**4. Classifying techniques supporting project risk management**

The three defined dimensions characterising the choice of project risk management techniques are here applied to a selection of practices that can be commonly found in both literature and practice.

First, the focus techniques are briefly described and their strengths and weaknesses highlighted (Table 1).

A Framework to Select Techniques Supporting Project Risk Management 77

• Relies on the comparisons between two or more systems

or activities. • Does not

risk.

traditionally involve the quantification of

• Depends very much on expert judgements.

• Limited to previous experience only.

• Traditionally it only provides qualitative information [18]. • Individual technique.

• Useful only for the early stages of the selection of an idea. • Risk drivers are assumed to be independent. • Can become intimidating. • Length may discourage a more selective analysis of a subset of risk drivers.

• Must be careful when assigning probabilities. • Individual

• Limited to the analysis of system

changes.

[18]

• Predictive and proactive risk analysis technique. • Can be used as a root cause analysis.

• Systematically assesses the experience accumulated by an

• Can be prepared by a single analyst or a small group.

• Uses high-level or detailed analysis [18]. • Simple to use at the

• Useful as a memory

• A guide to the existing risk and opportunity knowledge.

• Many application possibilities in different areas.

• Enables a detailed

industry.

basic level.

jogger.

[18]

**No. Technique Description Strengths Weaknesses** 

It is used to systematically investigate the possible risks and to identify the appropriate risk management strategies and measures in changing situations.

It is a detailed aide-memoire for the identification of potential risks. It can be developed based on historical information and knowledge that have been accumulated from previous

It is usually structured using a decision tree diagram that describes a situation and the implications of each of the

similar projects.

3 **Change** 

[18]

4 **Checklist** [1,13,20]

5 **Decision Tree Analysis** 

[32]

**Analysis (ChA)**



highlighted (Table 1).

1 **Brainstorming** [1,13]

2 **Cause and** 

**or Cause Consequence Analysis (CCA)**

[1]

**effect diagram** 

First, the focus techniques are briefly described and their strengths and weaknesses

• Improves problem analysis by providing more possible solutions and unusual approaches to a problem.

• Prone to the negative effects of personality

• Difficult to create a criticism-free atmosphere. • Not much structured. • The smaller problems that can have severe

consequences on the project success are not

participation due to

participation due to inequalities in expertise [13].

• Not particularly useful for extremely complex problems where many causes and problems are interrelated.

identified. • Reduced

dominant personalities. • Inhibited

excesses.

• Increases the chances of obtaining an excellent idea. • Involvement of individuals with a

variety of backgrounds. • Utilises the thoughts of others. • Attempts to view situations from an unfamiliar perspective.

• Helps to determine the root causes of a problem or of a quality characteristic in a structured way.

• Increases knowledge of a process by helping everyone to learn more about the relevant factors and how they relate to each other.

**No. Technique Description Strengths Weaknesses** 

An effective way to generate lots of ideas on a specific issue and then determine which idea–or ideas–is/are the best possible solution. Ideas about project risk

It identifies the set of unwanted effects and goes backwards to trace the causal chain.

It is also known as Ishikawa or fishbone diagram and is useful for identifying causes of risks.

are generated under the leadership of a facilitator.


A Framework to Select Techniques Supporting Project Risk Management 79

among system elements can be overlooked [18].

• Requires a great availability of historical data.

• The estimation can

• No better results than those provided by the expertise of estimators.

• May be repeated multiple times in order to get more accurate information.

• Usually employed to examine only one specific event at a time; multiple fault trees may be developed.

• The levels and the organisation of the tree vary from analyst to

• Quantification requires a high level of

expertise [18].

• Complex

• Examination of human errors is limited. It is focused on technical failures and operational errors may be overlooked.

analyst.

be biased.

• Shares similar strengths with Fault Tree Analysis [18].

• The EMV of opportunities is generally expressed as a positive value, while that of risks as a negative value.

• Uses experiences on past projects to assess factors about a new

• Highly effective in determining combinations of events and failures. • Systematic, logical, and detailed system

• Applicable to any kind of complicated system or activity. • Quantification is possible [18].

