Risk Management

www.bournemouth.ac.uk
 Learning Objectives
At the end of this session students should be able
to:
• Understand the nature of Risk and Risk
Management
• Understand the Risk Management Process
• Create a risk register to monitor and control risks

www.bournemouth.ac.uk
 RISK MANAGEMENT
CONTEXT

www.bournemouth.ac.uk
 What is a Risk?

• A risk is an uncertain event or set of events that,

should it occur, will have an effect on the
achievement of objectives.

• Risk taking in projects is inevitable since projects

are enablers of change and change introduces
uncertainty, hence risk.

www.bournemouth.ac.uk
 The story so far

• Stakeholder Requirements
• Scope
• Cost
• Time
• NOW Risk

www.bournemouth.ac.uk
 Traditional View
• Minor Risks
• http://www.youtube.com/watch?v=hNjcjOE
X_NA
• Major Risks
• http://www.workingwithcrowds.com/crowd-
disasters-year
/
• https://
www.theguardian.com/football/2017/jun/03
/juventus-fans-injured-turin-square-panic-fi
recrackers
www.bournemouth.ac.uk
 What is a Risk?

• Risk consists of a combination of the probability

of a perceived threat or opportunity occurring,
and the magnitude of its impact on objectives
(OGC 2011), where:
• Threat is used to describe an uncertain event that
could have a negative impact on objectives
• Opportunity is used to describe an uncertain event
that could have a favorable impact on objectives.

www.bournemouth.ac.uk
 Expressing Risk

www.bournemouth.ac.uk
 RISK MANAGEMENT
PRINCIPLES

www.bournemouth.ac.uk
 What is risk management?

•The systematic application of procedures to the tasks of

identifying and assessing risks, and then planning and
implementing risk responses (PMI 2008/2012).
•For risk management to be effective, risks need to be:
•Identified: This includes risks being considered that could affect
the achievement of the project's objectives, and then described
to ensure that there is a common understanding of these risks
•Assessed: This includes ensuring that each risk can be ranked
in terms of estimated likelihood, impact and immediacy
•Controlled: This includes identifying, executing, and evaluating
appropriate responses to risks.

www.bournemouth.ac.uk
 Risk Management Procedure

1. Identify
2. Assess
3. Plan
4. Implement
5. COMMUNICATE

www.bournemouth.ac.uk
 1. Identify

• Obtain information about the project in

order to understand the specific objectives
that are at risk and to formulate the Risk
Management Strategy

www.bournemouth.ac.uk
 External Influences on Event
Risks Pt 1
• Global Industry Environment
• Events share common characteristics
related to:
• Scale
• Scope
• Infrastructure and facilities requirements
• Resource commitments

www.bournemouth.ac.uk
 External Influences on Event
Risks Pt 2
• Country Environment
• Political institutions and institutional design
shape influence the type of risk regulations
• Germany, executive and cooperative
federalism requiring coordination of state
police services (Landespolizei).
• UK, unitary state, competition between
authorities representing London and
National Agencies
www.bournemouth.ac.uk
 Internal Influences on Event
Risks Pt1
• Number of organizations involved and the
relationship between them
• The needs of the stakeholders involved with the
project
• The importance, complexity and scale of the
project

www.bournemouth.ac.uk
 Internal Influences on Event
Risks Pt 2
• The organization's own environment (e.g.
legislative or governance requirements)
• The organization's approach to risk
management as described by its risk
management policy

www.bournemouth.ac.uk
 Internal Influences on Risk:
Project Scope
Event Objective: 100
attendees

What are the possible Conference

risks?

6
5 Delegate
1 Venue 2.Attendees 3 Speakers 4 Publicity Conference
Handouts
Logistics

www.bournemouth.ac.uk
 Internal Influences on risk:
Schedule
Event Objective: Raise awareness of diversity issues
What are the possible risks?

Tasks Time Duration End Time

Flashmob Rehearsal 11:00:00 1.00 12:00:00

Check the Equipment - Music, Camera,
Laptops 11:00:00 0.40 11:40:00

Check Arrangement with Stalls 11:40:00 0.10 11:50:00

Check Posters, Leaflets, Ribbons,
Sweets etc. 11:40:00 0.20 12:00:00

Set up Stalls, and Laptops 12:00:00 0.30 12:40:00

Stall Staff arriving 12:30:00 0.20 12:50:00

1st part of Event begins - Stalls and
information 13:00:00 2.00 15:30:00
www.bournemouth.ac.uk
 Class Discussion

• Which of the previous influencing factors

affect your event design and delivery?

www.bournemouth.ac.uk
 RISK MANAGEMENT
PROCESS

www.bournemouth.ac.uk
 Risk Identification Requirements

• Project information:
• Stakeholder Analysis
• Scope
• Product Breakdown Structure
• Schedule

www.bournemouth.ac.uk
 Risk identification techniques
• Review lessons: Review similar previous projects to
see what threats and opportunities affected them
• Risk checklists: These are in-house lists of risks that
have either been identified or have occurred on previous
similar projects(Raz & Michael, 2001).
• . Examples:
• http://www.hse.gov.uk/event-safety/getting-started.htm
• http://
www.fmd.qut.edu.au/campus_services/facilities_hire/Event_Safe
ty_Checklist.pdf
• http://
www2.cdc.gov/cdcup/library/checklists/CDC_UP_Risk_Manage
ment_checklist.pdf
www.bournemouth.ac.uk
 Risk Identification Techniques

