Methods of risk identification in companies investment projects

Methods of risk identification in companies investment projects Piotr Tworek 1 Abstract The paper addresses the issues of risk identification as a separate stage, which forms an integral part of any risk management process. In particular, the author focuses on risk identification methods, which are used by companies that run investment projects. In this paper, the author draws attention to the applicability of some of these methods, based e.g. on his own experience, gained from business practice. When formulating his conclusions, he also draws on the risk management research, conducted in 25, out of 100, leading construction and assembly companies in Poland. Key words Risk, risk identification, risk management, construction industry. Introduction Looking at an entire risk management process in investment projects (planned and implemented by companies), one can see that a critical stage in this process is the stage of risk identification. At this stage, potential risks and their sources are identified. Any mistakes or errors, i.e. a failure to spot risks at an early stage of an investment project (investment planning), may lead to serious consequences at the project implementation and operation stages. Furthermore, a failure to identify some risk sources at the risk identification stage may result in incorrect risk quantification and a wrong risk response plan. Managers in companies and, in particular, risk managers and project managers have to possess appropriate methodological background in this respect. They need to know what types of methods and tools may be used, depending on a specific situation, i.e. the type of an identified risk. The paper deals exclusively with the methodological aspects of risk identification in investment projects carried out by companies. It aims, in particular, at discussing such methods and techniques, which could be most useful in business practice. The empirical illustration are the results of the research, carried out by the author in 25, out of 100, leading construction and assembly companies in Poland. The research was conducted in the third quarter of 2009, within the framework of an individual research project carried out at the Department of Investments and Real-Estate, the University of Economics in Katowice, using the basic research methods, such as a questionnaire and a personal interview. The paper mainly consists of theoretical deliberations, and the problems discussed here are presented in a synthetic way. 1 Piotr Tworek, Ph.D., The University of Economics in Katowice, Faculty of Finance and Insurance, Department of Investments and Real-Estate, 1 Maja 50 Street, 40-287 Katowice (Poland), piotr.tworek@ae.katowice.pl

1. Risk identification in an investment project a methodical approach In general, risk identification consists in identification of risk sources and specific forms of risks in companies. As emphasised by K. Jajuga ( ) an entity s risk management involves making decisions and taking measures by the entity, in order to reach an acceptable risk level [1]. According to the International Risk Management Institute in Dallas ( ) risk identification is perhaps the most crucial part of the risk management process because an exposure that is not identified can t be properly managed [2]. Referring to project risk management, R.M. Wideman defines risk identification as ( ) the process of systematically identifying all possible risk events which may impact on a project [3]. This definition is clearly the most accurate representation of the risk identification concept, in terms of risk management in an investment project. Risk identification, however, irrespective of an area or a company s profile, always has to be looked upon as a separate process, in which a number of appropriate methods, techniques and tools are used. Also, the extent to which specific risk identification methods can be applied will vary, depending on a situation and needs. In some companies, one set of methods will prove more useful, in other companies another one. It should be emphasised, however, that a risk identification process, no matter what circumstances and company profiles, will constitute an essential and, at the same time, initial stage of risk management. The general risk management concept is illustrated in a figure 1. Figure 1: The Risk Management Structure RISK IDENTIFICATION RISK CLASSIFICATION RISK ANALYSIS RISK ATTITUDE RISK RESPONSE Source: [4]. As you can see, the figure 1 shows the stages of a risk management process. According to PMBOK Guide (Project Management Institute in Newtown), the risk identification process is composed of six stages phases, i.e. risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, risk response planning, risk monitoring and risk control [5]. Summing up, ( ) risk management is a cyclical process that must be repeated regularly during the course of a project [6], and risk identification constitutes the basic, first and initial stage in the entire risk management process. Risk identification, just like the entire risk management process, should be carried out continuously (i.e. throughout the entire lifecycle of an investment project) and in various dimensions, in various sections, from various perspectives and in various areas as this ensures that the most comprehensive list of potential risks a given investment project is exposed to can be compiled [7]. An essential thing at this stage is to evaluate co-occurrence of specific risks and their relationships, so that

