<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en-GB">
	<id>http://13.50.150.85/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=JonasHL</id>
	<title>DTU ProjectLab - User contributions [en-gb]</title>
	<link rel="self" type="application/atom+xml" href="http://13.50.150.85/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=JonasHL"/>
	<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php/Special:Contributions/JonasHL"/>
	<updated>2026-07-14T14:22:00Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.43.3</generator>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56623</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56623"/>
		<updated>2018-02-26T13:30:20Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations and advantages of Risk management (discussion) */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these six steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have allocated more efficiently.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take the fast-changing and connected world which projects happens in today into account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;. 4th. Edition; 2010.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;; 2015. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;. 1st ed. &#039;&#039;Dansk Standard&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;.4th ed. &#039;&#039;Pearson Education Limited&#039;&#039;; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56618</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56618"/>
		<updated>2018-02-26T13:28:50Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these six steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take the fast-changing and connected world which projects happens in today into account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;. 4th. Edition; 2010.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;; 2015. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;. 1st ed. &#039;&#039;Dansk Standard&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;.4th ed. &#039;&#039;Pearson Education Limited&#039;&#039;; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56574</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56574"/>
		<updated>2018-02-26T13:05:36Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take the fast-changing and connected world which projects happens in today into account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;. 4th. Edition; 2010.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;; 2015. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;. 1st ed. &#039;&#039;Dansk Standard&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;.4th ed. &#039;&#039;Pearson Education Limited&#039;&#039;; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56538</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56538"/>
		<updated>2018-02-26T12:44:24Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Annotated Bibliography */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;. 4th. Edition; 2010.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;; 2015. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;. 1st ed. &#039;&#039;Dansk Standard&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;.4th ed. &#039;&#039;Pearson Education Limited&#039;&#039;; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56532</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56532"/>
		<updated>2018-02-26T12:42:20Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;. 4th. Edition; 2010.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;; 2015. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;. 1st ed. &#039;&#039;Dansk Standard&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;. &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56524</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56524"/>
		<updated>2018-02-26T12:40:07Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;. 4th. Edition; 2010.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;; 2015. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;. &#039;&#039;Dansk Standard&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;; 2017.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;. &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56522</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56522"/>
		<updated>2018-02-26T12:37:52Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Annotated Bibliography */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;. &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;. &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;. &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;. &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;. &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;. &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56512</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56512"/>
		<updated>2018-02-26T12:35:24Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Annotated Bibliography */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition; 2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;; 2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;; 2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;; 2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039;; 2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039;. 2009;87(10):123-123&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56509</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56509"/>
