framework further guides the process of doing the project. It provides the guidelines for assisting in the process of analysing the risk elements for a project (Abuswer, Amyotte and Khan, 2013). Glendon, Clarke and McKenna (2016) stated that the risk management framework also allows to categorise the risks which are related to each other and important for certain stakeholders. Risk management framework further provides the opportunity to undertake the formal risk analysis such that risks could be mitigated. Moreover, through a proper framework, key risk factors, outcomes and reactions could be identified. Moreover, appropriate actions plans could also be prepared for mitigating the risks such that resources are utilised in a manner that their payoff is greatest (Kaplan and Mikes, 2012). Further to this, risk management frameworks are ongoing re-assessment processes that provide the opportunity to monitor and review the risk elements in a continuous manner during the project. Every aspect of the organisation is influenced with the risks. Therefore, it is important to understand the risks which are encountered by the organisation and project. This allow it to manage it effectively which results in better decision making. The risk management framework allows to safeguard the assets and improve the ability to provide products and services such that project objectives are accomplished (Nachtigal, 2009). Karadsheh (2010) stated that effective risk management framework is important for the organisational resilience, benefits and confidence. An effective risk management framework helps in rigorous decision making and planning process. further to this, unexpected threats could be managed in a flexible manner. The available opportunities could be exploited easily, if an effective risk management framework is used. This ultimately allows to achieve the competitive advantage. According to Harris and McCaffer (2013), when decisions are based on risk management framework, managers are equipped with necessary tools to anticipate threats and other changes and allocate the resources in an effective manner. the risk management framework is a source of assurance that critical risks are properly managed and it also enable the compliance management and business resilience. Hence, when risk management is based on a certain framework, it becomes easier to manage the risk. This research aims to analyse various risk management framework, therefore, the subsequent sub sections will review the available risk management framework. Indeed, there are hundreds of the frameworks, but this research will only include the famous and most commonly used frameworks.

4.2.1.General Framework of Project Risk Management

The purpose of risk management is to reduce the crisis. This is very usual that unanticipated things can occur while managing the project, therefore, it is important to manage the risk in the most appropriate manner. generally, there are ten steps of the project risk management. These steps could be found in all risk management frameworks, in one way or the other. The below given ten steps were presented by Stanleigh (2010).

  1. The first step is to identify the risks which a project can have during its operations. At this step, list of possible risk sources is to be reviewed. The knowledge and experience of all team members is also analysed. Basically, at this step, it is important to brainstorm all potential risks and missed opportunities if project is not completed as per the plans. Here, it is also important to clear the responsibilities of the individuals who are managing the risk (Aebi, Sabato and Schmid, 2012).
  2. The second step is about communication the risks. Here, it is communicated to all stakeholders that risk management is crucial for the success of the project. Every relevant stakeholder must be aware of the potential risks which might occur during the project (Pritchardand PMP, 2014).
  3. The third step is to consider both opportunities and threats. Indeed, risk are connoted as harmful for projects. it is important to consider that there are also positive risks which could be beneficial for the project. therefore, it must be ensured that there is appropriate consideration given to the opportunities. The identification of opportunities can result in completing the project in a faster manner where project could show better results as per the expectations. Moreover, the available threats of the environment should not be ignored (Hopkin, 2014).
  4. In the forth step, it is important to do the prioritisation of the risks. There are certain risks which has a higher impact and probability than others. Therefore, it is of utmost importance to spend time and efforts on such risks. Using the evaluation instrument or mechanism, risks should be categorised and prioritised (Glendon, Clarke and McKenna, 2016). Likewise, there is possibility that there are so many risks that the number of risks exceed the time capacity of the project team, hence, contingencies could not be developed for all risks.  In this situation, it is important to manage those risks which has high impact and a high probability of occurrence. For this, prioritisation is mandatory (Cole et al., 2013).
  5. In the fifth step, risk assessment is being done. Instead of looking for the solutions of the problem, it is crucial to find out the root causes of the identified risks. Moreover, there should be efforts which must be directed towards understanding the risk that what effect a particular risk could have on the project. In short, both cause and impact of the risk should be assessed. The gathered information should set the foundation for optimising the risks (Hull,  2012).
  6. Once risks are assessed, the next step is related with the development of risk response plan for the project. It must be planned that how likelihood of each risk could be reduced, how to manage each risk, and how available opportunities could be exploited (Dorfman and Cather, 2012).
  7. The seventh step is about developing the preventative measure tasks for each risk which is identified. The appropriate measures should be taken that prevent a risk so it is ensured that this risk will not occur. If it is not possible to prevent its occurrence, then efforts should be done to reduce the likelihood of its occurrence. For doing so, tasks should be planned which could help to reduce and eliminate the likelihood of the risk (Bessis and O'Kelly, 2015).
  8. At the eight step, contingency plan for each risk needs to be prepared. This contingency plan will help to manage the risk if it occurs. So as soon the risk will occur, the contingency plan will be turned into the action, so the crisis situation will be avoided through proper risk management (Islam, Mouratidis and Weippl, 2014).
  9. At the ninth step, it is recommended to register the project risks. This will prove helpful in viewing the progress and ensuring that any risk is forgotten. This will also help in ensuring a smooth communication between project team members. With the recording of project risks and responses which are implemented, a track record is developed which could not be denied and will prove helpful in future (Chance and Brooks, 2015).
  10. At the tenth step, it is important to tack the risks and associated tasks such that these are integrated into the day to day tasks of the project team and managers. the risk tasks could be about identification and analysis of risks along with its implementation. The integration of these tasks into daily routine activity will help to manage the risk in a continuous manner (Christoffersen, 2012).

4.2.2.The ProRisk Management Framework

This risk management framework is provided by GuledDange and Chawan (2012). It focuses on business and operational domain of the project. The business domain is considered important because it helps in identifying the opportunity in the economic environment in which the project is working. It also proves helpful to analyse the exposure to external risk factor. The business domain is also helpful for estimating the experience and knowledge for the project along with confidence level that the project could be a success. On the basis of these two factors, formal model of risk could be described (De Wet and Visser, 2013).

In the operational domain, there is formal modelling of the risks. In this domain, the risk values are measured as per the organisational views and policies. The detailed assessment of the risk factors is also completed. moreover, the action plan is described to reduce the key risk values. This plan is ultimately implemented and reassessment of risk factors is done. Lastly, these steps are wrapped up and continuous cyclic process is applied on the project (Roy, Dasgupta and Chaki, 2016). The below figure is demonstrating the Pro-risk management framework.

Figure 3: Pro-risk management framework

Source: GuledDange and Chawan (2012)

4.2.3.ISO 31000 risk management framework

ISO 31000 provides the implementation framework which involves mandatory steps which must be taken for managing the risk for any project in an organisation. This framework dictates the certain steps which needs to be followed. Firstly, there is ‘mandate and commitment’ by the Board which is followed by design of framework, implement risk management, monitor and review framework and improve framework (Schwalbe, 2015).  This framework provided by ISO is basically helping tool for the implementation of risk management instead of just supporting tool. This framework provides the flexibility to every organisation to design its own risk management approach using the risk architecture, protocol and strategy of the organisation. This framework also focuses on roles and responsibilities of the stakeholders for facilitating the risk management process. The risk strategy defines the objectives of the whole process of managing risk. The risk protocol focuses on the procedures which has to be adopted to accomplish the objectives of the risk management process (Choo and Goh, 2015).

Figure 4: Risk Management Framework ISO 31000

Source: AIRMIC and IRM (2010)

ISO 30001 has provided a process which is to be followed for risk management. It starts with establishing the context and moves to risk assessment.Risk assessment considers the risk identification, risk analysis and risk evaluation. In the risk identification stage, risk and uncertainty which is exposed to an organisation is identified. This involves the knowledge about all of the aspects of the organisation and project. The legal, political, social and cultural environment in which it operates is also considered. At this stage, knowledge about the objectives is also mandatory. All those factors which are critical for the success of an organisation must be considered at this stage (Matthews, 2013). Then on the basis of the risk analysis, a risk profile is generated in which every risk is given a certain rating as per its significance level. This risk profile becomes a tool for prioritisation of risk efforts. Through this, relative importance of every risk is identified. Through this risk analysis, all risks are mapped out such that all business areas which are affected with the risks become known to the managers (Choo and Goh, 2015). In short, through analysis activity, the operations of the organisations are effectively and efficiently assisted such that those risks could be identified that needs the attention of management. Once the risk is analysed, the risk management practices has to be embedded through out the project management team. After this, the risk treatment has to be decided. The available risk response treatments are tolerate, treat, transfer and terminate (Qazi, Quigley and Dickson, 2015).

