**3. Project risk management**

In [20], the risk management process was defined from the literature as a formal orderly process for systematically identifying, analyzing, and responding to risk events throughout the life of a project to obtain the optimum or acceptable degree of risk elimination or control and to achieve the project objectives. Further, project risk management is known as an integrative process, where it continues throughout the project life cycle [10, 16]. However, the intensity of the risk management process might decrease as the project progresses, but still, the threat of an unforeseen emergent risk should not be ruled out until the project is completely over [15]. Hence, this definition predominantly emphasizes the hard skills at the expense of soft skills [28].

#### **3.1 The hard side of risk management**

There is a wide consensus on the indispensable elements for a risk management process [24]. This can be observed by the growing range of proficient tools and techniques, research base, and practical implementation across many industries [16, 24]. The literature offers several risk management standards, such as Risk Management Standard by the Institute of Risk Management (IRM); Project Risk Analysis and Management (PRAM) by the Association for Project Management (APM); the Project Management Body of Knowledge (PMBoK®), Chapter 11, by Project Management Institute (PMI); and Risk Management—Principles and Guidelines by the International Organization for Standardization (ISO) [16, 39–41]. These standards have well-defined processes and widespread practices that originally cover the hard side of management with few exceptions. For instance, PRAM identifies the functional roles of the organization's members during the risk planning process and considers it as an element of risk management.

The hard side of risk management demonstrates pre-specified approaches that have tools and techniques within four major process groups (identifying, analyzing, developing a response, and monitoring and controlling risks) and it is feasible if adequate information were available [10, 32, 39]. In the last decades, these process groups branched out from the original four groups into identification, qualitative analysis of risks, quantitative analysis of risk, risk response planning, and risk monitoring and control [12, 16].

In the early stages of the project, risk identification should be implemented, and any further process in risk management would be performed on these identified potential risks [42]. Therefore, all possible sources of potential risks must be identified as early as possible to help the organizations in choosing the suitable strategy [11]. One of the best methods to identify the risks is by developing a checklist categorizing the risks that might evolve during the project [18]. Also, historical records (lessons learned) and knowledge of risks from the experience-based of project personnel should be gathered and reviewed [12, 24, 43]. Further, the risks should be identified and classified by its nature and its potential impact on the current projects [16].

For risk identification, it seems that there is an agreement between researchers on the meta-classification approach, which identifies the risk factor based on three levels according to the project lifecycle environment [11, 18, 43–45]. First, the macro-level which consists of risks sourced externally (exogenously); second, the meso level which consists of risks sourced endogenously (self-developed) and project-related; and third, the micro-level which consists of risks found in the stakeholder's relationships. The final step of the risk identification should be a risk category summary sheet by using the risk breakdown structure and checklist, wherein the participation of every individual in the management team would be integrated [16, 46].

**121**

**Table 2.**

*Risk analysis methodologies.*

*Exploring the Project Risk Management: Highlighting the Soft Side of Project Management*

The next stage of the risk management process is analyzing the risks. This stage, introduced by the Project Management Institute, includes qualitative risk analysis and quantitative risk analysis [16, 47]. As an intermediate process, it incorporates uncertainty quantitatively and qualitatively to evaluate the potential impact of risk [48]. In this stage, the risks with high probabilities, associated with a substantial impact on the project, should be focused on. Therefore, by the end of this stage, risk and uncertainty would be identified, then rating should be accomplished by forecasting the probability of occurrence and severity of the risk impact as well [45, 48, 49]. To estimate the probability, scholars note two main approaches: subjective judgment and objective analysis [48, 50]. Subjective judgment is done by using the experience and scrutiny to make a direct estimate which allows the management to use the logic, intuition, and experience or it can be driven by the means of an educated guess [16, 45, 46]. Objective analysis usually needs historical data. Sometimes this can be impractical since it is difficult to find comparable information [16]. Therefore, scalers such as one-in-ten and one-in-hundred are often used.