		<updated>2018-02-26T12:34:16Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Annotated Bibliography */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition;2010. &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;;2009.&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;;2000.&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;;2015. (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039;;2017.&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009;87(10):123-123)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56497</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56497"/>
		<updated>2018-02-26T12:29:18Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Annotated Bibliography */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009;87(10):123-123)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56471</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56471"/>
		<updated>2018-02-26T12:16:54Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Annotated Bibliography */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: Maylor H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute. &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis. &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
*Jensen JL. &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*Nassim NT, Goldstein DG, Spitznagel MW. &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56454</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56454"/>
		<updated>2018-02-26T12:10:34Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO. &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy. &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq. &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia. &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University. &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey. &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio. &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup. &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56448</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56448"/>
		<updated>2018-02-26T12:08:16Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;Pearson H. &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;Geraldi J, Thuesen C, Oehmen J. &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;Aven T. &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;Reddy C. &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;Lopez M. &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;Hotten R. &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;Treanor J. &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;Gonzalez G. &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;Westland J. ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56427</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56427"/>
		<updated>2018-02-26T11:55:45Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Annotated Bibliography|Annotated Bibliography]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56424</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56424"/>
		<updated>2018-02-26T11:55:13Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Further Reading Material */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Annotated Bibliography===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56381</id>
		<title>Talk:Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56381"/>
		<updated>2018-02-26T11:28:55Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Feedback 2 | Reviewer name: Casper */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract Feedback==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Text clarity&#039;&#039;&#039;	Text is coherent&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Language&#039;&#039;&#039;	        Good&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Description of the tool/theory/concept&#039;&#039;&#039;	Very thoroughly explained and good momentum&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Purpose explanation&#039;&#039;&#039;	Well addressed, perhaps expand on whether or not the Risk Management Process applies more to a specific industry? E.g. Oil and Gas where risk is a serious topic &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;References&#039;&#039;&#039;	        Good references. Look at chapter 11 in PMBOK to include further references related to risk in project management context&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Relevance of article&#039;&#039;&#039;           Very relevant but consider to:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
  &amp;lt;li&amp;gt; Ensure that the risk management process concept explanation is embedded in a project management context&lt;br /&gt;
  &amp;lt;li&amp;gt; Avoid focusing too much on risk management from an organizational/operational perspective, but more project managerial, e.g. don&#039;t talk about carrying out a risk assessment for operating an oil rig&lt;br /&gt;
  &amp;lt;li&amp;gt; Consult chapter 11 in PMBOK for inspiration &lt;br /&gt;
  &amp;lt;li&amp;gt; Consult with Josef if in doubt as he is very knowledgeable about project risk management&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Feedback 1 | Reviewer name: &#039;&#039;Briet&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 1===&lt;br /&gt;
The abstract is very clear and concise. I like the fact that you mentioned that the article would only focus on the risks/threats and not the opportunities, which makes the direction of the article clear. I would maybe suggest that you move this last sentence higher in the paragraph just to make it transparent from the beginning what direction you are going for.&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 2===&lt;br /&gt;
