Managing Project Risks provides a comprehensive treatment of project risk management, offering a systematic but easy-to-follow approach. This book explores critical topics that influence how risks are managed, but which are rarely found in other books, including risk knowledge management, cultural risk-shaping, project complexity, political risks, and strategic risk management.
The book commences with foundational concepts, providing an overview of risk, project definitions, project stakeholders, and risk management systems. Subsequent chapters explore the core processes of project risk management, including risk identification, analysis, evaluation, response strategies, and risk monitoring and control. Additional topics include risk knowledge management, the influence of culture on risk, political risks in projects, and relevant software applications. Experienced readers may choose to navigate directly to the later chapters, which focus on strategic risk management and offer recommendations for planning, building, and maturing a project risk management system.
Throughout, the authors impart a practical approach that does not rely on high level expertise or advanced mathematical techniques; the emphasis remains on pragmatic solutions, user-friendly techniques, and reliable communication, enabling readers to seamlessly integrate theory into practice.
Updates to the newly revised Second Edition of Managing Project Risks include: - Additional tools and techniques for risk identification and an expanded treatment of risk communication - A new tool for early-stage project complexity assessment - the stage where uncertainties, and thus threat and opportunity risks, are at their highest level - A more substantial treatment of planning for crisis response and disaster recovery, taking into consideration climate change and the increasingly prevalent impacts of severe weather phenomena - More information on strategic risk management, now including public and organizational policy development with respect to risks in projects
Managing Project Risks is an essential resource for practitioners of project management across architecture, construction, engineering, and technology disciplines, for undergraduate and postgraduate students, and for public and private sector stakeholders involved in decision-making and policy development. It is useful wherever project-driven activities are undertaken.
Table of Contents
About the Authors xvii
Preface to the Second Edition xviii
Preface to the First Edition xix
Acknowledgments xxi
Glossary of Terms xxii
1 Introduction 1
1.1 Introduction 1
1.2 The Project Perspective 1
1.3 The Project Stakeholder Perspective 2
1.4 Overview of Contents 3
1.5 Limitations Caveat 5
2 An Overview of Risk 7
2.1 Chapter Introduction 7
2.2 Risk Definitions 7
2.3 Threat and Opportunity 9
2.4 Risk and Uncertainty 11
2.4.1 Uncertainties in the Type of Risk Trigger Events 14
2.4.2 Uncertainties in the Occurrence of Risk Events 14
2.4.3 Uncertainties in the Period of Exposure to Risk Events 14
2.4.4 Uncertainty in the Type of Consequences of Risk Events 15
2.4.5 Uncertainty in the Magnitude of Risk Consequences 15
2.4.6 Uncertainty in Periods of Exposure to Risk Consequences 16
2.5 The Dynamic Nature of Risk 17
2.6 Psychology and Perceptions of Risk 17
2.7 Risk Awareness 18
2.8 Classifying Risk 19
2.8.1 A Generic Source Event Risk Classification System 20
2.8.2 Natural Systems Risks 21
2.8.3 Human Risks 22
2.8.4 Risk Classification Based on Organisational Structure 25
2.8.5 Risk Classification Based on Project Phases 26
2.8.6 Customised Hybrid Approaches to Risk Classification 26
2.8.7 Multisystem Risk Classification 28
2.9 Risk Communication 28
2.10 Chapter Summary 29
References 30
3 Projects and Project Stakeholders 31
