**5. Proactive risk management**

Project risk management is an essential and determinant step towards successful projects. A detailed analysis and a precise definition of risk can lead to achievement of objectives. PMI states [35] that "the objectives of Project Risk Management are to increase the probability and impact of positive events, and reduce the likelihood and consequences of negative events in the project".

are developed in order to increase opportunities and reduce threats. In order to determine the appropriate alternatives, strategies like avoidance (changing the project management plan in such a way that the identified risk does not affect it anymore), transfer (requires shifting all or part of the negative effect along with the responsibility to a third party), mitigation (consists in reducing the chances and/or impact of a risk in order to be in satisfactory threshold limits) and compliance. Monitoring and controlling is an ongoing process and consists in implementing

Risk Management in Collaborative Systems 123

As we have seen in Section Creativity, identified as an essential requirement for creativity was reflexivity support. Reflexivity consists in the group's focus on its objectives and the actions identified as required in order to reach them. Adaptation, as one subcomponent of reflexivity, consists in goal-directed behaviors that are relevant to achieving the desired changes in group objectives, strategies and processes identified by the group during the stage of reflection. Risk management can be used as a tool by team members in order to respond to changes in the

The Practice Standard for Project Risk Management [36] identifies the following factors as

1. individual commitment and responsibility (risk management is the responsibility of all

2. open and honest communication. All team members must participate at risk management and avoid actions or attitudes that can hinder communication because it can lead to

3. risk effort scaled to project (the costs of risk management should be appropriate to its

4. integration with project management. Risk management can be performed only in strict

Risk management will not produce substantial benefits to the teams using it if their practices fall under two limitations: focus on tactics and focus on threats [24]. Focusing only on project related issues (like risks related to project processes or performance) or technical functionality and not considering strategic sources of risk that menace the vision a decoupling between objectives and project deliverables will appear. On the other hand, focusing only on the negative side of uncertainty (threats, risks) will lead to ignorance towards opportunities, situations that should be integrated in the risk management plan in order to maximize benefits. This shift requires minor changes in the typical process, but the greatest challenge is to produce the change in people's approach which is centered on the threat aspect of

*a*) exploitation (eliminate the uncertainty factor and ensure that the opportunity definitely

*b*) sharing (requires allocation of some or all of the ownership of the opportunity to a third

In [35] the following strategies for handling opportunities are identified:

party so that all parties gain from their actions);

risk responses, tracking identified risks and identify new ones.

environment.

team members)

potential value)

uncertainty.

happens);

critical for a successful risk management:

ineffective risk management

correlation with project management.

One of the key prerequisites of success in implementing risk management is to have a proactive approach [11]. Risk management must supplement project management and must follow a holistic approach. Project management can be seen as an attempt to control the uncertain environment, through the use of structured and disciplined techniques such as estimating, planning, cost control, task allocation, earned value analysis, monitoring, and review meetings. Each of these project management elements has a role in defining or controlling inherent variability in projects. Project risk management provides approaches by which uncertainty can be understood, assessed, and managed [12, 13].

According to PMI [35], risk management can be implemented using the following sub-processes: plan risk management, identify risks, perform quality and quantitative risk analysis, plan risk responses and monitor and control. Based on the description provided by PMI, we will outline the main aspects involved by these processes.

Planning risk management [35] consists in agreeing on how to conduct risk management activities. This implies that the process should start at the beginning of the project and evaluate the extent and type of risk management with the project's importance and scope. This is essential in order to avoid performing extensive risk analysis on small projects that might not require such a considerable extent. Planning risk management uses as inputs documents like the project scope statement, cost plan, and schedule and will produce documentation that describes risk categories (a clear understanding on the types of risks - technical, external, organizational or project management related) and risk probability and impact (in order to have a common understanding of the terms used in identifying the risks a glossary of terms must be defined).

Identifying risks is an initiative that requires the identification and documentation of the risks that may affect the project. This sub-process should be regarded as an iterative one because new risks may evolve or emerge as the project progresses. Identifying risk requires that all the relevant stakeholders should be involved. Identifying risks is the most complex sub-process, and uses techniques like documentation review, information gathering (tools like brainstorming, interviewing, root cause analysis and Delphi technique<sup>1</sup> can be used), checklist analysis, assumptions analysis, diagramming techniques or SWOT analysis2. This subprocess should have as output the list of identified risks and possible responses.