There is a great logical flow to the article and it&#039;s very well structured. I would maybe suggest that you try to focus more on the risk management from a project management perspective.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 3===&lt;br /&gt;
Very good writing! I noticed some minor spelling errors and few examples of unnecessary fill words. See here below some examples:&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Naturally the Impact/Probability for the inherent risk should be &#039;&#039;&#039;grater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot; -&amp;gt; Naturally&#039;&#039;&#039;,&#039;&#039;&#039; the Impact/Probability for the inherent risk should be &#039;&#039;&#039;greater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;manpower&#039;&#039;&#039;, budget) into the schedule.&amp;quot; -&amp;gt; &amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;workforce&#039;&#039;&#039;, budget) into the schedule.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The identification of risk is a repeatable process since new risks can change &#039;&#039;&#039;through&#039;&#039;&#039; its life or new risks are discovered.&amp;quot; -&amp;gt;&amp;quot;The identification of risk is a repeatable process since new risks can change its life or new risks are discovered.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;making contracts with service providers or buying &#039;&#039;&#039;a&#039;&#039;&#039; insurance that covers that risk.&amp;quot; -&amp;gt; &amp;quot;making contracts with service providers or buying insurance that covers that risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;However identifications are only the first &#039;&#039;&#039;step&#039;&#039;&#039;&amp;quot; -&amp;gt; &amp;quot;However identifications are only the first &#039;&#039;&#039;steps&#039;&#039;&#039;&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot; however, some &#039;&#039;&#039;matrices&#039;&#039;&#039; also have a 4. level very high&amp;quot; -&amp;gt; &amp;quot; however, some &#039;&#039;&#039;matrixes&#039;&#039;&#039; also have a 4. level very high&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;whit potentially&#039;&#039;&#039; loss by risk.&amp;quot; -&amp;gt;  &amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;with a potential&#039;&#039;&#039; loss by risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;&#039;&#039;&#039;Enventhoug&#039;&#039;&#039; risk management naturally&amp;quot; -&amp;gt;&amp;quot;&#039;&#039;&#039;Even though&#039;&#039;&#039; risk management naturally&amp;quot;&lt;br /&gt;
&lt;br /&gt;
In few cases, you write &amp;quot;a risk&amp;quot; when it&#039;s supposed to be just &amp;quot;risk&amp;quot;. I would suggest that you look into that.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 4===&lt;br /&gt;
The figures are very good and I think they are well described and supported by the text. One idea is to add one extra figure, which you create yourself, in the &amp;quot;Risk Management&amp;quot; section relating to the bullets listed in the &amp;quot;Risk management in different industries&amp;quot; section. Just an idea :) &lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 5===&lt;br /&gt;
The article is practical and relevant. I like that you mentioned some examples to explain further the tool which helps the reader to understand the tool better. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is very interesting! I particularly liked the examples that you mentioned in the &amp;quot;Examples of good and bad risk management&amp;quot; whereas the examples provided more insight into the risk management at well-known companies in regards to both good and bad risk management. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 7=== &lt;br /&gt;
The Literature including the references is very good and organized. I don&#039;t have any suggestions for improvements. Although, I think &#039;&#039;&#039;Literature&#039;&#039;&#039; is spelled like this rather than &#039;&#039;&#039;Litterature&#039;&#039;&#039; :)&lt;br /&gt;
&lt;br /&gt;
==Feedback 2 | Reviewer name: &#039;&#039;Casper&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 1===&lt;br /&gt;
I like that you clearly state the focus of the article! Yet it would help if it was moved earlier in the abstract of the article.&lt;br /&gt;
&lt;br /&gt;
For example:&lt;br /&gt;
Projects are part of a dynamic and fast changeling world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope [1] [2].&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the Risk Management Process, Risk Matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks. At last limitations and advantages of Risk Management will be discussed and a brief overview of other relevant reading material.&lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 2===&lt;br /&gt;
The flow of the article is good and each part builds upon the other.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 3===&lt;br /&gt;
There is some spelling mistakes throughout the article. I suggest that you try to double check using the spell checker in word, otherwise I can help you with access to grammarly that can assist you in correcting the mistakes. The writing style is good and makes it interesting to read.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 4===&lt;br /&gt;
You have done a great job here! I have no further comments on how to improve.&lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 5===&lt;br /&gt;
The article is very relevant for both academics and practitioners.&lt;br /&gt;
It is very clear why this subject is relevant reading the article.&lt;br /&gt;