• Effective for collecting the information that is

• Widely used/ understood, provides a great understanding

needed.

approach.

project. • Adapt to exceptional circumstances.

**No. Technique Description Strengths Weaknesses** 

The EMV analysis is a statistical concept that calculates the average outcome when the future includes scenarios that may or

Technique based on the experts' opinion. It is useful for the evaluation of the failure rate and the success chances of the overall

An approach that starts from a particular event, known as the top event, in an attempt to identify all the possible event sequences giving rise to it.

An analysis technique used in high-risk organizations to identify failure modes in systems/processes and work out

response strategies.

may not happen.

project.

9 **Expected** 

**(EMV)** [1]

10 **Expert** 

[1]

11 **Fault Tree** 

[45]

12 **Failure Mode and Effects Analysis (FMEA)** [46]

**Analysis (FTA)**

**Judgement** 

**Monetary Value** 


6 **Delphi** [1]

7 **Event and Causal Factor Charting (ECFCh)** 

[18]

8 **Event Tree Analysis (ETA)**

[18]

**No. Technique Description Strengths Weaknesses** 

insight into the decision making process.

technique.

• Very complex.

• The quality of results depends on the competencies of experts and on the content of the questionnaire.

• Time consuming and

• No opportunity for verbal clarification or

• Does not necessarily ensure that the root causes have been identified.

• Can overwork simple problems that may not require an extensive investigation [18].

• Usually limited to one initiating event; multiple event trees may be needed. • Dependencies

expensive.

comment. • Conflicts not resolved.

• Appropriate for solving complex problems.

• Often supported by

• Can be computer

• Group technique. • Mainly used as a forecasting technique. • Helps to reduce

• Keeps any person from having undue influence on the outcome.

• Elimination of direct social contact.

• Provision of feedbacks.

• Opportunity to revise opinions.

• An effective technique for understanding the sequence of contributing events

• Highly effective in determining how various initiating events can result in

[18].

accidents.

statistics.

assisted.

bias.

available choices and possible scenarios. It incorporates the cost of each available choice, the probabilities of each possible scenario, and the rewards of each

logical path.

The purpose is to elicit

anonymously.

It consists of a graphical description of the sequence of events and conditions associated with an accident. The chart provides a logical progression of

It is an analysis technique that models the range of possible outcomes of one or a category of

initiating events.

events.

information and judgments from participants to facilitate problemsolving, planning, and decisionmaking. A facilitator uses a questionnaire to solicit ideas about the important project risks and the experts participate


A Framework to Select Techniques Supporting Project Risk Management 81

• A lack of structure makes it difficult to

• Limited to previous experience and thus with a limited value for novel installations. • Does not produce a list of failure cases for a quantitative risk assessment [18].

• Focused on specific human reliability

• The evaluation of human assets is based on the assumption that the employees are going to remain with the organisation for a specified period. However, this assumption is wrong because employee mobility is very high.

• It can be difficult both to set up and to

• Limited to previous experience only. • Gives few insights into the nature of the hazards, may miss

maintain.

audit.

issues.

• Makes use of the existing experience taken from a wide range of sources. • Can be performed by a single analyst at a low cost [18].

• Provides useful information about the cost and value of human resources.

organisation to make the best utilisation of human resources.

• IR forms identify the barriers that prevent adverse situations.

• IR schemes provide

• Simple to use at the

a means of encouraging staff participation in safety improvement.

basic level.

• Systematically assesses the experiences

• Helps an

**No. Technique Description Strengths Weaknesses** 

The Hazard Review, also known as Hazard Survey or Safety Review, is mainly a qualitative review of an activity or system to identify the hazards and to gain qualitative understanding of their

It is especially used for a detailed evaluation of human operations in procedural tasks. It is a special form of FTA and ETA, designed for modelling and analysing the range of possible accidents that may happen while performing a

A structured mode for accident, incident, and near miss signalling

The list of risks is produced by interviewing project managers or experts on the applications of the

The risks are identified and

significance.

procedure.

collection.

project.

