Literature Review

Risk Mitigation

Ira A Fulton School of Engineering, ASU

Prepared By:

Yelitza D. Arostegui

Undergraduate Student, Department of Engineering Management, Arizona State University

Spring 2014

Table of Contents:

Abstract…………………..…………………….………………………………………..……3

Risk Mitigation…………………..…………………….……………………………………...4

Risk Management ….………………………………………………………………………...4

Engineers’ Role……………………………………………………………………….……....4

Applying Risk Mitigation…………………………………………..……..………….……….5

Conclusion……………………………………………………………………..……..…….....6

Bibliography……………………………………………………………….………….…….....8

Abstract

The term Risk Management is often confused with Risk Mitigation. The Risk Mitigation

definition found on page 345 of the PMBOK Guide (5th Edition) which states that “Is a risk

response strategy” “It implies a reduction in the probability and/or impact of an adverse risk to

be within acceptable threshold limits.” is more cost effective to avoid risk than to deal with the

consequences of the risk happening and “Risk Management is a continual process of corporate

risk reduction” (Crouhy, Galai, and Mark) Therefore Risk Mitigation is an activity that is part of

the Risk Management strategy. Under today’s globalization work environment, it’s difficult to

assess risks of unexpected threats, therefore Engineers should be proactive and be prepared for

any possible threats in order to come up with possible solutions for such scenarios. The risk

managers’ role is to “uncover the sources of risk and make them visible to key decision makers

and stakeholders in terms of probability” (Crouhy, Galai, and Mark) with Quantification and

Qualification of risk threats then the stakeholders and decision makers can make educated

guesses on how to either resolve the treat or transfer the negative impacts to ensure the project

success.

“Risk mitigation takes whatever actions are possible in advance to reduce the effect of Risk”

(Roush and Wang). For example on the (Kerzner, page 797) there is a Risk Category matrix

where Boeing outlines the Type of Risk: Financial, Market, Technical, and Production with its

respective description and the risk handling strategy to follow in case of occurrence.

Risk Mitigation is a possible response/strategy to avoid or minimize the probability of

occurrence of a project failure or threat that could affect the projects’ success. Most of the time

it’s more costly to deal with the consequences of the known or unknown risks after they have

occurred than trying to avoid them or trying to minimize their impact ahead of time.

Risk Management “is a continual process of corporate risk reduction” (Crouhy, Galai, and

Mark) in other words is a corporation’s strategy to set up the risk limits (tolerance). However, “A

corporation should not engage in risk management without deciding clearly on its objectives in

terms or risk and return” (Crouhy, Galai, and Mark); once these objectives are set and the risk

limits identified and clearly communicated to the stakeholders, the next step is mapping the risks

in order to design and implement a strategy. Risk mitigation is an activity which is part of the

risk management strategy.

“Central features of any engineering project are to produce a result that leads to customer

satisfaction” (Roush and Wang) To ensure the project success the engineers’ role is to utilize

Quantification and Qualification tools to identify, assess, and to either resolve or the transfer the

negative impact of a risk/threat. Having a customer-centered mindset engineers can ensure that

the product or services required meet customers’ expectations.

Dr. McCarville advises that in order to get hired, managers should be able to assess and mitigate

risks. The earlier you identified risks within the project the less expensive and the lower risk of

project failure, implementing a stage gate methodology could be useful to outline the tasks with

its respective deliverables and record the acceptance from all stakeholders during each stage gate

review meetings, this action will also minimize the risk of project failure.

Applying Risk Mitigation

Also Dr. McCarville states that evidence from previous studies demonstrated that the root cause

for most project failures were poor project definition (scope) or poorly communicated applying

risk mitigation techniques a strategy to mitigate the risk of scope creep would be to elaborate a

project charter which consists of the Statement of Work (SOW), Business case, and other

relevant information about the scope and requirements. Risk mitigation should start from the

definition and planning phases due to is more cost efficient to catch these risks and plan for risk

mitigation on the early stages of the project rather than during the execution phase. The use of

Failure Mode and Effect Analysis (FMEA), the Cause and Effect Analysis, the Fishbone

Diagram, the Fault Tree, and/or the Event Tree Analysis are methodologies that allow

identifying potential risks. Some of the risk response strategies are: to avoid, mitigate, transfer,

and/or accept. An approach to clearly communicate the risk (project definition, requirements,

etc…) is to utilize the Work Breakdown Structure (WBS), Milestones report, Project status

reports (Gantt chart) to communicate the project progress and to follow up about the project

requirements. “suitable metrics should also be identified for each risk that will enable tracking

progress during the risk monitoring phase.”(Kezner)

Conclusion

Risk mitigation is an activity which is part of the risk management strategy. First to Mitigate

Risk we need to elaborate a plan that outlines the methodology that we are going to use

throughout the life of a project.

One of the techniques to approach risk mitigation and risk assessment is to implement a

deviation process: the first step is to identify the risk, the second step is to assess the risk of a

project’s success, and some of the tools to assess the risks are: the utilization of analytical tools

such as The Failure Mode and Effect Analysis (FMEA), the Cause and Effect Analysis, the

Fishbone Diagram, the Fault Tree, and the Event Tree. Then the risk mitigation strategy could

comprehend the creation of redundancy within a process so in case one of your components or

steps of a procedure (depending on the type of process either manufacturing or servicing

industry) fails you have an alternative that allows to successfully deliver the product/service to

your consumers, is like a new/extra feature of a product, the use of a risk category matrix,

another strategy is to establish the fault tolerance, allowing some probability of risk but within a

range that the project would still succeed, another strategy called fault avoidance and is self-

explanatory basically to avoid by all means that the risk happens, and lastly the fault removal,

which is removing the risk after it has occurred.

“Risk mitigation takes whatever actions are possible in advance to reduce the effect of Risk”

(Roush and Wang). To assess and mitigate risk is a competitive advantage that project managers

should possess in order to get hired per Dr. Carville’s advice. The importance of identifying the

most common root cause for most project failures poor scope definition/or poor communication

of scope is not enough to identify the risks that may affect the success of the project, to select a

methodology to use for the different phases of a project is important, not using methodology also

could compromise the project’s success.

Bibliography

Kerzner, H, (2009), Project Management: A Systems Approach To Planning, Scheduling, And

Controlling, 10th edition, Wiley, NY.

Crouhy, M., Galai, D., and Mark, R. (2006). The Essentials of Risk Management. McGraw-Hill,

New York, New York. PMBOK Guide, 5th edition

Montgomery, D. C. (2009), Introduction to Statistical Quality Control 6th edition, Wiley, New

York

Roush, M., and Wang, J., (2000) What Every Engineer Should Know About Risk Engineering

and Management. CRP Press, New York, New York.