What is Project and Strategic Risk

Risk Managment

Project Risk Management
Project Risk Management

Project and Strategic Risk

Project and Strategic Risk

There are various risk classifications. There is a clear distinction between project risk and strategic risk.

Project risk is limited to those aspects of risk that are considered entirely in relation to the project. The project itself is one component or element in the overall strategy for the organization. The project faces one set of risks through its life cycle. These risks will generally be of a different nature to those faced by the organization as a whole in executing its strategy. These strategic risks are long-term and affect the company as a whole rather than individual project.

Examples of project risks include:

• Delays caused by bad weather;

• Errors in specific contract documents;

• Cost increases caused by changes in individual supplier prices;

• Day today breakdown of plant and equipment;

• Individual absenteeism and labor problems.

These would be allowed for as part of the overall project risk management process.

Strategic risk is generally more difficult to manage than project risk. Strategic risk tends to be applicable over the long term.

Most small to medium sized projects are designed and implemented within a relatively short time scale, and so they are unlikely to be affected by long-term changes in the political or economic environment. Strategic risks also tend to be more complex and difficult to model and assess than project risk.

Examples of strategic risk include:

Variations in competitor behavior.

• Changes in the economy.

• Impact of IT and new technology.

They are presumably also beyond the limits of correction that are available through the use and application of management reserve or contingencies. In addition, new strategies may be formed within the organization. These may serve to reinforce or deflect the original strategy.

Types of Risk

There are of course many types of risk. In addition, risks take many forms and they impact on the organization in a range of ways. The literature on risk management identifies a number of different primary headings. Some writers use different names for different types of risk. However, the broad headings are: • strategic risk; • operational risk; • financial risk; • knowledge risk; • catastrophic risk.

Each is described further below.

Strategic risk.

Strategic risk includes risk relating to the long-term performance of the organization. This includes a range of variables such as the market, corporate governance and stakeholders. The market is highly variable and can change at relatively short notice, as can the economic characteristics of the country or countries in which a given organization is operating The corporate governance risk of the organization includes risk relating to the ethics within which the organization operates. Stakeholder risk includes the risk associated with the shareholders, business partners, customers and suppliers. Shareholder attitudes can change quickly if dividends fall.

Operational risk.

Operational risk includes the process itself, the asset base, the people within the project team and the legal controls within which the organization operates.

Project risk is one type of operational risk, although it could be argued that risk management on longer-term projects should be considered in terms of strategic project risk management. The process of operational risk management includes the product itself, its suitability for market demand, marketing, sales and delivery. People risks include risks associated with human resources and staff development. Legal risks include contractual issues, together with statutory obligations and liability.

Financial risk.

Financial risk includes market, credit, capital structure and reporting risks.

This particular risk heading is easily the most heavily covered in the literature on risk management.

Knowledge risk.

Knowledge risk includes IT hardware and software, information management, knowledge management, and planning.

Catastrophic risk.

Catastrophic risk includes risk that cannot be predicted effectively and therefore cannot be quantified accurately. The usual precaution is to cover such risk with some kind of contingency sum or reserve.

Market Risk and Static Risk

Market risk (business risk or dynamic risk)

Market risk is dynamic. It is concerned with both positive and negative values, or potential gains and losses to the organization. Market business risk is primarily concerned with the risk to all the stakeholders within the company, while market financial risk is restricted to equity holders.

Market risks can change over time and can shift between likely positive and negative values.

Market risk is measured by changes and variations in the general marketplace.

In addition, market risk can be split into two primary components. These are business risk and financial risk. Market Business Risk (MBR) arises from the company trading with its assets. MBR is a risk to the company as a whole, and is therefore distributed among the shareholders, creditors, employees and all other stakeholders. Market Financial Risk (MFR) arises from the gearing ratio, which is a measure of the financing of the organization. MFR is the risk of the annual dividend falling to zero, so that equity holders make no return on their shareholdings.

Static risk (specific risk or insurable risk).

Static risk considers losses only. It looks at the potential losses that could occur and seeks to implement safeguards and protection in order to minimize the extent of the loss. Static risk refers to risks that only provide the potential for losses. Considerations of specific risk are therefore generally concerned with making sure that the company performs at a given level. It is most concerned with making sure that losses or problems are minimized. Obvious examples would include: • fire insurance; • third party and public liability (consequential loss) insurance; • tortuous liability (professional indemnity) insurance; • personnel insurance; • other optional forms of insurance.