the entire portfolio of risks can be managed, instead of a single one at a time [8]. The most important thing is that risk identification creates the right database for any further steps related to the risk analysis [9]. It should be noted that the literature of the subject contains numerous similar concepts and approaches i.e. one can come across the concepts and approaches, which differ significantly from the concept illustrated by the figure 1. No matter how risk identification is understood and defined, one should remember about three vital aspects, namely: there are many different risk identification methods, which can be freely used in practice, depending on a situation and needs; risk identification methods have both their strengths and their weaknesses; particular methods, techniques and tools bring various effects. In practice, there s a wide spectrum of methods which companies may apply to identify risks. The Project Management Institute in Newtown, in its publication most often mentions a document review, information collection methods, check lists, an assumption analysis, diagram-based techniques [5]. The Risk Management Institute in London, however, lists the following risk identification methods: ( ) brainstorming, questionnaires, business studies which look at each business process and describe both the internal processes and external factors which can influence those processes, industry benchmarking, scenario analysis, risk assessment workshops, incident investigation, auditing and inspection, HAZOP (Hazard & Operability Studies) [10]. (Due to the fact that these methods are well-known and thoroughly-discussed in the scientific literature, the paper doesn t provide their detailed descriptions.) As you can see, there s a wide range of methods and ways of risk identification in investment projects, and various advantages and disadvantages demonstrated by these methods should always be taken into account when using them in corporate practice. The strengths and weaknesses of some of them are described in a table 1. Technique Strengths Weaknesses Assumptions & Constraints Analysis Brainstorming Cause and Effect (Ishikawa) Diagrams Simple structured approach Can be based on assumptions & constraints already listed in project charter Generates project specific risks Allows all participants to speak their mind and contribute to the discussion Can involve all key stakeholders Creative generation of ideas Visual representation of project promotes structured thinking Implicit/hidden assumptions or constraints are often missed Requires attendance of key stakeholders at a workshop, therefore can be difficult to arrange and expensive Prone to Groupthink and other group dynamics May produce biased results if dominated by a strong person (often management) Often not well facilitated Generates non-risks and duplicates, requires filtering Diagram can quickly become over-complex CSFs for Effective Application Requires a comprehensive list of assumptions & constraints Attendance of representative group of stakeholders Commitment to honesty Preparation Good facilitation Use of structure (e.g. categories or RBS) Effective selection of critical impacts (e.g. by use of sensitivity analysis)

Check lists Delphi technique Document review FMEA/Fault Tree Analysis Force Field Analysis Industry knowledge base Influence diagrams Interviews Captures previous experience Present detailed list of risks Captures input from technical experts Removes sources of bias Exposes detailed projectspecific risks Requires no specialist tools Structured approach, well understood by engineers Produces an estimate of overall reliability using quantitative tools Good tool support Creates deep understanding of factors that affect project objectives Captures previous experience Allows benchmarking against external organizations Exposes key risk drivers Can generate counterintuitive insights not available through other techniques Addresses risks in detail Generates engagement of stakeholders Check list can grow to become unwieldy Risks not on the list will be missed Often only includes threats, misses opportunities Limited to technical risks Dependent on actual expertise of experts May take longer time than available due to iterations of the experts inputs Limited to risks contained in project documentation Focuses on threats not so useful for opportunities Requires expert tool not generally available to those except experts Time-consuming and complex technique Usually only applied to a single objective, so does not provide whole-project view Limited to what has previously happened Excludes project-specific risks Requires disciplined thinking Not always easy to determine appropriate structure Time consuming Raises non-risks, concerns, issues, worries etc, so requires filtering Regular maintenance is required Use of structure can assist (e.g. RBS) Effective facilitation Careful selection of experts Clear definition of scope Understanding of relevance of prior experience Detailed description of the area being assessed Statistically accurate data on fault probabilities for many events Prioritized objectives Access to relevant information Identify key areas to address Good interviewing and questioning skills Environment of trust, openness, confidentiality Preparation Open relationship between interviewer and interviewee

