The Art of Calculated Courage: Embracing Risk Management for Unstoppable Growth
Photo by Suraj Agrawal / Unsplash

The Art of Calculated Courage: Embracing Risk Management for Unstoppable Growth

Risk at the Initiation Phase

The initiation phase of a project is a crucial stage where organizations carefully consider the risks involved before deciding whether to proceed. The process involves identifying, assessing, and prioritizing potential risks to the project's success. One of the key ways organizations manage risk is by selecting projects that balance their risk appetite and investment needs. This involves evaluating the potential risks and rewards of each project and determining the optimal mix of high-risk, high-reward projects and low-risk, low-reward projects to achieve a balanced portfolio.

Risk is an inherent part of any project, and organizations understand that higher risk projects generally yield higher returns. However, excessive risk-taking can lead to project failure, which can be costly for the organization and its stakeholders. Therefore, organizations carefully select projects that complement their criteria for a balanced portfolio.

The government or 'State' also plays a significant role in determining project selection and risk management. Governments may have specific regulations, policies, or funding requirements that organizations must comply with to receive approval for their projects. The government may also provide financial support or guarantees for high-risk projects that align with national priorities or strategic objectives.

Overall, managing project risk during the initiation phase is a critical process that requires careful consideration of the potential risks and rewards of each project. By selecting projects that balance risk appetite and investment needs, organizations can achieve a balanced portfolio that maximizes returns while minimizing risk.

Project Selection

Managing project risks is a crucial aspect of project initiation for organizations. In this topic, we will delve deeper into how organizations manage project risks by carefully balancing their risk appetite with their investment needs. It is a well-known fact that risk and return have an inverse correlation; the higher the risk, the higher the return. Therefore, organizations have to be very prudent in selecting projects that complement their criteria for a balanced portfolio. The process of selecting a project involves a thorough evaluation of the potential risk factors associated with it, followed by an assessment of the probability of occurrence and the potential impact of each identified risk. 

In addition to an organization's own criteria, the government or the state also plays a critical role in selecting projects and the risks that organizations are willing to take. The government may have specific policies and regulations that organizations must comply with while undertaking a project. Failure to adhere to these policies may result in legal and financial penalties, which can pose a significant risk to the organization. Therefore, organizations must work closely with the government and other regulatory bodies to ensure that their projects comply with all relevant regulations and policies.

 Risk and Documents used to Select Projects

Portfolio management is a crucial aspect of any organization, and to enable it, several major documents are created. These documents serve as the backbone of portfolio management and include business cases, submissions/proposals, responses to tender documents, and scoping documents. Each of these documents has several sections that provide detailed information on the project, including its strategic risk to the organization and the potential impact of doing or not doing the project. 

In essence, these project documents serve as a screening tool for the project against the organization's selection criteria. By analyzing the information provided in these documents, the organization can make informed decisions on whether to proceed with a particular project or not. The documents' detailed analysis helps the organization to identify any potential risks associated with the project and mitigate them before moving forward. 

Overall, portfolio management is critical to the success of any organization, and the documents created to enable it play a crucial role in ensuring that projects are selected based on merit and potential benefits to the organization.

Portfolio Management of Projects

The selection of projects in an organization is an important process that involves assessing how well each project aligns with the future needs of the organization. To achieve this, a thorough selection process is carried out where each project is compared against the organization's selection criteria. 

Portfolio management, on the other hand, is the process of collectively managing a group of current or proposed projects. The main objective of portfolio analysis is to determine the optimal mix and sequencing of proposed projects that best align with the organization's overall objectives. 

To select a range of capital projects, a set of criteria is used. These criteria will typically include financial measures such as the payback period, return on investment (ROI), net present value (NPV), and internal rate of return (IRR). Other factors that may be considered include how well the project meets the organization's strategic goals and objectives, the level of innovation in the project, expected cost, consumption of scarce resources, expected timeline and schedule of investment, opportunity costs, financial risk, and the risk of not accepting the project (e.g. compliance project). 

It is crucial to note that each organization's criteria will be unique. These criteria provide a way of assessing the risk of the project to the organization, and how it fits the risk profile of the organization and other projects in the portfolio. The criteria also help to identify relationships or inter-dependencies with other projects in the portfolio.

Portfolio management plays a critical role in the success of businesses and organizations. In their article published in R&D Management in 2001, Robert Cooper, Scott Edgett, and Elko Kleinschmidt provide a comprehensive list of eight reasons why portfolio management is so important.

First and foremost, portfolio management is necessary for financial reasons. It helps businesses maximize their return on investment and R&D productivity, thus achieving their financial goals. Secondly, it is essential to maintain the competitive position of the business by increasing sales and market share. 

