About the Authors xvii Preface to the Second Edition xviii Preface to the First Edition xix Acknowledgments xxi Glossary of Terms xxii 1 Introduction 1 1.1 Introduction 1 1.2 The Project Perspective 1 1.3 The Project Stakeholder Perspective 2 1.4 Overview of Contents 3 1.5 Limitations Caveat 5 2 An Overview of Risk 7 2.1 Chapter Introduction 7 2.2 Risk Definitions 7 2.3 Threat and Opportunity 9 2.4 Risk and Uncertainty 11 2.4.1 Uncertainties in the Type of Risk Trigger Events 14 2.4.2 Uncertainties in the Occurrence of Risk Events 14 2.4.3 Uncertainties in the Period of Exposure to Risk Events 14 2.4.4 Uncertainty in the Type of Consequences of Risk Events 15 2.4.5 Uncertainty in the Magnitude of Risk Consequences 15 2.4.6 Uncertainty in Periods of Exposure to Risk Consequences 16 2.5 The Dynamic Nature of Risk 17 2.6 Psychology and Perceptions of Risk 17 2.7 Risk Awareness 18 2.8 Classifying Risk 19 2.8.1 A Generic Source Event Risk Classification System 20 2.8.2 Natural Systems Risks 21 2.8.3 Human Risks 22 2.8.4 Risk Classification Based on Organisational Structure 25 2.8.5 Risk Classification Based on Project Phases 26 2.8.6 Customised Hybrid Approaches to Risk Classification 26 2.8.7 Multisystem Risk Classification 28 2.9 Risk Communication 28 2.10 Chapter Summary 29 References 30 3 Projects and Project Stakeholders 31 3.1 Introduction 31 3.2 The Nature of Projects 31 3.3 Project Objectives 32 3.3.1 Procurement Objectives 33 3.3.2 Operational Objectives 35 3.3.3 Strategic Objectives 36 3.4 Project Phases 39 3.5 Composition of Projects 41 3.6 Processes of Project Implementation 43 3.6.1 IT Project Example 44 3.6.2 Ideation and Concept Development 44 3.6.3 Project Development Stage 45 3.6.4 Project Deployment and Operation 46 3.6.5 Operational Maintenance 46 3.7 Organisational Structures for Projects 46 3.8 Project Stakeholder Relationships 47 3.9 Stakeholder Organisational Structures 55 3.9.1 Simple Structures 55 3.9.2 Machine Bureaucracies 55 3.9.3 Professional Bureaucracies 57 3.9.4 Divisionalised Forms 59 3.9.5 Adhocracies 60 3.10 Modes of Organisational Management 61 3.11 Project Stakeholder Decision-Making 62 3.12 ‘Risky’ Projects 66 3.13 Chapter Summary 68 References 68 4 Project Risk Management Systems and Frameworks 69 4.1 Chapter Introduction 69 4.2 Risk Management 70 4.3 Risk Management Systems 72 4.4 Risk Management Standards and Guides 73 4.5 A Cycle of Systematic Project Risk Management 75 4.5.1 A: Establish the Context 77 4.5.2 B 1 : Identify Risks 77 4.5.3 B 2 : Analyse Risks 78 4.5.4 B 3 : Evaluate Risks 78 4.5.5 C: Respond to Risks 78 4.5.6 D: Monitor and Control Risks 79 4.5.7 E: Capture Project Risk Knowledge 79 4.6 Project Stages and Risk Management Workshops 80 4.6.1 Construction Project Example 80 4.6.2 The DB Design-Bid Stage 82 4.6.3 The DB Build Stage 83 4.6.4 IT Project Example 84 4.7 A Project Risk Register Template 86 4.8 RMS Integration 89 4.9 RM Governance and Responsibility 89 4.10 Joint Venture RMS 89 4.11 Project Client RM Requirements 90 4.12 Chapter Summary 90 References 91 5 Project Risk Contexts and Drivers 93 5.1 Chapter Introduction 93 5.2 The Contextualising Process 94 5.3 Internal Contexts as Risk Drivers 95 5.4 External Contexts as Risk Drivers 97 5.4.1 Physical Contexts 99 5.4.2 Technical Contexts 100 5.4.3 Economic Contexts 100 5.4.4 Social Contexts 101 5.5 Using Contextual Information 102 5.6 Chapter Summary 104 Reference 104 6 Approach to Project Risk Identification 105 6.1 Chapter Introduction 105 6.2 Approach to Risk Identification 106 6.3 Workshop Timing 107 6.4 Types of Risk Identification Techniques 112 6.4.1 Activity-Related Techniques 114 6.4.2 Analytical Techniques 114 6.4.3 Associated Representative Techniques 115 6.4.4 Functional Value-Related Technique 116 6.4.5 Matrix Combinations 117 6.4.6 