In the last decade, several methods and techniques have been developed to analyze risk on an industrial plant [50]. Risk analysis has three main requirements: recognize what to expect as output data, collect the available data, and then select a suitable method for the analysis [50]. There is an agreement that these methods can be categorized into two groups: qualitative and quantitative [16]. Further, it can be described as deterministic, probabilistic, and a combination of deterministic and

More than 60 methods and techniques were identified by the scholars, one of the most used methods to estimate the impact of the risks is the analytic hierarchy process (AHP) [51]. This technique breaks down the risks into small groups, constructs a hierarchical structure, compares the impact of each factor with other factors in the same group on a pairwise base, and allocates a comparison ratio to them. Hence, the same concept used between groups, and the final impact for each factor can be determined by multiplying the ratios. **Table 2** shows some of the common methods and techniques used to analyze risks. Consequently, the estimates should be clari-

Quantitative Accident hazard analysis (AHA) [16, 50, 52, 53] Quantitative Event tree analysis (ETA) [50, 54–56] Quantitative Monte Carlo analysis [16, 50]

Quantitative Optimal risk assessment (ORA) [50, 58] Quantitative Simple additive weighting (SAW) [49, 59, 60] Qualitative Failure mode effect analysis (FMEA) [16, 50, 61, 62] Qualitative Hazard and operability (HAZOP) [50, 63, 64] Qualitative Plant level safety analysis (PLSA) [50, 65]

Qualitative and quantitative Complex proportional assessment (COPRAS) [49, 67]

Quantitative Method organized systematic analysis of risk (MOSAR)

Qualitative and quantitative Technique for order preference by similarity to ideal solution (TOPSIS)

**Methods of risk analysis Literature**

[50, 57]

[49, 66]

*DOI: http://dx.doi.org/10.5772/intechopen.93501*

probabilistic [50].

**Classification of risk analysis methods**

fied and improved on an ongoing basis [45].

### *Exploring the Project Risk Management: Highlighting the Soft Side of Project Management DOI: http://dx.doi.org/10.5772/intechopen.93501*

The next stage of the risk management process is analyzing the risks. This stage, introduced by the Project Management Institute, includes qualitative risk analysis and quantitative risk analysis [16, 47]. As an intermediate process, it incorporates uncertainty quantitatively and qualitatively to evaluate the potential impact of risk [48]. In this stage, the risks with high probabilities, associated with a substantial impact on the project, should be focused on. Therefore, by the end of this stage, risk and uncertainty would be identified, then rating should be accomplished by forecasting the probability of occurrence and severity of the risk impact as well [45, 48, 49].

To estimate the probability, scholars note two main approaches: subjective judgment and objective analysis [48, 50]. Subjective judgment is done by using the experience and scrutiny to make a direct estimate which allows the management to use the logic, intuition, and experience or it can be driven by the means of an educated guess [16, 45, 46]. Objective analysis usually needs historical data. Sometimes this can be impractical since it is difficult to find comparable information [16]. Therefore, scalers such as one-in-ten and one-in-hundred are often used.

In the last decade, several methods and techniques have been developed to analyze risk on an industrial plant [50]. Risk analysis has three main requirements: recognize what to expect as output data, collect the available data, and then select a suitable method for the analysis [50]. There is an agreement that these methods can be categorized into two groups: qualitative and quantitative [16]. Further, it can be described as deterministic, probabilistic, and a combination of deterministic and probabilistic [50].

More than 60 methods and techniques were identified by the scholars, one of the most used methods to estimate the impact of the risks is the analytic hierarchy process (AHP) [51]. This technique breaks down the risks into small groups, constructs a hierarchical structure, compares the impact of each factor with other factors in the same group on a pairwise base, and allocates a comparison ratio to them. Hence, the same concept used between groups, and the final impact for each factor can be determined by multiplying the ratios. **Table 2** shows some of the common methods and techniques used to analyze risks. Consequently, the estimates should be clarified and improved on an ongoing basis [45].


#### **Table 2.** *Risk analysis methodologies.*

*Concepts, Applications and Emerging Opportunities in Industrial Engineering*

ning process and considers it as an element of risk management.

In [20], the risk management process was defined from the literature as a formal orderly process for systematically identifying, analyzing, and responding to risk events throughout the life of a project to obtain the optimum or acceptable degree of risk elimination or control and to achieve the project objectives. Further, project risk management is known as an integrative process, where it continues throughout the project life cycle [10, 16]. However, the intensity of the risk management process might decrease as the project progresses, but still, the threat of an unforeseen emergent risk should not be ruled out until the project is completely over [15]. Hence, this definition predominantly emphasizes the hard skills at the expense of soft skills [28].