I have no further comments on how to improve this article.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is interesting to read. It makes a significant contribution beyond a websearch, however if it would make sense, it could help the article if you look into describing/investigating if there is any relevant tools or possible ways to reduce the time consumption doing risk management.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 7===&lt;br /&gt;
Thorough made throughout the article with proper referencing. All the key references are summarised well. The only thing I suggest to improve is the spelling of literature in the headline.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56378</id>
		<title>Talk:Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56378"/>
		<updated>2018-02-26T11:28:07Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Abstract Feedback */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract Feedback==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Text clarity&#039;&#039;&#039;	Text is coherent&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Language&#039;&#039;&#039;	        Good&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Description of the tool/theory/concept&#039;&#039;&#039;	Very thoroughly explained and good momentum&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Purpose explanation&#039;&#039;&#039;	Well addressed, perhaps expand on whether or not the Risk Management Process applies more to a specific industry? E.g. Oil and Gas where risk is a serious topic &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;References&#039;&#039;&#039;	        Good references. Look at chapter 11 in PMBOK to include further references related to risk in project management context&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Relevance of article&#039;&#039;&#039;           Very relevant but consider to:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
  &amp;lt;li&amp;gt; Ensure that the risk management process concept explanation is embedded in a project management context&lt;br /&gt;
  &amp;lt;li&amp;gt; Avoid focusing too much on risk management from an organizational/operational perspective, but more project managerial, e.g. don&#039;t talk about carrying out a risk assessment for operating an oil rig&lt;br /&gt;
  &amp;lt;li&amp;gt; Consult chapter 11 in PMBOK for inspiration &lt;br /&gt;
  &amp;lt;li&amp;gt; Consult with Josef if in doubt as he is very knowledgeable about project risk management&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Feedback 1 | Reviewer name: &#039;&#039;Briet&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 1===&lt;br /&gt;
The abstract is very clear and concise. I like the fact that you mentioned that the article would only focus on the risks/threats and not the opportunities, which makes the direction of the article clear. I would maybe suggest that you move this last sentence higher in the paragraph just to make it transparent from the beginning what direction you are going for.&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 2===&lt;br /&gt;
There is a great logical flow to the article and it&#039;s very well structured. I would maybe suggest that you try to focus more on the risk management from a project management perspective.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 3===&lt;br /&gt;
Very good writing! I noticed some minor spelling errors and few examples of unnecessary fill words. See here below some examples:&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Naturally the Impact/Probability for the inherent risk should be &#039;&#039;&#039;grater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot; -&amp;gt; Naturally&#039;&#039;&#039;,&#039;&#039;&#039; the Impact/Probability for the inherent risk should be &#039;&#039;&#039;greater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;manpower&#039;&#039;&#039;, budget) into the schedule.&amp;quot; -&amp;gt; &amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;workforce&#039;&#039;&#039;, budget) into the schedule.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The identification of risk is a repeatable process since new risks can change &#039;&#039;&#039;through&#039;&#039;&#039; its life or new risks are discovered.&amp;quot; -&amp;gt;&amp;quot;The identification of risk is a repeatable process since new risks can change its life or new risks are discovered.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;making contracts with service providers or buying &#039;&#039;&#039;a&#039;&#039;&#039; insurance that covers that risk.&amp;quot; -&amp;gt; &amp;quot;making contracts with service providers or buying insurance that covers that risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;However identifications are only the first &#039;&#039;&#039;step&#039;&#039;&#039;&amp;quot; -&amp;gt; &amp;quot;However identifications are only the first &#039;&#039;&#039;steps&#039;&#039;&#039;&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot; however, some &#039;&#039;&#039;matrices&#039;&#039;&#039; also have a 4. level very high&amp;quot; -&amp;gt; &amp;quot; however, some &#039;&#039;&#039;matrixes&#039;&#039;&#039; also have a 4. level very high&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;whit potentially&#039;&#039;&#039; loss by risk.&amp;quot; -&amp;gt;  &amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;with a potential&#039;&#039;&#039; loss by risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;&#039;&#039;&#039;Enventhoug&#039;&#039;&#039; risk management naturally&amp;quot; -&amp;gt;&amp;quot;&#039;&#039;&#039;Even though&#039;&#039;&#039; risk management naturally&amp;quot;&lt;br /&gt;
&lt;br /&gt;
In few cases, you write &amp;quot;a risk&amp;quot; when it&#039;s supposed to be just &amp;quot;risk&amp;quot;. I would suggest that you look into that.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 4===&lt;br /&gt;