Simulation or Visualisation Techniques 117 6.4.7 Speculation Techniques 117 6.4.8 Structural or Management Techniques 118 6.5 Chapter Summary 119 Reference 119 7 Project Risk Identification Tools 121 7.1 Chapter Introduction 121 7.2 Activity-Related Tools 122 7.2.1 Work Breakdown Structures 122 7.2.2 Bar Charts 126 7.2.3 Critical Path Networks 127 7.3 Analytical Tools 130 7.3.1 Decision Tree Analysis 131 7.3.2 Event Tree Analysis 133 7.3.3 Fault Tree Analysis 134 7.3.4 Failure Modes and Effects Criticality Analysis 135 7.3.5 Hazard and Operability Studies (HAZOPS) 136 7.3.6 Safety Hazard Analysis (SHA) 138 7.4 Associated Representative Tools 141 7.4.1 Contextualisation 141 7.4.2 Checklists 142 7.4.3 Financially Related Tools 144 7.4.4 Procedural Manuals Tools 144 7.4.5 Design/Cost Related 148 7.4.6 Risk Related 150 7.5 Matrix Combinations Tools 152 7.6 Simulation or Visualisation Tools 155 7.7 Speculation Tools 157 7.7.1 Scenario Testing 157 7.7.2 Stress Testing 158 7.8 Structural or Management Tools 159 7.9 Risk Identification Statements 159 7.10 Chapter Summary 162 References 163 8 Project Risk Analysis and Evaluation 165 8.1 Chapter Introduction 165 8.2 Qualitative Analysis 167 8.3 Assessing Likelihood 168 8.4 Assessing Impacts 171 8.5 Evaluating Risk Severity 172 8.6 Quantitative Analysis 175 8.7 Risk Mapping 183 8.8 Chapter Summary 184 Reference 186 9 Risk Response and Treatment Options 187 9.1 Chapter Introduction 187 9.2 Risk Attitudes and Appetites 188 9.3 Existing Risk Controls 191 9.4 Risk Response Options 192 9.4.1 Risk Avoidance 192 9.4.2 Risk Transfer 194 9.4.3 Risk Reduction and Retention 196 9.4.4 Risk Retention 197 9.4.5 Combination Responses to Risk 197 9.5 Risk Treatment Options 198 9.6 Risk Mitigation Principles 200 9.7 Strategic use of ALARP 201 9.8 Re-assessment 202 9.9 Recording Decisions 202 9.10 Chapter Summary 203 References 203 10 Risk Monitoring and Control 205 10.1 Chapter Introduction 205 10.2 Assigning Responsibility 206 10.3 Monitoring Procedures 209 10.3.1 Negligible Risks 210 10.3.2 Low Risks 210 10.3.3 Medium Risks 210 10.3.4 High Risks 210 10.3.5 Extreme Risks 211 10.4 Control Measures 211 10.4.1 Negligible Risks 212 10.4.2 Low Risks 212 10.4.3 Medium Risks 212 10.4.4 High Risks 212 10.4.5 Extreme Risks 212 10.5 Reporting Processes 214 10.6 Dealing with New Risks 215 10.7 Disaster Planning and Recovery 215 10.8 Capturing Project Risk Knowledge 216 10.9 Chapter Summary 217 11 Project Risk Knowledge Management 219 11.1 Chapter Introduction 219 11.2 Knowledge Definitions and Types 221 11.2.1 Knowledge Transformation 221 11.2.2 Types and Forms of Knowledge 223 11.2.3 Organisational Culture and Knowledge Management 223 11.3 The Knowledge Creation Cycle 224 11.3.1 Stage 1 (Tacit to Tacit): Use and Validate 225 11.3.2 Stage 2 (Tacit to Explicit): Identify and Capture 225 11.3.3 Stage 3 (Explicit to Explicit): Codify and Store 225 11.3.4 Stage 4 (Explicit to Tacit): Share and Update 226 11.3.5 Using and Validating Knowledge 226 11.3.6 Identifying and Capturing Knowledge 227 11.3.7 Codifying and Storing Knowledge 228 11.3.8 Sharing and Updating Knowledge 229 11.4 Additional Issues of Organisational Culture 230 11.4.1 KMS Alignment and Information Redundancy 231 11.4.2 Tools and Techniques for Eliciting Risk Knowledge 231 11.4.3 Brainstorming Sessions 233 11.4.4 Storytelling 233 11.4.5 Communities of Practice 233 11.4.6 Networking 234 11.4.7 Project Reviews, Project Debriefings and ‘Lessons Learned’ 234 11.4.8 Mentoring and Apprenticeships 235 11.4.9 Induction and Training Courses 235 11.4.10 Workplace Design 235 11.4.11 People Finders 235 11.4.12 Intranets and IT Platforms 235 11.4.13 Internet Search Engines and Alerting Services 236 11.4.14 Organisational Culture 236 11.4.15 PRMS-Related Tools 236 11.4.16 Developing