Thirdly, portfolio management ensures that scarce resources are allocated efficiently and effectively. It facilitates the selection of projects that align with the business strategy, which is the fourth reason. The portfolio must support the strategy, and the link between project selection and the business strategy must be clear. 

Fifthly, portfolio management helps businesses achieve focus by selecting and resourcing great projects and not doing too many projects with the limited resources available. Sixthly, it enables businesses to achieve a balance between long and short-term projects, high and low-risk ones, and consistent with the goals of the organization.

Seventhly, portfolio management helps to better communicate priorities within the organization both vertically and horizontally. Finally, it provides better objectivity in project selection by weeding out bad projects.

At the strategic level, organizations and departments go through a process of deciding which projects to select. This process is typically done by a senior executive, a high-level financial committee, or board. Gray and Larson's book, Project Management: The Managerial Process, provides an example of a Project Portfolio Matrix that categorizes projects based on their Technically Feasible (low to high) and anticipated Net Present Value (low to high). Net present value is the difference between the present value of the future cash flows from an investment and the amount of investment and is computed by discounting them at the required rate of return. Technically Feasible is a subjective measure, but it provides some insight into the risk of the project based on the premise that new or different technology adds risks to a project.

When it comes to project management, it's important to have a clear understanding of the different types of projects and their potential risks and rewards. The following diagram outlines four distinct categories of projects that an organization might undertake, each with its own unique characteristics.

Firstly, there are bread-and-butter projects, which involve incremental improvements to existing products and services. These projects are generally low-risk and low-reward, but they provide a steady stream of income that can be reinvested in the business.

Secondly, there are pearl projects, which represent more significant commercial advances that build on proven technical advances. These projects are riskier than bread-and-butter projects but also offer higher potential returns.

Thirdly, there are oyster projects, which involve breakthroughs in technology that have the potential to deliver significant commercial payoffs. These projects are the riskiest of the four categories, but they also offer the highest potential rewards.

Finally, there are white elephant projects. These are projects that were once promising but are no longer viable for one reason or another. It's important to recognize when a project has become a white elephant and take steps to either sell it off or shut it down.

The goal of any organization should be to maintain a balanced portfolio of projects that includes a mix of bread-and-butter, pearl, and oyster projects. This approach helps to ensure a steady stream of income while also allowing for innovation and the development of future funds.

Implicit in this portfolio matrix is the idea that adopting new technology is inherently risky. As a result, there is a relationship between risk and return. The more unique and innovative a project is, the higher the risk it carries. Conversely, the higher the risk, the higher the return that the organization will demand from the project. It's important to strike the right balance between risk and reward when selecting and managing projects.

Risk of Unclear Project Charter and Scoping

After receiving approval, every project is assigned to a project manager who is responsible for overseeing the entire project from start to finish. The first and most crucial task of the project manager is to gain a deep understanding of the project's objectives, scope, and the potential risks associated with it. The manager must also assess the available resources and plan accordingly to ensure the project's successful completion within the given timeline and budget. This requires a comprehensive analysis of the project's requirements and constraints. Only after a thorough evaluation of these factors can the project manager start developing an effective plan and strategy for the project's execution.

Clarify the Project Scope and Objective

Managing a portfolio of projects can be a daunting task for organizations, as there are several risks associated with project management. To mitigate these risks, organizations use the process of portfolio management. Once a project is selected to proceed, it is crucial to prepare a project charter or a scoping document for large projects. The preparation of a scoping document or project charter is a mechanism to reduce the risk to the project manager and the organization.

A project charter or goal is a broad definition of what the business wants to achieve through the project. It is the overall goal of the project. It is important to add the list of expected outcomes or deliverables of the project. This creates clarity and helps in the management of project risks.

The project scoping document should be comprehensive and detailed. It should include the project goal, objectives, project outcomes, and products. It should also cover the project scope, constraints, exclusions, and assumptions. Quality expectations and specifications and managing scope changes should also be included.

The project goal should be specific, measurable, agreed-upon, realistic, and time-framed (SMART). It should be linked to the corporate objectives and the business drivers for the project. The project goal focuses on what the project is going to achieve rather than what is produced.

A project can have one or more objectives that do not necessarily need to be measurable. Each objective should be listed as a single sentence. To frame the objective(s), it is useful to answer the question 'why are you doing the project?' The result is a one-sentence statement, or series of statements, starting with the word 'To'. For instance, To relocate the Section XYZ by …..