Performing quality risk analysis consists in prioritizing risks by combining their likelihood and impact [32]. Performing quantitative risk analysis requires a numerical analysis of the effects of identified risks on the project objectives. Planing risk responses requires that options

<sup>1</sup> The Delphi technique consists in reaching consensus of experts by requesting ideas about relevant project risks anonymously using questionnaires. The results are summarized and recirculated to the experts for further analysis. This approach reduces bias in the data and restricts a person from having excessive weight on the outcome.

<sup>2</sup> Other techniques for risk assessment can be consulted in [29, p. 41-46]

are developed in order to increase opportunities and reduce threats. In order to determine the appropriate alternatives, strategies like avoidance (changing the project management plan in such a way that the identified risk does not affect it anymore), transfer (requires shifting all or part of the negative effect along with the responsibility to a third party), mitigation (consists in reducing the chances and/or impact of a risk in order to be in satisfactory threshold limits) and compliance. Monitoring and controlling is an ongoing process and consists in implementing risk responses, tracking identified risks and identify new ones.

8 Will-be-set-by-IN-TECH

Project risk management is an essential and determinant step towards successful projects. A detailed analysis and a precise definition of risk can lead to achievement of objectives. PMI states [35] that "the objectives of Project Risk Management are to increase the probability and impact of positive events, and reduce the likelihood and consequences of negative events in

One of the key prerequisites of success in implementing risk management is to have a proactive approach [11]. Risk management must supplement project management and must follow a holistic approach. Project management can be seen as an attempt to control the uncertain environment, through the use of structured and disciplined techniques such as estimating, planning, cost control, task allocation, earned value analysis, monitoring, and review meetings. Each of these project management elements has a role in defining or controlling inherent variability in projects. Project risk management provides approaches by

According to PMI [35], risk management can be implemented using the following sub-processes: plan risk management, identify risks, perform quality and quantitative risk analysis, plan risk responses and monitor and control. Based on the description provided by

Planning risk management [35] consists in agreeing on how to conduct risk management activities. This implies that the process should start at the beginning of the project and evaluate the extent and type of risk management with the project's importance and scope. This is essential in order to avoid performing extensive risk analysis on small projects that might not require such a considerable extent. Planning risk management uses as inputs documents like the project scope statement, cost plan, and schedule and will produce documentation that describes risk categories (a clear understanding on the types of risks - technical, external, organizational or project management related) and risk probability and impact (in order to have a common understanding of the terms used in identifying the risks a glossary of terms

Identifying risks is an initiative that requires the identification and documentation of the risks that may affect the project. This sub-process should be regarded as an iterative one because new risks may evolve or emerge as the project progresses. Identifying risk requires that all the relevant stakeholders should be involved. Identifying risks is the most complex sub-process, and uses techniques like documentation review, information gathering (tools like brainstorming, interviewing, root cause analysis and Delphi technique<sup>1</sup> can be used), checklist analysis, assumptions analysis, diagramming techniques or SWOT analysis2. This subprocess

Performing quality risk analysis consists in prioritizing risks by combining their likelihood and impact [32]. Performing quantitative risk analysis requires a numerical analysis of the effects of identified risks on the project objectives. Planing risk responses requires that options

<sup>1</sup> The Delphi technique consists in reaching consensus of experts by requesting ideas about relevant project risks anonymously using questionnaires. The results are summarized and recirculated to the experts for further analysis. This approach reduces bias in the data and restricts a person from having excessive weight on the outcome.

which uncertainty can be understood, assessed, and managed [12, 13].

PMI, we will outline the main aspects involved by these processes.

should have as output the list of identified risks and possible responses.

<sup>2</sup> Other techniques for risk assessment can be consulted in [29, p. 41-46]

**5. Proactive risk management**

the project".

must be defined).

As we have seen in Section Creativity, identified as an essential requirement for creativity was reflexivity support. Reflexivity consists in the group's focus on its objectives and the actions identified as required in order to reach them. Adaptation, as one subcomponent of reflexivity, consists in goal-directed behaviors that are relevant to achieving the desired changes in group objectives, strategies and processes identified by the group during the stage of reflection. Risk management can be used as a tool by team members in order to respond to changes in the environment.

The Practice Standard for Project Risk Management [36] identifies the following factors as critical for a successful risk management:


Risk management will not produce substantial benefits to the teams using it if their practices fall under two limitations: focus on tactics and focus on threats [24]. Focusing only on project related issues (like risks related to project processes or performance) or technical functionality and not considering strategic sources of risk that menace the vision a decoupling between objectives and project deliverables will appear. On the other hand, focusing only on the negative side of uncertainty (threats, risks) will lead to ignorance towards opportunities, situations that should be integrated in the risk management plan in order to maximize benefits. This shift requires minor changes in the typical process, but the greatest challenge is to produce the change in people's approach which is centered on the threat aspect of uncertainty.