Organisational Risk Wisdom 237 11.5 Project and ORR Architecture 237 11.5.1 Capturing Project Risk Experiences 238 11.5.2 PRRs 239 11.5.3 Beyond the Project Level is the ORR 240 11.6 Challenges for Implementing RKMSs 242 11.6.1 Issues Relating to Knowledge Itself 242 11.6.2 Storing, Accessing and Using Knowledge 242 11.6.3 Knowledge System Development and Implementation Costs 243 11.6.4 Concern with Financial Issues and Return on Investment 244 11.6.5 Concern with Time Management and ‘Unproductive Tasks’ 244 11.7 Communication and Risk Knowledge Management 246 11.8 Ai 247 11.9 Chapter Summary 249 References 249 12 Cultural Shaping of Risk 251 12.1 Chapter Introduction 251 12.2 Culture in Society 252 12.3 Organisational Cultures 253 12.3.1 Organisational Scans 256 12.3.2 The Organisational Scanning Process 259 12.4 External Cultures as Project Risk-Shapers 260 12.4.1 Media Scans 260 12.5 Organisational Cultures of Other Project Stakeholders 261 12.6 Applying Cultural Shaping in Project Risk Management 262 12.7 Chapter Summary 266 Reference 267 13 Project Complexity and Risk 269 13.1 Chapter Introduction 269 13.2 The Concept of Complexity 269 13.2.1 Differentiation 272 13.2.2 Inter-dependency 274 13.3 Relative Complexity 276 13.4 Uncertainty and Project Complexity 278 13.5 An Early-Stage Project Complexity Assessment Tool 280 13.6 Identifying and Mapping Complexity 284 13.7 Influence of Complexity on Risk Management 285 13.8 Complexity and Mega-Projects 286 13.9 Chapter Summary 288 References 289 14 Political Risk 291 14.1 Chapter Introduction 291 14.2 Political Spheres 293 14.3 Dimensions of Political Risk Factors 293 14.4 Examples of Political Risks 295 14.5 Political Stakeholders 298 14.6 Managing Political Risks 298 14.6.1 Contextualising 298 14.6.2 Identifying Political Risks 300 14.6.3 Analysing and Assessing Political Risks 300 14.6.4 Responding to Political Risks 301 14.6.5 Monitoring and Controlling Political Risks 302 14.6.6 Knowledge Capture 302 14.6.7 In-House Political Risks 302 14.7 More Extreme Political Threat Risks 303 14.8 Professional Misconduct 304 14.9 Corruption 305 14.9.1 Conflict of Interest 308 14.10 Chapter Summary 309 References 310 15 Planning for Crisis Response and Disaster Recovery 313 15.1 Chapter Introduction 313 15.1.1 Crisis 313 15.1.2 Disaster 314 15.2 Crises 314 15.2.1 Snowy Hydro 2 Scheme 315 15.2.2 COVID-19 Pandemic 316 15.2.3 Australian Housing Crisis 318 15.2.4 Australian Telco Crises 319 15.3 Disasters 319 15.3.1 Whakaari White Island Disaster 320 15.3.2 Floods and Fires 321 15.3.3 Asylum Seeker Disasters 321 15.4 Planning for Crisis Response and Disaster Recovery 322 15.4.1 Strategic Management 322 15.4.2 Strategic Planning Management 325 15.4.3 The Champlain Towers Disaster 325 15.4.4 Leadership and Management Control 327 15.4.5 Regulatory Environments 328 15.4.6 Human Resource Management 329 15.4.7 Resources Management 329 15.4.8 Utilities and Services 330 15.4.9 Security and Crime 331 15.4.10 Health Services Management 332 15.4.11 Environment 332 15.4.12 Cross-border Co-operation and Management 332 15.4.13 Communications Management 333 15.5 Risk Management for Crisis Response and Disaster Recovery Planning 333 15.6 Chapter Summary 334 References 334 16 Opportunity Risk Management 335 16.1 Chapter Introduction 335 16.2 Concept of Opportunity Risk 336 16.3 Opportunity Risk in Projects 338 16.4 Examples of Opportunity Risks 339 16.4.1 IT Brand Product Personalisation Service 339 16.4.2 Botanic Gardens Special Display Project 339 16.4.3 Case Study A (PPP Correctional Facility) 340 16.4.4 Case Study C (Aid-Funded Pacific Rim Island Civic Project) 340 16.5 Managing Opportunity Risks 341 16.5.1 Implications for Personnel 341 16.5.1.1 SP1: Exchanging Ideas Too Early and Too Often Hinders Their Diversity and Potential to