Exclusions and Assumptions are critical when defining the scope of a project. The scope puts a boundary around the project, and the exclusions are those things outside the boundary. It is essential to clarify these exclusions with stakeholders; otherwise, they may misinterpret the project and expect you to do these things. This may lead to disagreements and disputes, which can have negative consequences.

To reduce risks in managing the project, it is essential to recognize and record assumptions made during the planning process, such as resource availability, environment, technology, security, etc. This will help in ensuring that the project is carried out according to plan.

Constraints are known limitations within which the project must work, such as deadlines, finance and budget, legislation, etc. It is important to keep these constraints in mind when planning and executing the project.

A thorough and detailed project scope or charter, with final sign-off from the project sponsor or client, can help reduce the risks associated with project management. It reduces the likelihood of disputes between the project manager and the client and ensures clear goal posts are set up. Good project management is about a good process and control, and a comprehensive project charter or scope is an essential part of this process.

Propensity to Accept Risk

Risk-taking is an essential aspect of our society. However, it is crucial to identify who the greatest risk-takers are. Additionally, it is essential to understand the parts of an organization that might be less likely to take on risk. Attitudes towards risk differ from one organization to another and even within different parts of the same organization. Furthermore, individuals have varying attitudes towards risk.

Risk attitudes refer to people's intentions to evaluate a risk situation favorably or unfavorably and act accordingly. The underlying traits that influence risk attitudes are risk propensity and risk aversion, i.e., cautiousness. High-risk propensity can induce hazards, while risk management activities may require some risk propensity. However, risk attitudes are neither necessarily stable nor homogeneous across hazard types.

To comprehend risk, it is crucial to clarify the perspective of the person, section, or organization, their role in the project, their training, and so forth. The willingness of a section or organization's personnel to accept risks often reflects the professional competence of the organization, their training, and culture, as well as individuals' propensity to take risks.

Several factors contribute to the acceptance of risk and an organization's or section's perspective. A country's culture, age, gender, industry, professional area, economic cycle, type of risk, and personality all influence an organization's or individual's propensity to take risks. For instance, accounting tends to train people to be conservative, while recessions are periods of less risk-taking.

In conclusion, risk-taking is a crucial aspect of any organization or society. However, it is essential to understand the different attitudes towards risk that people and organizations may have. Only then can we identify the risks that are worth taking and those that are not.

Risk management and organisational culture

The definition of risk management has evolved to include the concept of 'culture', which highlights the importance of a management practice that is instilled at all levels of management and staff, and driven from the top. One of the best examples of culturally accepted and understood risk management currently in place is the occupational health and safety (OH&S) practice. In this case, legislative requirements compel all employers and employees to meet standards in relation to workplace health, safety, and welfare. Although there was initial resistance, most people have come to accept and embrace the practices mandated to reduce the likelihood and consequence of risk in this area.

The UK Corporate Governance Code emphasizes that the board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. To achieve this objective, the concept of 'risk appetite' has emerged as a crucial element in risk management. Risk appetite refers to the level of risk that an organization is willing to accept or tolerate in order to achieve its strategic objectives. 

David Hillson, also known as The Risk Doctor, explains that risk appetite is often confused with other risk terms. In his interview with Dr. Andrew Delo, he provides clear definitions and explains how a right understanding of risk appetite can help organizations take the right risks safely. In their book, "Managing Group Risk Attitude," Murray-Webster and Hillson (2008) delve deeper into the concept of managing risk attitude in a group setting.

The Institute of Risk Management - UK provides five tests that Directors should apply in reviewing their organization's risk appetite framework. Firstly, managers making decisions must understand the degree to which they are permitted to expose the organization to the consequences of an event or situation. Secondly, executives must understand their aggregated and interlinked level of risk to determine whether it is acceptable or not. Thirdly, the board and executive leadership must understand the aggregated and interlinked level of risk for the organization as a whole. Fourthly, both managers and executives must be aware that risk appetite is not constant and may change as the environment and business conditions change. Finally, risk decisions must be made with full consideration of reward. The risk appetite framework should help managers and executives take an appropriate level of risk for the business, given the potential for reward.

Risk Software

Managing risks is crucial for organizations to ensure smooth operations and protect their stakeholders. To achieve this, many organizations use computers and risk management software to collect and manage risk-related information. Evidence of effective risk management, governance, and compliance is a legal requirement in some industries, such as finance and government. These organizations or departments often use software to document and formalize their risks, and much of this software includes compliance frameworks to ensure adherence to regulations.

In some cases, organizations combine their Governance, Risk, and Compliance (GRC) software with their strategic planning software to achieve better results. However, most of the risk management software available is focused on enterprise risk management and tends to be high-level and strategic risk-oriented. For project operational risk, less complex and standalone software may be better suited.