There is a wide consensus on the indispensable elements for a risk management process [24]. This can be observed by the growing range of proficient tools and techniques, research base, and practical implementation across many industries [16, 24]. The literature offers several risk management standards, such as Risk Management Standard by the Institute of Risk Management (IRM); Project Risk Analysis and Management (PRAM) by the Association for Project Management (APM); the Project Management Body of Knowledge (PMBoK®), Chapter 11, by Project Management Institute (PMI); and Risk Management—Principles and Guidelines by the International Organization for Standardization (ISO) [16, 39–41]. These standards have well-defined processes and widespread practices that originally cover the hard side of management with few exceptions. For instance, PRAM identifies the functional roles of the organization's members during the risk plan-

The hard side of risk management demonstrates pre-specified approaches that have tools and techniques within four major process groups (identifying, analyzing, developing a response, and monitoring and controlling risks) and it is feasible if adequate information were available [10, 32, 39]. In the last decades, these process groups branched out from the original four groups into identification, qualitative analysis of risks, quantitative analysis of risk, risk response planning, and risk

In the early stages of the project, risk identification should be implemented, and any further process in risk management would be performed on these identified potential risks [42]. Therefore, all possible sources of potential risks must be identified as early as possible to help the organizations in choosing the suitable strategy [11]. One of the best methods to identify the risks is by developing a checklist categorizing the risks that might evolve during the project [18]. Also, historical records (lessons learned) and knowledge of risks from the experience-based of project personnel should be gathered and reviewed [12, 24, 43]. Further, the risks should be identified and classified by its nature and its potential impact on the current projects [16]. For risk identification, it seems that there is an agreement between researchers on the meta-classification approach, which identifies the risk factor based on three levels according to the project lifecycle environment [11, 18, 43–45]. First, the macro-level which consists of risks sourced externally (exogenously); second, the meso level which consists of risks sourced endogenously (self-developed) and project-related; and third, the micro-level which consists of risks found in the stakeholder's relationships. The final step of the risk identification should be a risk category summary sheet by using the risk breakdown structure and checklist, wherein the participation of every individual in the management team would be

**3. Project risk management**

**3.1 The hard side of risk management**

monitoring and control [12, 16].

**120**

integrated [16, 46].

Quantifying the qualitative analysis can be performed in several ways. One of them is by integrating a specific qualitative method with the Fuzzy Analytic Process [47, 55, 61, 68]. In [47] the integration was illustrated by combining the traditional AHP with fuzzy logic by giving a fuzzy scale to the AHP crisp values. Following the fuzzy ranking technique, the fuzzy scales were converted to crisp numbers by considering α-cut and expert opinions to ensure the precision of the paired comparison, which lead to have criteria weight. By using an interval scale, a fuzzy decision is initiated to develop a matrix that would help in evaluating the risk, ranking the risks, and facilitating decision making. Typically, risk scales have a mapping matrix commonly used during the qualitative analysis [47, 51]. Further, there are five types of risk scales: nominal scales, interval scales, ordinal scales, calibrated ordinal scales, and ratio scales [51]. For instance, a nominal scale would identify the cost, schedule, and quality impact of the risk, assuming it occurs. Then, the dollar cost to remedy the problem(s) would be estimated. Finally, the product of probability and consequence (the cost to remedy) would quantify the risk to this particular project.

After analyzing the risk, risk response planning should be implemented. Hence, risk response planning was identified in [16] as "the process of developing options and determining actions to enhance the opportunities and reduce threats to the project objectives." The level of risk impact is directly related to the effectiveness of the risk response process [16, 51, 69, 70]. However, the risk response process is rarely addressed in the current research related to risk management [69].

There is an agreement between scholars that the risk response process has four strategies [16, 51]. These strategies include avoidance, transfer, acceptance, and mitigation. In addition, contingency planning could be considered as a fifth strategy [70]. Moreover, it is also considered as part of the risk acceptance strategy [16]. During the risk response process, transfer and mitigation are the only strategies that involve a real investment and require budget allocation. Consequently, proactively defining an appropriate strategy would help to improve the project outcome and may result in obtaining additional benefits [51, 70].

As mentioned earlier, the project may evolve, the risks may change, the likelihood and severity of identified risks may change, new risks may emerge, identified risks may disappear, residual risks may arise, and new risks may emerge [13, 15, 16, 45, 51, 70]. Monitoring and controlling process include: tracking the identified risks, monitoring residual risks, identifying new risks, ensuring and assessing the effectiveness of the selected risk response strategies [15, 16, 51]. Therefore, the risk monitoring and controlling process are crucial for the risk management plan, and it should be developed proactively and continually during the project life cycle [16, 45, 51].

The hard side of project management is well documented between the scholars [16, 28, 39, 41, 45, 51]. In this study, several tools and techniques were investigated. In addition, this chapter would collect the most common and efficient tools and techniques to create a framework that would help to assess the risk management process and provide a guideline to ensure an effective risk management process.