16 **Hazard Review (HR)**  [18]

17 **Human Reliability Assessment (HRA)**  [49]

18 **Incident** 

[50]

19 **Interviews**  [1]

**Reporting (IR)** 


13 **Failure Mode and Effects Criticality Analysis**  (**FMECA)**

[46]

14 **Fuzzy Logic**  [47]

15 **Hazard and Operability (HAZOP)** 

[48]

**No. Technique Description Strengths Weaknesses** 

An analysis technique used in high-risk organizations to identify and assess failure modes in systems/processes and work out response strategies.

Useful approach to address the problems associated with imprecision, uncertainty, and

subjectivity of data.

It is a hazard identification technique that uses a structured and systematic team review of a system or process to identify the possible deviations from normal operations and their causes and consequences. It uses a standard list of guidewords (e.g. "more," "less," "no") combined with process conditions to systematically consider all the possible deviations from the normal conditions. For each deviation, possible causes and consequences are identified as well as whether additional safeguards should be recommended.

of a system.

• Systematic and comprehensive [18].

• Permits different kinds of data to be manipulated simultaneously using a standardised methodology and a common scale for expressing the significance of impacts.

• Uses the experience

• Systematic and comprehensive. • Effective for technical faults and human errors. • Employs a team approach requiring the interaction of several disciplines or organisations [18].

of operating personnel.

Like FMEA Like FMEA

interactions resulting from more than one failure are often omitted [18].

• Not appropriate for selecting single ideas.

• Offers no significant benefits in the case of simple projects. • Characterized by mathematical complexity.

• Depends very much on expert judgements. • Optimised especially

for sequential operations or procedures. • Requires the development of procedural descriptions that are often not available in detail. • Documentation is

lengthy.

[18].

• One of the most time consuming and expensive techniques

• Very complex.


A Framework to Select Techniques Supporting Project Risk Management 83

• Requires additional analysis to understand more in depth and evaluate hazards and potential accidents. • Relies heavily on the knowledge of subject matter experts [18].

• Must be careful when setting scoring

• Enables a more detailed analysis of vital factors. • Very complex, requires training.

• The level of detail depends on the available information.

• Shortcomings result from a checklist approach (see Checklist).

• Ratings have no absolute meaning.

prematurely defining high and low risks with no further considerations.

• Danger of

criteria.

• Used as a proactive technique because it identifies the weaknesses of a system at the early stages of its life, thus saving time and money [18].

• May be applied to any kind of risk analysis and to any activity or system.

• Many application possibilities in different areas.

• Individual or group

project/risk manager to better understand recurring risks and concentrations of risks which would lead to issues that affect the status of the

technique.

• Help the

project.

• Allows to brainstorm the most likely project risks and to apply simple formulas to them. • Communicative. • Aids the creation of

a shared

• Simple.

understanding of the importance of various risks to the project.

• Very detailed.

**No. Technique Description Strengths Weaknesses** 

It is used to identify hazards, assess the severity of potential accidents that may happen, and identify measures for reducing or eliminating the risks associated

An activity and threat matrix where the value of risk associated with each activity and the most frequent overall risks are

It is a source-oriented grouping of project risks that defines the total risk exposure of a project. Each descending level represents

definition of sources of risk to the

It is a qualitative technique that can be used to evaluate and prioritise a group of risks which could significantly impact on a

an increasingly detailed

with the hazards.

evaluated.

project.

project.

22 **Preliminary Hazard Analysis (PHA)**

[52]

23 **Risk** 

[23]

24 **Risk** 

[53]

**Breakdown Matrix (RBM)**

**Breakdown Structure (RBS)**

25 **Risk Mapping, Risk Matrix, Probability and Impact Matrix** 

[1,13]


scale.

20 **Monte Carlo**

21 **Pareto Analysis (PA) or** 

**ABC analysis** 

[51]

[1]

**No. Technique Description Strengths Weaknesses** 

accumulated by an

some potential problems.

• Individual risk drivers may be described in insufficient detail to avoid ambiguity. • Can be limiting.

• No statistically sound basis to specify distributions. • No basis for estimating the most likely values.

• No basis to create custom tailored distributions when real world data are

• Focuses only on the

variability in the levels of risk assessment resolution.

• Dependent on availability and applicability of data

• Must be careful when setting importance criteria.

missing.

past.

[18].