The figures are very good and I think they are well described and supported by the text. One idea is to add one extra figure, which you create yourself, in the &amp;quot;Risk Management&amp;quot; section relating to the bullets listed in the &amp;quot;Risk management in different industries&amp;quot; section. Just an idea :) &lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 5===&lt;br /&gt;
The article is practical and relevant. I like that you mentioned some examples to explain further the tool which helps the reader to understand the tool better. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is very interesting! I particularly liked the examples that you mentioned in the &amp;quot;Examples of good and bad risk management&amp;quot; whereas the examples provided more insight into the risk management at well-known companies in regards to both good and bad risk management. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 7=== &lt;br /&gt;
The Literature including the references is very good and organized. I don&#039;t have any suggestions for improvements. Although, I think &#039;&#039;&#039;Literature&#039;&#039;&#039; is spelled like this rather than &#039;&#039;&#039;Litterature&#039;&#039;&#039; :)&lt;br /&gt;
&lt;br /&gt;
==Feedback 2 | Reviewer name: &#039;&#039;Casper&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 1===&lt;br /&gt;
I like that you clearly state the focus of the article! Yet it would help if it was moved earlier in the abstract of the article.&lt;br /&gt;
&lt;br /&gt;
For example:&lt;br /&gt;
Projects are part of a dynamic and fast changeling world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope [1] [2].&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the Risk Management Process, Risk Matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks. At last limitations and advantages of Risk Management will be discussed and a brief overview of other relevant reading material.&lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 2===&lt;br /&gt;
The flow of the article is good and each part builds upon the other.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 3===&lt;br /&gt;
There is some spelling mistakes throughout the article. I suggest that you try to double check using the spell checker in word, otherwise I can help you with access to grammarly that can assist you in correcting the mistakes. The writing style is good and makes it interesting to read.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 4===&lt;br /&gt;
You have done a great job here! I have no further comments on how to improve.&lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 5===&lt;br /&gt;
The article is very relevant for both academics and practitioners.&lt;br /&gt;
It is very clear why this subject is relevant reading the article.&lt;br /&gt;
I have no further comments on how to improve this article.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is interesting to read. It makes a significant contribution beyond a websearch, however if it would make sense, it could help the article if you look into describing/investigating if there is any relevant tools or possible ways to reduce the time consumption doing risk management.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 7===&lt;br /&gt;
Thorough made throughout the article with proper referencing. All the key references are summarised well. The only thing I suggest to improve is the spelling of literature in the headline.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56375</id>
		<title>Talk:Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56375"/>
		<updated>2018-02-26T11:27:37Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Feedback 1 | Reviewer name: Briet */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract Feedback==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Text clarity&#039;&#039;&#039;	Text is coherent&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Language&#039;&#039;&#039;	        Good&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Description of the tool/theory/concept&#039;&#039;&#039;	Very thoroughly explained and good momentum&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Purpose explanation&#039;&#039;&#039;	Well addressed, perhaps expand on whether or not the Risk Management Process applies more to a specific industry? E.g. Oil and Gas where risk is a serious topic (DONE)&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;References&#039;&#039;&#039;	        Good references. Look at chapter 11 in PMBOK to include further references related to risk in project management context (DONE)&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Relevance of article&#039;&#039;&#039;           Very relevant but consider to:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
  &amp;lt;li&amp;gt; Ensure that the risk management process concept explanation is embedded in a project management context&lt;br /&gt;
  &amp;lt;li&amp;gt; Avoid focusing too much on risk management from an organizational/operational perspective, but more project managerial, e.g. don&#039;t talk about carrying out a risk assessment for operating an oil rig (DONE?)&lt;br /&gt;
  &amp;lt;li&amp;gt; Consult chapter 11 in PMBOK for inspiration (DONE)&lt;br /&gt;
  &amp;lt;li&amp;gt; Consult with Josef if in doubt as he is very knowledgeable about project risk management&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Feedback 1 | Reviewer name: &#039;&#039;Briet&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 1===&lt;br /&gt;
