Typically, after completing risk identification and analysis, the following setup describes the risk response strategy and the risk monitoring and control. Therefore, this section addresses the risk response strategy and the risk monitoring phases of the risk management life cycle. To fulfill the purpose of this unit, this section will utilize the 15 previously identified and analyzed risks. In addition, this report will identify and recommend approaches for reducing and eliminating the impact or the probability of adverse risks. Moreover, this report will recommend approaches for increasing the likelihood of occurrence for a positive risk.
Roles and Responsibilities
Project Manager: The defining role and responsibility of a program manager are completing a project successfully while strictly meeting the deadline, all objectives, and remaining within the budget set (Ndlela, 2018). The project manager achieves this responsibility by communicating effectively with the project’s team members and key stakeholders (Ndlela, 2018). In addition, the project manager is responsible for selecting and building a team to work with during the tenure of the project (Ndlela, 2018).
Risk Owner: The risk owner is responsible for coordinating efforts to manage and reduce the impact of risks on an enterprise (Ittner & Oyon, 2020). The risk owner meets this responsibility by identifying, assessing, managing, and monitoring risks. The risk owner also ensure that the risk tolerance level matches the risk appetite of the risk owner and also ensures that the risk management process is integrated into the daily operational activities (Ittner & Oyon, 2020).
Vendor Representative: Vendor representatives act on behalf of the vendors. Therefore, the vendor’s role in the risk management cycle is to pinpoint and mitigate risks associated with the vendors (Ndlela, 2018). The vendor representative assumes this role to facilitate, forge and maintain long-term relationships between the vendors and the risk owner (Ndlela, 2018). To adequately play their role, the vendor representatives have the responsibility of defining and establishing a vendor risk management and audit process that ensures vendor risks are dealt with optimally.
System Analyst: System analysts specialize in designing, analyzing, and implementing risk management systems (Ndlela, 2018). Therefore, the defining role of the system analysts is to direct, plan and coordinate an organization’s risk and risk assessment programs (Ndlela, 2018). System analysts successfully execute this role by determining and evaluating operational risks and emerging risks and suggesting viable ways of managing and mitigating the risks.
Project Sponsor: Project sponsors are responsible for appointing risk management project managers (Ndlela, 2018). They are also responsible for defining the success measuring criteria in risk management (Ndlela, 2018). As a result, they have a responsibility of ensuring the success of the project by securing and providing the required resources and budget requirements for managing risks.
Risk seeker: Risk seekers are individuals or investors who prefer risks (Batteux et al., 2018). They are also called risk lovers since they willingly accept uncertainty in the economy under the promise of potentially high returns (Batteux et al., 2018). They are generally risking tolerant and have a high-risk appetite.
Risk averse: Unlike risk seekers, risk-averse investors are inclined to avoid risks (Batteux et al., 2018). As a result, they readily appreciate low-risk investment opportunities despite the low expected returns. The risk-averse individuals’ motivation is thus to preserve capital and are therefore not risk-tolerant and have a low-risk appetite (Batteux et al., 2018).
Your recommended team structure based on risk tolerance: Heterogenous risk management team
Justification: Meng et al. (2019) define a heterogenous team as a mixed team comprising individuals with different abilities, experiences, and cultures that can foster more significant dynamics within a group. Therefore, having a team of risk-seekers and risk-averse individuals will ensure that the risk managers capitalize on the strengths of each risk group as risk-seekers and risk-averse individuals are both experts in their risk tolerance level (Meng et al., 2019). In addition, with a heterogeneous team, the team’s knowledge in risk management is increased significantly. Moreover, having a diversified team will facilitate efficient team learning and consequently improve decision-making capacity (Meng et al., 2019).
Addressing Risks According to Priority
Severity of consequences: Risk severity measures the extent of damage resulting from an occurrence of a risk event to an organization (Sohrabinejad & Rahimi, 2018). The severity of consequences can be ranked as high, moderate, or low, with high consequences yielding maximum impact to an organization (Sohrabinejad et al., 2018). As a result, I will prioritize and actively manage the high consequence risks in my risk management framework as they have the most significant impact on my organization. Low consequence risk will therefore receive low active management as their impact is mild.