Nominal Group Technique Encourages and allows all participants to contribute Allows for different levels of competence in common language To a large extent, autodocumenting Provides ideal base for affinity diagramming (grouping by risk categories for use in the Risk Breakdown Structure and Root Cause Analysis) Can lead to frustration in dominant members who feel it is moving slowly Good briefing of all participant in the technique Strict facilitation Post-project reviews/lessons learned/historical Information Prompt Lists Questionnaire Risk Breakdown structure (RBS) Root-Cause Analysis Leverages previous experience Prevents making the same mistakes or missing the same opportunities twice Enhances the Organizational Process Assets Ensures coverage of all types of risk Stimulates creativity Encourages broad thinking to the identify risks Offers a framework for other risk identification techniques such as brainstorming Ensures coverage of all types of risk Test for blind spots or omissions Allows identification of additional, dependent risks Allows the organization to identify risks that may be related because of their common root causes Basis for development of pre-emptive and comprehensive responses Can serve to reduce apparent complexity Limited to those risks that have occurred previously Information is frequently incomplete: details of past risks may not include details of successful resolution; ineffective strategies are rarely documented Creative generation of ideas Well structured project lessons learned database Participation of previous project team members (ideally including the project manager) Topic can be too high level Choice of list relevant to the project and its environment Success depends on the quality of the questions Limited to the topics covered by the questions Can be a simple reformatting of a checklist None Most risk management techniques are organized by individual risk. This organization is not conducive to identifying the root causes Can oversimplify and hide existence of other potential causes There may be no valid strategy available for addressing the root cause once it has been identified Clear and unambiguous questions Detailed briefing of respondents Requires a comprehensive RBS, often tailored to the project Ability to identify if a risk is an outcome of a more fundamental cause Willingness by management to accept and address the root cause rather than adopting partial workarounds

SWOT Analysis System Dynamics WSS Review Ensures equal focus on both threats and opportunities Offers a structured approach to identify threats and opportunities Focus on internal (organizational strengths and weaknesses) and external (opportunities and threats) Exposes unexpected interrelations between project elements (feedback and feed-forward loops) Can generate counterintuitive through other techniques Produces overall impacts of all included events and risks Ensures all elements of the project scope are considered Provides for risks related to different levels of detail (from high-level to those related to individual work packages) Table 1: Techniques, examples and templates for identifying risks Source: [11]. Focuses on internally generated risks arising from organizational strengths and weaknesses, excludes external risks Tends to produce highlevel generic risks, not project-specific Requires specialized software and expertise to build models Focuses on impacts but difficult to include the concept of probability Excludes external risk or those not specifically related to WBS elements Good facilitation Strict adherence to the technique, to avoid confusing the four SWOT perspectives (i.e. between Strengths and Opportunities, or between Weaknesses and Threats) Understanding of feedback Competence in applying tools and understanding their output Quality of the system model Accuracy of input data collected for the specific project Good WBS From among the methods enumerated in the table 1, brainstorming is particularly popular among companies in Poland. As emphasised by R. Mulcahy ( ) it can be used in risk identification or for other project management issues [12]. Brainstorming belongs to the information collection techniques and involves team work of the people who deal with planning and implementation of an investment project. It s comfortable as it usually doesn t require a long preparation time before a discussion aimed at finding a solution to a specific problem can be held. Another popular technique is a SWOT analysis, which may be applied in any types of entities which carry out investment projects. Many companies in Poland also use check lists. They are created in companies and largely based on historical data, as well as the knowledge gained from execution of similar investment projects in the past. Summing up, practically every method listed in the table 1, to a lower or higher extent, is used in business practice. The leading construction and assembly companies in Poland, for example, use brainstorming as the key risk identification method. The research findings in this respect are presented in a figure 2.