Risk treatment is basically about the selection and implementation of appropriate control measures which are intended to modify the risk. The major element in risk treatment is of risk control which deals with the risk mitigation. Further to this, risk treatment also involves the activities of risk avoidance, risk financing and risk transfer. It is important for all risk treatment to provide the effective mechanism for controlling the risks. The effectiveness could be judged through the extent to which the risks are minimised and reduced with the control measures proposed in the risk treatment stage (Dallas and Director, 2013). The effectiveness related to cost is evaluated through the analysis of cost and benefit associated with the risk reduction process. Though, compliance is not an option and it must be applied by all project managers to ensure that control system is promoting the compliance with the relevant laws and regulation. The risk protection can also be obtained through risk financing, example includes insurance (Kerzner, 2013). However, few costs involve no financing opportunity like damage to employee morale. As per this risk management framework, feedback is considered a two way mechanism where performance is monitored through consultation and communication. Through the function of monitoring and review, it is ensured that risk performance is monitored and lessons are learned from the experience. In the risk management process presented by ISO 31000, the importance of communication is high (Schwalbe, 2015).

The below figure represents the risk management process which is provided by ISO 31000.

Figure 5: Risk Management Process

Source: AIRMIC and IRM (2010)

4.2.4.NIST Risk Management Framework

This framework is presented by Roger L. Caslow who is basically the head of the Risk and Information Assurance Program Division. There are six step which needs to be followed by the project managers for managing the risk related to information security. This model is basically presented for federal government and its contractors, however, it is widely used by the other project managers as well (Gordon, Loeb and Sohail, 2003).




Figure 6: NIST Risk Management Framework

Source: Zhang, Wuwong, Li and Zhang (2010)

4.2.5.IT Risk Management Framework

At the heart of this risk management framework, there is place for business objectives which shows that everything related to risk management should be aligned with the business objectives. Further to this, there must be continuous communication process during all three phases i.e. risk evaluation, risk response and risk governance (Matthews, 2013). The below figure represents the IT risk management framework.




Figure 7: IT Risk Management Framework

Source: Westerman  and Hunter (2007)

As showed in the figure, this risk management framework revolve around risk evaluation, risk governance and risk response. In the risk evaluation phase, it is ensured that risks which are related to the IT project are identified and analysed and a risk profile is developed. In the risk evaluation stage, risk scenarios are developed where it is also analysed that how each identified risk will have an impact on business (Xanthopoulos, Vlachos and Iakovou, 2012).  In the risk response phase, it is ensured that identified risks are managed as per the business objective where it is also made sure that process of mitigating the risks remain the cost effective. At this stage, key risk indicators are analysed and risk response is specified as per the prioritisation of the risk (Glendon, Clarke, McKenna, 2016). Further to this, there is the risk governance phase where it is ensured that risk management is integrated into the organisation and optimal risk adjusted results could be achieved. In the risk governance phase, the responsibility and accountability for risk is shared throughout the project team and organisation. The risk appetite and tolerance is created in all team members. The process of risk management is facilitated with the awareness and communication whereas such culture is established where everyone is ready to accept and manage the risk such that optimal risk adjust results could be accomplished (Abuswer, Amyotte and Khan, 2013).

4.3.Limitations of risk management approaches in projects

According to Guled, Dange and Chawan (2012), project risk management is an undeveloped discipline and it is not the same as it is used for managing the financial or operational risk. This is due to the factors like there is high risk aversion which individual project managers have. Moreover, understanding of risk for social activities is quite less. Risk management of project is confusing due to lack of sophisticated mechanism as fields of finance, accounts and engineering have (Glendon, Clarke and McKenna, 2016). The nature of risk management in operations and finance are quite similar hence the concepts could be used interchangeable. If risk is not managed, it either results in personnel or monetary impacts. However, the nature of project risk management is quite diverse (McNeil, Frey and Embrechts, 2015). It could be analysed that if the risks are not managed properly, it can result in impacts on capabilities, schedule, monetary and quality related objectives of the project.

In the current chapter, various traditional and contemporary risk management frameworks are analysed. The purpose of this analysis was to see how projects are managed using certain frameworks. However, as this field of project risk management is underdeveloped, there are various limitations of the risk management approaches, models and frameworks, which should not be neglected. The subsequent lines shed light on the limitation which are encountered by the discussed models. According to Ward et al., (2015),all of the risk management approaches are based on some risk prioritisation process. This process of prioritising risks is quite complex and it often shifts the focus and attention of project managers from the actual project towards managing the risks associated with the certain project. The risk management process could be completed effectively on those cases when all other tasks are suspended. Another limitation is that these models and frameworks do not allow the manager to differentiate between risk and uncertainty. It is analysed that as explained in the previous chapter, risk is something which can be measured by impact × probability, however, uncertainty cannot be measured. There are higher chances that managers often get confused between risk and uncertainty and they keep on wasting their time on managing the uncertain events. This is of great importance to assess and prioritise the risks in a timely manner and this also has to be ensured that only that much time is given to risk management that actual project is not adversely affected with the risk assessment and prioritisation process (Sadgrove, 2016). This is due to the fact that when too much time is spent on assessing and managing risks, the resources are diverted to those areas of the project which are not the most profitable ones. For example, risk might occur but for some cases it would be appropriate to retain the risk if cost of risk reduction is way too much high that benefits of the risk reduction. Further to this, all approaches of the risk management are not based on the quantifiable risk management process and this results in increased subjectivity and decreased consistency during the risk management process (Pritchard and PMP, 2014). Further to this, Mechler (2016) has identified another limitation that the only justification provided as the core rationale for risk management is bureaucratic and legal.

Haimes (2015) has also analysed the limitations of the current risk management frameworks. The have stated that risk management has relied on risk maps, risk ranking and prioritisation which means that the process of risk management is quite subjective. In these risk management frameworks, managers has to assess the impact of future events and their likelihood of occurrence in a subjective manner.  most of the times, these frameworks are used for getting an overall picture of the risks that provides a direction for managing the risks in a simple, understandable and systematic manner. through this subjective process, a rough profile of risks is generated (Doorn, 2014).

It could be analysed that all of the above mentioned risk management frameworks has relied on few components i.e. objectives drawn from business strategy providing a context for the risk assessment process, a common risk language for understanding the risk and pre-determined criteria for doing the risk assessment. Though, everyone agrees that this risk management is quite importance, it is very common that the risk assessment provides the solution to managers that what they need to do next. Indeed, it only provides the list of risks which are faced by the project or organisation while it leave the decision makers in a blank position where there is little insight for managers that how to manage the identified list of risks (Kern et al., 2012).

McManus (2012) has provided reasons for these problems in the risk management frameworks. There exists individual bias in the process of risk assessment. The risk assessment process also provides a room for ‘group think’, hence there are fewer chances to promote the out of the box thinking using these risk management approaches. Though there exists quantitative scales which has qualitative descriptions for quantifying the severity and likelihood of the risk factors, there are chances that every project manager understands and uses them in a different manner. Further to this, Lavastre, Gunasekaran and Spalanzani (2012) mentioned that the unknowledgeable participants are more likely to skew the results where they are on the middle of the road of all the available scales, which shows the inability of such participants to assess the risks using the risk management frameworks. Moreover, according to Colicchia and Strozzi (2012), in quantitative analysis of various risks, risk maps are created using the average of widely dispersed views, hence, there are higher chances that a true consensus is not showed by the participating evaluators. Many of the risk management frameworks are emphasising on the linear process which is also the point-in-time assessment that is unable to address the special and unique characteristics of the risks which are encountered by the organisation or its projects (McNeil, Frey and Embrechts, 2015). When project managers rely on any of the risk management framework for evaluating the risks that have different characteristics and time horizon aspects, it become easier to execute the process but to be neutral this is not robust enough to continuously add the value over a period of time and it may also ignore the interplay between related risks and the most important problem of limited information is never alleviated with the reliance of any of the above mentioned risk management framework (Glendon, Clarke and McKenna, 2016). Every risk management framework and process assigns different risks to the appropriate owners for taking the next logical step for solving the problem. The limitation is that even if the risk is assigned to certain owner, there is uncertainty at the end of the individuals then what step they have to take for reducing the risk. When they do not know anything to do, this leads to the frustration which is a result of integrating the risk management process with core project management processes (Edwards and Bowen, 2013).

Further to this, according to Sadgrove (2016), these risk management frameworks have reliance on the subjective assessments which are based on the past experiences. This is a dangerous limitation or shortcoming of the whole risk management process. This is because of the fact that past is a poor predictor of future, therefore, this is not always feasible to rely on past for reliable future. For example, many risks which occurred due to the global financial crisis has taught us one lesion, which states that it is more important to focus on what we don’t know than we do know. The risk assessment process becomes less effective when there is overconfidence of the simplified view of the future. This overconfidence is the result of the degree of success that is previously experienced by the managers. Moreover, the overconfidence over future is also because of quality and coherence of the story which is told by project management regarding the future risks, which often ignores the business reality (Mechler, 2016).