In [35] the following strategies for handling opportunities are identified:


#### 10 Will-be-set-by-IN-TECH 124 Risk Management – Current Issues and Challenges Risk Management in Collaborative Systems <sup>11</sup>

*c*) enhancing (identifying the key driving factors and enhancing their probability and/or positive impact); and

with origins in decision making under risk. Prospect theory is based on some well-observed deviations from rationality and helped Kahneman win the 2002 Nobel Prize in Economics. As a first experiment, they used a group to choose between two options. For first problem (Figure 2), the group had to choose between option A (to win 2500 with a probability of 33% or 2400 with a probability of 66% or there were a 1% chance to win nothing) and option B (to win 2400 certainly). For this first problem, 18% of respondents chose option A, while 82% of

Risk Management in Collaborative Systems 125

Their choice was influenced by the 1% probability to win nothing even if in option A they had 66% chance to win more than option B and 33% chance to win equally to option B (a 99% chance for option A to win more or equally to option B). Events with low probability (1%

According to results (18% for option A and 82% for option B), utility function means: 33%

33%u(2500)+66%u(2400) < 100%u(2400) 33%u(2500) < 100%u(2400)-66%u(2400) **33%u(2500) < 34%u(2400)**

For second problem (Figure 3), the group had to choose between option C (to win 2500 with a probability of 33% or there were a 67% chance to win nothing) and option D (to win 2400 with a probability of 34% or there were a 66% chance to win nothing). For this first problem, 83%

Their choice was influenced by the +100 win and 1% probability difference. The 1% probability difference is now ignored and they chose higher win. Probability difference (1%

According to results (83% for option C and 17% for option D), utility function means: 33%

**33%u(2500) > 34%u(2400)**

of respondents chose option C, while 17% of respondents chose option D.

as difference between 67% and 66%) influence their decision.

utility to win 2500 is higher than 34% utility to win 2400.

utility to win 2500 plus 66% utility to win 2400 is lower than 100% utility to win 2400.

respondents chose option B.

**Figure 2.** Problem 1 from prospect theory

**Figure 3.** Problem 2 from prospect theory

chance to win nothing) influence their decision.

*d*) accepting (take advantage of an opportunity if it comes, but not actually pursuing it).

An integrated risk management [24] approach is required in order to cover both strategy and tactics, and opportunities and threats. Such an approach can provide increased benefits not available to a limited scope risk management. According to the aforementioned author, these benefits consist in:


As we have seen in this section, risk management is a key factor for all teams, regardless of size and work domain, to help them make more informed decisions and take a proactive approach in regard to risks and opportunities.

### **5.1. Risk mitigation**

A project driven organization represents a main approach for most medium and large sized institutions to successful deliver projects. Projects are more often used to transfer all personnel focus and involvement in day to day work, tasks and activities. Thus, concerns as respecting predefined terms become their main objectives. A proper project risk management approach deals with a set of techniques by which inevitable uncertainty can be understood, assessed, and managed within projects. Its main objective is to deliver projects in predefined costs, time and quality respecting customer specifications.

A main problem in project management and project risk management is represented by optimism bias and by human behavior to underweight outcomes that are merely probable and to overweight outcomes with a low probability to happen. This problem was clearly identified and presented by Daniel Kahneman and Amos Tversky [25, 26] in prospect theory with origins in decision making under risk. Prospect theory is based on some well-observed deviations from rationality and helped Kahneman win the 2002 Nobel Prize in Economics.

As a first experiment, they used a group to choose between two options. For first problem (Figure 2), the group had to choose between option A (to win 2500 with a probability of 33% or 2400 with a probability of 66% or there were a 1% chance to win nothing) and option B (to win 2400 certainly). For this first problem, 18% of respondents chose option A, while 82% of respondents chose option B.