The abstract is very clear and concise. I like the fact that you mentioned that the article would only focus on the risks/threats and not the opportunities, which makes the direction of the article clear. I would maybe suggest that you move this last sentence higher in the paragraph just to make it transparent from the beginning what direction you are going for.&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 2===&lt;br /&gt;
There is a great logical flow to the article and it&#039;s very well structured. I would maybe suggest that you try to focus more on the risk management from a project management perspective.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 3===&lt;br /&gt;
Very good writing! I noticed some minor spelling errors and few examples of unnecessary fill words. See here below some examples:&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Naturally the Impact/Probability for the inherent risk should be &#039;&#039;&#039;grater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot; -&amp;gt; Naturally&#039;&#039;&#039;,&#039;&#039;&#039; the Impact/Probability for the inherent risk should be &#039;&#039;&#039;greater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;manpower&#039;&#039;&#039;, budget) into the schedule.&amp;quot; -&amp;gt; &amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;workforce&#039;&#039;&#039;, budget) into the schedule.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The identification of risk is a repeatable process since new risks can change &#039;&#039;&#039;through&#039;&#039;&#039; its life or new risks are discovered.&amp;quot; -&amp;gt;&amp;quot;The identification of risk is a repeatable process since new risks can change its life or new risks are discovered.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;making contracts with service providers or buying &#039;&#039;&#039;a&#039;&#039;&#039; insurance that covers that risk.&amp;quot; -&amp;gt; &amp;quot;making contracts with service providers or buying insurance that covers that risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;However identifications are only the first &#039;&#039;&#039;step&#039;&#039;&#039;&amp;quot; -&amp;gt; &amp;quot;However identifications are only the first &#039;&#039;&#039;steps&#039;&#039;&#039;&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot; however, some &#039;&#039;&#039;matrices&#039;&#039;&#039; also have a 4. level very high&amp;quot; -&amp;gt; &amp;quot; however, some &#039;&#039;&#039;matrixes&#039;&#039;&#039; also have a 4. level very high&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;whit potentially&#039;&#039;&#039; loss by risk.&amp;quot; -&amp;gt;  &amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;with a potential&#039;&#039;&#039; loss by risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;&#039;&#039;&#039;Enventhoug&#039;&#039;&#039; risk management naturally&amp;quot; -&amp;gt;&amp;quot;&#039;&#039;&#039;Even though&#039;&#039;&#039; risk management naturally&amp;quot;&lt;br /&gt;
&lt;br /&gt;
In few cases, you write &amp;quot;a risk&amp;quot; when it&#039;s supposed to be just &amp;quot;risk&amp;quot;. I would suggest that you look into that.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 4===&lt;br /&gt;
The figures are very good and I think they are well described and supported by the text. One idea is to add one extra figure, which you create yourself, in the &amp;quot;Risk Management&amp;quot; section relating to the bullets listed in the &amp;quot;Risk management in different industries&amp;quot; section. Just an idea :) &lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 5===&lt;br /&gt;
The article is practical and relevant. I like that you mentioned some examples to explain further the tool which helps the reader to understand the tool better. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is very interesting! I particularly liked the examples that you mentioned in the &amp;quot;Examples of good and bad risk management&amp;quot; whereas the examples provided more insight into the risk management at well-known companies in regards to both good and bad risk management. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 7=== &lt;br /&gt;
The Literature including the references is very good and organized. I don&#039;t have any suggestions for improvements. Although, I think &#039;&#039;&#039;Literature&#039;&#039;&#039; is spelled like this rather than &#039;&#039;&#039;Litterature&#039;&#039;&#039; :)&lt;br /&gt;
&lt;br /&gt;
==Feedback 2 | Reviewer name: &#039;&#039;Casper&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 1===&lt;br /&gt;
I like that you clearly state the focus of the article! Yet it would help if it was moved earlier in the abstract of the article.&lt;br /&gt;
&lt;br /&gt;
For example:&lt;br /&gt;
Projects are part of a dynamic and fast changeling world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope [1] [2].&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the Risk Management Process, Risk Matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks. At last limitations and advantages of Risk Management will be discussed and a brief overview of other relevant reading material.&lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 2===&lt;br /&gt;
The flow of the article is good and each part builds upon the other.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 3===&lt;br /&gt;
There is some spelling mistakes throughout the article. I suggest that you try to double check using the spell checker in word, otherwise I can help you with access to grammarly that can assist you in correcting the mistakes. The writing style is good and makes it interesting to read.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 4===&lt;br /&gt;