3.1 Introduction 31
3.2 The Nature of Projects 31
3.3 Project Objectives 32
3.3.1 Procurement Objectives 33
3.3.2 Operational Objectives 35
3.3.3 Strategic Objectives 36
3.4 Project Phases 39
3.5 Composition of Projects 41
3.6 Processes of Project Implementation 43
3.6.1 IT Project Example 44
3.6.2 Ideation and Concept Development 44
3.6.3 Project Development Stage 45
3.6.4 Project Deployment and Operation 46
3.6.5 Operational Maintenance 46
3.7 Organisational Structures for Projects 46
3.8 Project Stakeholder Relationships 47
3.9 Stakeholder Organisational Structures 55
3.9.1 Simple Structures 55
3.9.2 Machine Bureaucracies 55
3.9.3 Professional Bureaucracies 57
3.9.4 Divisionalised Forms 59
3.9.5 Adhocracies 60
3.10 Modes of Organisational Management 61
3.11 Project Stakeholder Decision-Making 62
3.12 ‘Risky’ Projects 66
3.13 Chapter Summary 68
References 68
4 Project Risk Management Systems and Frameworks 69
4.1 Chapter Introduction 69
4.2 Risk Management 70
4.3 Risk Management Systems 72
4.4 Risk Management Standards and Guides 73
4.5 A Cycle of Systematic Project Risk Management 75
4.5.1 A: Establish the Context 77
4.5.2 B 1 : Identify Risks 77
4.5.3 B 2 : Analyse Risks 78
4.5.4 B 3 : Evaluate Risks 78
4.5.5 C: Respond to Risks 78
4.5.6 D: Monitor and Control Risks 79
4.5.7 E: Capture Project Risk Knowledge 79
4.6 Project Stages and Risk Management Workshops 80
4.6.1 Construction Project Example 80
4.6.2 The DB Design-Bid Stage 82
4.6.3 The DB Build Stage 83
4.6.4 IT Project Example 84
4.7 A Project Risk Register Template 86
4.8 RMS Integration 89
4.9 RM Governance and Responsibility 89
4.10 Joint Venture RMS 89
4.11 Project Client RM Requirements 90
4.12 Chapter Summary 90
References 91
5 Project Risk Contexts and Drivers 93
5.1 Chapter Introduction 93
5.2 The Contextualising Process 94
5.3 Internal Contexts as Risk Drivers 95
5.4 External Contexts as Risk Drivers 97
5.4.1 Physical Contexts 99
5.4.2 Technical Contexts 100
5.4.3 Economic Contexts 100
5.4.4 Social Contexts 101
5.5 Using Contextual Information 102
5.6 Chapter Summary 104
Reference 104
6 Approach to Project Risk Identification 105
6.1 Chapter Introduction 105
6.2 Approach to Risk Identification 106
6.3 Workshop Timing 107
6.4 Types of Risk Identification Techniques 112
6.4.1 Activity-Related Techniques 114
6.4.2 Analytical Techniques 114
6.4.3 Associated Representative Techniques 115
6.4.4 Functional Value-Related Technique 116
6.4.5 Matrix Combinations 117
6.4.6 Simulation or Visualisation Techniques 117
6.4.7 Speculation Techniques 117
6.4.8 Structural or Management Techniques 118
6.5 Chapter Summary 119
Reference 119
7 Project Risk Identification Tools 121
7.1 Chapter Introduction 121
7.2 Activity-Related Tools 122
7.2.1 Work Breakdown Structures 122
7.2.2 Bar Charts 126
7.2.3 Critical Path Networks 127
7.3 Analytical Tools 130
7.3.1 Decision Tree Analysis 131
7.3.2 Event Tree Analysis 133
7.3.3 Fault Tree Analysis 134
7.3.4 Failure Modes and Effects Criticality Analysis 135
7.3.5 Hazard and Operability Studies (HAZOPS) 136
7.3.6 Safety Hazard Analysis (SHA) 138
7.4 Associated Representative Tools 141
7.4.1 Contextualisation 141
7.4.2 Checklists 142
7.4.3 Financially Related Tools 144
7.4.4 Procedural Manuals Tools 144
7.4.5 Design/Cost Related 148
7.4.6 Risk Related 150
7.5 Matrix Combinations Tools 152
7.6 Simulation or Visualisation Tools 155
7.7 Speculation Tools 157
7.7.1 Scenario Testing 157
7.7.2 Stress Testing 158
7.8 Structural or Management Tools 159
7.9 Risk Identification Statements 159
7.10 Chapter Summary 162
References 163
8 Project Risk Analysis and Evaluation 165
8.1 Chapter Introduction 165
8.2 Qualitative Analysis 167
8.3 Assessing Likelihood 168
8.4 Assessing Impacts 171
8.5 Evaluating Risk Severity 172
8.6 Quantitative Analysis 175