• Produces considerable

• Can be prepared by either a single analyst or a small group.

• Allows to work in terms of real units. • Allows models to be firmly rooted in the plans of a project.

relationship between the output of models and real-world decisions relatively straightforward.

• Makes the

• Provides quantitative results

• Many application possibilities in different areas, from the activity or operations level to the system level, such as ranking activities or system accidents and their causes.

• Can also be used to evaluate changes in

• Individual or group

risks after modifications in a system or activity. • Simple to use.

technique.

[18].

industry.

defined and a risk management

A type of spreadsheet simulation that randomly and continuously generates values for uncertain variables to simulate a model.

It is a technique that is used to identify and prioritise the most significant items, for example causes and contributing factors or

effects of accidents. This technique employs the Pareto rule (or 80-20 rule),which says that about 80 percent of the effects are generated by about 20

percent of the causes.

capability score can be determined from a five-point


A Framework to Select Techniques Supporting Project Risk Management 85

• Used as an effective technique for identifying root causes of accidents and determining causal factors.

• The danger in this technique lies in the unasked questions

• Mainly based on brainstorming that is often time consuming. • The brainstorming process is very difficult to duplicate and the results may not be reproducible or

consistent.

• It does not ensure that all the root causes can be identified.

[18].

**No. Technique Description Strengths Weaknesses** 

The selected project risk management techniques are now classified according to the three proposed dimensions (Table 2). It is worth remarking that the techniques have been matched with the dimensions based on their most frequent applications as documented by literature and on the authors' experience. Different categorisations may be possible

During the entire project life cycle and in every stage of the risk management process, the nature and the quantity of available information influence the choice of the techniques that should be applied. In the conceptualisation phase decision-makers have a high degree of freedom in defining project goals and how to achieve them. However, owing to the lack of project specifications on the ways to meet the set objectives in that stage of the project, all the necessary information for a complete investigation of risk is not always available. Then, we are in an uncertain scenario characterised by a limited amount of information or in a context where the source of information is subjective. Therefore, it is necessary to build a systematic framework that can be used by decisionmakers to obtain subjective judgements from experts in a clear and straightforward manner. This can be accomplished by applying "extractors" of information like Interviews or the so called "group techniques" such as Brainstorming, Delphi, and Expert Judgment. At the same time, it is also necessary to train the experts so that they can make good judgements. Moreover, this context may just allow to define the strengths and weaknesses of the project and the decision-makers may stop their risk investigation

It is a qualitative brainstorming technique that attempts to identify root causes of accidents by asking "why" these events did occur or conditions did exist, in order to help to get to the true

according to the peculiar characteristics of specific project settings.

causes of problems.

**Table 1.** Project risk management techniques

31 **"5 Whys" Technique** 

[18]


**Table 1.** Project risk management techniques

26 **Risk** 

[1]

27 **Sensitivity analysis**  [1,13]

28 **Strengths, Weaknesses, Opportunities, and Threats (SWOT)** [54]

29 **SWIFT Analysis**

[18]

30 **What-if Analysis** 

[18]

**Impact Assessment, Risk Ranking/ Risk Index** 

**Probability and** 

**No. Technique Description Strengths Weaknesses** 

• Provides a highlevel assessment [18]. • Identifies both negative effects for threats and positive

• Results can be difficult to link to absolute risks.

• Appropriate ranking tools may not exist. • Does not account for unique situations [18].

• Requires a great availability of historical data.

• Not very applicable to general idea selection.

• Mainly used in the business field.

• Requires a great variety of

competencies of the analysis team.

• Loose structure and

judgements, likely to miss some potential

• Difficult to audit for thoroughness.

reliance on

problems.

effects for opportunities.

• Useful for comparing the relative importance of variables that have a high degree of uncertainty to those that are more stable.

• Individual or group

• Very broad areas of

• Possible problems and combinations of conditions that can be problematic are described. • Possible riskreducing measures are identified.

• Highly effective to identify system hazards.

• A simplistic approach that offers great value for minimal investment

[18].

technique.

application. • Easy to use.

It investigates the likelihood that each specific risk will occur and the potential effects on the objectives of a project, such as time, cost, scope, or quality.