**Figure 2.** Problem 1 from prospect theory

10 Will-be-set-by-IN-TECH

*c*) enhancing (identifying the key driving factors and enhancing their probability and/or

An integrated risk management [24] approach is required in order to cover both strategy and tactics, and opportunities and threats. Such an approach can provide increased benefits not available to a limited scope risk management. According to the aforementioned author, these

• project deliverables become more concordant with the group's needs and vision by

• taking in consideration that projects as a tool are used to *a)* produce results that meet specific needs, and *b)* provide benefits, a focus on these aspects is necessary in order to

• avoid having a poor or to late response to opportunities by enabling a proactive

• support the best possible decision approach in an uncertain environment by providing

• reduce waste and stress and increase productivity and effectiveness by managing

• increase the chances of achieving both strategic and tactical objectives by minimizing

• safe risk-taking leads increased rewards and that requires an appropriate level of risk to be taken with full awareness of the degree of uncertainty and its potential effects on

• develop a risk-mature culture that is aware that risks exists at all levels and they can and

As we have seen in this section, risk management is a key factor for all teams, regardless of size and work domain, to help them make more informed decisions and take a proactive

A project driven organization represents a main approach for most medium and large sized institutions to successful deliver projects. Projects are more often used to transfer all personnel focus and involvement in day to day work, tasks and activities. Thus, concerns as respecting predefined terms become their main objectives. A proper project risk management approach deals with a set of techniques by which inevitable uncertainty can be understood, assessed, and managed within projects. Its main objective is to deliver projects in predefined costs, time

A main problem in project management and project risk management is represented by optimism bias and by human behavior to underweight outcomes that are merely probable and to overweight outcomes with a low probability to happen. This problem was clearly identified and presented by Daniel Kahneman and Amos Tversky [25, 26] in prospect theory

*d*) accepting (take advantage of an opportunity if it comes, but not actually pursuing it).

positive impact); and

reducing the strategy - tactics gap,

avoid simply producing a series of deliverables,

relevant information to decision-makers,

threats and maximizing opportunities,

approach in regard to risks and opportunities.

and quality respecting customer specifications.

should be managed proactively.

management of opportunities at both strategic and tactical level,

uncertainty in advance with planed responses to known risks,

benefits consist in:

objectives, and

**5.1. Risk mitigation**

Their choice was influenced by the 1% probability to win nothing even if in option A they had 66% chance to win more than option B and 33% chance to win equally to option B (a 99% chance for option A to win more or equally to option B). Events with low probability (1% chance to win nothing) influence their decision.

According to results (18% for option A and 82% for option B), utility function means: 33% utility to win 2500 plus 66% utility to win 2400 is lower than 100% utility to win 2400.

> 33%u(2500)+66%u(2400) < 100%u(2400) 33%u(2500) < 100%u(2400)-66%u(2400)

#### **33%u(2500) < 34%u(2400)**

For second problem (Figure 3), the group had to choose between option C (to win 2500 with a probability of 33% or there were a 67% chance to win nothing) and option D (to win 2400 with a probability of 34% or there were a 66% chance to win nothing). For this first problem, 83% of respondents chose option C, while 17% of respondents chose option D.


**Figure 3.** Problem 2 from prospect theory

Their choice was influenced by the +100 win and 1% probability difference. The 1% probability difference is now ignored and they chose higher win. Probability difference (1% as difference between 67% and 66%) influence their decision.

According to results (83% for option C and 17% for option D), utility function means: 33% utility to win 2500 is higher than 34% utility to win 2400.

#### **33%u(2500) > 34%u(2400)**

#### 12 Will-be-set-by-IN-TECH 126 Risk Management – Current Issues and Challenges Risk Management in Collaborative Systems <sup>13</sup>

This is exactly the reverse inequality from first problem. This is a clear example how human behavior tends to underweight outcomes that are merely probable and to overweight outcomes with a low probability to happen. As can be observed, second problem is derived from first problem (Figure 4) by elimination of Win 2400 with a probability of 66% option.

Forum for Risk Management in the Public Sector (widespread in the United Kingdom)

Risk Management in Collaborative Systems 127

Adapted after PMBOK Guide, developed by Project Management Institute in a Practice Standard for Project Risk Management [35, 36], and by improving planning tools and techniques, a framework for project risk management can be derived, as presented in Figure

A risk identification step where techniques and special tools are used is needed because a risk cannot be managed unless it is first identified. After identification, a risk assessment and evaluation step follows. Each risk is evaluated based on the probability of its occurrence and its impact on project objectives (in qualitative risk analysis) and a numerical estimate of the overall project risk is provided (in quantitative risk analysis). The risk analysis should be performed not only once but in iterative cycles along major. Monitoring is also recommended in continuous intervals. Monitoring is mandatory to permanently track and control identified risks and to promptly respond in case of new risks occurrence that were not previously identified. Risk management does not aim to eliminate risks, but focus to actively manage

