It's unlikely that you've ever encountered a project that magically went exactly as planned at the very beginning. Any project is subject to risks - all sorts of events that affect it and usually create a headache for the project manager. In general, apart from planning, the main headache of a project manager is precisely in resolving risks. To reduce it, you can think about threats in advance. It's worth it - managing risks is much cheaper and easier than managing real problems. We’ll talk about this in the article: how to properly work with risks when managing projects and why this is important.
Project risk: concept and essence
Project risk is usually understood as an opportunity - the likelihood of adverse situations occurring that potentially lead to a deterioration in the final and intermediate performance indicators of the project. Moreover, the event itself may have varying degrees of uncertainty and various causes.
Risk management includes not only the statement of uncertainty and analysis of project risks, but also a set of methods for influencing risk factors to neutralize damage. The methods that are combined into a system of planning, tracking (monitoring) and correction (adjustment) include:
- Development of a risk management strategy.
- Compensation methods, which include monitoring the external socio-economic and legal environment in order to predict it, as well as the formation of a system of project reserves.
- Localization methods that are used in high-risk projects in a multi-project system. Such localization involves the creation of special divisions that are engaged in the implementation of particularly risky projects.
- Distribution methods using different parameters (time, composition of participants, etc.).
- Methods for eliminating risks associated with replacing unreliable partners, introducing a guarantor into the process, and insuring risks. Sometimes avoiding risks means abandoning a project.
Uncertain events that occur are not always accompanied by a negative effect. For example, the departure of one team member from a project may result in the appearance of a more qualified and efficient employee on the project. However, uncertain events with a positive (and “zero”) effect are not always taken into account when assessing project risk. The nature of uncertainty is associated with incurring losses due to internal and external circumstances.
Project specifics are also determined by the dynamism of the risk map with changes in riskiness as we move from one project task to another:
- In the initial stages of a project, there is a high probability of threats with a low level of possible losses.
- At the final stages, the risk of threats being carried out decreases, but the magnitude of potential losses increases.
Taking this into account, it is advisable to carry out project risk analysis repeatedly, transforming the risk map as necessary. Moreover, this process is of particular importance at the stage of forming the concept and carrying out design work - creating design documentation. For example, if an error in the choice of material is discovered in the early stages, this will result in missed deadlines. If this error is discovered during execution, the damage will be much more significant.
Risk assessment by the project team and investors is done based on the importance of the project, its specifics, the availability of sufficient resources for implementation and financing of the likely consequences of the risks. The degree of acceptable risk values depends on the planned level of profitability, the volume and reliability of investments, the familiarity of the project to the company, the complexity of the business model and other factors.
The sequence of activities for assessing and managing project risks fits into a certain management concept, which includes a number of mandatory elements.
How to find a way out
The main goal of working with risks is to select and apply the right management strategy. A thorough analysis will tell you which project risks are best addressed. For each risk, you can choose one strategy or combine several. As a result, the main strategy should be ready and, in case of ineffectiveness of the main one, a backup one.
There are several strategies for dealing with risks:
Risk Management Strategies
- Evasion is the elimination of danger. Includes all measures to protect the project's objectives from threat. You may have to change the goals themselves - soften the requirements, find out additional information. For example, if there is a risk of missing the project deadline, you can try to simplify the product and reduce the number of tasks.
- Transfer is the transfer of responsibility for the consequences of a risk to a third party. The threat is still real, but it will be up to other people to eliminate it. The strategy is effective, but the risk taken will have to be rewarded. The main examples of this strategy are insurance, payment guarantees and warranty service.
- Reduction - reducing the likelihood of a risk or its negative consequences through preventive measures. To play it safe, you can, for example, cover all the main cases of a software product with automated tests. Make sure they are run before the code goes into production. A simpler example of reduction is to select in advance only experienced and trusted project participants and partners.
- Acceptance - responding to the consequences of risks without interfering with the project itself. When it is impossible to eliminate or reduce project risks, you have to accept them - work with negative events after they have occurred. Acceptance can be passive or active. Passive represents ignoring risk events and taking emergency measures to eliminate the consequences. Active acceptance - creating a reserve of resources in case of danger. Reserve resources include, for example, money, time, and employee workload.