#### **3.2 The soft side of risk management**

The soft side of risk management embraces the process of managing and working with people, guaranteeing customer satisfaction with the purpose of retaining them, forming a favorable atmosphere for the project team to deliver high-quality products [31]. Further, creating a favorable atmosphere in the workplace would encourage the project team to deliver a high-quality product on time and within budget [26, 27, 30, 31]. The soft side of management aims to deliver such an atmosphere [9, 10, 31].

**123**

decision-making process.

*Exploring the Project Risk Management: Highlighting the Soft Side of Project Management*

Several soft skills dimensions were discussed and identified by scholars for the management process [10, 22, 26, 30]. These soft skills include, but not limited to, communication skills, team-building skills, flexibility and creativity skills, leadership skills, the ability to manage stress and conflict, risk attitude, awareness of emotional intelligence, and navigating the organization's culture [9, 10, 22, 26,

In [10], the soft approach of risk management was categorized into context, strategic approach to risks and uncertainties; risk communication and information; attitude, assignment, and relationship with stakeholders; and crisis management. However, one of the most significant success factors for an effective risk management process is the one most often lacking, an appropriate and mature risk attitude [24, 28, 71]. Both researchers and practitioners agree that the attitude of individuals and organizations has a significant impact that influences whether the risk management process would deliver what it promises [24, 71]. Consequently, it is important to not ignore the fact, that risk management is undertaken by people, acting

Attitude refers to what motivates the decision-maker to choose responses to different situations [72]. Furthermore, attitudes often might be deeply rooted and represent the core values of individuals or groups. However, the attitude represents choices that differ from personal characteristics (they are situational responses rather than natural preferences or traits) [28, 71, 72]. Risk attitude was defined as "chosen response to uncertainty that matters, influenced by perception" [71]. Therefore, risk attitude may differ depending on a range of different influences. These influences can be identified and understood, which introduce the possibility

An agreement between scholars can be observed, risk attitude exists on a spectrum [24]. The response to uncertainty has two dimensions: comfort level that is divided into risk-tolerant, risk-seeking, and risk addicted; and discomfort level that is divided into risk-tolerant, risk-averse, and risk paranoid [24, 71]. Hence, different risk attitudes would trigger different responses to the same situation, since

Risk attitudes are usually adopted sub-consciously [24]. Several practitioners are accustomed to their risk attitude to the point where they behave as if there is no choice [73]. For instance, if they consider themselves with a risk-seeking or a risk-averse attitude, they would act accordingly without assessing the current situation. On the other hand, some organizations have learned to assess each situation internally, and then choose a risk attitude which is most appropriate to the current situation to offer the best chance of reaching the project objectives [71]. Consequently, risk attitude can be integrated with the risk response process group

In [71], a process that applies emotional literacy to assess risk attitude was proposed and can be used to modify the organization's risk attitude when it is needed. Accordingly, emotional literacy is the process of using emotional intelligence components (recognize, understand, and appropriately express emotions) to

The first step in assessing the risk attitude of an organization is assessing the individuals' risk attitude toward a situation. The proximity toward risk and the influence that an individual has can be used as a proxy measure to assess the individual influence on the organization's risk attitude [71, 74]. The literature provides several methods for stakeholder mapping that includes these two variables. For instance, in [74], the stakeholder cube method was discussed as a subjective assessment of the influence and interest of an individual and how it can affect their

manage the individual and group emotions to help them succeed.

*DOI: http://dx.doi.org/10.5772/intechopen.93501*

individually and in various groups [28, 71].

to ensure effective risk response planning.

attitude drives behavior.

of managing them and modify the risk attitude [71–73].

27, 30, 31].

#### *Exploring the Project Risk Management: Highlighting the Soft Side of Project Management DOI: http://dx.doi.org/10.5772/intechopen.93501*

Several soft skills dimensions were discussed and identified by scholars for the management process [10, 22, 26, 30]. These soft skills include, but not limited to, communication skills, team-building skills, flexibility and creativity skills, leadership skills, the ability to manage stress and conflict, risk attitude, awareness of emotional intelligence, and navigating the organization's culture [9, 10, 22, 26, 27, 30, 31].

In [10], the soft approach of risk management was categorized into context, strategic approach to risks and uncertainties; risk communication and information; attitude, assignment, and relationship with stakeholders; and crisis management. However, one of the most significant success factors for an effective risk management process is the one most often lacking, an appropriate and mature risk attitude [24, 28, 71]. Both researchers and practitioners agree that the attitude of individuals and organizations has a significant impact that influences whether the risk management process would deliver what it promises [24, 71]. Consequently, it is important to not ignore the fact, that risk management is undertaken by people, acting individually and in various groups [28, 71].