Back to risk mitigation step, to certain risks may apply a set of mitigations. Often, mitigations address processes of the organizations. For fruitful results, this process may require long time from implementation. The strategies to manage the risks and the method of mitigation and the priorities are mostly decided by the project manager. Each risk is identified in previous steps and each one is characterized by probability of occurrence and impact. The focus should be on risks that yield a high impact and are identified with high probability of occurrence. Figure 5 presents risks after and before mitigations. Another approach is to address risk after mitigation costs ranking. Deriving a root cause of several risks represents another method to mitigate risks; improvements may be applied there. In this way, the impact of multiple risks

There are several strategies that can be applied in risk mitigations step. First of all, a risk can be avoided, by not performing tasks that imply risks. Despite this method is not always fruitful from economic perspective, those tasks may be replaced if suitable. A second method aims to reduce the negative effect and impact of the risk in terms of monetary costs, delay or low quality. In some cases the risk can be transferred to another party. Not all risk can be mitigated or make sense to mitigate, in some cases risks should be accepted (in an inconvenient cost/benefit analysis). After successful mitigation, risks are represented based on probability vs. impact. After mitigation, in case the probability decrease the risks are represented on a lower as a parallel shift with y-axis; in the case the impact decrease, risks

Mitigation actions should target those risks associated with high leverage towards minimizing the residual risk afterwards or acceptable mitigation costs. The risk analysis methodology provides means of visualizing mitigation costs and expected residual risks with and without mitigation. After mitigation actions and responsibilities for the measures are agreed and

– adopted by the Federation of European Risk Management Associates (FERMA); • PMBOK Guide developed Project Management Institute [35] (widespread in the U.S.A); • PRAM (Project Risk Analysis and Management) Guide developed by Association for

Project Management3 (widespread in United Kingdom).

5.

risks in a business context [39].

shift left as Figure 6 shows.

<sup>3</sup> http://www.apm.org.uk/

that are related to root cause may be decreased.

**Figure 4.** Problem 2 is derived from Problem 1 (from prospect theory)

This theory is main root for Reference Class Forecasting, which for a particular project, aims to identify a relevant reference class of similar projects from the past, to establishing a probability distribution for the selected reference class and to compare the specific project with the reference class distribution for establishing the most likely outcome for the specific project [21]. Another concern specifies that "to eliminate intentional or unintentional planning mistakes leading to time and cost overrun, current project management theories prescribe the eradication of any bias leading to overly optimistic forecasts. In an effort to hamper optimism bias, normative project management theory and practice introduce further tools and processes to eradicate the causes of optimism bias" [44].

According to [23], risks are defined as uncertainties which, if they occur, would affect achievement of the objectives negatively (threats). Similar, opportunities are uncertainties which, if they occur would affect positively the project. Examples include the possibility that planned productivity targets might not be met, interest or exchange rates might fluctuate, the chance that client expectations may be misunderstood, or whether a contractor might deliver earlier than planned. These uncertainties should be proactively managed through the risk management process. Changes in the business environment, project evolution and percent of completion, will continue to affect the risk situation inside projects. As each project is unique and has its own trajectory, project risk management should be a proactive approach for efficient and effective decision-making.

Projects continue to fail because of a proper project risk management lack and the management problem is getting bigger. A large number of organizations and institutes spend a lot of time and resources to develop and improve standards and methodologies for project risk management. Among these, the most common are:


Forum for Risk Management in the Public Sector (widespread in the United Kingdom) – adopted by the Federation of European Risk Management Associates (FERMA);


Adapted after PMBOK Guide, developed by Project Management Institute in a Practice Standard for Project Risk Management [35, 36], and by improving planning tools and techniques, a framework for project risk management can be derived, as presented in Figure 5.

A risk identification step where techniques and special tools are used is needed because a risk cannot be managed unless it is first identified. After identification, a risk assessment and evaluation step follows. Each risk is evaluated based on the probability of its occurrence and its impact on project objectives (in qualitative risk analysis) and a numerical estimate of the overall project risk is provided (in quantitative risk analysis). The risk analysis should be performed not only once but in iterative cycles along major. Monitoring is also recommended in continuous intervals. Monitoring is mandatory to permanently track and control identified risks and to promptly respond in case of new risks occurrence that were not previously identified. Risk management does not aim to eliminate risks, but focus to actively manage risks in a business context [39].

Back to risk mitigation step, to certain risks may apply a set of mitigations. Often, mitigations address processes of the organizations. For fruitful results, this process may require long time from implementation. The strategies to manage the risks and the method of mitigation and the priorities are mostly decided by the project manager. Each risk is identified in previous steps and each one is characterized by probability of occurrence and impact. The focus should be on risks that yield a high impact and are identified with high probability of occurrence. Figure 5 presents risks after and before mitigations. Another approach is to address risk after mitigation costs ranking. Deriving a root cause of several risks represents another method to mitigate risks; improvements may be applied there. In this way, the impact of multiple risks that are related to root cause may be decreased.

