What is a risk analysis in a project and how to evaluate it

Force majeure in business is not uncommon. When developing large and small projects, situations constantly arise that can accelerate the achievement of a set goal or slow down development, and sometimes lead to failure. You can prevent negative developments by learning how to assess and manage risks. Most threats can be predicted and solutions prepared in advance. In this article, the reader will learn about risk analysis methods and risk management techniques.

Business risks

This phrase refers to various circumstances, the appearance of which during the development and implementation of a project has a positive or negative impact on any component or on the business as a whole. For example, a person opened a summer cafe on the eve of the 2020 season, and at that time they announced quarantine due to the pandemic. Clients cannot be accepted, and the entrepreneur has not prepared for remote service, the business has stopped. Another example is when a project is half-finished, but then the customer changes the requirements. As a result, some of the work has to be redone (loss of time, reduced income).

Travel companies face many dangers: popular destinations are often closed due to the turbulent political situation in the country (Egypt, Israel, Tunisia) or due to climatic collapses (floods, snow drifts), strikes by transport workers. You can suffer due to violations of agreements with partners. For example, a dairy plant has signed a contract for the supply of products to a neighboring city. But the transport company did not deliver the shipment on time, and they did not think of an alternative delivery option. As a result, the company was charged a penalty for violating delivery deadlines.

Significant risk factors include changes in legislation, a sharp drop in the exchange rate, and unsuccessful investments (the company in which the money was invested went bankrupt). But the emergence of new types of equipment, technologies, and the introduction of financial benefits for various categories of entrepreneurs can play a positive role in business. Such changes are called positive risks.

For example, a sewing factory has planned to make a batch of summer dresses and has included in the estimate the cost of the fabric at which the manufacturer sells it. But when it came to placing an order, it turned out that wholesalers were getting a discount. As a result, each dress turned out to be 10% cheaper. Another example: the team developed a project implementation plan and calculated the time and costs based on previous experience. However, during the development process, a new non-standard approach was found. An innovation has appeared on the market, the introduction of which at the enterprise will accelerate the completion of work and help reduce costs. The engineers conducted an audit of the IT infrastructure and found that its implementation would not require large investments or time for adaptation. The company acquired the technology and completed the project a month ahead of schedule. The positive risks include tax breaks that companies in the IT sector have received in recent years.

Business hazards are characterized by two concepts:

• probability is the chance that a risky situation will occur.;
• Consequences are the amount of damage or benefit to a project from a situation that may occur.

Both indicators are measured as a percentage.

What does risk management mean and why is it necessary?

Management is a system of measures that covers the identification, analysis, assessment of the company’s risks, as well as planning and monitoring the situation. It is almost impossible to reduce the likelihood of hazards, but it is possible to anticipate their occurrence and take timely measures to reduce negative consequences. This is the purpose of management.

It can be aimed at:

1. Reduction of financial losses (for example, to decide which is more profitable: to pay a fine for violation of delivery dates due to the fault of a partner or to hire another supplier at a double rate for speed);
2. Maximizing positive risks. The manager can explore the market for new technologies that can optimize the process of working on a project and recommend purchasing them.
3. Compliance with project deadlines. Many of them are thinking about holidays: New Year’s Eve or March 8th. These days, the workload is always higher as the number of orders increases dramatically. Knowing this, the manager additionally hires employees and distributes tasks between them. Thus, despite the force majeure circumstances, the deadlines will not be violated.
4. Justifying the trust of customers. If you constantly delay delivery dates, customers will terminate their contracts. It is necessary to calculate all situations that may lead to a delay in deadlines and develop backup options.
5. Reducing stress in the team. If the staff is confident that they will receive accurate instructions for action in any peak situation, they will be less nervous and work more stably.

Managing risks, managers:

• they increase the likelihood of successful project implementation;
• reduce the impact of negative impacts;
• improve quality and efficiency;
• optimize the cost and timing;
• strengthen the reputation and competitiveness of the company;
• they develop the team’s skills to act harmoniously in any situation.

Risk management is a mandatory part of the quality management of the production process, therefore it is also a mandatory requirement for a number of international quality standards and certifications, including:

• ISO 9001;
• ISO 31000;
• PMBOK;
• PRINCE2.

Types of risks

For reasons of

1. Internal, which depend on the employees and managers of the company and which are easier to control:

• low staff motivation;
• planning errors;
• lack of qualified personnel, including management personnel;
• poor psychological climate in the team, conflict.