External Risk

External risk originates and operates outside the organization. As a consequence, the organization has virtually no control over it and has to predict possible eventualities and move in advance or respond once the external factors have occurred.

External risks could originate from other organizations, the government, changes in consumer and client demand, and so on. The organization has no alternative other than to respond to the risks as they appear.

Competitor risk.

This includes the actions and strategies of ‘new kids on the block’ and established competitors, either of whom might develop or release a new product that is a direct threat to the established sales base of the company. In the worst case, it could threaten the ability of the company to survive.

Market demand risk.

The demands of the customer base change and alter rapidly. This applies more in some markets than others.

Innovation risk.

Increasingly, fast track change and innovation are affecting risk strategies. Again, this is more pronounced in some industries than in others. A good example is the PC.

Exposure risk.

All companies are exposed to different levels of risk, and different risks will affect them in different ways. Factors such as borrowing and gearing ratio will affect the firm’s exposure and its ability to survive changes in the environment, such as interest rate changes. High levels of borrowing could result in problems if interest rates are suddenly increased as a result of government concerns about inflation.

Shareholder risk.

A firm that depends on shareholder equity has to keep the shareholders happy. If shareholder confidence declines, the effects on the company can be significant.

Political risk.

The government of the home country and of overseas countries where the company has expanded can represent a major risk. Government fiscal policy and the consequent performance of the economy can make the difference between success and failure in a new venture.

Statute risk.

Governments constantly change existing statutes and introduce new ones. These can affect the profitability of affected organizations. In some cases, these statutes can be one offs, which are aimed at a specific problem or issue. However, they could also be general and could affect all areas of industry.

Impact risk.

Some companies are better than others at withstanding big ‘hits’. This can depend on a lot of variables, including the degree of diversification.

The ability to withstand risk impact depends essentially on the degree of exposure of the company risk profile, and the sensitivity of different sectors of the company to that impact. Sometimes companies might be exposed to financial risk and reputation risk equally, but might be far more sensitive to reputation risk. These companies would be able to meet the financial consequences of a big impact (compensation, reinstatement etc.), but may suffer grievously from the damage to the reputation of the company (future loss of consumer confidence, falling sales etc.).

Internal Risk

There are many possible internal risks. These are risks that originate from within an organization and over which, at least in theory; the company should have some control.

Some examples of this category are listed below.

Operational processes risk. This includes such factors as: – human resources availability risk; – production capacity risk; – time based competition risk; – variations in customer demand risk; – process failure risk; – health and safety compliance risk; – tactical response risk; – change risk.

Financial risk. This includes such factors as:– borrowing risk; – cash flow risk; – equity risk; – concentration risk; – collateral (security) risk; – opportunity loss risk; – opportunity cost risk; – exchange rate risk.

Management risk. This includes such factors as: – management error risk; – leadership risk; – outsourcing risk; – strategy implementation risk; – communications risk.

IT and Technology risk.This includes such factors as: – system obsolescence risk; – breakdown and failure risk; – fraud risk; malicious virus risk; – system compromise risk; – capacity limit risk.

Risk

Predictable and Unpredictable Risks

Predictable risks are ‘known unknown’ risks, such as changes in interest rates during times of fluctuations in the economy. They can be predicted with some accuracy although not with certainty. Unpredictable risks are the ‘unknown unknowns’. These cannot be predicted with any accuracy.

A dynamic internal unpredictable risk could therefore be a project status change. The organization might start a project and give it top priority. However, another project might start up immediately afterwards and this new project might be given top priority. This is a dynamic risk in that it could increase or decrease the overall performance and effectiveness of the project. It is clearly internal as the status relates only to the company portfolio. It is unpredictable as it could not have been foreseen at the time that the initial project was implemented.

Risk Conditions and Decision making

Risk assessment and control are really tools for decision making. They allow the decision maker to consider the various types of risk that apply to a particular case and weigh up the situation before a decision is made.

Risk is intrinsically linked to decision making. A decision maker instinctively thinks over the risks associated with a decision that he or she is evaluating. Managers have to make decisions all the time and in doing so they evaluate risk.

There are generally three main conditions under which decisions can be made. These are: • conditions of certainty; • conditions of risk; • conditions of uncertainty.

• Conditions of certainty.

