Sign in Subscribe
Risk Management

A Comprehensive Guide to Risk Management in the Project Initiation Phase

Kevin Jogin

16 min read
A Comprehensive Guide to Risk Management in the Project Initiation Phase
Photo by Loic Leray / Unsplash

Project risk management is an essential process for organizations to minimize potential losses and ensure the successful completion of projects. The initiation phase is one of the most crucial stages of project risk management. At this stage, organizations must take significant steps to identify, evaluate, and mitigate potential risks.

Organizations assess risk by considering their appetite for risk and investment objectives. A project with a higher level of risk often yields a higher return, but it could also lead to significant losses. Hence, organizations should choose projects that balance their risk appetite with their investment objectives. 

Risk and return are often inversely proportional. Therefore, organizations select projects that complement their criteria for a balanced portfolio, which helps them to minimize the overall risk of their investment portfolio.

Apart from organizational factors, the government or state also plays a pivotal role in project selection and risk management. Governments may prioritize certain projects over others, depending on their strategic goals and economic objectives. They may also provide incentives or regulations to encourage organizations to take on projects that align with their objectives. 

To learn more about how organizations manage project risks at the initiation phase, please visit http://www.ted.com/talks/mariana_mazzucato_government_investor_risk_taker_innovator#t-51094.

Project Selection

Managing funds effectively is a crucial aspect of organizations to meet both their short-term and long-term needs. Profit-oriented organizations usually focus on funding operational budgets to generate immediate profits. However, to generate future profits and grow the organization, it needs to invest in capital projects. Operational budgets aim for efficiency, which means doing more with less, while capital budgets aim for effectiveness, which means doing things that align with strategies and long-term goals.

Not-for-profit organizations operate under a "Bucket of Money" process. For example, government departments have to justify expenditures and seek extra funding for new capital projects from Treasury. Once approved, they have to operate within those funding constraints. Other not-for-profit organizations also tend to have fixed budgets as they obtain the majority of their funding from grants and have limited ability to raise funds. Not-for-profit organizations select projects that help them achieve either increased outcomes/outputs for less money or enable them to gain extra funding to achieve a strategic or political goal.

Organizations manage their project portfolios to minimize strategic risks associated with accepting or rejecting projects. The strategic context is essential in determining which projects will be selected. The strategic context is the relationship between the organization and its environment. Understanding the business and the environment in which you operate is vital to determining organization capabilities and developing future goals, objectives, and strategies. The projects that best facilitate the attainment of these goals and objectives will be selected.

Strategic risks are defined as the risks associated with future business plans and strategies. They include plans for entering new business lines, expanding existing services through mergers and acquisitions, enhancing infrastructure, etc. Strategic risks can have a significant impact on the organization's success or failure. Therefore, it is essential to identify, assess, and manage them effectively to achieve the organization's desired outcomes.

In judgment, managing funds effectively and selecting the right projects is critical to an organization's success. It is essential to understand the strategic context and manage strategic risks effectively to maximize the organization's chances of success.

 Risk and Documents used to Select Projects

 In order to facilitate portfolio management, a number of crucial documents are created, including business cases, submissions/proposals, responses to tender documents, and scoping documents. These documents contain detailed sections that explore the strategic risks associated with taking on or abstaining from a particular project. These risk assessments and the other contents of these documents are subsequently used to evaluate the project against the selection criteria established by the organization. Ultimately, this process helps to determine which projects are best aligned with the organization's strategic goals and priorities.

Hillson, David. Managing Risk in Projects. Abingdon, Oxon, GBR: Ashgate Publishing Group, 2009 (eBook)

Portfolio Management of Projects

Effective portfolio management of projects is a crucial aspect of ensuring the future success of any organization. Projects must be selected based on how well they align with the long-term needs and goals of the organization. This selection process involves comparing each potential project against specific selection criteria unique to the organization.

Portfolio management entails analyzing and managing a group of proposed or current projects collectively. The primary objective of portfolio analysis is to determine the optimal mix and sequence of projects to best achieve the organization's overall objectives. In order to select a range of capital projects, a set of well-defined criteria is utilized.