It helps to determine which risks have the most potential impact

The SWOT analysis provides a good framework for reviewing strategies, positions and business directions of a company or an

It is a more structured form of the "What-if Analysis" technique and it is used to identify hazards based on brainstorming and

It is a brainstorming technique that uses a systematic, but broad and not very structured, questioning procedures to generate descriptive information.

on a project.

idea.

checklists.

The selected project risk management techniques are now classified according to the three proposed dimensions (Table 2). It is worth remarking that the techniques have been matched with the dimensions based on their most frequent applications as documented by literature and on the authors' experience. Different categorisations may be possible according to the peculiar characteristics of specific project settings.

During the entire project life cycle and in every stage of the risk management process, the nature and the quantity of available information influence the choice of the techniques that should be applied. In the conceptualisation phase decision-makers have a high degree of freedom in defining project goals and how to achieve them. However, owing to the lack of project specifications on the ways to meet the set objectives in that stage of the project, all the necessary information for a complete investigation of risk is not always available. Then, we are in an uncertain scenario characterised by a limited amount of information or in a context where the source of information is subjective. Therefore, it is necessary to build a systematic framework that can be used by decisionmakers to obtain subjective judgements from experts in a clear and straightforward manner. This can be accomplished by applying "extractors" of information like Interviews or the so called "group techniques" such as Brainstorming, Delphi, and Expert Judgment. At the same time, it is also necessary to train the experts so that they can make good judgements. Moreover, this context may just allow to define the strengths and weaknesses of the project and the decision-makers may stop their risk investigation at the identification phase by means of a SWOT analysis. However, if we are in the case of repetitive projects, the greater availability of information could allow the use of detailed tables, such as FMEA [25], and makes possible to define occurrence probabilities and economic and/or time impacts for every alternative event. In this situation, decisionmakers could move on to a quantitative analysis of risks through the use of FMECA tables, Decision Trees, and Event Tree Analysis. As a consequence, the quantity and kind of information in the conceptualisation phase usually allow risk identification and they seldom enable also risk analysis. Coming to the planning phase, the ways and means to achieve the project objectives become clearer thanks to a considerable increase in the available information, which allows a complete investigation of risks. All the techniques for risk management can be used in this project stage based on the phases of identification, analysis, and response to risk and on the type of information available. In general, the degree of knowledge and the ability to influence the course of a project are inversely proportional to each other as the project develops overtime. Therefore, in the execution phase there will be a high level of knowledge about project constraints but a low ability to influence events because all the most important project and risk management choices have been already made in the previous phases. The result is that in this phase the time and economic performance resulting from the project choices and the actions undertaken to either mitigate or exploit risk can be mainly controlled and monitored. Therefore, in the execution phase the outputs obtained from the techniques applied in risk identification, analysis, or response will be revised and the results of the implementation of designed actions will be monitored by means of careful and sensible human action. In addition, in this project stage the risk management techniques used in the planning phase can be applied again to unveil new risks that have not emerged before. The termination phase is not considered by the classification in Table 2 because the risk management effort is more relevant in the previous stages of the project life cycle. Also, the risk management planning phase is not included being less operational in nature than the subsequent phases and more focused on the strategy to deal with risk and the project goals.

A Framework to Select Techniques Supporting Project Risk Management 87

Conceptualisation [25], Planning, Execution

**I** [1,22], **QlA**[11] Planning, Execution Normalised,

Conceptualisation, Planning [25]

Conceptualisation,

**I** [18] Planning Normalised[18],

Conceptualisation,

Conceptualisation,

Conceptualisation [25],

Planning

Planning

Planning

Planning

Planning

**I, R**[46,62] Conceptualisation [25], Planning

13 **Failure Mode and Effects I, QlA, QtA, R** Conceptualisation [25], Normalised [18],

**Project Life Cycle Phase Level of** 

**Corporate Maturity** 

Novice [25], Normalised, Natural

Natural

Natural

Novice [18], Normalised, Natural

Normalised, Natural

Novice [25], Normalised, Natural

Natural

Normalised, Natural [18]

Normalised, Natural

Normalised, Natural [18]

Normalised [18]