Figure 2: Risk identification methods in construction companies in Poland survey research 3 4 2 5 1 7 6 Source: Author s own elaboration based on: [17]. 1 risk analysis conducted by experts 2 brainstorming 3 ready-to-use check lists 4 interviews with main project participants 5 field visits 6 business intelligence 7 public debate In particular, the figure 2 presents the results of the empirical studies carried out among 25 contractors, out of 100 leading construction and assembly companies in Poland, where as many as 68% of the companies point at brainstorming. In the respondents opinions, it brings the best results when identifying potential risk sources directly on construction sites. Moreover, its popularity results from the numerous advantages it offers. The second most frequently used risk identification technique is an interview with key participants of projects (48% of the respondents). In practice, discussions are held between the representatives of the general contractor and their potential sub-contractors as well as other business partners and suppliers of utilities and construction equipment. Further on, the contractors participating in the research indicated the following: 18% of them carry out field visits on construction sites in order to identify risks (in practice, this is done by employees with long work history and a lot of experience, who have participated in similar projects before); 24% of the contractors make use of business intelligence, 7% of the respondents hire third party experts on risks (so far, an independent profession of risk manager has not been established in Poland in the construction industry); only 2 contractors used check lists; also, only 2 contractors used a public debate in their business practice. Consequently, these are the most popular risk identification methods in the construction industry in Poland. As ( ) a risk problem is an indispensable element of a modern company s business activity [13], construction companies in Poland (as well as worldwide) also use, to a lower extent, other risk identification methods and techniques (Tab. 1), for example, holistic methods. Among these methods, there is e.g. a risk picture analysis. The risk picture analysis involves drawing a picture which presents, in a holistic way, a project situation, as seen by its analysts [14]. This picture shows the structure of the project, i.e. its elements and relationships among these elements, processes conducted during the project and so-called soft elements, i.e. elements of the project which concern people, their attitude to the project, feelings, emotions, conflicts etc. [14]. This technique is easy to use and understandable and it doesn t require any highly specialised knowledge but just a fully understanding look at the investment project. Likewise, cause and effect diagrams, e.g.

Ishikawa diagram, may prove useful. The cause and effect analysis allows us to precisely identify all the areas, in the construction contractors business activities, where risks are particularly intense [15]. This concerns, first of all, such spheres as investment process organisation, selected technologies and techniques, threats caused by acts of god (force majeure risk etc.) [15]. Moreover, attention should be drawn to the impact of modern IT solutions in this area. Owing to appropriate computer software (e.g. PRINCE 2), applied to project management, the risk identification process can be supported successfully. Expert systems are particularly useful here. However, in practice, many companies (not only construction ones) in Poland use the simplest solutions to identify risks, i.e. entrepreneurs use their knowledge, experience and intuition. An experienced project manager (risk manager) is able to recognise and define a risk, which an investment project may be exposed to, in the most accurate way. Also (...) in many cases, the scope of identification is narrowed and it comprises, most frequently: an analysis of characteristics demonstrated by products and (or) services (marketing analysis), created by an investment project, as well as an analysis of planned technology (technical analysis) such analyses may reveal various sources of market risks or technical risks, an analysis of activities, resources and processes which an investment project involves (for example, an analysis of specific works and cost estimates, an analysis of contracts between participants of an investment process), an analysis of historical data about investment projects which are similar, in type, size and lifecycle, to an analysed project such information may be derived from various sources: documents describing a course of an investment process or a post-audit process, publications devoted to analyses of investment projects, which contain case studies, experiences of various entities (for example, consulting companies) or people involved in execution of the analysed investment project [7]. In business practice, in order to ensure satisfactory effectiveness of risk identification, a number of methods may be used simultaneously. It s also important to make sure that the method applied allows us to identify a cause-effect relation of the risk [16]. Conclusions Despite the fact that many of the risk identification methods mentioned in this paper have some disadvantages, we should try to use them in business practice. Depending on the type of an investment project, project managers (possibly, risk managers) may freely select and modify many of these methods. Effectiveness of risk identification methods used in investment projects means positive effects in this field. In terms of risk identification effects, we can, first of all, identify a source of risk, secondly, identify negative events which could possibly occur and lead to a failure, thirdly, indicate first symptoms of risk, and fourthly, inform about a need to take further, additional actions [14]. Accurate identification of risk effects is particularly important as it ensures more effective protection against risks i.e. by taking out extra insurance, creating reserves or e.g. reasonable risk distribution among investment project participants through contracts. One should remember, however, that even a hedging transaction cannot completely eliminate a risk of suffering a loss, as it can only mitigate a potential size of this loss [18].