Risk managers need to capture data accurately to identify risks, maintain a legal record, and use it as a reference for future projects. Risk, governance, and compliance software enables data storage and referencing, making it easier for organizations to manage risks efficiently.

There are many leading risk management software providers available in the market today, including Linus Revive, Riskware, Palisade, CURA Risk Management Solutions, LexisNexis, RSA Archer GRC, Thomson Reuters ACCELUS, Wynyard, BWise, and NTT Data Figtree Solutions. These software providers offer solutions that cater to a wide range of industries and needs.

Computer Weekly also provides a list of software providers that specialize in enterprise risk management and compliance, including SaS, IBM, Symbiant, Methodware ERA, Syntex, Strategic Thought, Misys, Murex, and Calypso. These providers offer various features such as management reports, dashboards, scorecards, alerts, notifications, risk assessments, internal audits, compliance initiatives, and corporate governance through a single tool.

In addition to software providers, external advisor/consulting organizations such as Wolters Kluwer, HTM Group, and Riskcloud.net also provide risk management services and advice to organizations. These consulting firms apply their own processes and software to ensure that the organization's risks are identified, monitored, and managed effectively.

References:

Deliberate ignorance in project risk management - Kutsch, Elmar (Kutsch, Elmar and Hall, Mark 2010 ‘Deliberate ignorance in project risk management’ Journal of Project Management Volume 28, Issue 3, April, Pages 245-255)

Categorizing risks in seven large projects—Which risks do the projects focus on? - Krane, Hans Petter  (Krane, 2010. 'Categorizing Risks in Seven Large Projects-Which Risks Do the rojects Focus On?', Project management journal, 8756-9728, vol. 41, Issue 1, p 81)

 In search of the Holy Grail: project management success - Loughrey, Brendan  (Loughrey, Brendan In search of the Holy Grail: project management success, Project V19, No7 (Feb2007),pp24-25)

Danger ahead? - Hillson, David  (Hillson 'DANGER ahead?' 2008, PM Network, 22, 3, pp. 76-80)

Integrating risk appetite into business strategy - Smart, Andrew (Smart, Andrew, 2012)

Risk appetite explained - Smart, Andrew (Smart, Andrew, 2012)

Organization strategy and project selection - Gray, Clifford F (Gray, Clifford F. Larson, Erik W., Project Management: The Managerial Process, 4/e McGraw Hill 2008 ISBN: 0073525154)

General principles of risk attitudes - Hillson, David (Hillson, David, 2007)

Video: Enron: The Smartest Guy in the Room – California (1:02:35 - 1:13:19 section is particularly relevant). This is a commercial video available through video stores or the web. When watching consider the following questions:
- Why was Enron willing to accept such high levels of risk?
- Why where its clients willing to accept so much risk?
- Why did Enron’s people appear to accept risk so willingly?
- Why is risk management a dynamic issue? Will a project always have the same willing to accept or not accept risks throughout its life cycle?
- ‘Group think’ – what does this term mean and why is it important when considering the approach to risk in a project.

David Willows, Group Manager, Commercial & Risk at Leighton Contractors in Australia discusses their use of Active Risk Manager for Risk Management 2 years on. Published on May 14, 2012

COCO Understanding and Communicating Risk Appetite2012, The Committee of

Sponsoring Organizations of the Treadway Commission (COSO). http://www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20Appetite-WEB_FINAL_r9.pdf

Rohrmann Bernd, Risk Perception, Risk Attitude, Risk Communication, Risk Management: A Conceptual Appraisal University of Melbourne/Australia - June 2008 Downloaded July 2014 P1 http://tiems.info/dmdocuments/events/TIEMS_2008_Bernd_Rohrmann_Keynote.pdf

Definitions

Risk Adverse: Investor who seeks the least risky investment.

Risk Tolerance: The degree of uncertainty that an investor can handle in regard to a negative change in the value of his or her portfolio.

Risk-takers: either ignore or play down risks.

Risk avoidance: Those who tend more to avoiding risks are at the opposite end of the scale to the risk-seekers.

Risk appetite management: Degree of understanding the risk-reward trade-offs within the business. Accountability within leadership and policy to guide decision-making and attack gaps between perceived and actual risk. Risk appetite defines the boundary of acceptable risk and risk tolerance defines the variation of measuring risk appetite that management deems acceptable

Risk propensity: Degree to which an entity is willing to take chances with respect to risk

Risk bias: favouring one type of risk over another

Risk Attitude: a chosen response to uncertainty that matters, driven by perception (Hillson, David 2010, Exploiting Future Uncertainty : Creating Value from Risk, e-book, accessed 01 February 2013)

Comments