As described in the preface to the book, while there is a plethora of books, papers and articles on the subject of Project Risk Management, they commonly (but not exclusively) focus on the theory and process of risk management. This book attempts to provide a more practical approach albeit still with reference to some of the underlying principles. To satisfy this goal this book describes a set of implementation guidelines for Project Risk Management to aid embedding risk with a project’s culture.

The guidelines are aimed at providing practical experience-based guidance for effective risk management. While the guidelines are written in the manner of a series of ‘rules’ to provide clear direction, they should not be regarded as hard and fast, mandatory, ‘must comply’ activities. The reason being that project risk management must be tailored to suit a project’s context and circumstances. The ‘rules’ are not arranged in any particular order of importance – the first ones are not more important than later ones and vice versa. In addition twenty six of what I have termed ‘mini’ case studies have been included to provide real world examples of success and failure in project delivery and a reason (or reasons) behind the outcome which provide a rich insight into project performance. They have been kept short to strive to ensure they did not swamp the book or lose their focus. They relate to projects from around the world. Without exaggeration they were fascinating to research and read about.

[ribbon-light]A model or interpretation of ISO 31000 for projects[/ribbon-light]

The ‘rules’ are based on those aspects which are considered to contribute to effective project risk management. A way of eliciting those aspects which drive productive risk management, was to examine International Standard ISO 31000:2009, Risk management – Principles and guidelines, (subsequently referred to as the Standard). A model of ISO31000 is proposed here (see Figure 1 below) which stems from a systems view of the world which illustrates one aspect of the Standard being a sub set of another. An organisation (Organisation A) sits within an external environment and within that organisation is the leadership function which controls the project stakeholders, resources and the systems (a group term adopted for the risk framework, policy, plan and individual procedures). This way of looking at risk management is based on concepts described in an article and a refereed paper authored by Chapman. The model included here illustrates that multiple organisations sit within the environment, where some external organisations impact on Organisation A (inward arrow), are affected by Organisation A (outward arrow) and engage in contracts with Organisation A (bi-directional arrows). In addition others which are not affected by, engage with, or impact Organisation A, are labelled “Independent Organisations”. The reason for the inclusion of these other organisations is that as projects grow in scale and complexity, the greater the dependency will be (in terms of a project realising its objectives) on third parties. While not all projects are construction projects, consider for example the number of organisations that will have been involved in constructing Terminal 5 at London Heathrow Airport, the buildings erected for the 2012 London Olympics and the Burj Khalifa tower in Dubai, UAE. In addition consider for instance the manufacture of a plane, ship or train and the number of suppliers that are involved. The model is composed of layered concentric squares with the most significant on the upper level and the less significant on the lower levels. Organisation A will be totally dependent on the Environment as clearly no organisation is divorced from its surroundings. The leadership will be tailored to the organisation and the resources will be dictated by the leadership. The systems will be devised to reflect the resources, stakeholders, leadership, organisation, environment and the other organisations within the environment.

ISO 31000
Figure 1: Model of ISO 31000

The seven subject areas of Figure S1.2 above (namely environment, external stakeholders [including the supply chain], organisation, leadership, internal stakeholders, resources and systems) have been adopted as the seven sections which subdivide this book.

[ribbon-light]Seven Sections[/ribbon-light]

Environment: environment is the term used to describe an organisation’s complete context, not just its natural environment. An environment is characterised by cultural, political, legal, regulatory, financial, technological, economic, developmental, environmental and social aspects. Projects will be exposed to the same aspects of the environment as the organisations which undertake them. The way an organisation undertakes its projects and deals with the uncertainty emanating from the environment will directly affect the health of the organisation in terms of finance, reputation, stakeholder relations, repeat business, compliance and in some cases share price.

External stakeholders: an external project stakeholder is a party that may influence or be influenced by a project but is not part of the organisation for which the project is undertaken. External stakeholders are considered here to include regulators, central government agencies, local authorities, highway agencies, utility companies, design and survey consultancies, contractors, sub-contractors and suppliers.