Cost effectiveness: Cost-effectiveness refers to the expected payoff after mitigating and managing a potential risk (Sohrabinejad et al., 2018). Risks that promise to yield a maximum payoff, in that they utilize low resources in management and maximize returns, will receive active management. On the other hand, expensive risks that do not result in significant improvement in the organization position will not be actively managed (Sohrabinejad et al., 2018).
Time consideration: Sometimes, identified risks can span over a long period before being addressed, resulting in time or schedule risks (Sohrabinejad et al., 2018). When a risk remains in the system for long, the risk is likely to impact other operations such as budget, delivery dates, and overall performance (Sohrabinejad et al., 2018). Therefore, risks that are expected to remain in the system for long should be actively managed to prevent their long term effect on organizational operations.
Are your risk response strategies realistic? There are four main response strategies to adverse risks: avoidance, mitigation, transfer and acceptance If the risk management decides to accept the risk, the risk should not be actively managed. However, if the risk managers believe that they ought to mitigate the risk, the risk owner should actively manage the risk to ensure it is successfully contained.
Risk Strategies for Negative Risks
Mitigate: Risk mitigation is a strategy intended to take precautions to lessen the effects of adverse risks (Oluoch & Kisimbji, 2021). Ideally, risk mitigation allows risk managers to perform certain activities that will reduce the impact of the risk. Risk mitigation is advantageous as it fosters more confidence while dealing with risk (Oluoch & Kisimbji, 2021). In addition, a risk mitigation strategy allows the risk management team to be creative, which can, in turn, yield successful initiatives that are likely to improve the organization’s brand or cash-in-flow (Oluoch & Kisimbji, 2021). In addition, mitigating risks tends to improve customer satisfaction as mitigation strategy aims to ensure consistency and improve customer experience. However, risk mitigation requires complex calculations in managing risks which makes it difficult (Oluoch & Kisimbji, 2021). Moreover, risk mitigation requires adequate data gathering, which may be expensive or hard to implement without a skilled workforce.
Transfer: Risk transfer is a risk strategy mechanism that allows a risk owner to transfer future risks to another person, entity, or organization. In this case, the risk management team takes action that obliges a third party to take responsibility when a risk occurs (Oluoch & Kisimbji, 2021). Risk transfer strategies such as insurance and derivatives are advantageous as they safeguard an organization against future risks. In addition, risk transfer reduces financial losses at a relatively low cost. However, risk transfer has its share of disadvantages. For instance, risk transfer adds additional expenses to the risk owner in terms of insurance premiums (Oluoch & Kisimbji, 2021). In addition, there is limited coverage in risk transfer due to the nature of the insurance contracts.
Avoid: Risk avoidance is a strategy intended to eliminate the likelihood of occurrence harmfulrisks (Oluoch & Kisimbji, 2021). Risk avoidance is beneficial when the consequences are incredibly high to justify the cost of initiating risk mitigation (Oluoch & Kisimbji, 2021). The main advantage of this strategy is that it eliminates the risk. It also fosters business continuity as the risks are eliminated. However, avoidance deprives organizations of opportunities for growth by suppressing creativity in dealing with risks.
Risk Strategies for Positive Risks
Enhance: Risk enhancing involves taking steps to improve or increase the likelihood and impact of positive risks (Oluoch & Kisimbji, 2021). The main advantage of this strategy is that it allows the organization to grab an opportunity that can improve its competitive edge. However, risk enhancement is disadvantageous as there is no guarantee or assurance that the positive risk will occur.