These criteria can include financial measures such as payback period, ROI, NPV, and IRR, as well as how well the project fits into the organization's overall strategy and objectives. The level of innovation in the project, expected costs, consumption of scarce resources, expected timeline and schedule of investment, opportunity costs, financial risks of the project, and risk of not accepting the project (e.g. compliance project) are also taken into consideration.

Furthermore, it is essential to assess how the project fits into the risk profile of the organization and other projects in the portfolio, as well as any relationships or inter-dependencies with other projects. Each organization's criteria will vary depending on its specific needs and objectives. By carefully considering these criteria, the risk associated with a project can be assessed, and an informed decision can be made about whether to proceed or not.

In their research article, "Portfolio management for new product development: results of an industry practice," Robert Cooper, Scott Edgett, and Elko Kleinschmidt (2001) identified eight critical reasons why portfolio management is an indispensable practice for businesses.

Firstly, portfolio management plays a crucial role in achieving financial goals. By maximizing return and R&D productivity, businesses can generate profits and achieve their financial objectives.

Secondly, it helps businesses to maintain their competitive position in the market by increasing sales and market share. This enables businesses to stay ahead of their competitors and remain relevant in their industry.

Thirdly, effective portfolio management allows businesses to allocate their limited resources properly and efficiently. This ensures that resources are used in the most effective manner, leading to increased productivity and better outcomes.

Fourthly, the proper selection of projects ensures that they are aligned with the business strategy and support the overall objectives of the organization. This linkage enables businesses to achieve their strategic objectives and stay on track with their long-term goals.

Fifthly, portfolio management allows businesses to achieve focus by selecting only the projects that are most likely to succeed and avoiding taking on too many projects for the limited resources available. This focus enables businesses to achieve their desired outcomes and reduce the risk of failure.

Sixthly, it helps businesses to achieve balance between long and short term projects, as well as high and low-risk ones, consistent with the business's goals. The right balance ensures that businesses remain competitive in the market and achieve their desired outcomes.

Seventhly, portfolio management helps businesses to better communicate priorities within the organization both vertically and horizontally. This communication enables businesses to align their objectives and ensure that everyone is working towards the same goals.

Finally, portfolio management enables businesses to provide better objectivity in project selection by identifying and weeding out bad projects that are unlikely to succeed. This objectivity helps businesses to avoid wasting resources on projects that are not aligned with their goals.

At the strategic level, organizations and departments will go through a careful selection process to decide which projects to undertake. This process is usually done by a senior executive or a high-level financial committee or board. Effective portfolio management is essential for any business that wants to achieve its goals and remain competitive in the market.

[Gray Clifford, and Larson Erik. ‘Project Management:The managerial approach’,4/e (2008) McGrawHill p25]

In the book titled "Project Management: The Managerial Process, 4/e" by Gray, Clifford F. Larson, and Erik W., a Project Portfolio Matrix is presented as an example. This matrix categorizes projects based on two criteria: Technically Feasible (low to high) and anticipated Net Present Value (low to high). Net Present Value is calculated by subtracting the amount of investment from the present value of the future cash flows from an investment. The present value of expected cash flows is determined by discounting them at the required rate of return. The Technically Feasible measure is subjective but provides insights into the level of risk associated with a project. This is based on the premise that any new or different technology introduced into a project adds risks to it.

Read more: http://www.businessdictionary.com/definition/net-present-value-NPV.html#ixzz1mXh6Sgab 16/02/2012

The organisation follows a portfolio matrix that categorizes its projects into four types based on their potential risks and returns. The first type is bread-and-butter projects, which are aimed at making evolutionary improvements to current products and services. The second type is pearls, which represent revolutionary commercial advances using proven technical advances. The third type is oysters, which involve technological breakthroughs with high commercial payoffs. Finally, the fourth type is white elephants, which are projects that were deemed promising in the past but no longer remain viable.

The objective of having a balanced portfolio is to ensure that the organisation has a steady stream of funds coming in from bread and butter projects, generates higher returns from pearl projects, and develops future funds through oyster projects. White elephant projects that are no longer viable should be sold off or closed down.