Innovate 342 16.5.1.2 SP2: The Workplace Should Promote Absurdity 342 16.5.1.3 SP4: Adversities Are Worth Keeping, Even Introduced, in the Workplace to Promote Innovation 343 16.5.1.4 Artificial Intelligence (AI) 343 16.5.1.5 Implications for the Project RMS 344 16.5.1.6 Context Establishment 344 16.5.1.7 Risk Identification 344 16.5.1.8 Risk Statements 345 16.5.1.9 Risk Analysis 345 16.5.1.10 Risk Evaluation 346 16.5.1.11 Risk Response 346 16.5.1.12 Monitoring and Control 350 16.5.1.13 Knowledge Capture 350 16.6 Chapter Summary 350 References 351 17 Strategic Risk Management 353 17.1 Chapter Introduction 353 17.2 Strategic Issues for Project Risk Management 355 17.2.1 Project Risk Management System (PRMS) Implementation 356 17.2.2 System Separation/Integration 358 17.2.3 System Inception 359 17.2.4 Initial System Application 359 17.2.5 Roles and Responsibilities 360 17.2.6 PRMS Process Approach 361 17.2.7 Risk Knowledge Management 363 17.2.8 PRMS Maintenance and Development 364 17.2.9 Crisis Response and Disaster Preparedness 364 17.3 PRMS Process Strategies 366 17.3.1 Project Contextualisation 366 17.3.2 Project Risk Identification Strategies 367 17.3.3 Quantitative and Qualitative Risk Analysis Strategies 367 17.3.4 Risk Response and Treatment Strategies 369 17.3.5 Risk Monitoring and Control Strategies 369 17.3.6 Risk Knowledge Capture Strategies 370 17.4 Chapter Summary 370 References 370 18 Planning, Building and Maturing a Project Risk Management System 371 18.1 Chapter Introduction 371 18.2 PRMS Objectives 372 18.3 Planning and Designing the PRMS 373 18.3.1 Planning the PRMS 373 18.3.2 Designing the System 374 18.4 Risk Management Maturity 376 18.4.1 Level 1 PRMS Maturity (Mostly Unaware) 376 18.4.2 Level 2 PRMS Maturity (Starting) 377 18.4.3 Level 3 PRMS Maturity (Growing) 379 18.4.4 Level 4 RM Maturity (Maturing) 380 18.5 Building the PRMS 382 18.5.1 Organising the PRMS Project 382 18.5.2 PRMS Specialists 382 18.5.3 System-Building Tasks 383 18.5.4 Component Testing 384 18.5.5 PRMS Trials 385 18.5.6 PRMS Roll-Out 385 18.6 PRMS Performance Review and Improvement Cycle 386 18.6.1 Review Criteria 387 18.6.2 System Benchmarking 390 18.6.3 Addressing System Decay 391 18.6.4 Review Frequency 392 18.7 Chapter Summary 392 References 392 19 Computer Applications 395 19.1 Chapter Introduction 395 19.2 PRMS Software Applications 396 19.2.1 Tables and Matrices 396 19.2.2 Spreadsheets 398 19.2.3 Project Management Systems 400 19.2.4 Bespoke RKMS 401 19.3 Other Information Technologies and Tools 401 19.3.1 Simulation Systems 401 19.3.2 Smart Sensors 402 19.3.3 Aerial Drones 402 19.3.4 Building Information Modelling 403 19.4 Chapter Summary 403 20 Communicating Risk 405 20.1 Chapter Introduction 405 20.2 Communication Theory and Models 406 20.2.1 Other Theory Elements of the Model 406 20.2.2 Processes in the Model 408 20.3 Components in the Communication Process 409 20.3.1 Senders 409 20.3.2 Receivers 409 20.3.3 Messages 409 20.3.4 Media 410 20.3.5 Channels 411 20.3.6 Relays 411 20.3.7 Filters 412 20.3.8 Interference 412 20.3.9 Feedback 413 20.4 Communicating Risk in the PRMS Cycle 413 20.5 Communicating Project Risk Beyond the Project Stakeholder Organisations 415 20.5.1 Promotional Announcements 415 20.5.2 Communicating Risk in Adverse or Challenging Environments 415 20.5.3 Social Amplification of Risk 415 20.5.4 Social Licence 416 20.5.5 Communication in Extensive Advisory Loops 417 20.6 Evaluating Risk Communication 417 20.7 Chapter Summary 418 References 419 21 Conclusions 421 21.1 Chapter Introduction 421 21.2 Current State of Project Risk Management 422 21.2.1 Changes in Business Conditions 423 21.2.2 More Serious Risk Impacts and Consequences 423 21.2.3 Public Expectations and Regulations 423 21.2.4 Publication of Standards and Texts 424 21.2.5 