In a similar manner, Glendon, Clarke and McKenna (2016) told that this is not know that what can be done for the exposures to the extreme events. All risk management frameworks suggest that there is a need for deemphasising the ‘high impact and low likelihood’ risks as such risks has lower probabilities of occurring. This in turn provides the false sense  of security which arises due to the lack of historical precedence. So whenever these risks will occur, the results are quite dangerous for the whole project and these are the risks which actually need attention because when they occur unexpectedly and organisation has no preparations, it causes great trouble for project managers (Christoffersen, 2012). Therefore, this shortcoming of the risk management frameworks should be managed well where it is important to gauge the impact of such events and be prepare for such risks. The velocity and speed of impact of such high impact risks should be gauged and organisational readiness needs to be ensured. Therefore, it could be said that traditional risk assessment approaches might be effective for the purpose of awareness creation and obtaining a quick overview of risk (Pérez?González and Yun, 2013). However, when an organisation is moving towards the higher stages, the importance of traditional risk management starts to fade away. This is the time where there is a need for sophisticated risk management frameworks which could provide better insights into the management needs (Hi et al., 2012). It could be analysed from this that there are shortcomings for all risk management frameworks and these must be recognised. Every organisation needs to explore if very little is happening as a result of the risk management process of the organisation. This shows that alternative approaches need to be adopted.


In this chapter, one of the objectives of this research is accomplished. This chapter has reviewed various risk management frameworks and it has discussed the limitations of the available risk management frameworks. It is analysed that more or less all risk management frameworks has similar elements. Though, all of these frameworks are important for the success of the project. It cannot be ignored that there is a need for considering the limitations of these frameworks.

It is found that it is important for every project to rely on some risk management framework. The importance of the risk management framework could not be denied as it guides the project managers at every step of the project management with the intention to minimise the risk. This is analysed and found that every risk management framework is based on certain steps which lead towards the risk management. However, there are few which are complex while few are simple. There are few which are suitable for large projects while others are more feasible for smaller ones. Further to this, the current risk management approaches are having limitations which must need to be catered by contemporary risk management frameworks.




5.Chapter Five: Integrated project risk management framework


One objective of this research is to recommend widelyapplicable risk management approaches. To accomplish this objective, the chapter analyses the changing nature of modern projects. It analyses how project risk management practices are changing. Then, it specifically analyses the risk management in modern projects. The modern risk management practices are reviewed by analysing the research studies which has explored this research issue in modern sector where cases of innovative, software and, green construction and energy based projects are analysed.Further to this, comparison between traditional and modern risk management approaches is also conducted in this chapter. After doing the analysis, widely applicable risk management framework is recommended.

5.2.Changing nature of modern projects

Myrelid and Olhager (2015) stated that though, project management is a dynamic discipline and it could effectively deal with the changing nature of the projects. However, as time is passing, the complexity of the environment has increased. The business environment has become quite complex as per the terminologies of the sociologist, society has reached its ‘take-off’ stage. The complex business environment is depicting certain characteristics. First one is the open system. Now, society has become a complex web of interacting open systems which are quite instable (Harris and McCaffer, 2013). Business environment is constantly changing where interrelationship and interconnection of various networks exist. Secondly, the chaos of the business environment has increased. This has resulted in increased uncertainties for the modern projects (Highsmith, 2013).  Therefore, it is often believed that traditional management approach of planning and control could not be considered appropriate for managing the complex projects of this contemporary environment. Thirdly, this is the era of self-organisation where autocatalytic processes are leading towards self steering units of the organisations. The factors like teamwork, synergy and flexibility is promoting the self-organisation (Martinsuo, 2013). Fourthly, the current environment is characterised with the interdependence which has make it difficult to use the traditional management approaches for managing the projects in a complex environments. These four characteristics of the current business environments are demonstrating that complexity which is a result of rapid technological, economical, social and global change is irreversible (Bryde, Broquetas and Volm, 2013). This complexity of society has implications for many disciplines including social sciences, arts, management and project management.  Marle, Vidal and Bocquet (2013) stated that it has changed the worldview for sciences. Therefore, this research specifically focuses on the complex nature of the modern projects. On the basis of this discussion, next discussion will explore the project management approaches for the modern projects which are working under the sphere of this complex environment.

5.3.Risk management in Modern Projects

As innovation based projects are quite famous in modern world, Bowers and Khorakian (2014) conducted a study on risk management in the innovation project. While innovation has many similarities to other forms of projects it is characterised by a high failure rate and the need to stimulate creativity. More explicit risk management could help in achieving success in innovation projects. However, too much or inappropriate risk management might stifle the creativity that is core to innovation (Kerzner, 2013). So, what project risk management should be applied and where in the innovation project? The decision points of the stage-gate innovation process model provide an effective interface for incorporating project risk concepts. The general concepts appear most relevant to innovation management though it is useful to customise them to emphasise the particular characteristics of innovation projects. The experience of using the resultant combined model in a number of diverse case studies indicates the relevance of the model in understanding attitudes towards risk management in innovation. The analysis of the case study companies which are doing innovation based projects ha suggested that risk management needs to be applied in differential manner: simple, unobtrusive techniques early in the innovation life cycle with more substantial, quantitative methods being considered for later stages (Kendrick, 2015). Hence, from this it could be analysed that now there is a need for more simple risk management model and this is the need of today’s environment which is characterised with the innovations. Further to this, as per the recommendation ofDallas and Director (2013), the risk management model must ensure to have the right balance of sophistication and simplicity. Therefore, it would be ensured that all technical aspects of the risk management framework are added into a simplified but comprehensive risk management framework.

Hwang and Ng (2013) conducted project management research on green construction industry which is one of the modern industries. This study aimed to identify challenges faced by project managers who execute green construction projects and to determine the critical knowledge areas and skills that are necessary to respond to such challenges. Through literature review, surveys and interviews with project managers, this study will help establish a knowledge base for project managers to be competitive and to effectively execute sustainable projects. It was found that global concerns over climate change and sustainability have spurred the need for green buildings in the construction industry. In Singapore, all new buildings and major building renovations should achieve the minimum Green Mark standard, as mandated by legislation in 2008 (Nachtigal, 2009). Since project managers play an important role in the success of construction projects, it is therefore essential to identify the critical knowledge and skills that a project manager needs to effectively execute a green construction project (Harris and McCaffer, 2013). Furthermore, the comparison of the knowledge areas and skills between traditional and green construction projects revealed that there are specific knowledge areas that should be strengthened in order to effectively manage green construction projects. This may be because more emphasis is placed on specific aspects of green building construction projects (Hillson and Simon, 2012). From this, it could be analysed that as per the needs of the modern projects, the aspect of training should be added in the risk management process to ensure that sufficient and required knowledge and skills are possessed by the managers of the projects which are working for the modern projects.

Alhawari et al., (2012) conducted a study to explore the field of Risk Management (RM) in relation with Knowledge Management (KM). Moreover, their focus was on the informational technology projects which are considered quite common in modern world. It attempts to present a conceptual framework, called Knowledge-Based Risk Management (KBRM) that employs KM processes to improve its effectiveness and increase the probability of success in innovative Information Technology (IT) projects. It addresses initiatives towards employing KM processes in RM processes by reviewing, interpreting the related and relevant literature and sheds light on integration with RM in the IT project. The paper exposes some pertinent elements needed for building the KBRM framework for IT projects and also suggests some instrument about the integration of KM and RM process to improve the RRP (Risk Response Planning) process efficiency.The analysis of case studies of projects which are based on information technology, it has become clear that there is a need for integration of knowledge management practices with the risk management practices (Alhawari et al., 2012). Now, the nature of projects is quite different than that of the traditional projects. The analysis has revealed that knowledge management frameworks must introduce the integration of knowledge management process. This is only with the help of knowledge management practices that the knowledge workers who are working on the knowledge based IT projects could manage the risk along with managing the knowledge.

In another research conducted by Peixoto et al., (2014), the case study of electric energy project management was considered where authors presented the developed risk management methodology and the main risk management results of a pilot project in a Portuguese electric energy organisation – EDP Distribution. Most of the project risks identified have external and technical sources, and most of the risks are rated as medium and high level. In the future, it is expected that this methodology can be used for similar projects and that a gradual standardisation on the use of the risk management methodology can be achieved in the organisation. The study of Peixoto et al., (2014) found that during the implementation of the risk management methodology twenty-one risks were identified: twenty threats, five of them secondary risks; and one opportunity. After the risks identification, the risk breakdown structure was developed, providing the project management team the sense of what types of risks can occur in the project. It was found that the major part of the identified risks had external or technical sources. From this, it is reasonable to analyse that the project risk management must has the component of technical risks which are particular to the project.  This indicated to the project management team the area of intervention that needs more attention (Birkmann et al., 2013). Therefore, along with the internal and external risks, technical risks specific to the project should also be identified. The technical source was an expected result, since this project implies a large use of new technical components, namely related to the automation equipment and the software platforms needed to manage and control the smart grid functionalities. Now days, more of the projects are based on automation equipment and software, hence, the need for technical area is important (Schwalbe, 2015). Therefore, technical risk must also be added in the risk identification process. The qualitative analysis rated most of the risks as having a medium and high impact on the project, indicating that almost every identified risk may jeopardise the project success. Consequently, risk monitoring and control needs more care and attention concerning the risk development and requires close supervising.