Project risk management concept: main elements
Until recently, the norm in risk management methodology was to be passive. In its modern presentation, this methodology involves active work with the sources of threats and the consequences of detected risks. Risk management is an interconnected process, and not only the behavior of each stage is important, but also their sequence. In general, this project management subsystem has the following structure:
- Identification of risks and their identification.
- Analysis of project risks and their assessment.
- Selecting effective methods based on risks.
- The use of these methods in a risk situation and responding directly to the event.
- Development of measures to reduce risks.
- Monitoring the decline and developing solutions.
Since today in project management most managers are guided by the format proposed by the PMBOK framework, it is more appropriate to take a closer look at the 6 risk management processes proposed in PMBOK:
- Risk management planning.
- Identification of factors influencing risks. At the same stage, their parameters are documented.
- Qualitative assessment.
- Quantitative assessment.
- Response planning.
- Monitoring and control.
After which the cycle resumes again from points 2 to 6, since during the course of the project the context of the project’s existence may change.
Project risks are managed by the project manager, but all project participants are involved in solving this problem to one degree or another (for example, during brainstorming, discussion, expert assessments, etc.). This is also important because the information context involves identifying not only external risks (economic, political, legal, technological, environmental, etc.), but also internal ones.
In the future, to illustrate the implementation of the main elements of the management concept, examples from the project will be given, which have the following conditional characteristics. A jewelry factory that brings new gold chains to the market purchases imported equipment for their production, which is installed in premises that have yet to be built. The price of gold as the main raw material is set based on the results of trading on the London Metal Exchange in US dollars. The planned sales volume is 15 kg of products per month, of which 4.5 kg (30%) is expected to be sold through our own chain of stores, and 10.5 kg (70%) through dealers. Sales are subject to seasonal changes with intensification in December and attenuation in April. The optimal period for launching equipment is the eve of the December sales peak. The project implementation period is five years. The main indicator of project efficiency is NPV (net present value), which in the calculation plans is equal to $1,765.
Risk management planning
The entry point to the list of procedures for dealing with project threats is risk management planning. Since the same PMBOK is a framework, and it does not give recommendations for working with a specific project, at this stage the methods and tools that are appropriate to apply in a real starting project and in a real context are clarified. In expanded form, the risk management plan as a document contains the following sections:
- General provisions.
- Company characteristics.
- Project characteristics.
- Risk management goals and intermediate objectives.
- An extensive methodological section, which includes methods described by implementation stages, analysis and assessment tools, and information sources that managers will rely on in risk management.
- Organization of interactions and distribution of project participants with assignment of responsibility for the execution of assigned procedures.
- Rules for ensuring a risk management budget, including reserve funds for unforeseen expenses.
- Regulations on timing, duration of operations, frequency, as well as the standard format of control documents.
- The metrological section of assessment and recalculation, which includes assessment principles, comparative scales and rules by which parameters are recalculated.
- A section that defines threshold risk limits both on the scale of the entire project and on the scale of individual threats.
- The reporting section, which regulates the frequency and format of reporting.
- Monitoring and its documentation support.
- Risk management templates.
According to PMI Institute recommendations, this stage is necessary for communication between all interested parties. At the same time, the company may already have established and proven risk management methods, which, due to their familiarity, are preferable.
Specificity and uncertainty
As soon as a project has variability in decisions, as well as in outcomes, it automatically becomes uncertain and risky. Specific examples of project risk analysis need not be given, since each new case is unique, circumstances and conditions develop differently everywhere. Most often, the creators of the project believe that it is not necessary to calculate risks for many years in advance - the future management of the enterprise will worry about this. This is not entirely fair, which means it is wrong.
To complete the analysis of the risks of an investment project, using the example of a specific enterprise, we can only show that, in addition to identifying risks, measures necessary to minimize them are outlined. Naturally, every enterprise has risks and events that are not similar to those that neighbors puzzle over. However, the concepts of uncertainty and risk are somewhat different from each other. The first is some inaccuracy of information or its incompleteness when identifying project risks. Examples usually concern implementation conditions. And risk is the emergence of conditions during implementation that necessarily lead to certain negative consequences either for the entire project or for its individual participants.
This means that uncertainty is an objective characteristic that affects absolutely any participant equally. It can also be a financial risk for the project. Example: The future price of raw materials is uncertain. This, of course, will affect many project participants to varying degrees: the price, for example, of fuel will force one of them to abandon the project altogether, while the other will still take the risk. Thus, this risk is much more subjective, although the usual uncertainty caused it.