The portfolio matrix assumes that adopting new technology carries high risk, and there is a relationship between risk and return. In other words, the more unique the project is, the higher the risk it carries, and the higher the return the organisation will demand from the project. This approach ensures that the organisation's investments are balanced, and the risks are managed effectively while maximizing returns.

Risk of Unclear Project Charter and Scoping

One of the biggest risks in any project is having an unclear project charter and scoping. A project manager is usually appointed once a project is approved. Their primary responsibility is to comprehend the project and the risks associated with it. This involves defining clear project objectives, timelines, and deliverables, as well as identifying potential risks and developing a risk management plan. By establishing a comprehensive project charter and scoping, the project manager can ensure that all stakeholders are aligned on the project's goals and expectations, ultimately leading to a successful outcome.

Clarify the Project Scope and Objective

Project management is a crucial function within an organization that allows for effective risk management. Once a project has been selected to proceed, it is important to prepare a scoping document or a project charter to formalize the project's objectives and scope. This document is designed to reduce the risk to the project manager and provide a clear understanding of what the project aims to achieve.

A project charter or goal is a broad definition of what an organization wants to accomplish through the project, and it should be directly related to the corporate objectives and business drivers for the project. The goal should be specific, measurable, agreed-upon, realistic, and time-framed (SMART).

In addition to the project goal, a project can have one or more objectives that do not necessarily need to be measurable. Each objective should be listed as a single sentence, and a useful way to frame these objectives is to answer the question, "why are you doing the project?" The result is a one-sentence statement or series of statements, starting with the word "To."

To ensure the project scope or charter is thorough and detailed, it should include the following information:

- The project goal, aims, or objective

- Project outcomes and products

- Project scope

- Constraints

- Exclusions and assumptions

- Quality expectations and specifications

- Managing scope changes

Project scope refers to the boundary around the project, and it is important to clarify exclusions and assumptions. Exclusions are those items or activities that are outside the project's scope, while assumptions are the underlying factors that influence the project's success. Failing to clarify these exclusions and assumptions may lead to disputes with stakeholders, which could affect the project's outcome.

Constraints are known limitations within which the project must work, such as deadlines, finance and budget, legislation, and more. These constraints should be identified and documented to ensure that the project is completed within the given boundaries.

By ensuring that the project scope or charter is thorough and detailed, the project manager can reduce the risk of disputes with the client or stakeholders. This reduces the likelihood of negative consequences for the project, and it ensures that the project is completed with clear goal posts in place. Effective project management is about having a good process and control, which can be achieved through a well-defined project scope and charter.

Propensity to Accept Risk

Risk is an inherent part of life and businesses, and it is important to understand the different attitudes towards risk that exist within an organization and society as a whole. Some people are naturally inclined to take risks, while others are more cautious or risk-averse. Understanding these attitudes can help organizations make informed decisions regarding risk management and mitigation.

It is essential to recognize that different parts of an organization may have different attitudes towards risk. For example, those in sales may be more willing to take risks to achieve higher sales targets, while those in accounting may be more conservative in their approach. Similarly, individuals within an organization may have varying risk attitudes based on their personality, training, and role in the project.

Factors that contribute to the acceptance of risk and an organization's perspective on risk include the country culture, predominant gender, age, industry, professional area, economic cycle, and type of risk. For instance, industries such as banking, retail, agriculture, government, not-for-profit, and profit-making entities may have different propensities for risks based on the nature of their industry and associated economic factors.

The prevailing economic cycle can also impact an organization's willingness to take risks. In a recession or depression, there is typically less risk-taking, while a boom may encourage more risk-taking. Moreover, the type of risk, whether financial, engineering, social, or others, can influence an individual's understanding of the risks involved and their propensity to take risks.

In conclusion, risk attitudes are neither necessarily stable nor homogeneous across hazard types. Therefore, it is crucial to understand the perspective of the person, section, or organization regarding risk, their role in the project, and their professional training, among other factors. This understanding can help organizations tailor their approach to risk management and create a culture that balances risk-taking with prudent risk management.