Attitude refers to what motivates the decision-maker to choose responses to different situations [72]. Furthermore, attitudes often might be deeply rooted and represent the core values of individuals or groups. However, the attitude represents choices that differ from personal characteristics (they are situational responses rather than natural preferences or traits) [28, 71, 72]. Risk attitude was defined as "chosen response to uncertainty that matters, influenced by perception" [71]. Therefore, risk attitude may differ depending on a range of different influences. These influences can be identified and understood, which introduce the possibility of managing them and modify the risk attitude [71–73].

An agreement between scholars can be observed, risk attitude exists on a spectrum [24]. The response to uncertainty has two dimensions: comfort level that is divided into risk-tolerant, risk-seeking, and risk addicted; and discomfort level that is divided into risk-tolerant, risk-averse, and risk paranoid [24, 71]. Hence, different risk attitudes would trigger different responses to the same situation, since attitude drives behavior.

Risk attitudes are usually adopted sub-consciously [24]. Several practitioners are accustomed to their risk attitude to the point where they behave as if there is no choice [73]. For instance, if they consider themselves with a risk-seeking or a risk-averse attitude, they would act accordingly without assessing the current situation. On the other hand, some organizations have learned to assess each situation internally, and then choose a risk attitude which is most appropriate to the current situation to offer the best chance of reaching the project objectives [71]. Consequently, risk attitude can be integrated with the risk response process group to ensure effective risk response planning.

In [71], a process that applies emotional literacy to assess risk attitude was proposed and can be used to modify the organization's risk attitude when it is needed. Accordingly, emotional literacy is the process of using emotional intelligence components (recognize, understand, and appropriately express emotions) to manage the individual and group emotions to help them succeed.

The first step in assessing the risk attitude of an organization is assessing the individuals' risk attitude toward a situation. The proximity toward risk and the influence that an individual has can be used as a proxy measure to assess the individual influence on the organization's risk attitude [71, 74]. The literature provides several methods for stakeholder mapping that includes these two variables. For instance, in [74], the stakeholder cube method was discussed as a subjective assessment of the influence and interest of an individual and how it can affect their decision-making process.

*Concepts, Applications and Emerging Opportunities in Industrial Engineering*

rarely addressed in the current research related to risk management [69].

may result in obtaining additional benefits [51, 70].

**3.2 The soft side of risk management**

There is an agreement between scholars that the risk response process has four strategies [16, 51]. These strategies include avoidance, transfer, acceptance, and mitigation. In addition, contingency planning could be considered as a fifth strategy [70]. Moreover, it is also considered as part of the risk acceptance strategy [16]. During the risk response process, transfer and mitigation are the only strategies that involve a real investment and require budget allocation. Consequently, proactively defining an appropriate strategy would help to improve the project outcome and

As mentioned earlier, the project may evolve, the risks may change, the likelihood and severity of identified risks may change, new risks may emerge, identified risks may disappear, residual risks may arise, and new risks may emerge [13, 15, 16, 45, 51, 70]. Monitoring and controlling process include: tracking the identified risks, monitoring residual risks, identifying new risks, ensuring and assessing the effectiveness of the selected risk response strategies [15, 16, 51]. Therefore, the risk monitoring and controlling process are crucial for the risk management plan, and it should be developed proactively and continually during the project life cycle

The hard side of project management is well documented between the scholars [16, 28, 39, 41, 45, 51]. In this study, several tools and techniques were investigated. In addition, this chapter would collect the most common and efficient tools and techniques to create a framework that would help to assess the risk management process and provide a guideline to ensure an effective risk management process.

The soft side of risk management embraces the process of managing and working with people, guaranteeing customer satisfaction with the purpose of retaining them, forming a favorable atmosphere for the project team to deliver high-quality products [31]. Further, creating a favorable atmosphere in the workplace would encourage the project team to deliver a high-quality product on time and within budget [26, 27, 30, 31]. The soft side of management aims to deliver such an atmo-