Psycho-Social Emphases 424 21.2.6 Tertiary Curriculum Changes 424 21.2.7 Continuing Issues with Contemporary PRMS 424 21.3 Future Project Risk Management 425 21.4 Checking Your Reading Satisfaction 427 21.4.1 Risk 427 21.4.2 Projects 428 21.4.3 Prms 428 21.4.4 Risk Contexts 429 21.4.5 Risk Identification 429 21.4.6 Risk Assessment 430 21.4.7 Risk Response 430 21.4.8 Risk Monitoring and Control 431 21.4.9 Risk Knowledge Management 431 21.4.10 Risk and Culture 431 21.4.11 Complexity 432 21.4.12 Political Risk 432 21.4.13 Planning for Crisis Response and Disaster Recovery 433 21.4.14 Opportunity Risk 433 21.4.15 Strategic Risk Management 433 21.4.16 Building and Maturing a PRMS 434 21.4.17 Computer Applications 434 21.4.18 Communicating Risk 435 21.4.19 Case Studies 435 21.5 Closing Remarks 436 Case Study A: PPP Correctional Facilities Project 439 Case Study B: Rail Improvement Project 449 Case Study C: PM Consultant and Government-Aid-Funded Pacific-Rim Project 455 Case Study D: High-Capacity Metropolitan Train Mock-up Project 461 Case Study E: Hot-Rod Car Project 463 Case Study F: Aquatic Theme Park Project 467 Case Study G: Risk Governance Guidance Document 471 Case Study H: Rise and Fall of a Plumbing Company 477 Index 483

A comprehensive and highly practical overview of project risk management emphasising pragmatic solutions and user-friendly methods without advanced mathematical techniques Managing Project Risks provides a comprehensive treatment of project risk management, offering a systematic but easy-to-follow approach. This book explores critical topics that influence how risks are managed, but which are rarely found in other books, including risk knowledge management, cultural risk-shaping, project complexity, political risks, and strategic risk management. The book commences with foundational concepts, providing an overview of risk, project definitions, project stakeholders, and risk management systems. Subsequent chapters explore the core processes of project risk management, including risk identification, analysis, evaluation, response strategies, and risk monitoring and control. Additional topics include risk knowledge management, the influence of culture on risk, political risks in projects, and relevant software applications. Experienced readers may choose to navigate directly to the later chapters, which focus on strategic risk management and offer recommendations for planning, building, and maturing a project risk management system. Throughout, the authors impart a practical approach that does not rely on high level expertise or advanced mathematical techniques; the emphasis remains on pragmatic solutions, user-friendly techniques, and reliable communication, enabling readers to seamlessly integrate theory into practice. Updates to the newly revised Second Edition of Managing Project Risks include: Additional tools and techniques for risk identification and an expanded treatment of risk communicationA new tool for early-stage project complexity assessment—the stage where uncertainties, and thus threat and opportunity risks, are at their highest levelA more substantial treatment of planning for crisis response and disaster recovery, taking into consideration climate change and the increasingly prevalent impacts of severe weather phenomenaMore information on strategic risk management, now including public and organizational policy development with respect to risks in projects Managing Project Risks is an essential resource for practitioners of project management across architecture, construction, engineering, and technology disciplines, for undergraduate and postgraduate students, and for public and private sector stakeholders involved in decision-making and policy development. It is useful wherever project-driven activities are undertaken.