 **Dimensions** 

**Phase** 

[29]

[11]

[55]

6 **Delphi I** [1,22], **QlA** [29,60] Conceptualisation [25],

[11,18,61]

[55]

**QtA** [18,11]

9 **Expected Monetary Value QtA**[1,11,32], **R** [55] Planning, Execution Natural

3 **Change Analysis (ChA) I** [59], **QlA**, **R** [18] Planning, Execution Normalised [18],

**No. Technique Risk Management** 

1 **Brainstorming I** [1,32,55-58], **QlA**

4 **Checklist I** [1,15,32,56], **QlA**

5 **Decision Tree Analysis QtA**[1,11,26,32], **R** 

8 **Event Tree Analysis (ETA) I** [61], **QlA** [11]**, QtA** 

10 **Expert Judgement I, QlA, QtA**[1], **R** 

11 **Fault Tree Analysis (FTA) I** [22,45], **QlA** [11],

2 **Cause and –effect diagram or Cause Consequence Analysis** 

7 **Event and Causal Factor Charting (ECFCh)** 

12 **Failure Mode and Effects Analysis (FMEA)**

**(CCA)** 

Finally, the level of maturity is very linked with the level of communication in the organisation and the availability of data/information about the project. The higher the maturity towards risk management of the project team the more common the use of various techniques, especially the quantitative ones, during the entire risk management process. For example, the Monte Carlo simulation technique, that can be applied in the phase of quantitative risk analysis, is basically used by companies with a high level of maturity towards data and information management and hence project risk. The last column of Table 2 refers to the maturity levels proposed by Hillson [37]: the Naïve stage is not taken into account because it is not characterised by the use of any risk management technique. Also, the following notation has been used in Table 2: I = "risk Identification", QlA = "Qualitative risk Analysis", QtA = "Quantitative risk Analysis", and R = "risk Response".


and the project goals.

Response".

at the identification phase by means of a SWOT analysis. However, if we are in the case of repetitive projects, the greater availability of information could allow the use of detailed tables, such as FMEA [25], and makes possible to define occurrence probabilities and economic and/or time impacts for every alternative event. In this situation, decisionmakers could move on to a quantitative analysis of risks through the use of FMECA tables, Decision Trees, and Event Tree Analysis. As a consequence, the quantity and kind of information in the conceptualisation phase usually allow risk identification and they seldom enable also risk analysis. Coming to the planning phase, the ways and means to achieve the project objectives become clearer thanks to a considerable increase in the available information, which allows a complete investigation of risks. All the techniques for risk management can be used in this project stage based on the phases of identification, analysis, and response to risk and on the type of information available. In general, the degree of knowledge and the ability to influence the course of a project are inversely proportional to each other as the project develops overtime. Therefore, in the execution phase there will be a high level of knowledge about project constraints but a low ability to influence events because all the most important project and risk management choices have been already made in the previous phases. The result is that in this phase the time and economic performance resulting from the project choices and the actions undertaken to either mitigate or exploit risk can be mainly controlled and monitored. Therefore, in the execution phase the outputs obtained from the techniques applied in risk identification, analysis, or response will be revised and the results of the implementation of designed actions will be monitored by means of careful and sensible human action. In addition, in this project stage the risk management techniques used in the planning phase can be applied again to unveil new risks that have not emerged before. The termination phase is not considered by the classification in Table 2 because the risk management effort is more relevant in the previous stages of the project life cycle. Also, the risk management planning phase is not included being less operational in nature than the subsequent phases and more focused on the strategy to deal with risk

Finally, the level of maturity is very linked with the level of communication in the organisation and the availability of data/information about the project. The higher the maturity towards risk management of the project team the more common the use of various techniques, especially the quantitative ones, during the entire risk management process. For example, the Monte Carlo simulation technique, that can be applied in the phase of quantitative risk analysis, is basically used by companies with a high level of maturity towards data and information management and hence project risk. The last column of Table 2 refers to the maturity levels proposed by Hillson [37]: the Naïve stage is not taken into account because it is not characterised by the use of any risk management technique. Also, the following notation has been used in Table 2: I = "risk Identification", QlA = "Qualitative risk Analysis", QtA = "Quantitative risk Analysis", and R = "risk