Quantifying the qualitative analysis can be performed in several ways. One of them is by integrating a specific qualitative method with the Fuzzy Analytic Process [47, 55, 61, 68]. In [47] the integration was illustrated by combining the traditional AHP with fuzzy logic by giving a fuzzy scale to the AHP crisp values. Following the fuzzy ranking technique, the fuzzy scales were converted to crisp numbers by considering α-cut and expert opinions to ensure the precision of the paired comparison, which lead to have criteria weight. By using an interval scale, a fuzzy decision is initiated to develop a matrix that would help in evaluating the risk, ranking the risks, and facilitating decision making. Typically, risk scales have a mapping matrix commonly used during the qualitative analysis [47, 51]. Further, there are five types of risk scales: nominal scales, interval scales, ordinal scales, calibrated ordinal scales, and ratio scales [51]. For instance, a nominal scale would identify the cost, schedule, and quality impact of the risk, assuming it occurs. Then, the dollar cost to remedy the problem(s) would be estimated. Finally, the product of probability and consequence (the cost to remedy) would quantify the risk to this particular project. After analyzing the risk, risk response planning should be implemented. Hence, risk response planning was identified in [16] as "the process of developing options and determining actions to enhance the opportunities and reduce threats to the project objectives." The level of risk impact is directly related to the effectiveness of the risk response process [16, 51, 69, 70]. However, the risk response process is

**122**

sphere [9, 10, 31].

[16, 45, 51].

The same concept can be used to assess the individual potential influence in a group. For example, an individual with high power (power can be gained through referent power, expert power, reward power, coercive power, and legitimate power [74, 75]) have a higher influence on the behavior and outcomes of a group [76]. At the same time, the proximity to a situation drives the individual to be more active and interested in the outcomes, which encourages to influence the organization's attitude toward a situation.

The group risk attitude is influenced by other factors than the individual's risk attitude. The organization, as a group, behavior can be influenced by group dynamics, organizational culture, national culture, and societal norms [71, 77]. The group dynamic and organizational culture can have a huge impact on the organization's risk attitude and it can lead to adopting different perspectives or risk attitudes by the group from that taken by individual members. Comparing to the individual attitude, the group attitude could be influenced to become "risky shift" where the group tends to be more risk-seeking than its individuals or "cautious shift" where the group becomes more risk-averse [74].

In addition, subconscious and unmanaged risk attitudes pose a significant threat to the ability of individuals and groups to achieve their objectives [71, 76]. Therefore, understanding how the risk attitude influences the organizational behavior and the decision-making process; being able to adopt a suitable risk attitude for each situation; and if needed being able to modify the current risk attitude, are steps that help the organization to improve their risk management efficiency [24].

The organization culture could be influence by the leadership style of the top management [74, 77]. In the last decade, several studies emphasized the importance of internal communication within the organization, where the voice of lower-level employees can offer an important source of information to organizational learning and change [73, 77–80]. Further, locally held knowledge can help in risk identification and evaluation. Therefore, top management should provide a safe environment (one that shows interest and willingness to act on the provided information), even sometime, with an incentive to encourage the employee to speak up about organizational issues and potential risks [77, 80].

In general, employees tend to be intimidated to speak up since risks tend to have negative implications and often implies a need for a change [78, 79]. In [77], it was concluded that top-management support and its openness to ideas are one of the most important circumstantial factors for the employees' inclination to provide input on potential threats and opportunities. Furthermore, a participative leadership style significantly enhances the risk management process and introduce a positive interaction and advantageous atmosphere in the workplace [73, 77, 80].

Moreover, developing a positive relationship with the project stakeholders is fundamental in the risk management process [80]. This relationship may not always protect the organization from every risk, but it can be seen as a "reservoir of goodwill" as the stakeholders place their confidence in the management team, which would help to deal with risks more effectively and ultimately contribute to the achievement of organizational goals [80, 81]. For the most part, project management literature suggests that various stakeholders, which may include individuals and organizations, may be directly or indirectly involved in the process of managing risk [80].

Kutsch and Hall [81] offer an overview of management team behaviors that tended to prevent required actions or pause any changes on the original plan, extracted from the project uncertainty management and expected utility theory (EUT), regarding the relationship with stakeholder and the leadership style of top management. These behaviors were called intervening conditions that driven from a lack of knowledge, distrust, or discomfort [82]. In addition, they can be categorized in the context of uncertainty into denial, avoidance, delay, and ignorance

**125**

*Exploring the Project Risk Management: Highlighting the Soft Side of Project Management*

as negative which might endanger the long-term relationships with them.

tendency to obey the original plan and follow procedures [81].

of uncertainty [81, 82]. Hence, these behaviors are unconscious behaviors rooted in approaches driven by the management due to fear of revealing bad news or the