Identification of risk factors and main types of project risks
The whole variety of uncertain events that can become risk factors is quite difficult to reduce and describe, so anyone and everyone is involved in this. That is, not only the project manager and the team participate in the process of identifying factors, but also customers, sponsors, investors, users, and specially invited experts.
Moreover, identification is an iterative process (repeated throughout the entire life cycle) and combined with continuous analysis. During the course of a project, new risks are often discovered or information about them is updated. Therefore, the composition of the expert commission may change depending on the specific iteration, the characteristics of which, in turn, change depending on the specific risk situation and type of threat. These types of risks can be classified according to different criteria, but the most practical are considered to be the criteria of controllability, sources of risk, its consequences, and ways to reduce threats.
Not all threats are controlled, and some are also poorly classified as definitely controlled. It is advisable to allocate resource reserves in advance for a number of definitely uncontrollable factors.
In general, external risks are less well controlled than internal ones, and predictable ones are better controlled than unpredictable ones:
- Definitely uncontrollable external risks include interference by government agencies, natural phenomena and disasters, and deliberate sabotage.
- External predictable but poorly controllable ones include social, marketing, inflation and currency.
- Partially controlled internal risks associated with the organization of the project, availability of financing and other resources.
- Controlled risks include internal technical risks (related to technology) and contractual and legal risks (patent, licensing, etc.).
The threat source criterion is especially important at the initial stages of identification. Criteria for consequences and methods for eliminating threats - at the stage of factor analysis. At the same time, it is important not only to identify, but also to correctly formulate the risk factor so as not to confuse the source of the risk with its consequences. Therefore, the formulation of the risk itself should be two-part: “the source of the risk + the threatening event.”
To classify by risk sources, correct standardized pairs are made:
- Technical factors – emergency situations and erroneous forecast as a type of risk.
- Financial factors – unstable currency correlations.
- Political – coups and revolutions, religious and cultural threats.
- Social – strikes, terrorist threats.
- Environmental – man-made disasters, etc.
But below, using the example already mentioned, not all are considered, but only the main types of controlled or partially controlled project risks.
Marketing risk
This threat is associated with a loss of profit, which is caused by a decrease in product price or sales volume due to consumer non-acceptance of the new product or an overestimation of the actual sales volume. For investment projects this risk is of particular importance.
The risk is called marketing, as it often arises due to shortcomings of marketers:
- insufficient study of consumer preferences,
- incorrect positioning of the product,
- errors in assessing market competitiveness,
- incorrect pricing,
- incorrect way to promote a product, etc.
In the example with the sale of gold chains, an error in the planned distribution of sales volume in the ratio of 30% to 70% leads to the fact that selling the product through dealers in 80% of cases reduces the amount of profit received, since dealers purchase goods from the supplier at lower prices than retail prices. consumer. An external factor in this example could be a situation in which the activity of visiting new stores in shopping centers and the popularity of the shopping centers themselves. Ways to reduce risk in this situation would be a detailed preliminary analysis and a lease agreement with the introduction of a number of popularizing parameters: convenient parking, transport communication systems, additional entertainment centers on the territory, etc.
General economic risks
Poorly controlled external risks associated with changes in the exchange rate, inflation processes, an increase in the number of industry competitors, etc. pose a threat not only to the current project, but also to the company as a whole. In the case of the described example, the main one from this group is currency risk. If the final price of a product in rubles for the consumer does not change, but the purchase is made in dollars, then when the dollar exchange rate increases, there is an actual shortfall in profit in relation to the calculated values. It is potentially possible that after selling the chain in rubles and transferring funds into dollars, for which gold is purchased, the actual amount of proceeds will be less than the amount necessary to at least renew the commodity supply.
Risks associated with project management
These are not only threats associated with management errors, but also external risks, the causes of which may be, for example, changes in customs legislation and cargo delays. Violation of the project schedule increases its payback period by both lengthening the calendar period and lost benefits. In the example of gold chains, the delay is especially dangerous, since the product has a pronounced seasonality - after the peak of December, it will be much more difficult to sell gold jewelry. This also includes the risk of budget increases.