5.4.Comparison of traditional and modern risk management

There are certain limitations of traditional risk management approaches which make it less appealing for project managers to rely on them. the traditional risk management approaches do no allow to sufficiently identify, evaluate and manage risk (Drennan and McConnell, 2007). There is higher fragmentation level in the traditional risk management where risks are treaded as compartmentalised or disparate elements. These approaches have limited focus for uncertainties around physical and financial risks. Their main focus is on loss prevention instead of value addition. The traditional risk management approaches are unable to provide a holistic frameworks which raises the demand for redefinition of risk management value proposition in changing business environment (Fone and Young, 2005). On the other hand, modern risk management frameworks focuses on the future events where efforts are dedicated towards both opportunities and threats that exist in the external environment. The modern risk management approaches are quite proactive while traditional risk management approaches are reactive. The proactive and reactive risk management is already explained in the third chapter of this dissertation. The modern risk management is process driven and value based where project managers manage the risk in a continuous manner such that value addition could be ensured.

Therefore, in the modern time there is a need to manage the risks in a proactive manner. Therefore, the presented integrated framework is also be based on proactive risk management where there is a focus on monitoring of risk in a continuous manner such that the external environment is translated into the strategic objectives and risk management is also based on the strategic objectives of the organisation (Hopkin, 2002). The comparison of traditional and modern risk management approach also reveals that latter has permanent measurement of the severity and evolution of risks that are faced to the projects. Moreover, modern risk management practices are aligned with the strategic objectives of the organisation. This is something which is missing in the traditional risk management approaches (Van Staveren, 2009). In the traditional risk management, risk is considered as something which is not an important part while modern risk management approaches has successfully considered it as the integral part of the organisation. That is the foremost reason that the success is ensured through modern and sophisticated risk management practices. This integral approach reduces the probability of failure and helps in achieving the overall objectives of the organisation (ALARM, 2009). In traditional risk management, risk particular to specific units is considered and handled. The examples od units involve informational security, property protection and health and safety. In the traditional risk management, there is little room for information sharing (Drennan and McConnell, 2007).

Traditional risk management has focus only on the pure risks while modern risk management approaches consider all types of risks which are possible. The former is the defensive approach while other is proactive where all types of risks are managed to improve the organisational performance. According to Deloach (2000), modern risk management approach is a structured approach where there is an alignment among strategy, process, people, knowledge and technology such that threats and opportunities are assessed and managed to create value for the organisation. As per views of Padovani and Tugnoli (2005), traditional risk approaches were discontinuous, reactive, fragmented, focused on threats, functional and based on costs. On the other hand, modern risk management frameworks are continuous, logical, proactive, integrative and focused on both threats and opportunities. The framework which is presented in the next section is also based on the modern risk management practices therefore that is also logical, continuous, proactive and focused on both threats and opportunities. There is better alignment of strategy and risk management in modern risk management approaches. As per the need of modern projects, this alignment with the strategy is also ensured in the presented integrated risk management. In modern risk management approaches, it is important to ensure that the process of managing risk is repeated and formal such that threats and opportunities could be anticipated. The process of communication is very important in modern projects, therefore, this is also the need of ensuring the continuous communication in modern risk management (Power, 2007). This is also incorporated in the integrated risk management framework which is presented in the next section. Below tables also highlights the differences in traditional and modern risk management approaches.




Table 2: Key Dimensions identifying the differences in traditional and modern risk management practices

Text Box: Traditional Risk ManagementText Box: Modern Risk ManagementText Box: Key Dimensions

Source: Padovani and Tugnoli (2005)

Table 3: Differences between traditional and modern risk management

Text Box: Modern Risk Management Text Box: Traditional Risk Management

Source: De Loach (2000)

From the above two tables, major differences in traditional and modern risk management approaches could be identified. Now, when time has changed and nature of projects has become complex, there is no room for the traditional risk management approaches. Therefore, the modern risk management approaches are widely applicable, only. The framework which is presented in the next section is also based on the modern risk management features.

5.5.Integrated risk management framework

Though there are various risk management frameworks, it has been analysed in the previous chapter. From the comparison of these frameworks, it could be analysed that more or less they all are having the similar aspects. Few are of them are more comprehensive while others are more precise. Below is presented an integrated risk management framework that has combined various elements from the previous risk management frameworks. It is basically expansion of the framework which is presented by Choo and Goh (2015). This framework has its foundation of ISO 31000 framework, however further modifications are being done. The model is presented in the below figure and it is expansion of framework presented in study of Choo and Goh (2015). It is important to highlight that this framework is based on characteristics of modern risk management approaches. There is a clear linkage which is ensured between risk management and strategy. The focus is not only on threats but both threats and opportunities need to be considered which exist in the external environment. The assessment of risk is done in a repeated manner where proactivity is to be showed at all stages. The centralised risk management system is implemented. There is a need for clear and complete reports for consolidation of all risks which are encountered to the projects and organisations. The vertical coordination among top, middle and front level management is to be ensured. There exist clear responsibility for all the risks through a proper accountability system.  The next figure presents the integrated framework which is applicable to all modern projects. The presented risk management framework addresses the scalable risk management. Scalable risk management is risk management process which can be modified as per the size and complexity of the project. It cannot be said that the presented framework is for some specific size project, rather it has wider applicability and it can be modified as per size and complexity of the project.


Figure 8: Integrated Framework of Risk Management

Text Box: Organisational culture                                                                              

Text Box: Knowledge Management Text Box: Knowledge Management Image result for risk management framework



According to this model, external environment plays the crucial role in the risk management process. Basically, all risks occurs from either the external or internal environment, therefore, it is not reasonable to ignore the external context in the risk management framework. Therefore, it starts with the external environment which will decide the strategic direction of this framework. Similar is also recommended by Nachtigal (2009). Considering the business aim and objectives along with the external environment, risk management objectives has to be constructed. From here, context has to be established. As per the above discussion, it could be seen that there is a need to consider both technical and external sources of risks. Therefore, here it is recommended to add on the technical aspect as well (Glendon, Clarke and McKenna, 2016). From here, the framework moves towards risk assessment process which will has stages of risk identification, risk assessment and risk evaluation. Then, it is recommended to move to treat risks where it has to be decided what has to be done e.g. risk transfer, risk reduction, risk avoidance, risk mitigation. Moreover, the nature of modern projects is quite complex, therefore, it is recommended to have the management information systems where risk registers, treatment plans, reporting templates and assurance plans has to be developed. moreover, the process of risk management is guided by commitment and mandate where policy statements, standards, guidelines, risk management plan and assurance plans has to be prepared (Kaplan and Mikes, 2012). Moreover, there is an important role to be played by the communication and training. No risk management process could become successful without having the proper communication. This should be started with the stakeholder analysis through which it has to be decided that which stakeholder needs to be communicated with what aspects of the risk management. Moreover, training is crucial, therefore, training need analysis has to be conducted. According to the needs, continuous training should be provided to involved managers and employees to ensure that they possess the necessary skills and knowledge for managing the project risks (Hopkin, 2014). Further to this, the importance of structure and accountability could not be denied. there must exist the supporting and facilitating structure for managing the risk. The board, chief executive officer, audit risk committee, risk management committee, managers, operational managers and risk and control owners should be guided with their role for managing the risks. With the responsibilities, the accountabilities should also be shared. The risk management process should be continuously reviewed and improved. With the help of control assurance, risk management plan progress, risk management maturity evaluation, benchmarking, risk management key performance indicators and government reporting, the process of reviewing and improving could be executed (Kunreuther et al., 2013). As previously mentioned the nature of projects is changing. The projects are become more knowledge, innovation and technical skills oriented, which shows that there is increase in knowledge workers in the projects (Karadsheh, 2010). As Karadsheh, Alhawari and Talet (2012) also told instead of traditional construction based projects, where there is less involvement of knowledge workers, now most of the projects have reliance on knowledge workers. Therefore, the aspect of knowledge management must also be integrated with the risk management process. Further to this, nothing could be done effectively without having the facilitating culture. Therefore, efforts must be dedicated towards developing such culture where risk management is integrated in  the daily work  of employees.


The purpose of this chapter was to present the integrated risk management framework. As time is passing, the nature of projects is changing. The modern project management field has become much different than traditional project management. Therefore, this chapter has presented a framework which is quite compressive and simple that it could be implemented on the modern projects in an effective manner.

It is found that now, the nature of projects is quite different than that of the traditional projects. That time has gone where the projects could rely on traditional reactive project management approaches. There is a need for such framework which has wider applicability. As modern projects are of different nature, there needs are also different. With the analysis, it was found that knowledge management, innovation and continuous training requirement are the characteristics of the modern project. Therefore, the presented framework has added these elements in the framework. Further to this, in the integrated framework, there is a clear link which is showed between external environmental factors and strategic objectives. Moreover, the organizational culture is also considered as an important factor in this framework. This framework is for scalable risk management, hence it has wider applicability.