A Framework to Select Techniques Supporting Project Risk Management 89

**QlA** [1], **QtA** Planning Normalised [18],

**Project Life Cycle Phase Level of** 

**Corporate Maturity** 

Natural

Normalised, Natural

Natural

Natural

Normalised [18],

 **Dimensions** 

**Phase** 

30 **What-if Analysis I, R**[18] Conceptualisation,

**Table 2.** Classification of project risk management techniques

27 **Sensitivity analysis QtA** [1,11,26,32], **R** Planning, Execution Natural

29 **SWIFT Analysis I, R**[18] Planning Normalised,

31 **"5 Whys" Technique I** [18] Planning Natural

Table 2 allows to characterise each technique based on the risk management phases, the project life cycle phases, and the degree of corporate maturity towards risk for which it is most suitable. However, it does not provide a global view of how all the analysed techniques fit into the dimensions. In order to overcome this limitation, two bi-dimensional charts are built. On the one hand, Figure 1 places the techniques on a Cartesian plane according to the phases of the risk management process (x-axis) and phases of the project life cycle (y-axis) for which they can be used. On the other hand, Figure 2 compares the same techniques but against the risk management phases (x-axis) and the corporate

These charts are intended to be a valuable mean to communicate and to stimulate knowledge creation about risk. They may be used by an organisation to select a set of techniques, discuss when they are appropriate, and decide which of them could be used, how, and in which part of the project and risk management processes. Also, such representations allow to make further considerations about the appropriateness of each technique. Figure 1 highlights that in the Planning phase of a project there are a lot of techniques that can be used. In fact, in this stage more time can be spent on strategic issues such as risk managing than in the Conceptualisation stage, which has usually a quite limited duration, and in the Execution stage, which is mainly focused on the achievement of the project objectives from an operational point of view. Figure 2 graphically proves the

**I** [54,58], **QlA** [29], **R** Conceptualisation,

Planning

Planning

**No. Technique Risk Management** 

26 **Risk Probability and Impact Assessment, Risk Ranking/** 

28 **Strengths, Weaknesses, Opportunities, and Threats** 

maturity towards risk (y-axis).

**Risk Index** 

**(SWOT)**



15 **Hazard and Operability** 

**(HAZOP)** 

17 **Human Reliability Assessment (HRA)** 

21 **Pareto Analysis (PA) or ABC analysis** 

**(PHA)** 

**(RBM)**

**(RBS)**

**Matrix** 

22 **Preliminary Hazard Analysis** 

23 **Risk Breakdown Matrix**

24 **Risk Breakdown Structure**

25 **Risk Mapping, Risk Matrix, Probability and Impact** 

**No. Technique Risk Management** 

19 **Interviews I** [1,22,58], **QlA** 

 **Dimensions** 

**Phase** 

**Criticality Analysis (FMECA)** [30,46,50,62] Planning, Execution Natural

14 **Fuzzy Logic QtA** [11,47,63] Planning Natural

16 **Hazard Review (HR) I** [18] Planning Novice,

18 **Incident Reporting I**[50], **QtA** Planning Normalised,

**[**57**],QtA**[1]**, R**[15]

20 **Monte Carlo QtA** [1,11,26,29,32] Planning Natural

**Project Life Cycle Phase Level of** 

**I** [29,32,48], **R** [18] Planning Normalised [18],

**I, QlA,QtA, R**[18,49] Planning, Execution Normalised,

Conceptualisation, Planning, Execution

**QtA** [18,51] Planning Natural

**I** [52], **QlA**[52], **P**[52] Planning Novice,

**I,QlA,QtA** [23] Planning Normalised,

**I, QlA** [1,11,64,65] Planning Normalised,

**I** [35] Conceptualisation,

Planning

**Corporate Maturity** 

Natural

Natural

Natural

Novice, Normalised, Natural

Normalised [18], Natural

Natural

Natural

Normalised, Natural

Normalised [18], Natural

> Table 2 allows to characterise each technique based on the risk management phases, the project life cycle phases, and the degree of corporate maturity towards risk for which it is most suitable. However, it does not provide a global view of how all the analysed techniques fit into the dimensions. In order to overcome this limitation, two bi-dimensional charts are built. On the one hand, Figure 1 places the techniques on a Cartesian plane according to the phases of the risk management process (x-axis) and phases of the project life cycle (y-axis) for which they can be used. On the other hand, Figure 2 compares the same techniques but against the risk management phases (x-axis) and the corporate maturity towards risk (y-axis).