2. External, independent of the company and virtually uncontrolled. But we also need to prepare for them by modeling situations. This category includes:

• changes in legislation;
• aggravation of the socio-political situation in the region;
• military actions;
• natural disasters (fires, floods, earthquakes);
• the emergence of technological innovations;
• equipment failures;
• the actions of competitors.

On possible consequences

1. Temporary ones that cause project completion deadlines to be disrupted, for example, the company did not have time to deliver school uniforms to the store by the beginning of the school year.
2. Budget estimates that threaten to become more expensive. Usually, such dangers are associated with a change in the dollar exchange rate and a rise in the price of raw materials.
3. The danger of addiction. This refers to a situation where the completion of the next stage of work depends on the completion of the previous one. Example: a company launched a new brand and entered into an agreement with a store to sell a product, but the designer’s illness prevented the preparation of a new label on time, which suspended the shipment and delivery of the batch to the store.

By the amount of possible losses

1. Acceptable ones. If the predicted danger has turned into a problem, but the losses do not exceed the profit, then this outcome is considered acceptable. Example: a garment factory did not have time to purchase materials at the old prices and bought them at the new ones, which are 5% higher. Such an overpayment will have little effect on revenue, so the risk is acceptable.
2. Critical ones. This includes cases when a dangerous situation has developed that has led to a loss of revenue or investments. Example: if the catering company does not have time to deliver all the ordered dishes by the beginning of the event, they will not be accepted and will not be paid later. The illiquid will have to be disposed of.
3. Catastrophic events are those that can lead not only to the bankruptcy of a company, but also to loss of life or environmental disasters.

How to assess risks

Evaluation is the process of identifying the most vulnerable parts of a business process. The assessment is based on qualitative and quantitative criteria.

In the first case, determine:

• What can happen and when?;
• how will this event affect the production process?;
• what is the probability of danger?

There are 3 degrees of danger of risks:

• high;
• the average;
• low.

Different techniques are used to identify the level of danger:

1. The method of analogies. It is based on a comparison of hazards from similar projects that have already been implemented. For example, a woodworking company decided to set up production for the production of plywood. One of the co-founders used to work at other plywood manufacturing companies and knows what problems he had to face. When discussing the project, he will share his previous experience with his companions and help them avoid similar dangers.
2. Maintaining lists of sources of risks. Organizations are constantly faced with problems that need to be solved. For successful development, you should keep a journal that records all the difficulties encountered in each project and how to solve them. This material will be useful at the stages of production expansion.
3. Rating assessment, i.e. giving a risk a danger score on a 5- or 10-point scale. For example, if information has emerged that the state will soon introduce amendments to the law on tougher penalties for tax violations, then such a risk should be given the highest danger score. And this will mean that in the near future, the management and accountant will need to optimize tax payments. If a company has 5 suppliers, of which three are active and two are in reserve, then the risk of a supply outage is not higher than one.
4. The expert assessment method. It is based on the opinions of people with experience. Research can be conducted in various ways, for example, by brainstorming. Another way is to conduct an anonymous survey of experts in order to exclude the mutual influence of expert opinions.
5. SWOT analysis involves identifying strengths and weaknesses, as well as opportunities and threats. Example: the introduction of a voice assistant by a mobile operator. The strong side is the simplification of working with users (the robot will be able to answer the most frequent questions from customers from different fields, make an appointment, etc.). The weak side is that the neural network needs to be trained for a long time, which will require specialists and preparation of materials. Opportunities – audience expansion. Threats are the rejection by many people of the metallic speech of a robot (many people like to communicate with real people).
6. The method of building a spiral of risks. This is a graphical model that shows the likelihood of hazards in the main areas of the company’s work: personnel, logistical, financial, marketing, informational, management, related to the operation of the equipment. And how it will affect the production process.

For example, if one or two managers go on vacation, nothing terrible will happen, but if several machines fail at once, the risk of order fulfillment deadlines increases.

After determining the qualitative criteria, they proceed to a quantitative analysis, which determines the actual losses from possible hazards. Example: a developer sees that he has to postpone the deadline for the completion of a house by three months. This means that the shareholders may demand a penalty. There are 100 apartments in the house, meaning the developer will have to pay a penalty to hundreds of shareholders for 90 days of delay, which could amount to tens of millions of rubles.

You don’t have to waste time on low-risk risks, but the average ones should be kept under constant control so that they don’t escalate into high ones. But the tall ones should be given the most attention and protected from them in the first place.

