Risk management concept mainly consists of identifying assessing, handling and monitoring phases. Risk has an important role in decision making in an organization. Many researches confirmed the importance of risk management in project management area. Companies mostly focus on the estimation and quantification of risks and uncertainties in early stages of a project whereas they lack further investigation of cause-impact relation of risk management strategies on further stages (PMI, 2008). Project risk management is frequently overlooked yet is one of the more critical elements to successful project delivery. Generally, delivering a project’s defined scope on time and within budget are characteristics of project success. Unfortunately, these success factors are often not achieved, especially for large complex projects where both external influences and internal project requirements may change significantly over time. Project risk management is a continuous process of identifying, analyzing, prioritizing and mitigating risks that threaten a projects likelihood of success in terms of cost, schedule, quality, safety and technical performance (Reilly, 2005. Yang, 2011). Organisations and owners often consider project risk management activities as “nice to have” on a project rather than as a core component of project controls. Additionally there is some confusion between organisations and project teams as to what exactly constitutes risk management activities.

The project risk management is to understand project and programme level risks, minimize the likelihood of negative events and maximize the likelihood of positive events on projects and programme outcomes (Kendrick, 2003. Gustavsson, 2006). Project risk management is a continuous process that begins during the planning phase and ends once the project is successfully commissioned and turned over to operations.

Risk identification is the identification of all possible risks that could either negatively or positively affect the project. It is important in the risk identification process to solicit input from all project stakeholders including those outside of the core project team.

The analysis phase determines the likelihood and impact of each identified risk and prioritizes risks for management attention Successful risk analysis requires objective thinking and input from those most familiar with the area affected by the possible risk.

Risk management is not new tool and a lot of standards and guidance documents are available. It is an integral component of good management and decision-making at all levels of an organization. All departments in an organization manage risk

2

those departments whose core mandate is to protect the environment and public health and safety. At present, a further generic standard on risk management is in preparation as a common ISO/IEC standard (IEC 2007) describing a systemic top down as well as a functional bottom up approach (see Fig. 1) This standard is intended to support existing industry or sector specific standards.

Risk Planning is the continuing process of developing an organized, comprehensive approach to risk management. The initial planning includes establishing a strategy; establishing goals and objectives; planning assessment, handling, and monitoring activities; identifying resources, tasks, and responsibilities; organizing and training risk management IPT members; establishing a method to track risk items; and establishing a method to document and disseminate information on a continuous basis.

In a systems engineering environment risk planning should be:  Inherent (imbedded) in systems engineering planning and other related planning, such as reducibility, supportability, and configuration management  A documented, continuous effort  Integrated among all activities  Integrated with other planning, such as systems engineering planning, supportability analysis, production planning configuration and data management, etc.;  Integrated with previous and future phases; and  Selective for each Configuration Baseline Risk is altered by time. As we try to control or alter risk, its probability and/or consequence will change (ACT Insurance Authority (2004). Judgment of the risk impact and the method of handling the risk must be reassessed and potentially altered as events unfold. Since these events are continually changing, the planning process is a continuous one.

Project Risk Management is important because being successfully in order to identify and manage risks are vital to project success. The first research question was regarding the organizations current risk management process. Both the background investigation and the main investigation tested the application of the current process. The background investigation showed that the organization saw risk management as one of the principles of project management. Further, the organization provided a risk guideline with a defined process and methods. However, many people within the organization stated that working with risk is not fun and often the risk work resulted in managing issues rather than risks. The result from the main investigation showed that there is a need to integrate risk management within

main investigation also showed three main areas in the risk process that need improvement. One important result was that several participants request improvements in the risk action planning phase, stating that they wanted risk response strategies to be anchored within the organization. As stated above, risk management is important but it takes commitment and time. The conclusion is therefore that the organization needs to increase the attention given for risk management, in the present there is a need of integrating risk management within the whole organization and create a risk culture that is risk aware.

PMI. (2008). A Guide to Project Management Body of Knowledge. Project Management Institute (PMI) Reilly, J. J. (2005). “Cost Estimating and Risk Management for Underground Projects” Proceedings of International Tunneling Conference, Istanbul. Yang Y.C., (2011). Risk management of Taiwan’s maritime supply chain security, Safety Science (49), pp. 382–393. Nehru, R. and Vaid, K.N. (2003). Construction Project Management, NICMAR Publication, Mumbai Kendrick, T. (2003). Identifying and managing project risk: essential tools for failure-proofing your project. Gustavsson, H. (2006). A Risk Management Framework Designed for Trelleborg AB. Report 5195.