Conditions of certainty apply where the outcome is known. This is a ‘known’ event. It is foreseeable from the information that is available to the decision maker and its occurrence can be forecast with certainty.

• Conditions of risk.

Conditions of risk apply where there is a reasonable probability that an event will occur and where some kind of assessment can be made. Most risk management and decision making take place under conditions of risk. The degree to which the information available constitutes a risk will vary depending on the nature of the application. It is generally possible to transfer some risk associated with conditions of risk by taking out some form of insurance policy.

• Conditions of uncertainty.

Conditions of uncertainty apply where it is not possible to identify any known events. Decision making under conditions of uncertainty is therefore concerned with wholly ‘unknown’ events. Under conditions of uncertainty it is not possible to predict outcomes with any accuracy. In general terms, most actuaries would say that risks are insurable while uncertainties are not. It is generally not possible to transfer risk under conditions of uncertainty through insurance, because the events concerned are not reasonably foreseeable and therefore cannot be forecast with any degree of accuracy. So what is the relationship between conditions of certainty, risk and uncertainty?

The same decision may have to be made under each of the conditions and the outcome may be different depending on the nature of the condition.

Under conditions of certainty, there is no risk and therefore the decision is easy.

Under conditions of risk, the outcome is not clear, but the risk can be evaluated in some way. Under conditions of uncertainty, risk cannot be evaluated with any accuracy. Under the last set of circumstances, the decision maker can either adopt some kind of strategy that depends on the nature of the condition, or he or she can attempt to convert the conditions of uncertainty into conditions of risk by some kind of subjective assessment.

Conditions of Certainty

Decision making under conditions of certainty implies that the decision maker knows with 100 per cent accuracy what the outcome will be. In other words, all the necessary decision-making data and information are available to assist the decision maker in making the right decision.

Decision making under Conditions of Risk

In most practical situations, there is no single dominant strategy for all eventualities. In general terms: • higher profits = higher potential risks. • Higher profits = higher potential losses.

In the absence of a dominant strategy, a probability is assigned to each individual state of nature.

Decision making under Conditions of Uncertainty

The difference between conditions of uncertainty and conditions of risk is that under risk there are assigned probabilities that relate to the ‘known unknowns’. Under conditions of uncertainty, these probabilities do not apply. All possible outcomes can be identified and the related probabilities can be assessed to the best of the firm’s knowledge, but the decision maker simply does not know which event will occur, nor when.

There are several obvious sources of uncertainty. These might be externally driven (environment), internally driven (process) or decision driven (information)sources. Externally driven (environment) sources would include all externalfactors such as inflation, the general level of economic activity, changes ininterest rates, demographic changes, competitor changes, revisions of statute,and so on. Internally driven (process) sources would include employee attitudes,motivation, loyalty, the implementation of new technology and changed workingpractices, new products, innovation, changes in the supplier and client base,etc. Decision driven(information) sources would include typical elements ofcorporate strategy and strategic planning such as new market analysis, mergersand acquisitions, research and development, investment, etc.

The Need for a Risk Management Strategy

Risk management is becoming increasingly important as the business world changes. Companies have changed considerably since the early 1980s; the risks and opportunities that they face have changed in proportion. Competition and the demands for efficiency are far greater than they have ever been. Companies are now cut right back to the bone. Every possible area for outsourcing and risk transfer has already been exploited. Companies are as efficient, more or less, as they can be. New competition areas, such as concurrent engineering and time based competition, are becoming the new corporate battlegrounds. They demand a new approach to risk taking and consequently to risk management.

There is now, more than ever, a need for risk management as a collective corporate strategy. Such a risk management system needs to align strategy, production, human resources, technology, leadership and knowledge. It needs to cross functional and project boundaries and unite all sections of the enterprise in the envelope of Total Strategic Risk Management (TSRM).

Risk Flow

Risk Types
Risk Types

More by this Author


Comments 2 comments

ZIa Ahmed khan profile image

ZIa Ahmed khan 4 years ago from Kuwait Author

@jpcmc - thanks, project risk management in this volatile market is real issue and challenge when many projects are left in middle without completion.


jpcmc profile image

jpcmc 4 years ago from Quezon CIty, Phlippines

Many companies fail to do reasonable risk assessments. This turns out to be a huge blunder as they spend more just rectifying errors and patching up problems. This is a vry exhaustive hub on project risk and it is definitely useful.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working