> These charts are intended to be a valuable mean to communicate and to stimulate knowledge creation about risk. They may be used by an organisation to select a set of techniques, discuss when they are appropriate, and decide which of them could be used, how, and in which part of the project and risk management processes. Also, such representations allow to make further considerations about the appropriateness of each technique. Figure 1 highlights that in the Planning phase of a project there are a lot of techniques that can be used. In fact, in this stage more time can be spent on strategic issues such as risk managing than in the Conceptualisation stage, which has usually a quite limited duration, and in the Execution stage, which is mainly focused on the achievement of the project objectives from an operational point of view. Figure 2 graphically proves the

relationship between the maturity towards risk and the phases of the risk management process that are carried out by a company. By considering the maturity model proposed by Hillson [37], a Novice level of maturity usually implies performing just risk identification. A Normalised maturity also involves a qualitative risk analysis and, in some limited cases, also risk response and monitoring and control. Finally, a Natural maturity is associated with undertaking the complete risk management process, from identification to monitoring and control, including the quantitative risk analysis. Therefore, the quantitative analysis of risk distinguishes companies with a Natural maturity level from companies having a Normalised maturity level. Additionally, in the Natural maturity level there is a complete integration between the project management and the risk management processes that allows a regular revision of the outputs of the applied risk techniques.

Phase of the risk management process

A Framework to Select Techniques Supporting Project Risk Management 91

5,8,9,10,11,13, 14,17,18,19,20,21, 23,26,27

**Quantitative Risk Analysis**

3,5,10,12,13, 15,17,19,22,28, 29,30

3,5,9,10,13,15, 17,19,22,27,28, 29,30

*Usual revision of the outputs obtained from the techniques previously used*

**Risk Monitoring and Control**

Phase of the risk management process

**Risk Response**

**Figure 2.** Risk technique mapping: risk management phases and corporate maturity levels

**Qualitative Risk Analysis**

of x technique <sup>x</sup> Limited application

1,2,4,6,8,10,11, 13,17,18,19,22,23, 25,26,28

> 1,2,4,6,8, 10,11,13,17,18, 19,22,23,25, 26,28

Communication, information, and hence knowledge are the cardinal points for an attitude towards project risk management that goes beyond an informal approach limited to qualitative investigation. A systematic acquisition and organisation of information is a necessary step in order to move from a subjective knowledge about risk, that has to be elicited from experts, to an objective and easily accessible knowledge forming the condition for a quantitative risk analysis. The framework proposed in this chapter aims to help such transition by generating knowledge about the potentiality of application of common risk

of x technique

Some advantages can be identified. First of all, the developed taxonomy helps to understand how the project environment relates to risk techniques. Also, the suggested scheme provides guidelines about the most relevant dimensions that should be taken into account simultaneously in a risk management process, thus making it more comprehensive, even if it can never be complete because of the limited amount of available resources and the bounded rationality of human beings [66]. This generates knowledge based on the degree of maturity towards risk of the organisation running the project and such knowledge in turn increases the level of corporate awareness towards the instruments to tackle risk. Furthermore, the proposed framework benefits from being quite general, so that it can be

**5. Discussion** 

**Novice**

<sup>x</sup> Usual application

**Normalised**

**Natural**

Corporate maturity towards risk

1,2,3, 4,6,7,8,10,11,12, 13,15,16,17,18,19, 22,23,24,25,28, 29,30

1,4,6,16,19,22

**Risk Identification**

1,2,3,4,6,7,8, 10,11,13,15,16,17, 18,19,22,23,24,25, 28,29,30,31

techniques.

**Figure 1.** Risk technique mapping: risk management and project life-cycle phases

**Figure 2.** Risk technique mapping: risk management phases and corporate maturity levels
