There is a scene in the movie Wall Street where Daryl Hannah says “Having had the money and loosing it all on the Wall Street is worse than not having had it at all” This sums up the risk associated with investing in the Stock Market. Risk Management is one of the integral parts of investing in the stock market. Some of the key strategies of risk management are:

Splitting the fund into various asset classes. One should never stack the eggs in the same basket .To minimize risk one should split the available money into different classes of assets like fixed deposits, properties, mutual funds etc. Similarly, while investing in stock market one should try to diversify one’s portfolio i.e. put money into different stocks.

Having an astute sense of discipline. A rising stock prices have a prospect of rising more and hence increasing the profits.

But there always the perils of the market changing course and the net profit at any moment profit position becoming a loss position. The stock investor should have a discipline in setting targets and adhering to those. For example he could decide something like:

- Sell the stock if the loss exceeds 10 percent i.e. keeping the stop loss at 10 percent.
- Sell 50 percent of the stocks when prices rise 10 percent from the buy price.
- Sell additional 25 percent when the gains become 15 percent.

Greed is one of the main enemies of a stock investor. If an investor sees a stock advancing he adopts a wait and watch strategy to maximize the profits. He finally ends up in making a loss. One has to remember half a penny earned is better than a penny lost.

Proper research of companies in which the investor is intending to invest.Apart from complex technical indicators (RSI, MACD, etc) one must try to analyze the performance by finding answers to some basic information concerning the fundaments of a company(which does not require any expertise into Finance):

- What is the growth rate of the company in comparison to the overall industrial growth rate?
- What is the growth rate of the company vis-à-vis other companies into the same line of business? I.e.

whether it is outperforming or underperforming with regard to its competitors.
- What is the performance of the company in the last five years? Whether it has shown a consistent growth record?
- What are the company’s expansion plans?
- Is the company planning to foray into newer markets?

The answer to these basic questions can help the investor in selecting the right companies to invest in. The companies that have given consistent returns over last 5 years and plan to continue the trend by foraying into new markets and constantly expanding are the right companies to invest in.

Hedging by limiting the losses. Hedging is the technique wherein investor tries to protect himself against adverse price movements. This is by simultaneously investing in the cash market and also taking opposite positions in the futures and options market. For example buying 100shares of company A@/share. Simultaneously one buys ‘put options’ of strike price 35 at 0.25/option i.e. .This means by paying one has secured ones position (to some extend).If the price of stock goes below . Hedging would be clearer once the concepts of futures and options are clear.

Thus risk management involves qualitative tools like self restraint discipline and quantitative tools like portfolio allocation hedging techniques to alleviate the risk associated with investing in stock markets.

Previous articles in this series have addressed identifying risks to the project and choosing which risks to avoid or minimize by scoring and prioritizing the identified risks. The purpose of these two activities is to determine which risks you should deal with to increase the likelihood that your project will meet its goals and objectives. The actions that can avoid a risk are determined by the nature of risk, as are actions that can reduce the impact or probability of the risk event. The risks to a project that will build a bridge will differ from those that will build a software system. This article will address devising strategies for risks to software development projects.

Risk strategies are categorized in accordance with their approach to dealing with the risk:

Avoidance The action or strategy chosen will be such that it eliminates the factors that generate the risk.

For example, multi-sourcing a software system’s server will avoid the risk of delays to the project if your single source supplier cannot deliver the server on time.

Mitigate Risk mitigation entails devising an approach that can lessen the likelihood of the risk event happening, but not completely avoid it, or lessen the impact if it does happen, but not completely eliminate it.

Transfer You don’t avoid the risk or mitigate its impact or probability, you transfer responsibility for dealing with the risk to a third party. The classic example of this is insurance.

These strategies all deal with risk events that are threats to the project’s goals and objectives. There are things that could actually enable your project to exceed its goals and objectives and these are called Opportunities.

Opportunities differ from risks in that risks are discouraged while opportunities are courted. A common example of an opportunity is the chance that a programmer finishes a piece of coding ahead of schedule. If you do nothing, the programmer will have a nice holiday but the project won’t benefit. A contingency plan for deploying the programmer in question on a piece of code on the critical path could help you deliver the project ahead of time. Contingency plans are not the only tool in the risk manager’s arsenal. Here is the complete list:

Exploit To exploit an opportunity the project manager would implement a plan to increase the likelihood of the event happening. Taking our example of the programmer finishing the code earlier than planned, we could put a senior programmer on that code to increase the likelihood they would finish early. It is likely however, that putting the senior programmer on work that lies on the critical path.