8.7 Risk Mapping 183
8.8 Chapter Summary 184
Reference 186
9 Risk Response and Treatment Options 187
9.1 Chapter Introduction 187
9.2 Risk Attitudes and Appetites 188
9.3 Existing Risk Controls 191
9.4 Risk Response Options 192
9.4.1 Risk Avoidance 192
9.4.2 Risk Transfer 194
9.4.3 Risk Reduction and Retention 196
9.4.4 Risk Retention 197
9.4.5 Combination Responses to Risk 197
9.5 Risk Treatment Options 198
9.6 Risk Mitigation Principles 200
9.7 Strategic use of ALARP 201
9.8 Re-assessment 202
9.9 Recording Decisions 202
9.10 Chapter Summary 203
References 203
10 Risk Monitoring and Control 205
10.1 Chapter Introduction 205
10.2 Assigning Responsibility 206
10.3 Monitoring Procedures 209
10.3.1 Negligible Risks 210
10.3.2 Low Risks 210
10.3.3 Medium Risks 210
10.3.4 High Risks 210
10.3.5 Extreme Risks 211
10.4 Control Measures 211
10.4.1 Negligible Risks 212
10.4.2 Low Risks 212
10.4.3 Medium Risks 212
10.4.4 High Risks 212
10.4.5 Extreme Risks 212
10.5 Reporting Processes 214
10.6 Dealing with New Risks 215
10.7 Disaster Planning and Recovery 215
10.8 Capturing Project Risk Knowledge 216
10.9 Chapter Summary 217
11 Project Risk Knowledge Management 219
11.1 Chapter Introduction 219
11.2 Knowledge Definitions and Types 221
11.2.1 Knowledge Transformation 221
11.2.2 Types and Forms of Knowledge 223
11.2.3 Organisational Culture and Knowledge Management 223
11.3 The Knowledge Creation Cycle 224
11.3.1 Stage 1 (Tacit to Tacit): Use and Validate 225
11.3.2 Stage 2 (Tacit to Explicit): Identify and Capture 225
11.3.3 Stage 3 (Explicit to Explicit): Codify and Store 225
11.3.4 Stage 4 (Explicit to Tacit): Share and Update 226
11.3.5 Using and Validating Knowledge 226
11.3.6 Identifying and Capturing Knowledge 227
11.3.7 Codifying and Storing Knowledge 228
11.3.8 Sharing and Updating Knowledge 229
11.4 Additional Issues of Organisational Culture 230
11.4.1 KMS Alignment and Information Redundancy 231
11.4.2 Tools and Techniques for Eliciting Risk Knowledge 231
11.4.3 Brainstorming Sessions 233
11.4.4 Storytelling 233
11.4.5 Communities of Practice 233
11.4.6 Networking 234
11.4.7 Project Reviews, Project Debriefings and ‘Lessons Learned’ 234
11.4.8 Mentoring and Apprenticeships 235
11.4.9 Induction and Training Courses 235
11.4.10 Workplace Design 235
11.4.11 People Finders 235
11.4.12 Intranets and IT Platforms 235
11.4.13 Internet Search Engines and Alerting Services 236
11.4.14 Organisational Culture 236
11.4.15 PRMS-Related Tools 236
11.4.16 Developing Organisational Risk Wisdom 237
11.5 Project and ORR Architecture 237
11.5.1 Capturing Project Risk Experiences 238
11.5.2 PRRs 239
11.5.3 Beyond the Project Level is the ORR 240
11.6 Challenges for Implementing RKMSs 242
11.6.1 Issues Relating to Knowledge Itself 242
11.6.2 Storing, Accessing and Using Knowledge 242
11.6.3 Knowledge System Development and Implementation Costs 243
11.6.4 Concern with Financial Issues and Return on Investment 244
11.6.5 Concern with Time Management and ‘Unproductive Tasks’ 244
11.7 Communication and Risk Knowledge Management 246
11.8 Ai 247
11.9 Chapter Summary 249
References 249
12 Cultural Shaping of Risk 251
12.1 Chapter Introduction 251
12.2 Culture in Society 252
12.3 Organisational Cultures 253
12.3.1 Organisational Scans 256
12.3.2 The Organisational Scanning Process 259
12.4 External Cultures as Project Risk-Shapers 260
12.4.1 Media Scans 260
12.5 Organisational Cultures of Other Project Stakeholders 261
12.6 Applying Cultural Shaping in Project Risk Management 262
12.7 Chapter Summary 266
Reference 267
13 Project Complexity and Risk 269
13.1 Chapter Introduction 269
13.2 The Concept of Complexity 269
13.2.1 Differentiation 272
13.2.2 Inter-dependency 274
13.3 Relative Complexity 276
13.4 Uncertainty and Project Complexity 278