Exploit: Risk exploitation strategy is intended to manipulate a favorable risk to ensure that the risk occurs (Oluoch & Kisimbji, 2021). It, therefore, involves developing a plan to provide an organization reaps the benefits of a positive risk (Oluoch & Kisimbji, 2021). Risk exploitation is advantageous as it allows risk managers to use creativity to manipulate a positive risk to yield maximum benefits such as increased cash in-flow. The main disadvantage of this strategy is that it is challenging to implement as it involves complex calculations in terms of risk management.
Share: This strategy involves collaboration with other organizations to exploit a positive risk (Oluoch & Kisimbji, 2021). The advantage of this strategy is that it encourages teamwork and discredits unhealthy competition as the partners strive to reap the benefits equally. Its main disadvantages arise from the difficulty associated with deciding the criteria for sharing the benefits of the positive risk.
Risk Response Strategies for Identified Risks
|Risk ID||Risk Description||Response Strategy||Action Plan|
|Example||Sudden loss of electricity||Mitigate||Purchase generators and large fuel canisters|
|1||A potential upcoming policy modification that could be of advantage to the project||Enhance||Understanding the policy limitations and applicability|
|2||Need for additional tools, resources, training, or materials||Share||Partnering with other organization to purchase resources and to train employees|
|3||Technology development that has the potential of saving time and resources||Exploit||Applying the technology in large scale in business operation|
|4||Poorly defined project purpose and need||Mitigate||Hire competent risk management manager to document the project requirements|
|5||Incomplete project deliverable and design definition||Mitigate||Define the deliverable and design definition|
|6||Unclearly defined or poorly understood project schedule||Mitigate||Determine the scope and objectives to be achieved within a specified time frame|
|7||Lack of control over various staff urgencies||Avoid||Training employee in-house|
|8||Delays by either the contractor or consultant||Mitigate||Sign contractual agreement compelling timely delivery|
|9||Errors in project estimation and scheduling||Mitigate||Using historical data to plan for current projects|
|10||Unforeseen works that need to be accomplished||Mitigate||Consult with risk management team on how to handle the work|
|11||Poor communication, resulting in confusion and poor clarity||Avoid||Developing a project communication plan to be adhered to at all time|
|12||Unresolved project conflicts||Mitigate||Addressing project conflicts as soon as possible|
|13||Delay in earlier phases of the project, hence jeopardizing the ability to meet deadlines||Mitigate||Setting realistic objectives, goals and deadlines|
|14||Legal action which pauses or delays the project||Mitigate||Anticipate for legal action delay, and factor it in the deliverables timeline|
|15||Natural occurrences for instance extreme weather conditions||Share||Taking an insurance policy to caution the threat of bad weather on project delay|
Risk Monitoring and Control
Individual(s) responsible for monitoring risks: The risk owner is responsible for monitoring and controlling risks. According to Obondi (2022), risk monitoring is an iterative process. Therefore, the risk owner will first keep track of all existing threats and constantly check the need for reassessment and whether a risk event has been triggered (Ittner & Oyon, 2020). In addition, the risk owners need to continuously reclassify the risk depending on their risk tolerance level as they are harmed first by the risk event (Ittner & Oyon, 2020). In addition, the risk owners must ensure that the risk register is continuously updated and that each risk has had the attention and resources required to mitigate it (Ittner & Oyon, 2020).
Frequency of risk audits: According to ElHaddad et al. (2020), organizations must determine the frequency of running internal risk audits. However, since risks are different, organizations need to understand the criteria to define the frequency of auditing and monitoring. Therefore, to optimally monitor risk through the frequency of audits, it is imperative to understand the consequences of a risk ElHaddad et al. (2020). Typically, the higher the risk, the more than the number of risk audits are required. In addition, for matured projects that can run efficiently, ElHaddad et al. (2020) believe they should be audited less frequently than immature projects. Finally, risks that are known to occur numerous times should be monitored continually to mitigate their long-term effect (ElHaddad et al., 2020).
Will you use auditors from the project team or outside of the project team? Outsourcing auditor in risk monitoring and control is essential. According to ElHaddad et al. (2020), outsourced auditors provide the project team with new knowledge, advice, and expertise that can aid in improving the risk response strategies.