6.Chapter Six: Conclusion and Recommendations

Objective: To determine the common project risk management approaches which are currently practiced

Findings: It is concluded that project management is quite important for the success of the projects. though, it is part of management tools, but its few aspects are quite different from other traditional models of management. For managing projects, there are certain techniques which are adopted by the managers which helps them to deal with unfamiliar and unique context.  The analysis has lead to the conclusion that there are many benefits of project management and success of projects. From the analysis conducted in this research, it is also concluded that project management and project success are not similar. The project success is different from project management success. The examples discussed also depict that project and project management are different from each other. The analysis has revealed that there are various definitions of project management. From various definition, it is analysed that there are many definitions, but what is common in all definitions is that cost, quality and time aspects are prevalent in all these definitions. It is also concluded that though various definitions could be found in the literature, the basic theme and idea of project management definitions revolves around managing cost, time and quality of the project.

Objective: To examine various risks and situational factors that influence the success of the projects

Findings:Further to this, in this research it is analysed that there are few situational factors which has influence on this project management. The situational factors involve both external and internal factors. It is concluded that all the internal factors which are internal to the organisation and project are referred as the internal factors which can influence the success of the project. In a similar manner, the analysis revealed that factors which are external to the project and organisation are known as the external factors which has potential to influence the success of the project. It is due to these external and internal factors that every project faces certain risks. These risks are basic element of the present research. This research has particularly focused on the project risk management. From this research analysis, it could be concluded that risk management is an important element of all projects. Therefore, risk management should be considered as an important factor of all projects. It is concluded that risk refers to any uncertain condition or event which can interfere the successful completing of the project. The risk has potential to influence the profitability of the projects and most often risk causes loss for the project and overall business. From the analysis, it is concluded that it is of utmost importance to manage the risk by mitigating, minimising, controlling or avoiding it. This research has concluded that there are three factors of risk which are most importantly related with risk. These three factors are named as the chance of occurrence of loss or damage, the expected time of occurrence and the magnitude of negative impact which will result from the occurrence or damage or loss. The seriousness of risk could be found out by multiplying probability of the occurrence of event and magnitude of impact. In short, risk could be understood by its possibility, what will occur and consequences. Moreover, the present research has reviewed various types of risks. It is concluded that most common types of risks are total risk, unidentified risks, unacceptable risks, acceptable risk, residual risk.

From this research, it is also concluded that there are three risk cycles i.e. relevance, design and rigor which shows the interconnection between external organisational factors, people, organisation and technology. After analysing the risk cycles, it is concluded that it is not possible to eliminate the risk in a complete manner, risks can only be managed by reducing or minimising it. In this research, secondary research analysis has also helped the researcher to conclude that there are many advantages and benefits of risk management. This allows to investigate the strengths, opportunities, weaknesses and threats of the project. Hence, risk management enables the project managers to plan for those events which are unexpected. The success of project is ensured through project risk management. The project goals could be achieved through the project risk management. By incorporating the management of both external and internal risks, project success is ensured. The smooth running and functioning of the project is ensured through project risk management. It is concluded that all stakeholders of the project could be satisfied using the project risk management approaches. With the help of risk management, the profits related to projects could be maximised while losses and expenses could be reduced. Most importantly, big disasters could be managed in an effective manner. The competitive advantage can be achieved through project risk management. Further to this, the risk management allows to explore new opportunities. From these arguments related to benefits of project management, it is reasonable to conclude that risk management is quite important for the success of the project. Therefore, it could be concluded risk management is of utmost importance, therefore, it should not be ignored by the project managers.

Further to this, this research has analysed the risk management approaches. It is concluded that there are two common approaches of risk management which are named as reactive and proactive risk management. The former is about reacting to the risks as soon as they emerge. As risks occur, planning and mitigating for risks start where risk is managed by arranging additional resources. This approach is most related with fire fighting and crisis management. It is concluded that this approach is most commonly related with the past events, and planning is done by doing the analysis of previous accidents. The analysis had led to the conclusion that there is no room for creativity, prediction and problem solving ability of managers. It is also concluded that this approach provides no room for external environmental changes. The latter approach i.e. proactive risk approach is most commonly used in modern project management practices. It is concluded that for dealing with the external environmental changes, proactive risk management approach is adopted. This approach relies more on the future orientation of the project where feedback control is used to change the project plan as per the changes in the external environment. Moreover, the analysis has also lead to the conclusion that proactive risk management approach is more adaptive. The comparison of both proactive and reactive risk management approaches has led towards the conclusion that reactive risk management has orientation on past while proactive risk management approach has focus on past, present and future. The present research is purely about the proactive risk management. Indeed, both risk management approaches has their own pros and cons, but further analysis was continued on the proactive risk management approaches. After analysing these approaches, and literature related to the project risk management, it is analysed that how common project risk management is currently practiced in the organisations.

Objective: To analyse the commonly practiced frameworks of project risk management.

Finding:The present research also discusses the frameworks which are used in the field of project management. Commonly used frameworks are studied in this research. After analysing various frameworks, it could be concluded that risk management frameworks are of utmost importance. How successfully a project could be determined through the reliance on an effective risk management framework. It is concluded that risk management framework provides the guidelines for managing the project. The comparison of all risk management frameworks has lead to the conclusion that various categories could be made with the help of risk management frameworks. This is true for all frameworks which are analysed in this research, showing that research findings are consistent with Abuswer, Amyotte and Khan (2013). All the frameworks which are reviewed in this research, i.e. general framework for risk management, the pro-risk management framework, ISO 31000 risk management framework, NIST risk management and IT risk management framework categorises the risks which are related to different stakeholders. This is also consistent with the arguments of Glendon, Clarke and McKenna (2016). It is concluded that through common risk management frameworks, it becomes possible to identify key risk and make formal plans for mitigating these risks. The resource utilisation process becomes quite efficient with the reliance on the discussed risk management frameworks. Moreover, monitoring and reviewing of the process is also ensured by these frameworks. From this, it could be concluded that risk management frameworks are important as they do not only helps in providing action plans but they lead the project managers while reviewing and monitoring the whole process. Similar is presented by Kaplan and Mikes (2012) and Nachtigal (2009). The analysis of various risk management frameworks has led to the conclusion that these allow to exploit opportunities and cope up with the threats that are faced by the project. This is also stated by Karadsheh (2010) and Harris and McCaffer (2013) that mandatory tools are provided by the frameworks for dealing with anticipated threats and opportunities. From the analysis of various frameworks involving general framework for risk management, the pro-risk management framework, ISO 31000 risk management framework, NIST risk management and IT risk management, it is concluded that risk management frameworks allow the project managers to manage with scalable risks which are faced to the project.

Objective: To determine limitations of the existing risk management approaches in project management.

Finding:Further to this, the aim of present research was to analyse the limitations of project risk management frameworks. Though, numerous frameworks exist, this research has analysed that these face numerous limitations. After analysing the limitations, it is found that this project risk management field is quite undeveloped, therefore, sophistication and formality level is not that high. It is concluded the risk management frameworks do exist but the level of sophistication is lower than the fields of engineering, accounts and finance. It is concluded that the impact of situation factors influencing the projects is quite diverse. Therefore, if any of the situational factor is not managed in an effective manner, it can has various types of the impacts. From the analysis, it is concluded that the process of categorising and prioritising the risks is quite complex and it cannot be effectively performed along with the actual project tasks. The analysis shows that mangers often become over-burdened when they rely on risk management frameworks. Further to this, analysis of limitations showed that it is not always possible to differentiate among risk and uncertainty. Therefore, there is always a danger of loosing the focus and attention from actual project to risk management process. Hence, the limitations analysed in the present research has led towards a recommendation that project managers must always specify the time which has to be spent on risk management and actual project management. Moreover, the limitation also identified that sometimes there are chances that too much resources are spent on managing the risks, which increases the cost of the project. Therefore, after analysis conducted in this research, it is concluded that risk must be managed such that optimum utilisation of resources is also ensured. Efforts should be done for those risks which are necessary to mitigate, few risks which are of less importance can also be left for risk avoidance solution. The limitation of project risk management frameworks is that the element of subjectivity is high, which can even result in bias results. Therefore, it is concluded that project managers must be aware of the possible bias and they should not be allowing any bias to be part of the risk management process. This is quite rare that actual solution is provided through this process of risk management. The risk management framework does not provide solution for managing risk. Though, this is a limitation highlighted by the researchers. However, the personal analysis of the researcher of this dissertation tells that this is not the purpose of risk management frameworks. They are never intend to tell the solutions, they only facilitate and guide the process and if one framework is doing so, that could be considered effective framework for managing the risk of the project management. This is also stated by Guled, Dange and Chawan (2012). The analysis has further lead the dissertation towards the limitation of framework where there are fewer chances of innovative thinking using the risk management framework. The personal reflection over this limitation has motivated the researcher to conclude that this limitation is not at the end of the risk management frameworks, rather this is a limitation of the individual managers who are actually managing the risk. Therefore, by any mean, the project managers are required to have an open mind and think out of the box, simultaneous to complying the respective risk management framework. Though, there are certain limitations which are directly posed to the frameworks, however, the individuals who are managing the risks has a great role to play. Therefore, it must be ensured that their abilities, skills and knowledge does not put any limit on managing the project risks. There is a critical role which is to be played by the training of project managers related to dealing with the limitations of the framework. This is also stated by Ritchie and Brindley (2007). Another limitation which is highlighted in this research is that risk management frameworks do not specify the further action which needs to be taken for solving the problem. The analysis of this problem tells that this is not a limitation which should be exaggerated. Perhaps, few researchers have over estimated the risk management frameworks, expecting what is not intended from these projects. Therefore, it is concluded that indeed risk management frameworks have certain limitations, these must be in knowledge of the project managers, however, the frameworks should only be considered as a facilitating tools. The over expectations or over estimation of their benefits might lead to harmful results. Therefore, only that should be expected from these frameworks for which they are developed.