Skating on the Edge (Catalyst 29/07/2011)
Most young men go through it — a time of feeling immortal — when the thrill of an adrenaline rush leads to reckless behaviour. But, why would such behaviour evolve, when it's potentially harmful — even lethal?

Risk management and organisational culture

The concept of risk management goes hand in hand with the importance of organizational culture. The inclusion of 'culture' in the definition of risk management highlights the significance of a management practice that is driven from the top but instilled at all levels of management and staff.

Occupational Health and Safety (OH&S) is a great example of culturally accepted and understood risk management that is currently in place. In this case, legislative requirements compel all employers and employees to meet specific standards in relation to workplace health, safety, and welfare. Although there was initial resistance, the majority of people have now accepted these practices, which have been mandated to reduce the likelihood and consequence of risk in this area.

According to the UK Corporate Governance Code, the board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. This highlights the importance of the board's role in determining the organization's risk appetite.

Risk appetite is a crucial aspect of risk management that is often misunderstood and confused with other risk terms. To help clarify this, the Institute of Risk Management in the UK has provided five tests that Directors should apply in reviewing their organization's risk appetite framework.

The first test involves ensuring that the managers making decisions understand the degree to which they are permitted to expose the organization to the consequences of an event or situation. This requires a practical risk appetite framework that guides managers to make risk-intelligent decisions.

The second test involves ensuring that executives understand their aggregated and interlinked level of risk so they can determine whether it is acceptable or not. The third test involves ensuring that the board and executive leadership understand the aggregated and interlinked level of risk for the organization as a whole.

The fourth test involves ensuring that both managers and executives understand that risk appetite is not constant and may change as the environment and business conditions change. Anything approved by the board must have some flexibility built-in. Finally, the fifth test involves ensuring that risk decisions are made with full consideration of reward. The risk appetite framework needs to help managers and executives take an appropriate level of risk for the business, given the potential for reward.

Risk Software

Risk management is a crucial process in any organization. It involves identifying, assessing, and prioritizing potential risks and taking measures to mitigate them. To facilitate this process, many organizations rely on computers and risk software to manage and store the information collected on risks.

For some industries, such as finance and government, demonstrating effective risk management, governance, and compliance is a legal requirement. To meet this requirement, many organizations or departments have formalized and documented their risks using software that incorporates compliance frameworks, as well as risk management capabilities.

In addition, some organizations integrate their Governance, Risk, and Compliance software with their strategic planning software. This integration allows for more comprehensive risk management, as it enables the organization to identify and prioritize risks that may impact its overall strategic objectives.

Enterprise Risk Management (ERM) software is one of the most commonly used types of risk software. It is designed to manage risks for the entire organization and tends to be high level and strategic risk orientated. However, for project operational risk, less complex and standalone software may be better suited.

It is increasingly important for risk managers to capture data so that it can be used to help identify risks, as a legal record, and as a reference source for future projects. Risk, Governance, and Compliance software enables data storage and referencing, allowing risk managers to make informed decisions based on historical data and trends.

Leading risk management software firms

Software providers:

●     Linus Revive Business continuity System - http://www.linusrevive.com/

●     Riskware - http://www.riskware.com.au/

●     Palisade - http://www.palisade.com/

●     CURA Risk Management Solutions - http://www.cgerisk.com/

●     LexisNexis - http://www.lexisnexis.com/risk/ (Compliance/legal orientated)

●     RSA ARCHER GRC - http://australia.emc.com/security/rsa-archer/rsa-archer-egrc-platform.htm

●     Thomson Reuters ACCELUS - http://accelus.thomsonreuters.com/

●     Wynyard - https://wynyardgroup.com/

●     BWise - http://www.bwise.com/

●     NTT data Figtree Solutions - http://www.figtreesystems.com/

The following list is provided by the magazine Computer Weekly:

●     SaS for Enterprise Risk Management - SaS has a risk management platform that is targeted at a number of industries including insurance, energy and government.