The causes of these actions can be traced to the perception of management on the stakeholder reaction to the information. For instance, denial of uncertainty refers to the management refusal to reveal risk-related information (that may hold negative or discomforting connotations) to other stakeholders [81–83]. Denial of uncertainty can be adopted to not expose the stakeholders to something perceived

Avoidance of uncertainty refers to the lack of attention to risk-related information due to insufficient trust or belief in the efficacy of that information [81, 82]. Therefore, management tends to avoid uncertainty out of fears of conflicting confidence levels about risk estimates between stakeholders. On the other hand, delay of uncertainty refers to the failure to consider or resolve risk due to lack of interest or poor general approach to project management [81, 82]. In this case, management tends to delay dealing with uncertainty to accommodate the different expectations of stakeholders about how to manage risk. Finally, ignorance of uncertainty refers to the complete lack of awareness of risk-related information by the majority of stakeholders [81–83]. This behavior can be traced back to the unwillingness to spend more resources on the scanning of the environment or the inability to scan and interpret the environment because of certain factors such as complexity and

Ignorance and denial of uncertainty could be forestalled by increasing the tolerance of ambiguity, the experience of the management team, and the amount of control that a project manager has over internal and external factors [82]. Tolerance of ambiguity was defined in [83], p. 2, as "the tendency to perceive ambiguous situations as desirable" which refers to the extent to which an individual seeks clarity and specifies vague and unclear information to use it to improve their risk management proficiencies [82]. Several studies suggested that spending more time during the environmental analysis process for the purpose of uncertainty reduction could lead to a higher degree of tolerance toward ambiguity [34, 81–83]. Furthermore, top management with greater experience (greater accumulation of relevant historic data) may help to avoid the problem of complete

In addition, delay, avoidance, and denial of uncertainty may be decreased with increased project manager control over internal and external factors that affect the project [81]. Hence, if managers perceive their environment as more controllable they tend to be more proactive [82]. On the other hand, only focusing on the statistical probability of threats and their impact while ignoring any other information can be considered irrational. Therefore, top management should be prepared and willing to react to any unpredicted disruptions in the project while keeping

The impact of the intervening conditions can be beyond the control of the top management or might be initiated by a supplier or a customer or even as a result of the managers' behavior [81–83]. The top management should recognize that a rational decision-making process is required, and concealing information or ignoring uncomfortable risks is not rational and might jeopardize the long-term relationship

This section identified several soft skills approaches and highlighted the scholars' perception of the soft side of risk management. The next section would propose and suggest practices, tools, and techniques related to the soft side to help to generate a framework that assesses the risk management process and provide a guideline to

*DOI: http://dx.doi.org/10.5772/intechopen.93501*

dynamics of a project [34, 81].

unawareness of threats [82].

with stakeholders [81].

transparency with the relevant stakeholders [34].

ensure an effective risk management process.

#### *Exploring the Project Risk Management: Highlighting the Soft Side of Project Management DOI: http://dx.doi.org/10.5772/intechopen.93501*

of uncertainty [81, 82]. Hence, these behaviors are unconscious behaviors rooted in approaches driven by the management due to fear of revealing bad news or the tendency to obey the original plan and follow procedures [81].

The causes of these actions can be traced to the perception of management on the stakeholder reaction to the information. For instance, denial of uncertainty refers to the management refusal to reveal risk-related information (that may hold negative or discomforting connotations) to other stakeholders [81–83]. Denial of uncertainty can be adopted to not expose the stakeholders to something perceived as negative which might endanger the long-term relationships with them.

Avoidance of uncertainty refers to the lack of attention to risk-related information due to insufficient trust or belief in the efficacy of that information [81, 82]. Therefore, management tends to avoid uncertainty out of fears of conflicting confidence levels about risk estimates between stakeholders. On the other hand, delay of uncertainty refers to the failure to consider or resolve risk due to lack of interest or poor general approach to project management [81, 82]. In this case, management tends to delay dealing with uncertainty to accommodate the different expectations of stakeholders about how to manage risk. Finally, ignorance of uncertainty refers to the complete lack of awareness of risk-related information by the majority of stakeholders [81–83]. This behavior can be traced back to the unwillingness to spend more resources on the scanning of the environment or the inability to scan and interpret the environment because of certain factors such as complexity and dynamics of a project [34, 81].