In the practice of project management, there are simple ways to determine the real line (and cost) of a project. For example, PERT analysis, in which three terms (or costs) are specified: optimistic (X), pessimistic (Y) and most realistic (Z). The expected values are entered into the formula: (X +4x Z + Y) /6 = planned period (or cost). In this scheme, the coefficients (4 and 6) are the result of a large array of statistical data, but this proven formula only works if all three estimates can be correctly justified.
When collaborating with external contractors, special conditions are negotiated to minimize risks. So, in the example of launching a new jewelry line, you need to build new buildings, the cost of which is determined to be 500 thousand dollars, after which it is planned to receive a total profit of 120 thousand dollars per month with a profitability of 25%. If due to the fault of the contractor there is a delay of a month, then the lost profit is easily calculated (120x25% = 30 thousand) and can be included in the contract as compensation for missed deadlines. This compensation can also be “tied” to the cost of construction. Then 30 thousand dollars will be 6% of the cost of work of 500 thousand.
The result of this entire stage should be a hierarchical (ranked by degree of danger and magnitude) list of risks.
That is, the description must provide the ability to compare the relative impact on the progress of the project of all identified risks. Identification is made based on the totality of all studies and risk factors identified on their basis.
Identification of economic risks in enterprises: traditional and innovative projects
All risks are grouped by type, but for each project manager or head of the system analysis and risk management department, there are groups of the most serious threats, formed on the basis of practice and previous experience in the context of the activity. For example, production managers most often identify risks associated with:
- with accidents and accidents,
- with property issues that harm the fixed assets of the enterprise,
- with questions of pricing of finished products and prices of raw materials,
- with market transformations (changes in stock indices, exchange rates and securities prices),
- with the actions of fraudsters and theft in production.
The manager of a trading enterprise usually adds to the list of basic ones:
- logistics risks,
- mediation problems,
- risks associated with the actions of unscrupulous suppliers,
- dangers of receivables from wholesalers (primarily when payment is carried out with deferred payment).
In a competitive and organized enterprise, which has already repeatedly implemented typical projects for itself, a list of characteristic risks and factors provoking them is very quickly formed. The value of such lists is that not only the content side of the issue has been worked out, but also the form: the description of the risk receives a clear, unambiguous formulation, honed by previous projects, which simplifies the consideration and response format. In addition to the lists, it is advisable to create a visual table with coordinates according to the parameters of the probability of risk and possible damage. In such a table it is more convenient to track the dynamics of risk changes.
Traditional projects
Since the risks are similar for traditional projects under certain conditions, they can be standardized and grouped together.
No. 1. Group of risks related to product consumption
Among the reasons that create risks from this group are:
- The presence of a monopolist consumer in the market, resulting in:
- unable to influence prices
- financial costs for maintaining reserves in warehouses increase,
- unfavorable clauses are introduced in contracts (for example, long deferred payments).
- Market capacity, which turns out to be less than the total capacity of enterprises in the industry. This, for example, happened in the post-perestroika period, when the construction of panel-type houses sharply decreased, and the demand for reinforced concrete slabs became less than the capabilities of the enterprises producing them.
- Loss of relevance of products. An example of the realization of this risk was the loss of relevance of one electronic medium after another (first floppy disks, then CDs, etc.).
- Changes in production technology. This threat is relevant in the B2B market, when, when changing production technology, it is necessary to change the entire pattern of interaction between enterprises that were previously in the production chain.
The risks of this group can be minimized by monitoring the market, changing the sales system and by developing new niches.
No. 2. Group of risks associated with market competition
Risks from the second group are classified as follows:
- Situations that threaten the financial situation due to a significant share of gray imports on the market, which results in:
- price dumping by sellers who smuggle goods,
- a decrease in consumer loyalty, which is provoked by the low quality of counterfeit products, which casts a shadow on all products of this kind.
- Large secondary market creating:
- reputational risks as a result of an attempt to pass off a used item as new,
- the threat of underutilization of production (an example is the secondary market for drill pipes, which takes away a share from an enterprise producing pipes for the primary market).
- A low barrier to entry into the market, which easily increases competition and affects pricing, adding a reputational threat that products can be easily counterfeited.
Risks from this group can be minimized by trying to lobby for the introduction/abolition of duties at the legislative level, labeling your products using multiple degrees of protection, changing the market or distribution networks, expanding your activities to new niches (for example, introducing after-sales service for your products).