Enhance Deals with the impact of the opportunity. Let’s stick with our software system example. We have implemented a plan to exploit this opportunity by assigning the senior programmer to that code. We could enhance our opportunity by having a marketing program ready to capitalize on the early release. Enhancing the opportunity in this case would mean we not only save money by completing the project early, we also increase revenue with our marketing campaign.

Share Sharing the opportunity means that the opportunity is shared with one or more parties outside the organization performing the project. The classic example of this is the formation of partnerships between companies to develop new technology. The purpose of sharing is to engage skill or expertise that the performing organization does not have in order to enhance or exploit the opportunity.

There are 2 strategies that we have not covered as yet and they apply to both threats and opportunities. These are:

Acceptance Risks that are accepted have scores that are below the project’s risk threshold. The costs saved by avoiding or mitigating the risk do not justify the expense. Opportunities that are accepted are not acted upon for a similar reason: the expense of enhancing, exploiting, or sharing the opportunity exceeds the benefits that would be reaped should the event happen.

Contingency The key difference between a contingency plan and the other actions for threats and opportunities is that the other plans (avoid, mitigate or transfer for threats; exploit, enhance, or share for opportunities) are proactive; they require you to act before the risk event happens. Contingency plans require you to devise a plan that will be acted upon should the risk event happen.

The skill that good risk manager’s have is not the ability to categorize an approach to a threat or an opportunity, rather it is the ability to identify the best strategy or plan to deal with the threat or opportunity with the budget available. Focus on the strategy or plan before worrying about whether the action falls into the avoidance or mitigation category. Good risk managers know their limitations when it comes to identifying the best strategies and plans and know how to supplement their knowledge with Subject Matter Experts (SMEs) to address their shortcomings. The first part of your risk strategy planning should be the identification of your areas of deficiencies and a plan to engage SMEs who can make up for them.

Let’s walk through some things to look for in each of the above strategies. The purpose of expanding on each of the categories is not to give you a comprehensive list of strategies or plans for each category, but rather to give you an overview of the characteristics that tend to make the different strategies or plans effective.

Avoidance

Avoiding a threat to your project’s goals will involve a plan to remove the project element(s) that would introduce the risk. You need an action that effectively removes the threat and you need to implement it in time to avoid the risk event. Let’s take the example of the risk of flu infecting a programmer developing a key piece of code for your software system. Having that programmer (and probably the entire team) inoculated for flu would be one way of avoiding this threat. Let’s assume that the shot has a 2 week incubation period. That means that the shot won’t be effective until 2 weeks after its been given. To be an effective avoidance plan you’ll need to ensure the programmer gets the shot at least 2 weeks in advance of the start of programming.

I have exposed a weakness in the segregation of approaches to dealing with risk into categories: is the flu shot 100% effective in avoiding the risk? The difference between avoidance and mitigation lies in that percentage. The flu shot is an avoidance plan if it is 100% effective, but becomes a mitigation strategy if it is only 99% effective. The real question is: does it eliminate enough of the risk to make it worth while? You would probably need to be a doctor to be able to provide a good answer to that question, but there are other situations where your SMEs will be able to provide good answers.

Let’s use another example to demonstrate an effective avoidance plan. The risk event you want to avoid is that the introduction of a new development platform that your development team has never used before will add extra effort to the project and delay the delivery of the software system past a hard deadline. The platform was chosen in the first place because eventually it will make programming more efficient and produce a better quality system but your project will not be able to realize those benefits. A possible avoidance strategy would be to continue programming on the old platform. Continuing on the old platform is guaranteed to be 100% effective in avoiding this risk because you remove the technology that introduced the risk event in the first place.

The trick to devising a strategy that will effectively avoid a risk event is to choose one your project and your organization can afford. The cost of the example cited above might be greater than the budget for the project would allow. Worse than that, it might be an approach that your organization cannot afford. Delaying the benefits to be derived from the introduction of the new platform might be urgently needed by the company. Your subject matter experts can help you gather the information you, or your sponsor, need in order to make a good decision.

In the case where an effective strategy that avoids the risk event cannot be devised, is it possible to devise a mitigation strategy that will reduce the impact of the risk event enough to preserve the project’s goals and objectives. Would a training program that provides the programmers with training in the new technology, plus the addition of 1 or 2 extra programmers reduce the impact of the risk event enough to deliver on time? The choice will always be a business decision: is the cost of the preventive strategy greater or less than the benefits derived? Is there a more cost effective way of achieving the same goal?

Mitigation

Mitigation is typically reserved for referring to threats to the project, but can be expanded to include both threats and opportunities if you divide the category into 2 sub-categories: exploitation of the opportunity or reduction of the likelihood of the threat and enhancement of the opportunity or reduction of the impact.