You have done a great job here! I have no further comments on how to improve.&lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 5===&lt;br /&gt;
The article is very relevant for both academics and practitioners.&lt;br /&gt;
It is very clear why this subject is relevant reading the article.&lt;br /&gt;
I have no further comments on how to improve this article.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is interesting to read. It makes a significant contribution beyond a websearch, however if it would make sense, it could help the article if you look into describing/investigating if there is any relevant tools or possible ways to reduce the time consumption doing risk management.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 7===&lt;br /&gt;
Thorough made throughout the article with proper referencing. All the key references are summarised well. The only thing I suggest to improve is the spelling of literature in the headline.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56371</id>
		<title>Talk:Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Talk:Risk_Management_Overview&amp;diff=56371"/>
		<updated>2018-02-26T11:26:12Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Answer 1 */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract Feedback==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Text clarity&#039;&#039;&#039;	Text is coherent&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Language&#039;&#039;&#039;	        Good&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Description of the tool/theory/concept&#039;&#039;&#039;	Very thoroughly explained and good momentum&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Purpose explanation&#039;&#039;&#039;	Well addressed, perhaps expand on whether or not the Risk Management Process applies more to a specific industry? E.g. Oil and Gas where risk is a serious topic (DONE)&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;References&#039;&#039;&#039;	        Good references. Look at chapter 11 in PMBOK to include further references related to risk in project management context (DONE)&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Relevance of article&#039;&#039;&#039;           Very relevant but consider to:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
  &amp;lt;li&amp;gt; Ensure that the risk management process concept explanation is embedded in a project management context&lt;br /&gt;
  &amp;lt;li&amp;gt; Avoid focusing too much on risk management from an organizational/operational perspective, but more project managerial, e.g. don&#039;t talk about carrying out a risk assessment for operating an oil rig (DONE?)&lt;br /&gt;
  &amp;lt;li&amp;gt; Consult chapter 11 in PMBOK for inspiration (DONE)&lt;br /&gt;
  &amp;lt;li&amp;gt; Consult with Josef if in doubt as he is very knowledgeable about project risk management&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Feedback 1 | Reviewer name: &#039;&#039;Briet&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 1===&lt;br /&gt;
The abstract is very clear and concise. I like the fact that you mentioned that the article would only focus on the risks/threats and not the opportunities, which makes the direction of the article clear. I would maybe suggest that you move this last sentence higher in the paragraph just to make it transparent from the beginning what direction you are going for.&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 2===&lt;br /&gt;
There is a great logical flow to the article and it&#039;s very well structured. I would maybe suggest that you try to focus more on the risk management from a project management perspective.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 3===&lt;br /&gt;
Very good writing! I noticed some minor spelling errors and few examples of unnecessary fill words. See here below some examples:&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Naturally the Impact/Probability for the inherent risk should be &#039;&#039;&#039;grater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot; -&amp;gt; Naturally&#039;&#039;&#039;,&#039;&#039;&#039; the Impact/Probability for the inherent risk should be &#039;&#039;&#039;greater&#039;&#039;&#039; or equal to the ratings in the residual&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;manpower&#039;&#039;&#039;, budget) into the schedule.&amp;quot; -&amp;gt; &amp;quot;The treatment of risks can consist of adding additional resources (&#039;&#039;&#039;workforce&#039;&#039;&#039;, budget) into the schedule.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The identification of risk is a repeatable process since new risks can change &#039;&#039;&#039;through&#039;&#039;&#039; its life or new risks are discovered.&amp;quot; -&amp;gt;&amp;quot;The identification of risk is a repeatable process since new risks can change its life or new risks are discovered.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;making contracts with service providers or buying &#039;&#039;&#039;a&#039;&#039;&#039; insurance that covers that risk.&amp;quot; -&amp;gt; &amp;quot;making contracts with service providers or buying insurance that covers that risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;However identifications are only the first &#039;&#039;&#039;step&#039;&#039;&#039;&amp;quot; -&amp;gt; &amp;quot;However identifications are only the first &#039;&#039;&#039;steps&#039;&#039;&#039;&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot; however, some &#039;&#039;&#039;matrices&#039;&#039;&#039; also have a 4. level very high&amp;quot; -&amp;gt; &amp;quot; however, some &#039;&#039;&#039;matrixes&#039;&#039;&#039; also have a 4. level very high&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;whit potentially&#039;&#039;&#039; loss by risk.&amp;quot; -&amp;gt;  &amp;quot;the cost of treating the risk should be evaluated and compared &#039;&#039;&#039;with a potential&#039;&#039;&#039; loss by risk.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;&#039;&#039;&#039;Enventhoug&#039;&#039;&#039; risk management naturally&amp;quot; -&amp;gt;&amp;quot;&#039;&#039;&#039;Even though&#039;&#039;&#039; risk management naturally&amp;quot;&lt;br /&gt;