No. 3. Group of risks associated with the commodity market
In this group, an enterprise may suffer from the following factors:
- The presence of a monopolist supplier who is able to inflate prices for raw materials and arbitrarily change the terms of the contract. Among other things, this forces us to maintain a large supply of raw materials in warehouses, which increases the financing of the project.
- Shortage of raw materials, leading to higher prices and downtime of production facilities.
If there is a raw materials monopolist, risks are minimized by searching for similar raw materials, reorienting to dealers of the main supplier, and creating a strategic mutually beneficial alliance with the monopolist. If there is a shortage of raw materials, it is effective to minimize risks by creating your own raw material base. In addition, if a shortage occurs due to the departure of raw materials to a market with higher prices, you can repurchase raw materials from the supplier at the same prices, but at the same time, you will probably need to increase the selling price of the finished product.
Qualitative risk analysis
Project risk analysis transforms the information collected during identification into guidance that allows responsible decisions to be made even at the planning stage. In some cases, qualitative analysis is sufficient. The result of such an analysis should be a description of the uncertainties (and their causes) inherent in the project. To facilitate the procedure for identifying risks, special logical maps are used for analysis:
- Market and Consumers group collects questions about the presence of unmet consumer needs, market development trends, and whether the market will develop at all.
- In the “ Competitors ” group, the ability of competitors to influence the situation is assessed.
- Company Capabilities group asks questions about marketing and sales competencies, etc.
As a result of collecting responses, potential risks associated with failure to achieve the sales plan are identified due to:
- incorrect assessment of consumer needs and market size,
- lack of a sufficient product promotion system,
- underestimating the capabilities of competitors.
As a result, a ranked list of risks is formed with a hierarchy based on the importance of threats and the magnitude of potential losses. So, in the example with jewelry, the main group of risks included, in addition to failure to achieve the number of sales and a decrease in financial volume due to a lower price, also a decrease in the rate of profit due to an increase in prices for raw materials (gold).
The first way to classify risks
Risks must be distributed and classified from the very beginning of the process of preparing contract documents and building a business plan. What does it mean to “classify risks”? This is the usual distribution of them according to certain characteristics and criteria into different groups so that the set goals are achieved. For example, it is advisable to share risks, predicting the possible outcome of the impact of each of them on the course of the investment process.
Risks can be pure when the result is zero or negative. This includes disasters such as earthquakes, tsunamis and similar natural factors, fire, flood and other natural shocks, emissions of harmful gas and other environmental disasters, regime change in the country, default and many other political reasons that affect the economy as a whole and the business of any level, various transport accidents. Some commercial risks are also classified as pure, for example, theft, sabotage, causing property damage, equipment breakdowns and other production problems, payment delays, delays in the delivery of goods in trade risks.
The other group is speculative risks, they are characterized by the possibility of obtaining both positive and negative results. Financial risks are most clearly represented here, since they are an important part of commercial ones. There is a second criterion necessary for classification. This is the reason the risk arose in the first place. Depending on these reasons, the following types appear: commercial risks, transport, political, environmental and natural.
Quantitative risk analysis
Quantitative analysis is used to determine how the most significant risk factors can affect the effectiveness of the project. For example, it is analyzed whether a small (10-50%) change in sales volume will entail significant losses in profit, making the project unprofitable, or whether the project will remain profitable even if, for example, only half of the planned sales volume is sold. There are a number of techniques for performing quantitative analysis.
Sensitivity Analysis
This standard method consists of substituting various hypothetical values of critical parameters into the financial model of the project and then calculating them. In the example of launching a jewelry line, the critical parameters are the physical volume of sales, cost and selling price. An assumption is made about reducing these parameters by 10-50% and increasing them by 10-40%. After this, the “threshold” beyond which the project will not pay off is calculated mathematically.
The degree of influence of critical factors on the final efficiency can be demonstrated on a graph, which reflects the primary influence on the result of the sales price, then the cost of production, and then the physical volume of sales.
But the significance of the price change factor does not yet indicate the significance of the risk, since the probability of price fluctuation may be low. In order to determine this probability, a “probability tree” is formed step by step:
- Step 1. Using expert estimates, the probability that the price (or other factor) will change in principle is determined (first-level probability).
- Step 2. The magnitude of the deviation is determined (second level probability).