Exploit the Opportunity or Reduce the Likelihood of the Threat

Mitigation strategies that reduce the likelihood of the risk event, or threat, can be exemplified by our flu shot example. If the flu shot is less than 100% effective, then the flu shot would reduce the likelihood of the risk event. Test tools are another good example of a mitigation strategy that reduces the likelihood of a risk event. The risk event in this case is a bug being introduced into a later development phase such as Quality Assurance testing or User Acceptance Testing. The introduction of the automated test tool will increase the capacity of each programmer to

Risk Management
Risk Management is an essential part of a project’s success. It is a process that helps to identify potential problems early, so that action plans can be put into place to keep them from turning into real problems or issues later on in the project life cycle.

Risk Management Process
Essentially there are 5 stages to the risk management process:
* Planning
* Identifying
* Assessing
* Handling
* Monitoring and Reporting

The following paragraphs will describe a little bit about each step.

Planning
The planning step sets the stage on how the project is going to manage risks on the project. This is accomplished by first developing a risk management plan for the project. This plan will identify the Risk Management Team, define their roles and responsibilities, and document the risk assessment criteria that will be used to assess the identified risks.

In addition, it will describe the Teams plan on how to monitor and report the risks.

Identification

The second step is the identification of risks. This is where the Team gets together to identify potential risks on the project and document them in the projects risk register. Risks can come from many different areas such as the manufacturing process, instrument usage, staffing, project plan, budget and schedule. Risks can also come from past experience and lessons learned from other projects as well. Holding a brainstorming meeting, as a group, is a good way to identify risks. It gets people thinking and allows people to build on each others thoughts and experience. It is important to remember that the identification of risks doesn’t end in one meeting.

New and different risks will come up as the project moves through its project life cycle.

In defining a risk it is helpful to use an “If” “Then” type of statement as shown below.

If the condition, then consequence will occur.

Using this kind of statement helps to clearly define and describe the risk and standardizes the way we talk about risks.

Assessment

The third step is the assessment of the identified risks. Using the assessment criteria defined in the Risk Management Plan the risks should be assessed based on the probability of the risk happening and consequence if the risk were to happen. It is important to assess the risk consequence on cost, schedule, and technical and choose the consequence level that could have the highest impact. For example when assessing a risk from a cost stand point it might not be too high, but from a schedule stand point it would be higher then the higher consequence level for schedule should be chosen.

Handling

The forth step in the risk process is handling the risks. There are 4 ways to handle risks:
* Mitigation- Which is developing action plans to reduce the probability and/or consequence of the risk.
* Avoidance- Which is changing something to completely avoid the risk (i.e. change of design to completely avoid a risk)
* Transference- Which is transferring the risk to another party (i.e. buying insurance).
* Acceptance- This is allowing the risk to potentially happen without putting any mitigation plans in place. This may be due to the cost of mitigation plan is more than if the risk is realized.

Mitigation plans are the common way to reduce the overall risk level. Mitigation plans should be reviewed to ensure no new risks have been introduced as a result of the mitigation plan. If any new risks have been developed by the mitigation plan then they should be added to the risk register for assessment by the Team.

Monitoring and Reporting

The fifth step is the monitoring and reporting. This step is to ensure the handling plans put in place are working effectively to reduce the probability and consequence of the risk. The risk should be reviewed and reassessed to determine the probability and consequence of the risk as the steps in the action plans are completed. Although the risk may never be completely eliminated it should be reduced to an acceptable level with minimal residual risk. Even low risks should be monitored to make sure they remain a low risk.

Risks on a project should be reported in a risk management report. The report should show a listing of the identified risks, the handling plans to reduce the risks, and a risk matrix to show how the risks fall into the category of high, medium, and low.

Benefits of Risk Management
Risk Management is an important activity that can prove to be beneficial to a projects success if started early on in the project life cycle. It can be a powerful tool to identify the weaknesses early so that the Team can put together action plans to handle the risks and prevent them from turning into an issue later on. This in turn saves time and money as you are proactively responding to a potential issue instead of reacting to a problem or issue in the future.

Risk Management
Risk Management is an essential part of a project’s success. It is a process that helps to identify potential problems early, so that action plans can be put into place to keep them from turning into real problems or issues later on in the project life cycle.

Risk Management Process
Essentially there are 5 stages to the risk management process:
* Planning
* Identifying
* Assessing
* Handling
* Monitoring and Reporting

The following paragraphs will describe a little bit about each step.