13.5 An Early-Stage Project Complexity Assessment Tool 280
13.6 Identifying and Mapping Complexity 284
13.7 Influence of Complexity on Risk Management 285
13.8 Complexity and Mega-Projects 286
13.9 Chapter Summary 288
References 289
14 Political Risk 291
14.1 Chapter Introduction 291
14.2 Political Spheres 293
14.3 Dimensions of Political Risk Factors 293
14.4 Examples of Political Risks 295
14.5 Political Stakeholders 298
14.6 Managing Political Risks 298
14.6.1 Contextualising 298
14.6.2 Identifying Political Risks 300
14.6.3 Analysing and Assessing Political Risks 300
14.6.4 Responding to Political Risks 301
14.6.5 Monitoring and Controlling Political Risks 302
14.6.6 Knowledge Capture 302
14.6.7 In-House Political Risks 302
14.7 More Extreme Political Threat Risks 303
14.8 Professional Misconduct 304
14.9 Corruption 305
14.9.1 Conflict of Interest 308
14.10 Chapter Summary 309
References 310
15 Planning for Crisis Response and Disaster Recovery 313
15.1 Chapter Introduction 313
15.1.1 Crisis 313
15.1.2 Disaster 314
15.2 Crises 314
15.2.1 Snowy Hydro 2 Scheme 315
15.2.2 COVID-19 Pandemic 316
15.2.3 Australian Housing Crisis 318
15.2.4 Australian Telco Crises 319
15.3 Disasters 319
15.3.1 Whakaari White Island Disaster 320
15.3.2 Floods and Fires 321
15.3.3 Asylum Seeker Disasters 321
15.4 Planning for Crisis Response and Disaster Recovery 322
15.4.1 Strategic Management 322
15.4.2 Strategic Planning Management 325
15.4.3 The Champlain Towers Disaster 325
15.4.4 Leadership and Management Control 327
15.4.5 Regulatory Environments 328
15.4.6 Human Resource Management 329
15.4.7 Resources Management 329
15.4.8 Utilities and Services 330
15.4.9 Security and Crime 331
15.4.10 Health Services Management 332
15.4.11 Environment 332
15.4.12 Cross-border Co-operation and Management 332
15.4.13 Communications Management 333
15.5 Risk Management for Crisis Response and Disaster Recovery Planning 333
15.6 Chapter Summary 334
References 334
16 Opportunity Risk Management 335
16.1 Chapter Introduction 335
16.2 Concept of Opportunity Risk 336
16.3 Opportunity Risk in Projects 338
16.4 Examples of Opportunity Risks 339
16.4.1 IT Brand Product Personalisation Service 339
16.4.2 Botanic Gardens Special Display Project 339
16.4.3 Case Study A (PPP Correctional Facility) 340
16.4.4 Case Study C (Aid-Funded Pacific Rim Island Civic Project) 340
16.5 Managing Opportunity Risks 341
16.5.1 Implications for Personnel 341
16.5.1.1 SP1: Exchanging Ideas Too Early and Too Often Hinders Their Diversity and Potential to Innovate 342
16.5.1.2 SP2: The Workplace Should Promote Absurdity 342
16.5.1.3 SP4: Adversities Are Worth Keeping, Even Introduced, in the Workplace to Promote Innovation 343
16.5.1.4 Artificial Intelligence (AI) 343
16.5.1.5 Implications for the Project RMS 344
16.5.1.6 Context Establishment 344
16.5.1.7 Risk Identification 344
16.5.1.8 Risk Statements 345
16.5.1.9 Risk Analysis 345
16.5.1.10 Risk Evaluation 346
16.5.1.11 Risk Response 346
16.5.1.12 Monitoring and Control 350
16.5.1.13 Knowledge Capture 350
16.6 Chapter Summary 350
References 351
17 Strategic Risk Management 353
17.1 Chapter Introduction 353
17.2 Strategic Issues for Project Risk Management 355
17.2.1 Project Risk Management System (PRMS) Implementation 356
17.2.2 System Separation/Integration 358
17.2.3 System Inception 359
17.2.4 Initial System Application 359
17.2.5 Roles and Responsibilities 360
17.2.6 PRMS Process Approach 361
17.2.7 Risk Knowledge Management 363
17.2.8 PRMS Maintenance and Development 364
17.2.9 Crisis Response and Disaster Preparedness 364
17.3 PRMS Process Strategies 366
17.3.1 Project Contextualisation 366
17.3.2 Project Risk Identification Strategies 367
17.3.3 Quantitative and Qualitative Risk Analysis Strategies 367
17.3.4 Risk Response and Treatment Strategies 369