●     IBM Enterprise Risk Management - IBM’s enterprise risk management and compliance suite is based on Cognos business intelligence. The software offers management reports, dashboards, scorecards, alerts and notifications.

●     Symbiant Risk Suite - Symbiant’s Risk Suite is web-based and allows different parts of a company to collaborate on risk initiatives.

●     Methodware ERA - Methodware ERA allows firms to integrate their risk assessments, internal audits, compliance initiatives and corporate governance through one tool. It is able to generate reports and analysis.

●     Syntex - Companies such as ExxonMobil, Schlumberger and Royal Dutch Shell use Syntex’s enterprise risk management software. It can be used to improve operational, quality, environmental, health, safety and security risk.

●     Strategic Thought - Strategic Thought’s Active Risk Manager (ARM) is an enterprise risk management suite which started off as a project risk management product. It now has operational risk management capability, as well as business continuity, and governance and compliance.

●     Misys - Misys Summit is a well-established integrated financial trading system, used by many of the world’s leading banks. It has risk management at its core.

●     Murex - Murex is another well-established integrated financial trading system, used by many of the world’s leading banks. Murex is also based on a platform that has risk management at its heart.

●     Calypso - Calypso is a modular Java-based financial trading system which has financial risk management at a key component. It is used by major banks across the world.

http://www.computerweekly.com/feature/Risk-Management-Software-Essential-Guide December 2013

There are also many external advisor/consulting organisations that provide these services along with advice for organisations, these consulting firms tend to apply their own processes and software.

Wolters Kluwer - http://www.wolterskluwer.com/Pages/Home.aspx

Htm Group - https://youtu.be/9HuQEdm7yDY

Riskcloud.net  - https://youtu.be/9HuQEdm7yDY

Reference resources

Other Interesting Activities:

  • Video: Enron: The Smartest Guy in the Room - California (1:02:35 - 1:13:19 section is particularly relevant). This is a commercial video that can be purchased or watched online. While watching, consider the following questions:
    • Why was Enron willing to accept such high levels of risk?
    • Why were its clients willing to accept so much risk?
    • Why did Enron's employees appear to accept risk so willingly?
    • Why is risk management a dynamic issue? Will a project always have the same willingness to accept or not accept risks throughout its life cycle?
    • 'Groupthink' - what does this term mean and why is it important when considering the approach to risk in a project?
  • David Willows, Group Manager, Commercial & Risk at Leighton Contractors in Australia discusses their use of Active Risk Manager for Risk Management 2 years on. Published on May 14, 2012.
  • COCO Understanding and Communicating Risk Appetite 2012, The Committee of Sponsoring Organizations of the Treadway Commission (COSO). http://www.coso.org/documents/ERM-Understanding Communicating Risk Appetite-WEB_FINAL_r9.pdf
  • Rohrmann Bernd, Risk Perception, Risk Attitude, Risk Communication, Risk Management: A Conceptual Appraisal University of Melbourne/Australia - June 2008 Downloaded July 2014 P1 http://tiems.info/dmdocuments/events/TIEMS_2008_Bernd_Rohrmann_Keynote.pdf

Definitions:

  • Risk Adverse: An investor who seeks the least risky investment.
  • Risk Tolerance: The degree of uncertainty that an investor can handle in regard to a negative change in the value of their portfolio.
  • Risk-takers: Individuals who either ignore or downplay risks.
  • Risk Avoidance: Individuals who tend to avoid risks and are at the opposite end of the spectrum compared to risk-seekers.
  • Risk Appetite Management: The degree of understanding of the risk-reward trade-offs within a business. It involves accountability within leadership and policy to guide decision-making and address gaps between perceived and actual risk. Risk appetite defines the boundary of acceptable risk, and risk tolerance defines the degree of variation in measuring risk appetite that management deems acceptable.
  • Risk Propensity: The degree to which an entity is willing to take chances with respect to risk.
  • Risk Bias: The tendency to favor one type of risk over another.
  • Risk Attitude: A chosen response to uncertainty that matters, driven by perception (Hillson, David 2010, Exploiting Future Uncertainty: Creating Value from Risk, e-book, accessed 01 February 2013).