Planning
The planning step sets the stage on how the project is going to manage risks on the project. This is accomplished by first developing a risk management plan for the project. This plan will identify the Risk Management Team, define their roles and responsibilities, and document the risk assessment criteria that will be used to assess the identified risks.

In addition, it will describe the Teams plan on how to monitor and report the risks.

Identification

The second step is the identification of risks. This is where the Team gets together to identify potential risks on the project and document them in the projects risk register. Risks can come from many different areas such as the manufacturing process, instrument usage, staffing, project plan, budget and schedule. Risks can also come from past experience and lessons learned from other projects as well. Holding a brainstorming meeting, as a group, is a good way to identify risks. It gets people thinking and allows people to build on each others thoughts and experience. It is important to remember that the identification of risks doesn’t end in one meeting.

New and different risks will come up as the project moves through its project life cycle.

In defining a risk it is helpful to use an “If” “Then” type of statement as shown below.

If the condition, then consequence will occur.

Using this kind of statement helps to clearly define and describe the risk and standardizes the way we talk about risks.

Assessment

The third step is the assessment of the identified risks. Using the assessment criteria defined in the Risk Management Plan the risks should be assessed based on the probability of the risk happening and consequence if the risk were to happen. It is important to assess the risk consequence on cost, schedule, and technical and choose the consequence level that could have the highest impact. For example when assessing a risk from a cost stand point it might not be too high, but from a schedule stand point it would be higher then the higher consequence level for schedule should be chosen.

Handling

The forth step in the risk process is handling the risks. There are 4 ways to handle risks:
* Mitigation- Which is developing action plans to reduce the probability and/or consequence of the risk.
* Avoidance- Which is changing something to completely avoid the risk (i.e. change of design to completely avoid a risk)
* Transference- Which is transferring the risk to another party (i.e. buying insurance).
* Acceptance- This is allowing the risk to potentially happen without putting any mitigation plans in place. This may be due to the cost of mitigation plan is more than if the risk is realized.

Mitigation plans are the common way to reduce the overall risk level. Mitigation plans should be reviewed to ensure no new risks have been introduced as a result of the mitigation plan. If any new risks have been developed by the mitigation plan then they should be added to the risk register for assessment by the Team.

Monitoring and Reporting

The fifth step is the monitoring and reporting. This step is to ensure the handling plans put in place are working effectively to reduce the probability and consequence of the risk. The risk should be reviewed and reassessed to determine the probability and consequence of the risk as the steps in the action plans are completed. Although the risk may never be completely eliminated it should be reduced to an acceptable level with minimal residual risk. Even low risks should be monitored to make sure they remain a low risk.

Risks on a project should be reported in a risk management report. The report should show a listing of the identified risks, the handling plans to reduce the risks, and a risk matrix to show how the risks fall into the category of high, medium, and low.

Benefits of Risk Management
Risk Management is an important activity that can prove to be beneficial to a projects success if started early on in the project life cycle. It can be a powerful tool to identify the weaknesses early so that the Team can put together action plans to handle the risks and prevent them from turning into an issue later on. This in turn saves time and money as you are proactively responding to a potential issue instead of reacting to a problem or issue in the future.

Businesses have to be constantly aware of potential risk factors that may harm the production of goods or services. The chance of losing money or employees is protected with the use of a risk manager. Students can enter an education from numerous colleges that offer degree programs. The expertise it takes to handle this type of work can be gained at all degree levels.

The goal of education is to fully prepare students to work with a business by preventing and dealing with loss. Loss can be taken from almost everywhere in a business but the most safeguarded area is finances. Finances are spread out through payroll, insurance, production, and more. Students that are interested in entering the field qualified should gain a bachelor’s degree or higher. Certificate and associate’s degree programs are available but the most common entered programs are at the bachelor’s degree level and the master of business administration level.

Graduates looking to develop their all-round skills in a constantly developing business environment should look to courses such as MSc Insurance degrees. Students interested in risk management and the multi-faceted world that engulfs it and the growing interplay between insurance, risk management and financial services should consider this course as a considerable learning experience.

The MSc Insurance course combines a practical approach with sound theory, creating a structure that is both challenging and stimulating. The beauty of studying a flexible postgraduate degree is that students are left solidly positioned to build a successful career in an exciting and increasingly complex business world.

With communication and interaction being a high priority, students should consider enrolling in courses on public relations and business communication. A public relations course provides practical skills like how to help maintain a businesses positive reputation in the community. The main focus is to teach students how to create media press campaigns.

These campaigns are used to promote the business and show the community what projects and plans a business has underway. A key factor to being able to handle community members and the press is to have high communication skills. A business communication course strives to help students with speaking and writing skills. Both of these abilities are used everyday to navigate personal and business situations.