Objective: To recommend widely applicable risk management framework of project management

Finding: Further to this analysis, the need for widely applicable risk management framework is analysed. In this research it is analysed that how risk management is done in the changing business environment landscape. The frameworks which has been analysed are those frameworks which analyse how risk management is done in changing business environment. Further to this, changing nature of modern projects is analysed. A comprehensive analysis between traditional and modern risk management approaches is done. After doing that analysis, it is reasonable to conclude that traditional risk management was fragment, reactive, discontinuous and focused on certain functions. However, the need to cope up with external environment has given rise to modern risk management approaches. It could be concluded that modern risk management approaches are integrative, proactive, continuous and focused on process. The analysis of secondary data revealed that innovation, knowledge based projects, optimum simplicity and sophistication and skills are required in the modern risk management framework. Considering the previous risk management frameworks, one integrated risk management framework has been presented in this research. This framework is developed to meet the demands of the modern projects. therefore, the element of knowledge management, training and organisational culture are integrated in the presented framework. Though, this framework is the expansion of previous framework which is presented by ISO 31000, but the incorporation of organisational culture, knowledge management practices and training has make it a better framework than previous ones. It is also important to highlight that presented framework has all the characterises which are required for all modern projects.

6.1.Fulfilment of research aim and objectives and research questions

This research has been conducted to accomplish five objectives. The first objective was to determine the common project risk management approaches currently practiced. The literature review chapter has been conducted to review what are the project risk management practices which are now practiced. The chapter number three was specifically analysing the practices of project management. The chapter three has helped the author to achieve this objective. Second objective of this research was to examine various risks and situational factors that influence the success of the projects.The third chapter has a discussion on the various types of risks and this chapter has also reviewed risks which occurs due to the situational factors. Hence, this objective is also accomplished. Another objective was to analyse various frameworks for project risk management. This objective is accomplished in the forth chapter various frameworks are analysed. Other objective was to determine limitations of the existing risk management approaches in project management. The forth chapter helps to achieve this objective. After analysing the frameworks, the limitations are observed. Hence, the forth chapter has helped the researcher to fulfil one of the objectives of this research study. The last objective of this research was to recommend widely applicable risk management approaches in project management. The fifth chapter of this research study is about the integrated risk management framework. After analysing the nature of the modern projects, this research has presented the integrated risk management framework. Therefore, this research objective is also accomplished.

6.2.Limitations and Recommendations

The present research faces certain limitations which must not be ignored. This research is based on the systematic review of previous studies. It has not collected new data for completing the research aim and objectives. Indeed, this was quite feasible for this research to rely on secondary research, but the usefulness of overall research work could be enhanced by taking help from the primary data. Therefore, it is recommended to future researchers that they should combine the secondary data with primary data for getting more valuable results. The views of project managers who are working in modern environment will prove helpful for this research. Therefore, it is recommended to future researchers that they should interview the project managers who are working on complex projects, and their views should be integrated in the framework presented in this research. Moreover, the presented framework is the expansion of previous framework which is presented by ISO 31000. It is recommended to future researchers that this framework should be empirically tested by collecting the data and analysing it statistically to conclude about the impact of various elements and variables on other elements and variables.

In this research, it is analysed that the nature of projects is becoming more complex. Therefore, there is a need for such frameworks which could allow project managers to deal with the complex framework in a simpler manner. The presented framework should be applied to the projects which are complex. It is ensured to reach the optimum level of simplicity and sophistication in this framework. Therefore, this must be utilised. This framework has presented one important aspect where knowledge management practices are incorporated in this framework. This is the need of the modern projects. Therefore, it should not be neglected that integration of knowledge management and risk management could lead towards better results. As now most of the projects are knowledge based, therefore, knowledge management will help to improve the risk management in the framework. Moreover, the continuous training role should not be neglected. This research has identified various limitations of the risk management approaches. These limitations could be minimised through continuous training. Therefore, managers must has to be ensured that all team members of the project possess the required skills, knowledge and abilities. Moreover, as this is the time of innovation, therefore, it must be ensured that only those frameworks should be adopted which are enough simple. Therefore, the present framework is quite simple. It is recommended to project managers that they should start using this framework for managing the risks which are associated to the projects. In the framework, it is also ensured that culture of the organisation must be supportive. Therefore, this is also added in this framework. Therefore, managing the risks of the project in an effective manner, it is important to improve the culture of the organisation.





Abuswer, M., Amyotte, P. and Khan, F., 2013. A quantitative risk management framework for dust and hybrid mixture explosions. Journal of Loss Prevention in the Process Industries26(2), pp.283-289.

Aebi, V., Sabato, G. and Schmid, M., 2012. Risk management, corporate governance, and bank performance in the financial crisis. Journal of Banking & Finance36(12), pp.3213-3226.

Ai, J., Brockett, P.L., Cooper, W.W. and Golden, L.L., 2012. Enterprise risk management through strategic allocation of capital. Journal of Risk and Insurance79(1), pp. 29-56.

AIRMIC, A. and IRM, A., 2010. Structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000. The Public Risk Management Association, London, UK.

ALARM, 2009. The Alarm National Performance Model for Risk Management in the Public Services. UK: The Public Risk Management Association.

Alhawari, S., Karadsheh, L., Talet, A.N. and Mansour, E., 2012. Knowledge-based risk management framework for information technology project.International Journal of Information Management32(1), pp.50-65.

Alquier, A.M., Cagno, E., Caron, F. and Leopoulos, V.R.M.A., 2000. Analysis of external and internal risNs in project early phase. In Proceeding of PMI Research Conference (pp. 147-155).

Babbie, E. 2015. The Practice of Social Research, 14 edition. Wadsworth Publishing.

Bessis, J. and O'Kelly, B., 2015. Risk management in banking. John Wiley & Sons.

Blaikie, N., 2000. Designing Social Research. 1st ed. Cambridge: Polity Press.

Binder, J., 2016. Global project management: communication, collaboration and management across borders. CRC Press.

Birkmann, J., Cardona, O.D., Carreño, M.L., Barbat, A.H., Pelling, M., Schneiderbauer, S., Kienberger, S., Keiler, M., Alexander, D., Zeil, P. and Welle, T., 2013. Framing vulnerability, risk and societal responses: the MOVE framework. Natural hazards67(2), pp.193-211.

Bodgan, C.R. and Bilkan, K.S. Undated. Qualitative Research for Education; An Introduction To Theories and Models. Outline of Chapter1 Characteristics of Qualitative Research.

Bowers, J. and Khorakian, A., 2014. Integrating risk management in the innovation project. European Journal of Innovation Management17(1), pp.25-40.

Burke R. 1993. Project Management. John Wiley and Sons, Chichester,

Bresnen, M., 2016. Institutional development, divergence and change in the discipline of project management. International Journal of Project Management34(2), pp.328-338.

Bryde, D., Broquetas, M. and Volm, J.M., 2013. The project benefits of building information modelling (BIM). International Journal of Project Management31(7), pp.971-980.

Bryman, A., 2004. Social Research Methods. Oxford University Press Inc.New York.

Burke, R., 2013. Project management: planning and control techniques. New Jersey, USA.

Cole, S., Giné, X., Tobacman, J., Topalova, P., Townsend, R. and Vickery, J., 2013. Barriers to household risk management: Evidence from India. American Economic Journal: Applied Economics5(1), pp.104-135.

Colicchia, C. and Strozzi, F., 2012. Supply chain risk management: a new methodology for a systematic literature review. Supply Chain Management: An International Journal17(4), pp.403-418.

Cooper, C. R., and Schindler, P. S. 2008. Business research methods (10 ed.). Boston: McGraw-Hill.

Chance, D.M. and Brooks, R., 2015. Introduction to derivatives and risk management. Cengage Learning.

Chia, R., 2013. Paradigms and perspectives in organisational project management research: implications for knowledge creation. Novel Approaches to Organisational Project Management Research: Translational and Transformational. Copenhagen Business School Press, Copenhagen, pp.33-55.

Choo, B.S.Y. and Goh, J.C.L., 2015. Pragmatic adaptation of the ISO 31000: 2009 enterprise risk management framework in a high-tech organisation using Six Sigma. International Journal of Accounting & Information Management23(4), pp.364-382.

Christoffersen, P.F., 2012. Elements of financial risk management. Academic Press.

Creswell, J. 2008, Educational research: Planning, conducting, and evaluating quantitative and qualitative research (3rd), Upper Saddle River, NJ: Prentice Hall.

Creswell, J. W. 2007. Qualitative Inquiry & Research Design: Choosing among five approaches (2nd ed.). Thousand Oaks, CA: Sage.