17.3.5 Risk Monitoring and Control Strategies 369
17.3.6 Risk Knowledge Capture Strategies 370
17.4 Chapter Summary 370
References 370
18 Planning, Building and Maturing a Project Risk Management System 371
18.1 Chapter Introduction 371
18.2 PRMS Objectives 372
18.3 Planning and Designing the PRMS 373
18.3.1 Planning the PRMS 373
18.3.2 Designing the System 374
18.4 Risk Management Maturity 376
18.4.1 Level 1 PRMS Maturity (Mostly Unaware) 376
18.4.2 Level 2 PRMS Maturity (Starting) 377
18.4.3 Level 3 PRMS Maturity (Growing) 379
18.4.4 Level 4 RM Maturity (Maturing) 380
18.5 Building the PRMS 382
18.5.1 Organising the PRMS Project 382
18.5.2 PRMS Specialists 382
18.5.3 System-Building Tasks 383
18.5.4 Component Testing 384
18.5.5 PRMS Trials 385
18.5.6 PRMS Roll-Out 385
18.6 PRMS Performance Review and Improvement Cycle 386
18.6.1 Review Criteria 387
18.6.2 System Benchmarking 390
18.6.3 Addressing System Decay 391
18.6.4 Review Frequency 392
18.7 Chapter Summary 392
References 392
19 Computer Applications 395
19.1 Chapter Introduction 395
19.2 PRMS Software Applications 396
19.2.1 Tables and Matrices 396
19.2.2 Spreadsheets 398
19.2.3 Project Management Systems 400
19.2.4 Bespoke RKMS 401
19.3 Other Information Technologies and Tools 401
19.3.1 Simulation Systems 401
19.3.2 Smart Sensors 402
19.3.3 Aerial Drones 402
19.3.4 Building Information Modelling 403
19.4 Chapter Summary 403
20 Communicating Risk 405
20.1 Chapter Introduction 405
20.2 Communication Theory and Models 406
20.2.1 Other Theory Elements of the Model 406
20.2.2 Processes in the Model 408
20.3 Components in the Communication Process 409
20.3.1 Senders 409
20.3.2 Receivers 409
20.3.3 Messages 409
20.3.4 Media 410
20.3.5 Channels 411
20.3.6 Relays 411
20.3.7 Filters 412
20.3.8 Interference 412
20.3.9 Feedback 413
20.4 Communicating Risk in the PRMS Cycle 413
20.5 Communicating Project Risk Beyond the Project Stakeholder Organisations 415
20.5.1 Promotional Announcements 415
20.5.2 Communicating Risk in Adverse or Challenging Environments 415
20.5.3 Social Amplification of Risk 415
20.5.4 Social Licence 416
20.5.5 Communication in Extensive Advisory Loops 417
20.6 Evaluating Risk Communication 417
20.7 Chapter Summary 418
References 419
21 Conclusions 421
21.1 Chapter Introduction 421
21.2 Current State of Project Risk Management 422
21.2.1 Changes in Business Conditions 423
21.2.2 More Serious Risk Impacts and Consequences 423
21.2.3 Public Expectations and Regulations 423
21.2.4 Publication of Standards and Texts 424
21.2.5 Psycho-Social Emphases 424
21.2.6 Tertiary Curriculum Changes 424
21.2.7 Continuing Issues with Contemporary PRMS 424
21.3 Future Project Risk Management 425
21.4 Checking Your Reading Satisfaction 427
21.4.1 Risk 427
21.4.2 Projects 428
21.4.3 Prms 428
21.4.4 Risk Contexts 429
21.4.5 Risk Identification 429
21.4.6 Risk Assessment 430
21.4.7 Risk Response 430
21.4.8 Risk Monitoring and Control 431
21.4.9 Risk Knowledge Management 431
21.4.10 Risk and Culture 431
21.4.11 Complexity 432
21.4.12 Political Risk 432
21.4.13 Planning for Crisis Response and Disaster Recovery 433
21.4.14 Opportunity Risk 433
21.4.15 Strategic Risk Management 433
21.4.16 Building and Maturing a PRMS 434
21.4.17 Computer Applications 434
21.4.18 Communicating Risk 435
21.4.19 Case Studies 435
21.5 Closing Remarks 436
Case Study A: PPP Correctional Facilities Project 439
Case Study B: Rail Improvement Project 449
Case Study C: PM Consultant and Government-Aid-Funded Pacific-Rim Project 455
Case Study D: High-Capacity Metropolitan Train Mock-up Project 461
Case Study E: Hot-Rod Car Project 463
Case Study F: Aquatic Theme Park Project 467
Case Study G: Risk Governance Guidance Document 471
Case Study H: Rise and Fall of a Plumbing Company 477
Index 483