How will new risks be identified? Crispin (2020) describes risk identification as a challenging process in project management due to the multiple sources of risks. Therefore, to aid in risk monitoring and control, Crispin (2020) suggests that risk managers should identify new risks by reviewing the project scope, schedule, performance parameters, stakeholders’ expectations, and supply chain vulnerabilities.
How will outdated risks be removed? Risk owners strive to combat risks with each risk they deal with, brings them closer to completing their project. Consequently, the risk owners need to monitor the risks identified and remove them once they are addressed. A risk that has been dealt with is outdated and needs to be removed from the risk-management cycle. Crispin (2020) contends that the risk owners should remove an outdated risk if the risk consequence falls beyond a threshold that project managers can ignore without repercussions.
Were the risk response strategies effective or not? Risk monitoring ensures that the response strategies effectively mitigate specific risks. Therefore, risk owners should monitor each risk and its corresponding response strategy to ensure the strategy is effective. As a result, an underperforming strategy needs to be monitored further, modified, or improved to yield results.
Different stakeholders in the risk management team have diverse roles and responsibilities. For instance, while the project manager aims at ensuring a project is completed within the desired time frame, the risk owner provides the resources to ensure risks are addressed. In addition, risk stakeholders fall into two broad categories. These categories are risk-averse, low-risk investments, and risk seekers who prefer high-risk investments. However, it requires a heterogeneous team of risk-averse and risk seekers for risk management to work optimally. Typically, risks are prioritized to ensure the project team first tackles the most significant risks. Risk owners can prioritize the risks depending on the risk’s consequences and schedule. After prioritizing the risks, the project team defines ways of responding to the risks. The risk manager can decide to mitigate, avoid or share an adverse risk.
On the other hand, the manager can choose to enhance, exploit or share a positive risk. The last step in the risk-management life cycle is monitoring and control. In this stage, the stakeholders can choose to monitor risks based on various reasons, including the role of individuals in risk management and the need for frequent auditing.
Batteux E, Ferguson E, Tunney RJ (2019) Do our risk preferences change when we make decisions for others? A meta-analysis of self-other differences in decisions involving risk. PLoS ONE 14(5). Doi: 10.1371/journal.pone.0216566
Crispin, G. (2020). The Essence of Risk Identification in Project Risk Management: An Overview. International Journal of Science and Research (IJSR). 9(2019). 1553-1557. Doi: 10.21275/SR20215023033.
ElHaddad, A. A., ElHaddad, N. R., & Alfadhli, M. I. (2020). Internal Audit and its Role in Risk Management Evidence: the Libyan Universities. International Journal of Academic Research in Business and Social Sciences, 10(1), 361–377.
Ittner, C. & Oyon, D. (2019). Risk Ownership, ERM Practices, and the Role of the Finance Function. Journal of Management Accounting Research. 32. Doi: 10.2308/jmar-52549.
Meng, S., Yan, J. & Cao, X. (2019). Heterogeneity in top management teams and outward foreign direct investment: evidence from Chinese listed companies. Front. Bus. Res. China 13(16). Doi: 10.1186/s11782-019-0063-0
Ndlela M.N. (2019) A Stakeholder Approach to Risk Management. In: Crisis Communication. Palgrave Pivot, Cham.
Obondi, K. (2022). The utilization of project risk monitoring and control practices and their relationship with project success in construction projects. Journal of Project Management, 7(1), 35-52.
Oluoch, G. B., & Kisimbii, J. (2021). Risk Management Strategies and Implementation of Healthcare Projects in Low Resources Countries. Journal of Entrepreneurship & Project Management, 5(1), 81-105
Sohrabinejad, A., Rahimi, M. (2015) Risk Determination, Prioritization, and Classifying in Construction Project Case Study: Gharb Tehran Commercial-Administrative Complex. Journal of Construction Engineering. Doi: 10.1155/2015/203468