- Step 3. A dynamic dependence of the probabilities of the first and second levels is formed. For example, with a 10% probability the price will decrease by 20-30%, with a 30% probability the deviations will be 10-20%, with a 60% probability they will not exceed -10% of the planned price. And then the final probability is calculated - the probabilities of the first and second levels are multiplied together.
The total performance risk (NPV) is the sum of the products of the final probability and the value of the risk for each deviation. The risk of changes in the sales price reduces the NPV of the project from the example by 6.63 thousand dollars: 1700 x 3% + 1123 x 9% + 559 x 18% - 550 x 18% - 1092 x 9% - 1626 x 3%. But after recalculating two other critical factors, it turned out that the most dangerous threat should be considered the risk of a decrease in the physical volume of sales (its expected value was $202 thousand). The second most dangerous risk in the example was taken by the risk of changes in cost with an expected value of $123 thousand.
Scenario analysis
This analysis allows you to simultaneously measure the magnitude of the risk of several critical factors. Based on the results of the sensitivity analysis, 2-3 factors are selected that have a greater influence on the outcome of the project than others. Then, as a rule, 3 development scenarios are considered:
- pessimistic,
- optimistic,
- most possible.
Here, too, relying on expert substantiated assessments, the probability of its implementation is determined for each scenario. The numerical data for each scenario is plugged into an actual financial model of the project, resulting in one comprehensive performance assessment. In the example with the jewelry project, the expected NPV value is equal to 1572 thousand dollars (-1637 x 20% + 3390 x 30% + 1765 x 50%).
Simulation modeling (Monte Carlo method)
In cases where experts can name not exact estimates of parameters, but estimated fluctuation intervals, the Monte Carlo method is used. It is more often used when assessing currency risks (within a year), macroeconomic threats, risks of interest rate fluctuations, etc. Calculations should simulate random market processes, so special software or Excel functionality is used for analysis.
- The limits of the parameter range are entered into the program.
- The program selects a random value within this range.
- Based on this value, the efficiency indicator will be calculated and the value will be substituted into the financial model.
- The cycle (random selection and calculation) is then repeated hundreds of times to create a statistical data set.
- From a set of NPV values, the average and standard deviation are derived.
Application of the statistical rule of “three sigma” suggests that with a probability of 99.7% NPV will fall within the range of 1725 thousand dollars ± (3 x 142), that is, with a high probability the result of the project in the example will be positive.
Assess risks during project implementation
A detailed algorithm for adjusting the discount rate to the risk factor and a comprehensive threat analysis are the main advantages of this solution. They will help justify the feasibility of investments and anticipate possible losses. Their disadvantages include the significant influence of expert assessments on the reliability of calculations, which may ultimately result in incorrect conclusions about the economic efficiency of the project.
Among all the risks inherent in investment projects, one can highlight a decrease in profits, the value of assets, and the occurrence of additional costs. Accordingly, the objectives of risk analysis are to obtain reliable criteria for the effectiveness of an investment project and increase the validity of the investment decision.
How to reflect risks in the discount rate for an investment project
One of the easiest ways to take into account project risks is to reflect their level in the discount rate that is used in calculating the economic efficiency of the project. For these purposes, the most suitable is the cumulative calculation method (build-up approach), which allows identifying various risk factors by expert means.
Formula. Calculation of the discount rate taking into account risk factors using the cumulative method
| Notations used | Decoding | Units | Data source |
| R | Discount rate | % | Calculation result |
| R.C. | Risk-free rate of return | % | The average annual return on securities corresponding to the investment project in terms of terms and currency. For example, if the intended investment currency is dollars, then the rate of return of US Treasury bonds, the maturity of which approximately corresponds to the term of the investment, is taken into account. |
| RF | Risk adjustment (premium) | % | Expert review |
Tip: There are several indicators that can be taken as a risk-free rate.
Determining the discount rate using the cumulative method is most suitable for Russian conditions. The risk-free rate of return can be taken as the yield on long-term bonds of the Government of the Russian Federation, on deposits of Sberbank, as well as on foreign government securities with a maturity of 10–20 years.
Depending on the complexity and scale of the project being implemented, external expert consultants can be hired to assess risk factors (especially if the project is planned to be implemented in an unfamiliar region).
Before assessing risk factors, it is necessary to decide over what range it will be carried out. For example, 1 percent is minimal risk, 4 percent is average, 7 percent and above is high.
As a rule, the range of possible risk adjustments is determined by experts depending on the number of factors considered, as well as the reliability and relevance of available risk information.
