After analysing the risks and stakeholder values the risk and value team are recommending the do nothing approach. The reason for this is because the overall values and functions that the project is aiming to achieve are increased efficiency, market share and complete merger. There is no need to move to a single office site in order to achieve these values as they can be achieved even when the companies are working in separate offices.
Risk Management Literature Review Risk management has been around for hundreds if not thousands of years as there has always been risks and uncertainty that need to be managed. An example of the early development in risk management is in 1654 when a French nobleman called Chevalier de Mere developed a quantitative risk management technique by working out the probability and stakes between two players in an un-finished game of chance. The solution that he came to laid the base to all quantitative risk assessment that takes place today.11
The 20th century started off with an abundance of wealth and relative peace along with rapid industrialisation. However, the world then spiralled into chaos with the break out of regional and worldwide wars along with other catastrophes. This resulted in the increased awareness of the un-certainty of our future and people started to think more about managing these uncertainties and therefore started to develop more tools and techniques to risk management.
In 1921 Frank Knight published Risk, Uncertainty and Profit, a book which has acted as the cornerstone to most risk management literature. Knight separates uncertainty into two types, one which is not measurable (Ambiguity), from risk, which is (Variability). The difference between these two types of uncertainty is that variability has data available and therefore mathematical probability can be calculated with certainty, however ambiguity has no data available. He states that an uncertainty is absolute but a risk is not an absolute measure, a risk must have a consequence and must therefore have a context. Therefore a risk is an uncertainty that matters to the subject in question.12
In 1999 the government commissioned Professor Turnbull to write a report addressing the obligations that Directors have, in regard to keeping good internal controls of their companies. The report recommended, amongst other things, that all businesses should have in place a sufficient process for managing risks. As a result of the Turnbull report all UK companies are now required to show how their risks and opportunities are being monitored and managed in their annual statement of accounts.13 The reason for this decision is because a company’s objectives, its internal organisation and the economic environment of which it operates are constantly changing and as a result the risks that they face are also changing constantly.14
The Institute of Risk Management defines risk as the combination of the probability of an event and its consequences (ISO/IEC Guide 73)15. This definition also refers to the fact that an uncertainty must have a consequence and therefore a context in order for it to be classed as a risk. The association of project managers (APM) define risk as “an uncertain event or condition that, if it occurred, would have a positive or negative effect on at least one project objective” (APM Body of Knowledge, 2004). This definition mentions that a risk can have both a positive and a negative effect. The idea that there are both positive and negative aspects to risk is fairly modern and before 1997 all risk management standards only saw risks as a threat. However since then risk management has been increasingly recognised as having to address both positive and negative aspects of risks.16
Hubbard (2009) defines risk management as the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.17 Figure 1.0 The Risk Management Process (Adapted from APM PRAM Guide 2004) Figure 1.0 shows a general risk management process. According to Dallas (2006) the risk management process is an iterative process, which means that it is a progressive management style which has a culture of continuous improvement.18 Therefore it is important to monitor and review risks regularly throughout a project or within a business. The reason for this is because the internal and external factors that influence risk are constantly changing so it is important that you constantly identify and monitor new risks that may occur.
The first stage of the risk management process is initiation. According to P. Langley this stage involves confirming the project objectives, identifying any constraints or assumptions and performing a stakeholder analysis to help identify any risks associated with them. This is also the time to decide what tools and techniques will be used to measure and manage the risks for example setting impact scales (personal communication, risk and value slides week 4, Monday 19th October 2009).
The next two stages of the risk management process are the Identification and Assessment stage. According to Smith (2008) these two stages involve creative techniques such as brainstorming to identify the risks associated with the project and then the analysis of these risks to work out the likelihood and impact. Using tools and techniques such as a Risk Matrix helps to prioritise risks by using a scale (usually 1= low risk 5= very high risk) to measure the likelihood and impact of the risk. This provides a qualitative method for measuring risks so they can be prioritised and managed accordingly (Dallas, 2006).
Once the risks have been identified and assessed the correct response to each risk is then planned paying close attention to higher level risks. Lock (2007) suggests that a way of avoiding the risk without compromising the project objectives must first be sought out. However, if there is no way of avoiding the risk then mitigation strategies must be established along with contingency plans in case the risk becomes an issue.19 These planned responses must then be implemented with immediate effect to increase the chance of delivering a successful project.