There are several strategies that can be applied in risk mitigations step. First of all, a risk can be avoided, by not performing tasks that imply risks. Despite this method is not always fruitful from economic perspective, those tasks may be replaced if suitable. A second method aims to reduce the negative effect and impact of the risk in terms of monetary costs, delay or low quality. In some cases the risk can be transferred to another party. Not all risk can be mitigated or make sense to mitigate, in some cases risks should be accepted (in an inconvenient cost/benefit analysis). After successful mitigation, risks are represented based on probability vs. impact. After mitigation, in case the probability decrease the risks are represented on a lower as a parallel shift with y-axis; in the case the impact decrease, risks shift left as Figure 6 shows.

Mitigation actions should target those risks associated with high leverage towards minimizing the residual risk afterwards or acceptable mitigation costs. The risk analysis methodology provides means of visualizing mitigation costs and expected residual risks with and without mitigation. After mitigation actions and responsibilities for the measures are agreed and

12 Will-be-set-by-IN-TECH

This is exactly the reverse inequality from first problem. This is a clear example how human behavior tends to underweight outcomes that are merely probable and to overweight outcomes with a low probability to happen. As can be observed, second problem is derived from first problem (Figure 4) by elimination of Win 2400 with a probability of 66% option.

This theory is main root for Reference Class Forecasting, which for a particular project, aims to identify a relevant reference class of similar projects from the past, to establishing a probability distribution for the selected reference class and to compare the specific project with the reference class distribution for establishing the most likely outcome for the specific project [21]. Another concern specifies that "to eliminate intentional or unintentional planning mistakes leading to time and cost overrun, current project management theories prescribe the eradication of any bias leading to overly optimistic forecasts. In an effort to hamper optimism bias, normative project management theory and practice introduce further tools and processes

According to [23], risks are defined as uncertainties which, if they occur, would affect achievement of the objectives negatively (threats). Similar, opportunities are uncertainties which, if they occur would affect positively the project. Examples include the possibility that planned productivity targets might not be met, interest or exchange rates might fluctuate, the chance that client expectations may be misunderstood, or whether a contractor might deliver earlier than planned. These uncertainties should be proactively managed through the risk management process. Changes in the business environment, project evolution and percent of completion, will continue to affect the risk situation inside projects. As each project is unique and has its own trajectory, project risk management should be a proactive approach

Projects continue to fail because of a proper project risk management lack and the management problem is getting bigger. A large number of organizations and institutes spend a lot of time and resources to develop and improve standards and methodologies for project

• AS/NZS 4360:2004, The Australian and New Zealand Standard on risk management, [14]

• IRM Standard, jointly developed by The Institute of Risk Management (IRM) [43], The Association of Insurance and Risk Managers (AIRMIC) and by ALARM The National

**Figure 4.** Problem 2 is derived from Problem 1 (from prospect theory)

to eradicate the causes of optimism bias" [44].

for efficient and effective decision-making.

risk management. Among these, the most common are:

developed by Broadleaf Capital International PTY LTD;

<sup>3</sup> http://www.apm.org.uk/

#### 14 Will-be-set-by-IN-TECH 128 Risk Management – Current Issues and Challenges Risk Management in Collaborative Systems <sup>15</sup>

**Figure 6.** Risk representation Probability vs. Impact (After and Before Mitigations) [12]

design and competing in advance and market sensitivity.

**6. Conclusion**

often controversial points of view.

individually defined in a single plan. Traditional project risk management approaches offer less attention on project opportunities. For example, check lists are considered a great technique to identify risks and captures previous experiences but most of the time this technique includes only threats and misses opportunities. Another technique is represented by Lessons Learned Reports that prevents making the same mistakes or missing the same opportunities twice. It also offers solutions and ideas where the opportunities can be unlocked. SWOT analysis addresses both threats and opportunities. As risks, opportunities are linked to one project objective (time, cost, quality, scope etc.). Some of the authors consider that companies can overlook opportunities that provide significant possibilities for organizational innovation and new competitive advantage by focusing on the downside of risk [8]. Both, risk and opportunities require attentions and should be treated. By managing risks, threats can be and also an opportunity perspective is available. Such opportunities may provide significant results in terms of innovation and project delivery at high-quality. In many situations, the opportunity is easily missed. Some strategies for identifying opportunities are listed and presented in [8]: learning from the past, customer sensitivity, learning from others, scanning, scenario planning, identifying the market gaps and change the game, idealized