• Risk prompt lists: These are publicly

available lists that categorize risks into
types or areas and are normally relevant to
a wide range of projects. Risk prompt lists
are useful aids to help stimulate thinking
about sources of risk in the widest context
• Http://
www.london.ac.uk/fileadmin/documents/ab
out/governance/Guide_to_Risk_Managem
ent_2011-12_01.pdf
www.bournemouth.ac.uk
 Risk Identification Actions
• Brainstorming: can also be used to understand
the stakeholders' views of the risks identified
• Capture identified threats and opportunities
along with possible proximity (time)
• Share final list to understand the stakeholders'
view of the specific risks captured.

www.bournemouth.ac.uk
 Risk Breakdown Structure
• Lists categories and subcategories where
risks may arise Event

Project
Stage Organizational
Management

Limited Design
Funding Estimates
Time

Legal
Prioritization Scheduling
Specifications

Resource
Communication
Availability

www.bournemouth.ac.uk
 Risk &Project Stages
Phase Activities Techniques Documents
Initiation/ Strategic risk analysis Strategic risk checklist Initial risk evaluation
Conceptual and evaluation
Phase
Planning Risk management Planning template Risk planning
planning Risk checklist
Risk Risk Indicators‘/Trigger Risk indicators'
Indicators‘/Triggers checklist /triggers list
definition
Setup and Risk Indicators' Risk Indicators' /Triggers list Updated Risk
Staging /Triggers revision indicators' /triggers
Correcting actions Risk planning Updated risk
planning
Closure Project closure Meeting Project results report
decision
Closure report Lessons learned template Lessons learned
approval

Adapted from Marcelino-Sádaba, Pérez-Ezcurdia, Lazcano& Villanueva (2014).

www.bournemouth.ac.uk
 RISK ESTIMATION TECHIQUES

www.bournemouth.ac.uk
 2. Assess

• The primary goal of the 'Estimate' step is to assess

the threats and the opportunities to the project in
terms of their probability and impact.

• The risk proximity will also be of interest to gauge

how quickly the risk is likely to materialize if no
action were taken.

• Additionally, How the impact of the threats and

opportunities may change over the life of the project.
www.bournemouth.ac.uk
 Example:Probability Impact Grid

www.bournemouth.ac.uk
 Other Risk Estimation
Techniques
• Expected value: This technique quantifies risk by
combining the cost of the risk impact with the
probability of the risk occurring.

• Pareto analysis This technique ranks or orders

risks once they have been assessed to determine
the order in which they should be addressed. It
can be used to focus management effort on those
risks that have the potential to have the greatest
impact on the project objectives

www.bournemouth.ac.uk
 PLANNING RISK RESPONSES

www.bournemouth.ac.uk
 3. Plan

• The primary goal of the 'Plan' step is to

prepare specific management responses to
the threats and opportunities identified,
ideally to remove reduce the threats and to
maximize the opportunities.

• Attention to the Plan step ensures as far as

possible that the project is not taken by
surprise if a risk materializes
www.bournemouth.ac.uk
 Risk Responses

www.bournemouth.ac.uk
 Risk response categories for
threats
• Avoid :A change is made (e.g., to project scope)
to remove the threat or neutralize its effect on
project objectives. By taking these steps, the
uncertain event can never occur.
• E.g. You can avoid the threat of a poor live performance
by using a recording
• Reduce: Action is taken to reduce either the
probability or the impact of the risk before the risk
occurs.
• E.g Warning labels on food products so that customers
with allergies can make the appropriate choices
www.bournemouth.ac.uk
 Risk response categories for
threats
• Fallback: Also referred to as a contingency plan,
the Fallback response is performed only if the
risk occurs, and is therefore reactive rather than
proactive. As a result, it does not affect risk
probability, but mitigates its impact. Examples?
• Transfer: The financial impact of a risk can
partly be transferred to a third party (e.g., by
taking out insurance)
• Accept: This is a conscious decision to do
nothing.
www.bournemouth.ac.uk
 Risk response categories for
opportunities
• Exploit: Action to force the risk event to
occur.
• Enhance: Proactive response, increasing
either probability or impact of the risk
(direct opposite to ‘Reduce’).
• Reject: A conscious decision to do nothing.

www.bournemouth.ac.uk
 Risk response category for both
threats and opportunities
• Share: Stakeholders may share the gain if
costs are lower than planned, and the
losses if costs are greater than expected.

www.bournemouth.ac.uk
 4. Implement
• The primary goal of the 'Implement' step is to ensure that the
planned risk responses are actioned, their effectiveness
monitored, and corrective action taken where responses do not
match expectations.

