Source of the Article Journal of the Society of Project Management

Student’s Name:

Review No.: 1

Source of the Article: Journal of the Society of Project Management

Date of Publication: 2005

Themes: How much risk management is enough?

Commentary:

Brief Summary

The author argues that businesses should put a limit to the amount of effort individuals invest in risk management in a project. He points out that before initializing a business, the owner should realize that they cannot do a perfect job, and anything that goes close to perfect is more expensive. Instead, the author advices that, owners of business should only aim to have as much protection as possible relative to the efforts they invest. The article goes on and points out that for each risk considered, one will spend more time recognizing and identifying it, analyzing it so as to understand the facts of how serious the risk is. Other actions include prioritizing it over other risks in the project to find out whether it requires an action plan or not, and if does, coming up with an action plan and executing it. The author argues that if the owner of a business spends all of their time attempting to manage all risks they find, then they will spend all of their time managing risks and have no time at all to finish the project (Smith, 2005).

The prioritizing step seems to be the most essential part in the article, because as the author puts it, it is where the most difficult decisions are made. The author gives several factors as governing factors for the high priority risks. These factors include the overall seriousness of the risk, whether one can classify the risk as catastrophic, and whether one can construct a cost effective plan to resolve the risk (Smith, 2005).

Personal Commentary

Risk management is an essential function in many firms today. Companies are increasingly taking ambitious and complex projects, and these firms must execute the projects successfully, in environments that are often uncertain and risky. As a responsible leader and manager, individuals have to be aware of these uncertainties and risks. This, however, does not necessarily mean that they should try to solve each risk that their project runs into. In all but the environments that are critical, trying to address and solve all risks is too expensive both in resources and in time. Instead, managers have to prioritize these risks (Morgan, Fischhoff, Lave & Fischbeck, 1996). If they manage to achieve this effectively, they can put their focus and much of their effort and time on the most critical risks. There are numerous ways a manager can use to identify which risks are most critical and which ones are not (Kahneman, Slovic & Tversky, 1982). One such method is a chart that rates risks in terms of their impact and probability. A risk always has negative effects. However, the size and amount of these effects is different in each risk in terms of costs and impacts on other critical factors. In addition, a risk is an event that is likely to occur. If a risk has a high probability of occurring then it might be wise to address such a risk first (Crowe & Feinberg, 2001).

Scarce resources and time prevent business owners and other individuals from doing everything in their power to minimize risks to their businesses. When individuals face more than one risk, even evaluating the options for managing the risks can be overwhelming. A recent article argues that one of the most effective strategies of dealing with this challenge is to rank the risks according to their magnitude (Crouch & Wilson, 1981). Having accomplished this, one can start to evaluate the available options by starting with those risks that seem to have the largest impacts. One of the most commonly used tools for prioritizing risks is setting priorities for the risks. This process usually ranks risks according to their seriousness to determine which risk posses the most disadvantages and, therefore, which risks should one address first. Another tool that can be effective in assessing the importance of a risk is the risk ranking tables. Individuals usually use these tables to typically identify whether a risk requires the manager to take a corrective action against it based on the combination of occurrence, severity, RPN values and detection (Cardona, 2005).

References

Cardona, O.D. (2005). Indicators of Disaster Risk and Risk Management: Program for Latin America and the Caribbean. Summary Report. Washington, DC: Inter-AmericanDevelopment Bank.

Crouch, E.A. & Wilson, R. (1981). Risk/ benefit analysis. Cambridge, MA: Ballinger.

Crowe, D. & Feinberg, A. (2001). Design for Reliability. Chapter 12. Failure Modes and Effects Analysis. Boca Raton, FL: CRC Press.

Kahneman, D., Slovic, P., & Tversky, A. (1982). Judgments under uncertainty: Heuristics and biases. New York: Cambridge University Press.

Morgan, M. G., Fischhoff, B., Lave, L., & Fischbeck, P. (1996). A proposal for ranking risk within federal agencies. In C. Davies (Ed.), Comparing environmental risks. Washington, DC: Resources for the Future.

Smith, P. G. (2005). How much risk management is enough? Journal of the Society of Project Management, 7 (3), 30.

Review No.: 2

Source of the Article: New York Times

Date of Publication: January 2, 2009

Themes: Risk Management

Commentary

Brief Summary

The article is about the persistent tension that exists between those who base their decisions on degrees that are more subjective of belief about the future that is uncertain and those who remain adamant that the best decisions are those based on numbers and quantification, determined by past patterns. To tell his story, the author refers to the 2007 financial crisis that threatened to bring down the global financial system. The author also talks about the mathematical models the investment firms used during that time to measure risk. According to the article, there are numerous such models for measuring risks with the VaR being the most commonly used model.