Based on the range of risk adjustments, the significance of one or another risk factor from the list (see Table 1. Distribution of risk assessments by factors) for the implementation of the project is assessed (1 – risk with the least significance, 7 – with the greatest).
If external expert consultants are involved in the assessment, then the arithmetic average of the total risk adjustments from each expert will be the final risk adjustment that is most likely for a given investment project. By summing this value and the risk-free rate of return, we determine the discount rate to calculate cash flow and performance indicators for the project.
This method of assessing project risks is widely used in practice, since it is quite simple and allows you to take into account project risks at the selection stage. However, this approach has a significant drawback - it gives only an approximate idea of the level of risk of the project, without allowing individual factors to be taken into account. Therefore, entrepreneurs who finance projects primarily with borrowed funds should conduct a comprehensive risk analysis.
Table 1. Distribution of risk assessments by factors (fragment)
| № | Risk factor | Risk adjustment | ||||||
| 1% | 2% | 3% | 4% | 5% | 6% | 7% | ||
| 1 | Group 1. Economic and political factors | |||||||
| 2 | General economic trends | + | ||||||
| 3 | Foreign economic activity | + | ||||||
| 4 | Inflation | + | ||||||
| 5 | Investments | + | ||||||
| 6 | Income and savings of the population | + | ||||||
| 7 | Tax system | + | ||||||
| 8 | Threat of property redistribution | + | ||||||
| 9 | Internal political stability | + | ||||||
| 10 | Foreign policy activities | + | ||||||
| 11 | Threat of terrorist attacks | + | ||||||
| 12 | Number of factors in the group, pcs., including: | 10 | ||||||
| 13 | by risk adjustment range | 0 | 0 | 6 | 2 | 2 | 0 | 0 |
| 14 | Product of the number of factors and the values of the corresponding risk adjustments (p. 13 × risk adjustment) | 0 | 0 | 18 | 8 | 10 | 0 | 0 |
| 15 | Risk adjustment for group 1 total, % (sum according to page 14: page 12) | 3,6 | ||||||
| 16 | Group 2. Regional and social factors | |||||||
| … | … | … | … | … | … | … | … | … |
| 24 | Risk adjustment for group 2, % | 3,75 | ||||||
| … | … | … | … | … | … | … | … | |
| Total: total risk adjustment (sum of adjustments by group), % | 16,06 |
Anti-risk measures: planning responses
The result of the risk analysis can be a risk map with visualization of the ratio of probability and degree of impact on indicators. It facilitates the regulated procedure for threat mitigation planning.
The four main types of response include:
- Acceptance, which presupposes a conscious willingness to take risks with the transfer of efforts not to prevention, but to eliminating the consequences.
- Minimization that works for controlled risks.
- Transfer-insurance, when there is a third party ready to take on the risk and its consequences.
- Avoidance, which involves the complete elimination of sources of risk. A passive and irrational form of avoidance is the refusal of individual elements of the project.
Modern software tools are designed for different levels of project management. For a large company with a large project portfolio, risk management automation tools are often included directly in an integrated ERP-class package. For small and medium-sized businesses, the latest versions of MS Project are suitable, which provide the ability to configure a risk management block for the processes of identification, classification, as well as assessment and qualitative analysis of risks with the construction of a probability matrix. Simulation modeling can be carried out using the Project Expert and Alt-Invest programs.
Risk breakdown structure
To identify risks, categorize them and perform analysis, a hierarchical structure such as a risk tree is used. Examples of risk-managed projects show qualitative analysis, where a full process of identification and systematization is ensured down to the smallest levels of detail and traced connections with other elements of the project. Similar to the work breakdown structure: organizational project management, project cost breakdown, project resources, and so on. Only the elements on the tree are sorted by significance and character.
Modern management of various projects involves the use of standard templates for breaking down project risks. The technology for creating such a risk tree is very similar to the technology for breaking down work. Hierarchical elements are sometimes replaced by a simple list of expected project risks, more often by a not too complex hierarchical structure of two or three levels.
However, the lower level always represents quantifiable risks or a description of the project risks. Examples may show one or more events together, but always with visible consequences. The work tree and the risk tree are developed based on a variety of decomposition bases. These are importance, priorities, significance, the need for deeper analysis, the nature of the consequences, response actions, and so on.