Creswell, J.W. and Miller, D.L., 2000. Determining validity in qualitative inquiry. Theory into practice39(3), pp.124-130.

Dallas, M. and Director, A.P.M., 2013. Management of Risk: Guidance for Practitioners and the international standard on risk management, ISO 31000: 2009. The Stationary Office.

De Wet, B. and Visser, J.K., 2013. An evaluation of software project risk management in South Africa. South African Journal of Industrial Engineering,24(1), pp.14-29.

Denzin, N. & Lincoln, Y., 2003. The Discipline and Practice of Qualitative Research. In Collecting and Interpreting Qualitative Materials. Sage Publications.

Diego, B.J., Cédrick, B.E.L.E.R. and Daniel, N.O.Y.E.S., 2013. Risk analysis in project early phase taking into account the product lifecycle: Towards a generic risk typology for bidding process. IFAC Proceedings Volumes46(9), pp.495-500.

Doorn, N., 2014. Rationality in flood risk management: the limitations of probabilistic risk assessment in the design and selection of flood protection strategies. Journal of Flood Risk Management7(3), pp.230-238.

Drennan, L.T. and McConnell, A., 2007. Risk and Crisis Management in the Public Sector. Routledge.

Dorfman, M.S. and Cather, D.A., 2012. Introduction to risk management and insurance. Pearson Higher Ed.

Deloach, J., 2000. Enterprise-wide Risk Management: Strategies for linking risk and opportunity. FT Prentice Hall.

Dumont, A., Fournier, P., Abrahamowicz, M., Traoré, M., Haddad, S., Fraser, W.D. and QUARITE research group, 2013. Quality of care, risk management, and technology in obstetrics to reduce hospital-based maternal mortality in Senegal and Mali (QUARITE): a cluster-randomised trial. The Lancet382(9887), pp.146-157.

Edwards, P. and Bowen, P., 2013. Risk management in project organisations. Routledge.

Eriksson, P. &Kovalainen, A., 2008. Qualitative Methods in Business Research. London: SAGE Publications Ltd.

Fewings, P., 2013. Construction project management: An integrated approach. Routledge.

Fone, M., and. Young, P.C., 2000. Public Sector Risk Management. Biddles.

Harris, F. and McCaffer, R., 2013. Modern construction management. John Wiley & Sons.

Garel, G., 2013. A history of project management models: From pre-models to the standard models. International Journal of Project Management, 31(5), pp.663-669.

Glendon, A.I., Clarke, S. and McKenna, E., 2016. Human safety and risk management. Crc Press.

Greiman, V.A., 2013. Megaproject management: Lessons on risk and project management from the Big Dig. John Wiley & Sons.

Guled, A.A., Dange, A.A. and Chawan, P.M., 2012. Risk management frameworks. Risk Management2(2), pp.123-157.

Guled, A.A., Dange, A.A. and Chawan, P.M., 2012. Risk management frameworks. Risk Management2(2), pp.123-157.

Gordon, L.A., Loeb, M.P. and Sohail, T., 2003. A framework for using insurance for cyber-risk management. Communications of the ACM46(3), pp.81-85.

Gummesson, E., 2000. Qualitative methods in management research. Sage.

Guled, A.A., Dange, A.A. and Chawan, P.M., 2012. Risk management frameworks. Risk Management2(2), pp.123-157.

Haimes, Y.Y., 2015. Risk modeling, assessment, and management. John Wiley & Sons.

Hancock, D., 2014. The Application of the ‘New Sciences’ to Risk and Project Management. Advances in Project Management: Narrated Journeys in Unchartered Territory, p.51.

Healy, M. and Perry, C., 2000. Comprehensive criteria to judge validity and reliability of qualitative research within the realism paradigm. Qualitative market research: An international journal3(3), pp.118-126.

Heagney, J., 2012. Fundamentals of project management. AMACOMDiv American Mgmt Assn.

Highsmith, J., 2013. Adaptive software development: a collaborative approach to managing complex systems. Addison-Wesley.

Hoang, H.A. and Rothaermel, F.T., 2010. Leveraging internal and external experience: exploration, exploitation, and R&D project performance. Strategic Management Journal31(7), pp.734-758.

Hopkin, P., 2002. Holistic Risk Management in Practice. London: Witherby

Hopkin, P., 2014. Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.

Hull, J., 2012. Risk Management and Financial Institutions,+ Web Site (Vol. 733). John Wiley & Sons.

Hillson, D. and Simon, P., 2012. Practical project risk management: The ATOM methodology. Management Concepts Inc.

Hwang, B.G. and Ng, W.J., 2013. Project management knowledge and skills for green construction: Overcoming challenges. International Journal of Project Management31(2), pp.272-284.

International Organisation for Standardization (ISO) and International Electrotechnical Commission (IEC), 1999. Safety Aspects-Guidelines for Their Inclusion in Standards, s.l.: ISO/IEC Guide 51.

Islam, S., Mouratidis, H. and Weippl, E.R., 2014. An empirical study on the implementation and evaluation of a goal-driven software development risk management model. Information and Software Technology56(2), pp.117-133.

Kaplan, R.S. and Mikes, A., 2012. Managing risks: a new framework.

Karadsheh, L.A., 2010. A Framework for Integrating Knowledge Management with Risk Management for Information Technology Projects (RiskManiT). ProQuest LLC. 789 East Eisenhower Parkway, PO Box 1346, Ann Arbor, MI 48106.

Karadsheh, L., Alhawari, S. and Talet, A.N., 2012. The Support of Knowledge Process to Enhance Risk Analysis in Jordanian Telecommunication Companies. Journal of Information & Knowledge Management11(02), p. 1250013.

Kern, D., Moser, R., Hartmann, E. and Moder, M., 2012. Supply risk management: model development and empirical analysis. International Journal of Physical Distribution & Logistics Management42(1), pp.60-82.

Kerzner, H., 2009. Project management: A system approach to planning, scheduling and controlling, John Wiley & Sons, Inc, Hoboken, New Jersey.

Kerzner, H.R., 2013. Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.

Kendrick, T., 2015. Identifying and managing project risk: essential tools for failure-proofing your project. AMACOMDiv American Mgmt Assn.

Kothari, C.R., 2004. Research methodology: Methods and techniques. New Age International.

Kunreuther, H., Heal, G., Allen, M., Edenhofer, O., Field, C.B. and Yohe, G., 2013. Risk management and climate change. Nature Climate Change3(5), pp.447-450.

Kumar, S. and Phrommathed, P., 2005. Research methodology (pp. 43-50). Springer US.

Kwak, Y.H. and Stoddard, J., 2004. Project risk management: lessons learned from software development environment. Technovation24(11), pp.915-920.

Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.

Lavastre, O., Gunasekaran, A. and Spalanzani, A., 2012. Supply chain risk management in French companies. Decision Support Systems52(4), pp.828-838.

Leach, L.P., 2014. Critical chain project management. Artech House.

Lin Moe, T. and Pathranarakul, P., 2006. An integrated approach to natural disaster management: public project management and its critical success factors. Disaster Prevention and Management: An International Journal,15(3), pp.396-413.

Lock D. 1994. Project Management, 5th ed. Gower, Aldershot,

Padovani, R., and Tugnoli, A., 2005. L`Enterprise Risk Management NelleImprese Non Finanziarie: AspettiTeorici e Studi Di CasoNelMercatoItaliano. Italia: Politecnico Di Milano, Facolta Di Ingegneria Dei Sistemi.

Qazi, A., Quigley, J. and Dickson, A., 2015, March. Supply chain risk management: systematic literature review and a conceptual framework for capturing interdependencies between risks. In Industrial Engineering and Operations Management (IEOM), 2015 International Conference on (pp. 1-13). IEEE.

Marczyk, G., DeMatteo, D. and Festinger, D., 2005. Essentials of research design and methodology. John Wiley & Sons Inc.

Marcelino-Sádaba, S., Pérez-Ezcurdia, A., Lazcano, A.M.E. and Villanueva, P., 2014. Project risk management methodology for small firms. International Journal of Project Management32(2), pp.327-340.

Marchewka, J.T., 2014. Information technology project management. John Wiley & Sons.

Martinsuo, M., 2013. Project portfolio management in practice and in context.International Journal of Project Management31(6), pp.794-803.

McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press.

Matthews, K., 2013. Risk management and managerial efficiency in Chinese banks: a network DEA framework. Omega41(2), pp.207-215.

Marle, F., Vidal, L.A. and Bocquet, J.C., 2013. Interactions-based risk clustering methodologies and algorithms for complex project management.International Journal of Production Economics142(2), pp.225-234.

McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press.

McManus, J., 2012. Risk management in software development projects. Routledge.

Mechler, R., 2016. Reviewing estimates of the economic efficiency of disaster risk management: opportunities and limitations of using risk-based cost–benefit analysis. Natural Hazards81(3), pp.2121-2147

Merriam, S. B. 1998. Qualitative research and case study applications in education. San Francisco, CA: Jossey-Bass

Merriam, S. B. 2002. Qualitative research in practice: Examples for discussion and analysis. San Francisco, CA: Jossey-Bass.