Risk Management in Collaborative Systems 129

The rationality behind collaboration is creativity. Collaboration uses communication, coordination and cooperation as a backbone but it is seen as something more than that. It is about creating shared understanding that no member could achieve on his own and in order to generate insight, new ideas or new artifacts it is a necessity to bring together different and

**Figure 5.** Risk management framework [12]

decided upon, the implementation of these actions need detailed planning and controlling. According to the findings in the risk mitigation phase the responsible action owners should be mandated by the project manager. Hence, the project manager needs to prioritize mitigation options and corresponding costs and efforts to decide whether measures will be taken or not. Performing agreed mitigation actions will contribute to reduce the risk status and create a new risk situation in the project. However, the implementation and controlling of the mitigations will be driven by the project team.

High risks are represented with red, medium risks with yellow and low risks with green in both situations: after and before risk mitigations. Our focus is on high and medium risks.

Despite the enormous sums of money being spent on project planning, risks arise. A risk management oriented culture is preferred to manage risks (cost, time or quality related) in conditions that most of the big projects fall victim to significant cost overrun.

#### **5.2. Opportunity management**

In project environment, risks are considered as uncertain events that if occurs has a negative effect on a project objective. Contrasting, the positive and desired effect is considered opportunity. A proactive risk management plan should be applied to successful manage uncertainties. Threats risks and opportunities should be treated as single unit and

**Figure 6.** Risk representation Probability vs. Impact (After and Before Mitigations) [12]

individually defined in a single plan. Traditional project risk management approaches offer less attention on project opportunities. For example, check lists are considered a great technique to identify risks and captures previous experiences but most of the time this technique includes only threats and misses opportunities. Another technique is represented by Lessons Learned Reports that prevents making the same mistakes or missing the same opportunities twice. It also offers solutions and ideas where the opportunities can be unlocked. SWOT analysis addresses both threats and opportunities. As risks, opportunities are linked to one project objective (time, cost, quality, scope etc.). Some of the authors consider that companies can overlook opportunities that provide significant possibilities for organizational innovation and new competitive advantage by focusing on the downside of risk [8]. Both, risk and opportunities require attentions and should be treated. By managing risks, threats can be and also an opportunity perspective is available. Such opportunities may provide significant results in terms of innovation and project delivery at high-quality. In many situations, the opportunity is easily missed. Some strategies for identifying opportunities are listed and presented in [8]: learning from the past, customer sensitivity, learning from others, scanning, scenario planning, identifying the market gaps and change the game, idealized design and competing in advance and market sensitivity.

#### **6. Conclusion**

14 Will-be-set-by-IN-TECH

decided upon, the implementation of these actions need detailed planning and controlling. According to the findings in the risk mitigation phase the responsible action owners should be mandated by the project manager. Hence, the project manager needs to prioritize mitigation options and corresponding costs and efforts to decide whether measures will be taken or not. Performing agreed mitigation actions will contribute to reduce the risk status and create a new risk situation in the project. However, the implementation and controlling of the mitigations

High risks are represented with red, medium risks with yellow and low risks with green in both situations: after and before risk mitigations. Our focus is on high and medium risks.

Despite the enormous sums of money being spent on project planning, risks arise. A risk management oriented culture is preferred to manage risks (cost, time or quality related) in

In project environment, risks are considered as uncertain events that if occurs has a negative effect on a project objective. Contrasting, the positive and desired effect is considered opportunity. A proactive risk management plan should be applied to successful manage uncertainties. Threats risks and opportunities should be treated as single unit and

conditions that most of the big projects fall victim to significant cost overrun.

**Figure 5.** Risk management framework [12]

will be driven by the project team.

**5.2. Opportunity management**

The rationality behind collaboration is creativity. Collaboration uses communication, coordination and cooperation as a backbone but it is seen as something more than that. It is about creating shared understanding that no member could achieve on his own and in order to generate insight, new ideas or new artifacts it is a necessity to bring together different and often controversial points of view.

16 Will-be-set-by-IN-TECH 130 Risk Management – Current Issues and Challenges Risk Management in Collaborative Systems <sup>17</sup>

Collaboration can be achieved if defined in a goal oriented framework and should use knowledge from project and risk management to increase the chances or obtaining the envisioned deliverables. These tools can lead to successful achievement of objectives, but they are not sufficient.