The scientists and mathematics built the Value at Risk model around probability theories and statistical ideas that businesspersons and traders have utilized for centuries. The author points out that a number of mathematicians and scientists popularized and developed this model s in the 1990s. The article argues that one of the best appealing attributes of this model is that it represents or shows risks as a single number, or as a dollar figure. It is clear that the VaR model is not a single model but a combination of related models that share a framework in mathematics. According to the writer, the VaR model measures the boundaries of risks over short periods, in a portfolio, assuming a market that is normal (Nocera, 2009).

The writer gives an example of a businessperson who has a weekly VaR of 50 million dollars. According to the article, this means that there is a 99 percent chance that the businessman’s portfolio, over the course of the following week, will not lose the 50 million dollars. The author argues that the model became so popular because it was the only common measure of risk that individuals could apply to most classes of assets. The author also shows the model n to take into account numerous varieties of variables like leverage, diversification and volatility that compose the type of market risks that firms and traders commonly face (Nocera, 2009).

Personal Commentary

In financial risk management and financial mathematics, individuals commonly use VaR as a measure of risk of the risk of loss on certain portfolio of financial assets. For a certain portfolio, time horizon and probability, value at risk can be defined as the value of threshold such that the probability that a market loss on the portfolio over a specified horizon of time is more that this value is the given level of probability (Larsen, Mausser & Ursyasev, 2001). In its most general form, individuals use this model to measure or estimate the potential value loss of an asset that is risky or portfolio over a specified period for a certain interval of confidence. In its adapted form, the model is at times defined more narrowly as the probable value loss from the normal or expected market risk when compared to other risks, requiring a business person or trader to draw distinctions between abnormal and normal risks, in addition to, non- market and market risks (Jorion, 2002).

While any individual entity can utilize the VaR model to measure the exposure of risk, investment and commercial banks are the most likely entities to use this model to capture the potential loss in the traded portfolio value from movements in the market that are adverse over a certain period. One can then compare this to the capital available and to the reserves of cash to make sure that, the model addresses the losses without exposing the firms to unnecessary risks (Jorion, 2006). The common parameters used with this model are 5 percent and 1 percent probabilities and two week and one day horizons, although other combinations are also in use. The reason why individuals assume normal markets using this model, in addition to, no trading, and to limiting loss to measured things in daily accounts, is to make sure that the losses are observable (Crouhy, Galai &Mark, 2001).

In some extreme financial cases, it can be extremely difficult to determine losses, either because the institution bearing losses breaks up or because the prices in the market are unavailable. Some consequences resulting from long- term disasters like loss of confidence in the market, lawsuits and impairment of names of brands can take a long period to play out, and may be challenging to allocate among certain prior decisions. Value at Risk usually marks the boundary between extreme events and normal day. While institutions can lose more than the amount of VaR, one can say that they will not lose it often (Basak & Shapiro, 2001).

References

Basak, S. & Shapiro, A. (2001). Value-at-Risk Based Management: Optimal Policies and Asset Prices. Review of Financial Studies, 14, 371-405.

Crouhy, M., Galai, D. &Mark, R. (2001). The Essentials of Risk Management. New York: McGraw-Hill.

Jorion, P. (2002). How informative are Value-at-Risk Disclosures? The Accounting Review, 77, 911- 932.

Jorion, P. (2006). Value at Risk: The New Benchmark for Managing Financial Risk (3rd Ed.). New York: McGraw-Hill.

Larsen, N. H., Mausser, B. & Ursyasev, S. (2001). Algorithms for Optimization of Value-at-Risk. Research Report. University of Florida.

Nocera, J. (2009). Risk management. The New York Times, January 2, 2009.

Review No.: 3

Source of the Article: CEO Online

Date of Publication: Tuesday 9 June 2009

Themes: Looking into the financial crystal ball

Commentary

Brief Summary

The author’s main concern is the current economic climate that is never uncertain and the impacts such uncertainty can have on businesses. He argues that the current economic climate makes it essential to focus into the future and prepare one’s business for declining or increasing revenues. The article point out that a business owner needs to plan the resources the business might need to fulfill the revenue levels expected. According to the article, all business owners need to plan and prepare for the worst and best case scenarios. As banks increasingly become more demanding about applications of lending, the author indicates that, they are likely to need projections, recent financial statements and cash flows that are more accurate (Hirst, 2009).

Personal Commentary

Businesses face numerous vulnerabilities and threats, and these risks do not stop evolving. Disruptions in business can include such things as natural disasters like power outages, fires and hurricanes. Although planning for business continuity and disaster recovery have since recently become recognized as critical, maintaining and creating plans that are sound still remains complex (Alexander & Sheedy, 2005). Business continuity planning is concerned with addressing the outlook that a disaster might disrupt the activities of an organization’s business. The need for businesses to mitigate risks is especially critical in organizations for- profit making. One way that a business management can understand and identify the criticality of different kinds of business functions is using a business impact analysis (Hopkins, 2010).