Organisation: an organisation is a deliberate arrangement of people with specific roles and responsibilities and arranged in a structures to accomplish some specific purpose. The organisation sits within an environment which influences for instance its purpose, structure, people, inputs, outputs, profitability and longevity. There are variety of legal types of organisations which are created in the public and private sector.

Leadership: leadership is the process of leading and influencing a group to achieve specific pre-determined goals. Leadership can occur at all levels in an organisation from board members down to individual team leaders. Leadership is the activity undertaken by managers in leadership positions within the organisational structure. Leadership in the context of risk management entails agreeing the objectives for risk management, establishing a risk management function, ensuring accountability for risk management, supporting the embedding of the process and driving the implementation of improvements of risk management as part of continuous improvement.

Internal Stakeholders: The simple definition of internal stakeholders adopted here is that they are those individuals within a project organisation, who will initiate the project, sanction expenditure, agree the scope, participate in implementation and use the output. In a broader sense internal stakeholders are those who will influence the project it or be affected by it. Who these stakeholders are will vary to some degree between projects in the public and private sector and from industry to industry. The internal stakeholders of a project may include the project board, customer, end users, project manager, project team and in-house functions such as finance, legal, information technology, public relations and human resources.

Resources: risk management resources include financial, physical, human and intangible.

Systems: ‘systems’ is used here as a global term which includes risk management documents, software and practices. So for instance it includes frameworks, policies, plans, procedures and templates. It includes hardware and software. It includes risk management training, maturity models and risk management techniques.

[ribbon-light]Relationship between the sections and the ‘rules’[/ribbon-light]
Each section contains a number of ‘rules’ of project risk management which have been selected to support the implementation of effective risk management. It would be foolhardy to claim that the rules cover all aspects of project risk management implementation as the subject is so broad. As mentioned earlier the ‘rules’ are not rigid statements that have to be complied with, like those to be observed in a game of chess. They are commonly recognised ‘veracities’ based on experience and underpinned by a combination of guidelines and recommendations included in ISO 31000, the PMI Practice Standard for Project Risk Management, the RAMP guide , PRAM Guide , Cabinet Office M_o_R guide and other notable publications, which if ignored could undermine the successful implementation of project risk management. They are guidelines as projects vary so considerably for instance in their procurement, execution, context, timeframe, complexity and scale. Included in Figure 2 below is a cause and effect diagram which illustrates the seven subject areas together with the ‘rules’ described for each. It is not intended that the book provide be an exhaustive list of ‘rules’ but it strives to identify and describe those that are the most commonly applicable.

Cause and effect diagram-v2Figure 2: Cause and effect diagram of the seven subject areas and the ‘rules’ of project risk management described for each.

[ribbon]Author Bio:[/ribbon]

Dr Robert Chapman, FIRM, FAPM, FICM is an international project risk management specialist. Robert obtained his PhD in risk management in 1998. He has provided risk management services in Europe, Asia and Africa. His latest book The Rules of Project Risk Management, implementation guidelines for major projects was published in 2014. His first book entitled Retaining Design Team Members, a Risk Management Approach was published by RIBA Enterprises Ltd, London, in 2002 which examines the causes behind employee turnover, the impact it can have and the risk mitigation actions that can be implemented to reduce the likelihood of occurrence. His second book “Simple tools and techniques for enterprise risk management” was first published in 2006. Due to its popularity, the second edition was published in 2011. It is on sale in forty countries around the world and recommended reading in universities internationally (including the USA, UK, Malta, Singapore, India and Australia). Dr Chapman has had articles published by Enterprise Risk (South Africa), ExtraProtect (translated into French and German), IT Adviser, Yorkshire Post, Strategic Risk, PLC Strategies, Project, the Architects’ Journal and PropertyWeek and refereed papers published by the Journal of International Project Management and Construction Management & Economics.