[11] Benta, D., Podean, M. I. & Mircean, C. [2011]. On best practices for risk management in

Risk Management in Collaborative Systems 131

[12] Benta, D., Podean, M. I., Rusu, L. & Mircean, C. [2011]. From Nobel Prize to Reference Class Forecasting for Successful Projects, *Proceedings of The 7th International Conference on*

[13] Benta, D., Rusu, L. & Podean, M. I. [2011]. Successful Implemented theories for Reference Class Forecasting in industrial field, *in* D. Marca, B. Shishkov & M. van Sinderen (eds), *ICE-B 2011 - Proceedings of the International Conference on e-Business, Seville, Spain, July*

[14] Broadleaf Capital International PTY LTD [2007]. The Australian and New Zealand Standard on risk management ( AS/NZS 4360:2004). Last Accessed: April 2012. URL: *http://www.ucop.edu/riskmgt/erm/documents/asnzs4360\_2004\_tut\_notes.pdf* [15] Camarinha-Matos, L. M. & Afsarmanesh, H. [2008]. *Collaborative Networks: Reference*

[16] Csikszentmihalyi, M. [1997]. *Creativity: Flow and the Psychology of Discovery and Invention*,

[17] Csikszentmihalyi, M. [2008]. *Flow: The Psychology of Optimal Experience*, Harper Perennial

[18] Denise, L. [1999]. Collaboration vs. C-Three (Cooperation, Coordination, and

URL: *http://www.zsr.org/results-framework-resources-2/collaborationvstheothercwords.pdf* [19] Engelbart, D. C. [1995]. Toward augmenting the human intellect and boosting our

[20] Farooq, U., Carroll, J. M. & Ganoe, C. H. [2005]. Supporting creativity in distributed scientific communities, *Proceedings of the 2005 international ACM SIGGROUP conference on*

[21] Flyvbjerg, B. [2007]. Eliminating Bias through Reference Class Forecasting and Good

[22] Fuks, H., Raposo, A., Gerosa, M. A., Pimental, M. & Lucena, C. J. P. [2008]. *Encyclopedia of E-collaboration*, Information Science Reference - Imprint of: IGI Publishing, Hershey, PA,

[24] Hilson, D. [2006]. Integrated risk management as a framework for organisational success,

[25] Kahneman, D. & Tversky, A. [1979a]. Prospect theory: An analysis of decision under

[26] Kahneman, D. & Tversky, A. [1979b]. *Studies in the Management Sciences: Forecasting*, Vol. 12, Amsterdam, North Holland, chapter Intuitive Prediction: Biases and Corrective

[27] Lalsing, V., Kishnah, S. & Pudaruth, S. [2012]. People facetor in agile software

[28] Lee, G. & Xia, W. [2010]. Toward Agile: An Integrated Analysis of Quantitative and Qualitative Field Data on Software Development Agility, *MIS Quarterly* 34(1): 87–114.

*Supporting group work*, GROUP â€™05, ACM, New York, NY, USA, pp. 217–226.

complex projects, *Informatica Economica. INFOREC Association* .

*Management of Technological Changes* , Alexandroupolis, Greece.

*Modeling*, Springer US, chapter Collaboration forms, pp. 51–66.

Communication), *Innovating* 7(3). Last Accessed: October 2010.

Governance, *Technical report*. Concept Report No 17 Chapter 6.

[23] Hillson, D. [2007]. When is a risk not a risk?, *Project Manager Today* pp. 15–16.

*18-21*, INSTICC Press.

Harper Perennial, New York, USA.

collective IQ, *Commun. ACM* 38(8): 30–32. URL: *http://doi.acm.org/10.1145/208344.208352*

URL: *http://doi.acm.org/10.1145/1099203.1099242*

chapter The 3C Collaboration Model, pp. 637–644.

risk, *SIAM Journal on Computing* 47(2): 263–291.

sevelopment and project management.

Procedures.

*Proceedings of the PMI Global Congress*, Seattle WA, USA.

URL: *http://airccse.org/journal/ijsea/papers/3112ijsea09.pdf*

Modern Classics, New York.

During the execution of a project team members are not always collaborating and their work alternates with cooperation, when a greater emphasis is placed on a value-chain model of producing results. Focus permanently switches from the flexible content approach to the management tools according to task's specific. In order to fully support the process of collaboration, the aspects that precede it or come in-between the collaboration sessions must be fully supported so that they will not represent a problem that can hinder collaboration. Both collaboration and cooperation require efficient project and risk management and this can only be achieved if collaboration prerequisites are sufficiently understood and integrated in the overall strategy.