The owner of the business should also analyze and address the question of which business functions should receive the highest priority. In choosing a strategy to safeguard a business, comparisons that are cost- benefit are made in respect to the effects of operating a business without various functions and services like proprietary data and call centers at certain times, and coming up with plans for maximum periods of recovery for each function and service. A business continuity plan, thus, includes the information and procedures about resources to aid an organization recover from a disruption in its functions or operations (IRM, 2010).

Irrespective of the size or functionality of one’s business operations, one can only survive the complex and difficult challenges put in the market by competition in the global market only if the businessperson is intelligent and knowledgeable enough to adopt proactive measures to address certain challenges and uncertainties (Moteff, 2005). These proactive measures are extremely useful in situations where uncertainties and risks threaten to disrupt the normal functioning of a business and result to consequences that are undesirable. Businesses, therefore, always be ready or prepared to deal with unforeseen events (Standards Association of Australia, 1999).

References

Alexander, C. & Sheedy, E. (2005). The Professional Risk Managers’ Handbook: A Comprehensive Guide to Current Theory and Best Practices. PRMIA Publications

Hopkins, P. (2010). Fundamentals of Risk Management. New York: Kogan-Page.

Hirst, S. (2009). Looking into the financial crystal ball. CEO online. Retrieved from http://www.ceoonline.com/expert_talk/risk_management/budget_finance/pages/id29465.aspx

IRM. (2010). A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000.

Moteff, J. (2005). Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences (Report). Washington DC: Congressional Research Service.

Standards Association of Australia. (1999). Risk management. North Sydney: Standards Association of Australia.

Review No.: 4

Source of the Article: Nonprofit Risk Management Center

Date of Publication: 2011

Themes: how to bring the power of intuition to the discipline of risk management

Commentary

Brief Summary

The author uses the thoughts of Hilary Austen and her book on the framework of tapping uncertainty, surprise, change and ambiguity to improve one’s performance to construct her article. She points out that risk management practice and theory might seem at war with the invitation of Austen to embrace uncertainty to a traditionalist. She points out that a stereotypical manager of risk typically strives to reduce or eliminate uncertainty to assure the leaders of an organization that little or nothing will go wrong. Yet according to the article, a commitment to manage risk in an organization that is evolving and complex requires more that one’s adherence to a prescribed set of rules. The article uses a number of illustrations to conclude that when keen awareness precedes and underpins skill application in a meeting of managing risks, one will attain the ability to find their way in cases where the application of a precise or rigid formula does not apply (Herman, 2011).

She uses Austen’s arguments to remind us that individuals can enable skills to work responsively and automatically if one cultivates a deep sense of awareness, rather than in reference to a set routine. According to the article, numerous managers who profess risk management interests also yearn for processes that are simple through which they can sort and file some of the risks their firms face. According to the author, risk management frameworks offer firms numerous schematics and frameworks (Herman, 2011).

Personal Commentary

Risks arise from uncertainties. When deciding on the actions to take against these risks, there is a need to manage risks resulting from these uncertainties. In managing risks, risk manager must consider two elements; the likelihood of something undesirable or desirable happening, and the possible consequences if any of all the perceived things happen (Institute of Risk Management, 2002). There are numerous causes of risks raging from mismanaging to misestimating to equipment failure. While it is possible to have an environment that is totally risk free, it is also possible to reduce, avoid, transfer and eliminate some of probable risks (Hubbard, 2009). Risk management consists of processes that are systematic of estimating and addressing risks. The process usually involves context consideration, identification, evaluation, analysis and treatment of risks. It is a process that is interactive that also includes review and monitoring, and usefully involves a dialogue with interested parties along the way (Dorfman, 2007).

While risk management provides one with systems that are structured for analyzing and identifying risks, and implementing and devising response actions against the consequences of risks, a manager should always be ready for certain risks that usually defies the utilization of these set and structured systems (Crockford, 1986). The different responses managers design to mitigate risks usually draw on strategies of risk transfer, risk prevention, risk acceptance and impact mitigation. However, the actions might also require the utilization of other actions that experts have not specified under these categories or the use of a few of the prescribed measures against risks. Within a single proposal or activity, a mix of these strategies may have applications for one or more individual risks. It is the responsibility of the manager to decide which strategies are the best for mitigating risks experienced by their firms depending on the specific details of the risk experienced (Covelo & Allen, 1988).

References

Covelo, V. & Allen, F. (1988). Seven Cardinal Rules of Risk Communication. Washington, DC: U.S. Environmental Protection Agency.