Management strategies

Strategies are understood as ways to respond to situations that may lead to negative or positive consequences. Among them:

1. Avoidance, which implies taking timely measures to prevent critical situations. Example: The assembly of a batch of cars is being completed at the factory. The management has purchased new, more technologically advanced equipment that can speed up the assembly process. However, until the technologists figure out how it works and fix it, it’s better to work on the old one. Otherwise, the assembly time may be disrupted.
2. Mitigation – actions aimed at reducing the likelihood of negative scenarios developing or minimizing their consequences. Here, too, you can give an example with new equipment. For example, if it has already been delivered to the factory, but there are doubts that there will be technical failures, it is advisable to conduct additional tests first, without including the machines in the production process. In the meantime, work on the old equipment.
3. Transfer, which consists in delegating part of the responsibility to the counterparty. For example, a developer cannot accurately determine the deadline for the completion of an object, since it is obvious that they will have to expand the list of works and purchase additional materials (most likely at higher prices). In this case, the risk of an increase in the cost of materials should be shifted to the customer. Another example is the insurance of an object against fire. If it does happen, the insurers will pay the money to the company, i.e. they will take over part of the losses.
4. Acceptance. This method is used when it is obvious that it will not be possible to avoid the risk, but its consequences will not be catastrophic. Depending on the circumstances, the company can ignore the situation (passive acceptance) or prepare in advance by creating a resource to recover losses (active acceptance).

There are also methods for dealing with positive risks:

1. Use, i.e. the development of measures that will help maximize possible positive risks. For example, in order to finish a project faster, the manager invites one or more third-party professionals.
2. Cooperation. This is a collective technique in which organizations form partnerships in order to obtain greater benefits. Example: the start of sales of the latest bestseller by a popular writer will take place with the presence of the latter (he will conduct a master class). The store owners can invite students of literary faculties with a discount.
3. Gain. Example: A cheese factory can sell cheeses in its store, or it can sign a contract with a supermarket chain, thereby increasing sales.

The choice of strategy depends on:

• Project objectives;
• financial capabilities of the company;
• access to technical facilities, etc.

Stages of management

Planning

This is a preparatory stage during which management goals and methods are defined, roles and responsibilities are assigned to a group of risk managers, and evaluation criteria and priorities are established. The risk management plan should be part of the overall project implementation plan.

Identification

Using the available tools, it is important to identify hazards. It is important to identify the types of threats, at what stage to expect them, and what the causes may be. The analysis identifies which threats come from internal causes (such as frequent equipment breakdowns or improper performance of tasks by personnel), and which from external ones (frequent interruptions in the supply of raw materials). If an organization constantly violates deadlines for completing tasks due to inconsistencies in the actions of departments, then they check the effectiveness of these departments. If failures occur in different workshops and departments for different reasons, then it is worth conducting an audit of production processes and identifying the main causes of regular failures. As a result, a risk register is compiled, which will then need to be worked out.

Evaluation

At this stage, the probability of a scenario developing is assessed and a risk matrix is drawn up to visually represent which ones to pay maximum attention to and which ones do not pose a major threat. It also shows how much damage or benefit can be expected.

Reaction planning

At this stage, they develop an action strategy for each possible threat, the required resources, and identify those responsible. As a result, a reaction plan should appear, i.e. the scheme of actions when identifying a particular threat.

If, during the implementation of past projects, the company was constantly faced with the problem of incorrect or late completion of tasks by staff, then it will be necessary to audit personnel processes, identify the causes of regular violations and take action.

An audit of logistics processes will help identify the causes of delays in the delivery of finished products and plan new logistics schemes in advance.

Monitoring and management

At this stage, managers:

• they are engaged in monitoring the situation;
• An analysis of the effectiveness of risk diagnosis is carried out;
• they note which forecasts were justified and which were not;
• adjust previously made plans;
• They determine which tasks have been completed and which have not.

How to start the business risk analysis process

1. Identify internal risks. Analyze the specific situations that may occur at different stages of the project.
2. Make a list of hazards, including all potential hazards specific to your field of activity. Divide the threats into general and private ones.
3. Distribute the responsibility of risk management among employees. The manager cannot control all the dangers by himself. If the probability of any danger is too high, assign a group of employees responsible.
4. Develop control methods and hazard management methods together with responsible employees. It is necessary to develop measures to reduce their occurrence, as well as create a backup management option.
5. Assess the risks and their consequences. To do this, you need to find compelling arguments that confirm the likelihood of a particular type of danger when investing in a project.
6.  Update the corporate risk library regularly.

Conclusion

If you do not engage in risk management, it will lead first to the collapse of the project, and then the entire enterprise. Risk analysis is necessary for a business to prepare for a difficult situation. And if you do this systematically, the company will be reliably protected from unexpected losses.