Assessing and being able to handle risk is crucial in being able to function inside the profession. When a company is planning to fulfill a project a risk manager looks at all the variables to identify potential problem areas. Practical study through case studies trains students how to increase the likelihood for positive outcomes and minimize the probability of negative consequences. Upon completion of their assessment a manager makes recommendations on how to monitor activities to remain in control of project plans and the project risks involved.

Accredited courses like these and many more can be taken to prepare students to enter the workforce ready for their responsibility. Students that want to work with business professionals to establish strong preventive measures to avoid risk in project ventures should look into online risk management courses to see if a degree program is right for them.

 If you have approached your project or programme well, you will have developed a Risk Plan/Strategy document. Risk needs to be proactively managed, as opposed to allowing it to manage you and the environment around you.

 
Many people are afraid of risk management and some Project and Programme Managers are often reluctant to publicise risk to executive management. The reality is that things change, assumptions become false, expectations are not met and suddenly you can find yourself facing a very different looking environment.  For a risk plan to really help (and play its role) it needs to be accompanied by a ‘proactive’ approach by applying Risk Avoidance, Transference, Mitigation and Acceptance.
 
Most well run organisations will have risk managed at four distinct levels which are;

Corporate or Strategic
Programme
Project
Operational

To do this effectively, a framework for managing risk needs to be designed and implemented to address the following list of 9 hows:

how risks are identified;
how information about their probability and potential impact is addressed;
how risks are quantified;
how options to deal with them are identified;
how decisions on risk management are made;
how all these decisions are implemented;
how actions are evaluated for their effectiveness;
how appropriate communication mechanisms are set up and supported;
how stakeholders are engaged on an ongoing basis

But this is just the beginning because it’s all very well having a thorough framework documented and sitting pretty on the shelf with a tick in the box, but risk management needs to instilled within the people of the organisation.

A healthy culture of risk management needs to exist and for this to happen, everyone involved needs help in appreciating and understanding risk within the organisation.

This often requires sponsorship from the top down and if leaders at the corporate level understand this too, they will take the time to ensure that risk is taken seriously and subsequently managed well. Setting up a good risk culture is a real challenge and the UK OGC suggests that it involves at least the following:

strategic planning;
legal requirements;
agreements and contracts;
communication techniques and information management;
staff matters, including how staff can be motivated and involved;
education opportunities and continual professional development;
continuous improvement and/or analytical techniques;
how the organisation is monitored and evaluated;
resource management, including equal opportunities and delegation.

The subject of risk management is vast and if you need help with some guidelines for a framework, a great place to start is the OGC’s Guidelines for Managing Risk.

More detail can also be found in the following publications:
 
Managing Successful Programmes
OGC Management of Risk Guidelines
OGC’s Achieving Excellence Guides
Management of Risk : Practitioner guide
Some if not all of these can be purchased from the TSO in London.
 
If you need a list of generic pain points that risk management will address to support your case for better risk management within your organisation, you could start with these:

increased certainty and fewer surprises;
better service delivery;
more effective management of change;
more efficient se of resources;
better management at all levels through improved decision making;
reduced waste and fraud and better value for money;
innovation;
management of contingent and maintenance activities.

To build your case, don’t forget the more specific pains that your organisation is already suffering.

I read an interesting article about risk and opportunity in the aerospace industry. Whilst PMBOK considers risk as both negative and positive, the folk in aerospace consider risk as negative and opportunity as positive. Good risk management is not about fear of failure, but removing barriers to success.
 
After all, project and programme management is success oriented, focused on producing products and services for customers. When the success orientation is combined with risk management, opportunity management emerges, which is the identification of opportunities to help attain project goals, and the identification and implementation of actions to capture those opportunities.
 
Below are the keys to success taken from a Space Risk Management Symposium. Whilst their view on risk is slightly different from others, the points are not rocket science and can help most people who are responsible for complex projects or programmes.

Sound risk and opportunity management cannot save a poorly planned program with bad processes;
Prevent the competition between risks and opportunities;
Prevent unhealthy competition between teams;
Risk and opportunity management provide diminishing returns if overused;
The costs of pursuing opportunities and managing risks must be weighed against the expected benefits;
An environment should be created to encourage risk and opportunity management;
Risks and opportunities are not just normal variations in plan;
Recognise the difference between risks and opportunities;
Opportunities are not ‘positive risks’.

No matter where you sit within the organisation, if you see that risk is not being appropriately addressed, take the initiative, pluck up the courage and set out to facilitate some change. Remember that managing risk is the alternative to being managed by risk.