Crockford, N. (1986). An Introduction to Risk Management. Cambridge, UK: Wood head-Faulkner. 

Dorfman, M. (2007). Introduction to Risk Management and Insurance. Englewood Cliffs, N.J: Prentice Hall.

Herman, M. L. (2011). How to bring the power of intuition to the discipline of risk management. Nonprofit Risk Management Center, 20 (2), 2-4.

Hubbard, D. (2009). The Failure of Risk Management: Why it is Broken and How to Fix It. New York; John Wiley & Sons.

Institute of Risk Management. (2002). A Risk Management Standard. London: Institute of Risk Management.

Review No.: 5

Source of the Article: Risk- Magazine.net

Date of Publication: 22 February 2010

Themes: Crossing the Chasm

Commentary

Brief Summary

This article addresses the issue of risk management clock- speed. The article defines this term as the rate at which individuals or systems collect process and avail information about risks to managers of risk to support their decisions about risk mitigation. The author argues that slow clock- speeds for risk management are usually fine only when the risk volatility is low and when volatility time is moving slowly. He, however, points out that when this volatility time moves at a faster rate, it can overwhelm the information system of risk management operating at a clock- speed that is slow. According to the article, decisions are needed in hours or even minutes during a crisis rather than in weeks or days, in such an environment, decisions might be made in haste and informed by information that is either structured poorly or stale to address the urgent issue.

According to the author, one of the issues associated with clock- speeds of risk management that are slow is the pervasive legacy of the available systems for collecting information that usually grow by accretion over years. The author shows global communication bandwidth as a serious limitation in not more than ten years ago, in which case, economists developed systems to economize this relatively scarce resource. In addition, the author points out that most resource systems did not have means that were message based of transmitting output to external systems. Because of this, batch files production became the standard and common method for feeding data into key risk systems. Even in the best of scenarios, this method meant that information or data would be out of date by at least 16 hours (Scholes, 2010).

The article also shows incomplete coverage of data as another issue that slows the clock- speed for risk management. When a firm encounters critical challenges, having access to complete information on all functions or business areas is critical. Poor data organization and limited ability to analyze and tabulate the aggregations is another problem the author cites as a challenge to risk management clock- speed. The author argues that there is a metaphorical chasm dividing a system that is flexible and up- to- time from the typical existing infrastructure of information. To solve this challenge, the article advices that institutions should recognize and acknowledge the magnitude of the challenge and start to develop a long- range plan to mitigate or solve it (Scholes, 2010).

Personal Commentary

Current best activities and practices in managing risks revolve around and concern themselves with the techniques and processes of registering risks. This limited approach, however, is out of step with the current psychological studies that suggest that individuals deal with and handle risks differently depending on the amount of time availed to them for thinking. These studies advise firms and business owners to revisit their approaches of managing risks and include to their new approaches aspects of available time and the structure and the organization of the available information (Smith & Borodzicz, 2008).

Another article describes risk clock- speed as the rate at which necessary information to manage and understand risks is availed. The article also argues that there are two main classes of risk clock- speeds; the slow clock- speed risks and the fast clock- speed risks (Smith, 2010). The slow clock- speed risks are those risks where enough time of thinking is available. On the other hand, fast clock- speed risks are those risks that are at or close to real time. The risk clock- speed window is the range between how well firms can deal with slow clock- speed risks and fast clock- speed risks, and still functions well (Borodzicz, 2005).

A slow risk clock – speed is the approach most organizations adopt in solving or addressing their risks because the risk is not pressing in relation to time. A slow clock speed allows a firm enough time for due consideration, time for moderation, time to create and plan a response, and time to assess the efficiency and effectiveness of the structured response (Anderson, 2010). In addition to this, a slow clock – speed also allows individuals time to seek advice from experts, time to review plans and approaches, and time to redo a plan several times. However, it should be realized that a fast clock – speed does not allow firms the kind of leisure slow clock – speeds allow organizations. Organizations are allowed only a few hours or minutes to come up with a solution to a risk (Alberts, Dorofee & Marino, 2008).

References

Alberts, C., Dorofee, A. & Marino, L. (2008). Mission Diagnostic Protocol, Version 1.0: A Risk-Based Approach for Assessing the Potential for Success. Software Engineering Institute.

Anderson, R. (2010). Risk appetite. London: The Institute of Risk Management.

Borodzicz, E. (2005). Risk, Crisis and Security Management. New York: Wiley

Scholes, M. (2010). Crossing the Chasm. Risk-mgazine.net

Smith, K. & Borodzicz, E. (2008). Risk clockspeed: a new lens for critical incident management and response. The Systemic, 30 (2), 345-370.

Smith, K. (2010). Risk Clockspeed: an introduction to risk clockspeed. IRM Forum.