Ignorance and denial of uncertainty could be forestalled by increasing the tolerance of ambiguity, the experience of the management team, and the amount of control that a project manager has over internal and external factors [82]. Tolerance of ambiguity was defined in [83], p. 2, as "the tendency to perceive ambiguous situations as desirable" which refers to the extent to which an individual seeks clarity and specifies vague and unclear information to use it to improve their risk management proficiencies [82]. Several studies suggested that spending more time during the environmental analysis process for the purpose of uncertainty reduction could lead to a higher degree of tolerance toward ambiguity [34, 81–83]. Furthermore, top management with greater experience (greater accumulation of relevant historic data) may help to avoid the problem of complete unawareness of threats [82].

In addition, delay, avoidance, and denial of uncertainty may be decreased with increased project manager control over internal and external factors that affect the project [81]. Hence, if managers perceive their environment as more controllable they tend to be more proactive [82]. On the other hand, only focusing on the statistical probability of threats and their impact while ignoring any other information can be considered irrational. Therefore, top management should be prepared and willing to react to any unpredicted disruptions in the project while keeping transparency with the relevant stakeholders [34].

The impact of the intervening conditions can be beyond the control of the top management or might be initiated by a supplier or a customer or even as a result of the managers' behavior [81–83]. The top management should recognize that a rational decision-making process is required, and concealing information or ignoring uncomfortable risks is not rational and might jeopardize the long-term relationship with stakeholders [81].

This section identified several soft skills approaches and highlighted the scholars' perception of the soft side of risk management. The next section would propose and suggest practices, tools, and techniques related to the soft side to help to generate a framework that assesses the risk management process and provide a guideline to ensure an effective risk management process.

*Concepts, Applications and Emerging Opportunities in Industrial Engineering*

shift" where the group becomes more risk-averse [74].

tional issues and potential risks [77, 80].

the organization to improve their risk management efficiency [24].

attitude toward a situation.

The same concept can be used to assess the individual potential influence in a group. For example, an individual with high power (power can be gained through referent power, expert power, reward power, coercive power, and legitimate power [74, 75]) have a higher influence on the behavior and outcomes of a group [76]. At the same time, the proximity to a situation drives the individual to be more active and interested in the outcomes, which encourages to influence the organization's

The group risk attitude is influenced by other factors than the individual's risk attitude. The organization, as a group, behavior can be influenced by group dynamics, organizational culture, national culture, and societal norms [71, 77]. The group dynamic and organizational culture can have a huge impact on the organization's risk attitude and it can lead to adopting different perspectives or risk attitudes by the group from that taken by individual members. Comparing to the individual attitude, the group attitude could be influenced to become "risky shift" where the group tends to be more risk-seeking than its individuals or "cautious

In addition, subconscious and unmanaged risk attitudes pose a significant threat to the ability of individuals and groups to achieve their objectives [71, 76]. Therefore, understanding how the risk attitude influences the organizational behavior and the decision-making process; being able to adopt a suitable risk attitude for each situation; and if needed being able to modify the current risk attitude, are steps that help

The organization culture could be influence by the leadership style of the top management [74, 77]. In the last decade, several studies emphasized the importance of internal communication within the organization, where the voice of lower-level employees can offer an important source of information to organizational learning and change [73, 77–80]. Further, locally held knowledge can help in risk identification and evaluation. Therefore, top management should provide a safe environment (one that shows interest and willingness to act on the provided information), even sometime, with an incentive to encourage the employee to speak up about organiza-

In general, employees tend to be intimidated to speak up since risks tend to have negative implications and often implies a need for a change [78, 79]. In [77], it was concluded that top-management support and its openness to ideas are one of the most important circumstantial factors for the employees' inclination to provide input on potential threats and opportunities. Furthermore, a participative leadership style significantly enhances the risk management process and introduce a positive interaction and advantageous atmosphere in the workplace [73, 77, 80]. Moreover, developing a positive relationship with the project stakeholders is fundamental in the risk management process [80]. This relationship may not always protect the organization from every risk, but it can be seen as a "reservoir of goodwill" as the stakeholders place their confidence in the management team, which would help to deal with risks more effectively and ultimately contribute to the achievement of organizational goals [80, 81]. For the most part, project management literature suggests that various stakeholders, which may include individuals and organizations,

may be directly or indirectly involved in the process of managing risk [80].

Kutsch and Hall [81] offer an overview of management team behaviors that tended to prevent required actions or pause any changes on the original plan, extracted from the project uncertainty management and expected utility theory (EUT), regarding the relationship with stakeholder and the leadership style of top management. These behaviors were called intervening conditions that driven from a lack of knowledge, distrust, or discomfort [82]. In addition, they can be categorized in the context of uncertainty into denial, avoidance, delay, and ignorance

**124**