Bibliography [1] Zarządzanie ryzykiem. Edited by JAJUGA, K., Wydawnictwo Naukowe PWN, Warszawa 2007, p. 15. [2] Construction Risk Management. Volume I. International Risk Management Institute, Inc., Dallas 2007, p. I.A.2. [3] WIDEMAN, M.R.: Project & Risk Management. A Guide to Managing Project Risks & Opportunities. Project Management Institute, Newtown Square 1992, p. E-3. [4] FLANAGAN, R., NORMAN, G.: Risk management in construction. Blackwell Publishing, Oxford, July 1993, p. 46. [5] A Guide to the Project Management Body of Knowledge (PMBOK Guide). Fourth Edition. Management Training & Development Centre, Warszawa 2009, p. 287; pp. 300-301. [6] VAN WELL-STAM, D., LINDENAAR, F., VAN KINDEREN S., VAN DEN BUT, B.: Project risk management. An essential tool for managing and controlling projects. KOGAN PAGE, London-Sterling 2004, p. 3. [7] ROGOWSKI, W., MICHALCZEWSKI, A.: Zarządzanie ryzykiem w przedsięwzięciach inwestycyjnych. Ryzyko walutowe i ryzyko stopy procentowej. Oficyna Ekonomiczna, Kraków 2005, p. 19; p. 22. [8] Ryzyko w działalności przedsiębiorstw. Wybrane aspekty. Edited by FIERLA, A., Szkoła Główna Handlowa w Warszawie, Warszawa 2009, p. 17. [9] ALESHIN, A.: Risk management of international projects in Russia. International Journal of Project Management 2001, Vol. 19, No. 2, p. 209. [10] Risk Management Standard. IRM, AIRMIC, ALARM 2002, p. 14. Webpage: http://www.theirm.org/publications/documents/risk_management_standard_030820.pdf [11] Practice Standard for Project Risk Management. Project Management Institute, Inc., Newtown Square 2009, pp. 72-76. [12] MULCAHY, R.: Risk Management. Tricks of the Trade for Project Managers. RMS Publications, Inc., Minneapolis, 2003, p. 80. [13] Strategie finansowe przedsiębiorstw w sytuacjach ryzykownych. Edited by ŁUKASIK, G., Akademia Ekonomiczna im. K. Adamieckiego w Katowicach, Katowice 2004, p. 9. [14] MARCINEK, K.: Ryzyko projektów inwestycyjnych. Akademia Ekonomiczna im. K. Adamieckiego w Katowicach, Katowice 2000, p. 117; pp. 122-123. [15] TWOREK, P.: Ryzyko wykonawców przedsięwzięć inwestycyjnych. Akademia Ekonomiczna im. K. Adamieckiego w Katowice, Katowice 2010, p. 132. [16] Rachunkowość w zarządzaniu ryzykiem w przedsiębiorstwie. Edited by NOWAK, E., Polskie Wydawnictwo Ekonomiczne, Warszawa 2010, p. 24. [17] MADYDA, A., ZIMA, K.: Stan zarządzania ryzykiem w polskich przedsiębiorstwach budowlanych. W: Strategie zarządzania ryzykiem w przedsiębiorstwie elementy wiedzy teoretycznej i praktycznej. Edited by J. Bizon-Góreckiej. Wydawnictwo BGJ-Consulting, Bydgoszcz 2000, p. 164.

[18] KOLB, W.R: Wszystko o instrumentach pochodnych. WIG-PRESS, Warszawa 1997, pp. 10-11. After: Rynek pienięŝny i kapitałowy. Edited by PYKA, I., Akademia Ekonomiczna im. K. Adamieckiego w Katowicach, Katowice 2001, p. 292. Summary The paper deals with the issues of risk identification in investment projects carried out by companies. The author focuses, in particular, on the methods used in risk identification processes in companies, which carry out investment projects. The empirical illustration to this point are the findings of the research carried out by the author in 25, out of 100, leading construction companies in Poland as the basic participants of investment processes.