• Risk owner A named individual who is responsible for the

management, monitoring and control of all aspects of a
particular risk assigned to them, including the implementation
of the selected responses to address the threats or to
maximize the opportunities
 
• Risk actionee An individual assigned to carry out a risk
response action or actions to respond to a particular risk or set
of risks. They support and take direction from the risk owner.
www.bournemouth.ac.uk
 Example of a risk owner and risk
actionee
• A risk analysis of a festival reveals that there is a chance
that a key music equipment supplier may go bankrupt.
The commercial director has been appointed as the risk
owner. A number of risk responses have been identified
and selected. One of the risk responses (fallback) is to
identify possible alternative promoters who have the
capacity to undertake the affected Work Packages at
short notice, and to obtain some quotes from them.
• The Procurement Manager is the risk actionee for this
particular risk response.

• The risk owner should be the person most capable of

managing the risk
www.bournemouth.ac.uk
 Communicate
• Communication is a step that is carried out
continually.
• The 'Communicate' step should ensure
that information related to the threats and
opportunities faced by the project is
communicated both within the project and
externally to stakeholders.

www.bournemouth.ac.uk
 Risk Register
• The main output of the risk identification process is a list of
identified risks and other information needed to begin
creating a risk register.

• A risk register is:

• A document that contains the results of various
risk management processes and that is often
displayed in a table or spreadsheet format.
• A tool for documenting potential risk events and
related information.

www.bournemouth.ac.uk
41
 Risk Register Contents

• An identification number for each risk

event.
• The name of each risk event.
• A rank for each risk event.
• A description of each risk event.
• The category under which each risk event
falls.
• The root cause of each risk.
www.bournemouth.ac.uk
42
 Risk Register Contents (cont’d)

• Triggers for each risk; triggers are indicators or

symptoms of actual risk events.
• Response Category (Avoid, Fallback, etc)
• Potential responses to each risk.
• The risk owner or person who will own or take
responsibility for each risk.
• The probability and impact of each risk
occurring.
• The status of each risk.

www.bournemouth.ac.uk
43
 Risk Register

No. Rank Risk Description Category Root Triggers Potential Risk Probability Impact Status
Cause Responses Owner

R44 1

R21 2

R7 3

www.bournemouth.ac.uk
44
 BU Risk Register
• You need: PBS, Schedule, Event Scope
• Complete the name, date, venue, type of event being
held and name of the person doing the review and the
date of the review.
• Identify the location(s) involved.
• Identify the potential hazards, i.e. what could happen?
• Hazard Definition:
http://www.ccohs.ca/oshanswers/hsprograms/hazard
_risk.html
• Identify who might be harmed, i.e. the person(s) at risk.
• Describe the control measures already in place to reduce
the risk of this hazard.
www.bournemouth.ac.uk
 BU Risk Register
• Assess whether the risks are adequately controlled -
Yes/No
• If no, and bearing in mind the control measures already
in place, calculate the residual level of severity of the
potential hazard:
1= Slightly harmful (minor injuries e.g. minor
cuts/bruises)
2 = Harmful (e.g. broken bones or curable conditions)
3 = Extremely harmful (e.g. would cause fatality,
major long-term injuries or conditions)

www.bournemouth.ac.uk
 BU Risk Register

• 8. Bearing in mind the control measures already in

place, calculate the likelihood of occurrence of the
potential hazard:
1 = Highly unlikely
2 = May occur rarely
3 = Likely
• 9. Multiply the level of severity score by the likelihood of
occurrence. If it is in the red area (i.e. scoring 6-9) an
alternative, safer means of organising the event must be
found.

www.bournemouth.ac.uk
 University Risk Assessment
Grid
SEVERITY
3
2
1
112 3

Likelihood

LIKELIHOOD

www.bournemouth.ac.uk
 Further Reading
• Hubbard (2009), The Failure of Risk Management,  Wiley. ISBN 978-0-470-
38795-5
• Jennings, W, & Lodge, M 2011, 'Governing Mega-Events: Tools of Security
Risk Management for the FIFA 2006 World Cup in Germany and London
2012 Olympic Games', Government & Opposition, 46, 2, p. 192
• Kerzner, H. (2003),  Advanced Project Management: Best Practices on
Implementation, John Wiley & Sons Inc, ISBN: 0471472840
• Marcelino-Sádaba, S., Pérez-Ezcurdia, A., Lazcano, A. M. E., & Villanueva,
P. (2014). Project risk management methodology for small firms.
International Journal of Project Management, 32(2), 327-340.
• Raz, T., & Michael, E. (2001). Use and benefits of tools for project risk
management. International Journal of Project Management, 19(1), 9-17.
• Silvers, J. (2008) Risk management for meetings and events [electronic
resource] Amsterdam ; London : Butterworth-Heinemann

www.bournemouth.ac.uk
 Further Reading

• Standards
– BS 6079-3: 2000 Guide to the Management of Business related
Project Risk
– BS IEC 62198:2001 Project Risk Management.  Application
Guidelines
• Ward, S., & Chapman, C. (2003). Transforming project risk
management into project uncertainty management. International
Journal of Project Management,21(2), 97-105.

www.bournemouth.ac.uk