Miles, M.B. and Huberman, A.M., 1994. Qualitative data analysis: An expanded sourcebook. Sage.

Myrelid, A. and Olhager, J., 2015. Applying modern accounting techniques in complex manufacturing. Industrial Management & Data Systems115(3), pp.402-418.

Nachtigal, S., 2009. E-business Information Systems Security Design Paradigm and Model (Doctoral dissertation, University of London).

Nokes, S., 2007. The Definitive Guide to Project Management, London: Financial Times / Prentice Hall

Oisen, R,P., 1971. Can project management be defined? Project Management Quarterly, 2(1), pp. 12-14

Park, Y. W. & Hong, P., 2012. Building Network Capabiliies in Turbulent Competitive Environments: Practices of Global Firms from Korea and Japan. Boca Raton, FL: CRC Press.

Patton, M. Q. 1990. Qualitative evaluation and research methods (1st ed.). London, UK: Sage.

Patton, M. Q. 2002. Qualitative evaluation and research methods (3rd ed.). Thousand Oaks, CA: Sage Publications, Inc.

Peixoto, J., Tereso, A., Fernandes, G. and Almeida, R., 2014. Project Risk Management Methodology: A Case Study of an Electric Energy Organisation. Procedia technology16, pp.1096-1105.

Peffers, K., Tuunanen, T., Rothenberger, M.A. and Chatterjee, S., 2007. A design science research methodology for information systems research. Journal of management information systems24(3), pp.45-77

Power, M. (2007). Organized Uncertainty. New York: Oxford University Press, Inc.

Phillips, J., 2013. PMP, Project Management Professional (Certification Study Guides). McGraw-Hill Osborne Media.

Pritchard, C.L. and PMP, P.R., 2014. Risk management: concepts and guidance. CRC Press

Pérez?González, F. and Yun, H., 2013. Risk management and firm value: Evidence from weather derivatives. The Journal of Finance68(5), pp. 2143-2176.

Racz, N., Weippl, E. and Seufert, A., 2010, July. A process model for integrated IT governance, risk, and compliance management. In Databases and information systems. Proceedings of the ninth international Baltic conference, Baltic DB&IS (pp. 155-170).

Rampini, A.A., Sufi, A. and Viswanathan, S., 2014. Dynamic risk management. Journal of Financial Economics111(2), pp.271-296.

Reiss B. 1993. Project Management Demystied. E and FNSpon, London

Remenyi, D., Williams, B., Money, A. & Swartz, E., 1998. Doing Research in Business sandManagement. Sage, London.

Ritchie, B. and Brindley, C., 2007. Supply chain risk management and performance: A guiding framework for future development. International Journal of Operations & Production Management27(3), pp.303-322.

Reason, J., 2000. Human error: models and management. Business Management Journal, 320(7237), pp.768-770.

Reiss, G., 2013. Project management demystified: Today's tools and techniques. Routledge.

Roy, B., Dasgupta, R. and Chaki, N., 2016. A Study on Software Risk Management Strategies and Mapping with SDLC. In Advanced Computing and Systems for Security (pp. 121-138). Springer India.

Sadgrove, K., 2016. The complete guide to business risk management. Routledge

Saunders, M., Lewis, P. and Thornhill, A. 2007. Research Methods for Business Students, 4th ed. Prentice Hall Financial Times, Harlow.

Saunders, M.  Lewis, P.  Thornhill, A. 2009. Research Methods for business students, 3rd Ed. Harlow (England), Prentice Hall.

Schwalbe, K., 2015. Information technology project management. Cengage Learning

Sekaran, U. and Bougie, R. 2009. Research Methods for Business: A Skill Building Approach, 5th ed.. John Wiley & Sons Ltd

Sharbatoghlie, A. and Sepehri, M., 2015. An Integrated Continuous Auditing Project Management Model (CAPM). In 4th International Project Management Conference.

Shimizu, T., Park, Y. and Choi, S., 2014. Project Managers and risk management: A Comparative study between Japanese and Korean firms. inteernational Journal of Production Econommics, 147(1), pp. 437-447.

Soin, K. and Collier, P., 2013. Risk and risk management in management accounting and control. Management Accounting Research24(2), pp.82-87.

Spitzmuller, M. and Van Dyne, L., 2013. Proactive and reactive helping: Contrasting the positive consequences of different forms of helping. Journal of Organisational Behavior34(4), pp.560-580.

Stanleigh, M., 2010. Project Risk Management, Business Improvement Architects.

Subramanyan, H., Sawant, P. H. and Bhatt, V., 2012. Construction project risk assessment: Development of model based on investigation of opinion of construction project experts from India. Journal of Construction Engineering and Management, 138(3), pp. 409-421.

Smith J. A. 2008. Qualitative psychology: a practical guide to research methods, 2nd Ed. Pearson

Sumner, M., 2000. Risk factors in enterprise-wide/ERP projects. Journal of information technology15(4), pp.317-327.

Tah, J.H.M. and Carr, V., 2000. A proposal for construction project risk assessment using fuzzy logic. Construction Management & Economics, 18(4), pp.491-500.

Tait, J. and Levidow, L., 2010. Proactive and reactive approaches to risk regulation: the case of biotechnology. Futures24(3), pp.219-231.

Teller, J. and Kock, A., 2013. An empirical investigation on how portfolio risk management influences project portfolio success. International Journal of Project Management31(6), pp.817-829.

Teller, J., Kock, A. and Gemünden, H.G., 2014. Risk management in project portfolios is more than managing project risks: A contingency perspective on risk management. Project Management Journal45(4), pp.67-80.

Thamhain, H., 2013. Managing risks in complex projects. Project Management Journal44(2), pp.20-35.

Thiry, M., and Deguire, M., 2007. Recent developments in project-based organisations, International Journal of Project Management, 25(7), pp. 649–658.

Thuesen, C., and Boas, A. 2013. Mapping best and emerging practices of project management, Gower Publishing Ltd, Aldershot, England.

Tsai, W.H., Shaw, M.J., Fan, Y.W., Liu, J.Y., Lee, K.C. and Chen, H.C., 2011. An empirical investigation of the impacts of internal/external facilitators on the project success of ERP: A structural equation model. Decision Support Systems50(2), pp.480-49

Tashakkori, A. & Creswell, J.W., 2007. Exploring the nature of research questions in mixed methods research. Journal of Mixed Methods Research, 1(3), pp.207-11.

Turner, R., 2016. Gower handbook of project management. Routledge.

Unab, W. and Kundi, M.F.A., 2014. Review of Project Management (PM) Practices in Public Infrastructure Development Organisations of Pakistan. Journal of Strategy and Performance Management2(4), p.144.

Van Staveren, M., 2009. Risk Innovation and Change. The Netherlands: IpskampDrukkers, B.V., Enschede.

Vareilles, E., Coudert, T., Aldanondo, M., Geneste, L. and Abeille, J., 2012. Coupling system design and project planning: discussion on a bijective link between system and project structures. IFAC Proceedings Volumes45(6), pp.1089-1094.

Ward, P.J., Jongman, B., Salamon, P., Simpson, A., Bates, P., De Groeve, T., Muis, S., de Perez, E.C., Rudari, R., Trigg, M.A. and Winsemius, H.C., 2015. Usefulness and limitations of global flood risk models. Nature Climate Change5(8), pp.712-715.

Walecdzik, K., Manadziuk, J. and Zadrozny, S., 2014. Proactive and reactive risk-aware project scheduling. In CIHLI (pp. 94-101).

Wallace, L., Keil, M. and Rai, A., 2004. How software project risk affects project performance: an investigation of the dimensions of risk and an exploratory model. Decision Sciences35(2), pp.289-321.

Wallace, L. and Keil, M., 2004. Software project risks and their effect on outcomes. Communications of the ACM47(4), pp.68-73.

Wells, H., 2012. How Effective are Project Management Methodologies? An Explorative Evaluation of Their Benefits in Practice. Project Management Journal, 43(6), pp. 43-58.

Westerman, G. and Hunter, R., 2007. IT risk: turning business threats into competitive advantage. Boston: Harvard Business School Press.

Xanthopoulos, A., Vlachos, D. and Iakovou, E., 2012. Optimal newsvendor policies for dual-sourcing supply chains: A disruption risk management framework. Computers & Operations Research39(2), pp.350-357.

Zhang, X., Wuwong, N., Li, H. and Zhang, X., 2010, June. Information security risk management framework for the cloud computing environments. In Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on (pp. 1328-1334). IEEE.





Get An Instant Quote


Our Service Portfolio


Want To Place An Order Quickly?

Then shoot us a message on Whatsapp, WeChat or Gmail. We are available 24/7 to assist you.


Grab The Following Features Right Now

Do not panic, you are at the right place


Visit Our writting services page to get all the details and guidence on availing our assiatance service.

Get 20% Discount, Now
£19 £14/ Per Page
14 days delivery time

Now! moonlight your way to A+ grade academic success. Get the high-quality work - or your money back.


Our experts are ready to assist you, call us to get a free quote or order now to get succeed in your academics writing.

Get a Free Quote Order Now