&lt;br /&gt;
In few cases, you write &amp;quot;a risk&amp;quot; when it&#039;s supposed to be just &amp;quot;risk&amp;quot;. I would suggest that you look into that.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 4===&lt;br /&gt;
The figures are very good and I think they are well described and supported by the text. One idea is to add one extra figure, which you create yourself, in the &amp;quot;Risk Management&amp;quot; section relating to the bullets listed in the &amp;quot;Risk management in different industries&amp;quot; section. Just an idea :) &lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 5===&lt;br /&gt;
The article is practical and relevant. I like that you mentioned some examples to explain further the tool which helps the reader to understand the tool better. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 6===&lt;br /&gt;
The article is very interesting! I particularly liked the examples that you mentioned in the &amp;quot;Examples of good and bad risk management&amp;quot; whereas the examples provided more insight into the risk management at well-known companies in regards to both good and bad risk management. I don&#039;t have any suggestions for improvements.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 7=== &lt;br /&gt;
The Literature including the references is very good and organized. I don&#039;t have any suggestions for improvements. Although, I think &#039;&#039;&#039;Literature&#039;&#039;&#039; is spelled like this rather than &#039;&#039;&#039;Litterature&#039;&#039;&#039; :)&lt;br /&gt;
&lt;br /&gt;
==Feedback 2 | Reviewer name: &#039;&#039;Casper&#039;&#039;==&lt;br /&gt;
===Question 1 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Quality of the summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Does the summary make the key focus, insights and/or contribution of the article clear? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 1===&lt;br /&gt;
I like that you clearly state the focus of the article! Yet it would help if it was moved earlier in the abstract of the article.&lt;br /&gt;
&lt;br /&gt;
For example:&lt;br /&gt;
Projects are part of a dynamic and fast changeling world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope [1] [2].&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the Risk Management Process, Risk Matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks. At last limitations and advantages of Risk Management will be discussed and a brief overview of other relevant reading material.&lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
===Question 2 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Structure and logic of the article:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the argument clear? &lt;br /&gt;
&lt;br /&gt;
Is there a logical flow to the article? &lt;br /&gt;
&lt;br /&gt;
Does one part build upon the other? &lt;br /&gt;
&lt;br /&gt;
Is the article consistent in its argument and free of contradictions? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 2===&lt;br /&gt;
The flow of the article is good and each part builds upon the other.&lt;br /&gt;
&lt;br /&gt;
===Question 3 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Grammar and style:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the writing free of grammatical and spelling errors? &lt;br /&gt;
&lt;br /&gt;
Is the language precise without unnecessary fill words? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 3===&lt;br /&gt;
There is some spelling mistakes throughout the article. I suggest that you try to double check using the spell checker in word, otherwise I can help you with access to grammarly that can assist you in correcting the mistakes. The writing style is good and makes it interesting to read.&lt;br /&gt;
&lt;br /&gt;
===Question 4 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Figures and tables:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Are figures and tables clear? &lt;br /&gt;
&lt;br /&gt;
Do they summarize the key points of the article in a meaningful way? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 4===&lt;br /&gt;
You have done a great job here! I have no further comments on how to improve.&lt;br /&gt;
&lt;br /&gt;
===Question 5 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Interest and relevance:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article of high practical and / or academic relevance? &lt;br /&gt;
&lt;br /&gt;
Is it made clear in the article why / how it is relevant? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 5===&lt;br /&gt;
The article is very relevant for both academics and practitioners.&lt;br /&gt;
It is very clear why this subject is relevant reading the article.&lt;br /&gt;
I have no further comments on how to improve this article.&lt;br /&gt;
&lt;br /&gt;
===Question 6 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Depth of treatment:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Is the article interesting for a practitioner or academic to read? &lt;br /&gt;
&lt;br /&gt;
Does it make a significant contribution beyond a cursory web search? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===Answer 6===&lt;br /&gt;
The article is interesting to read. It makes a significant contribution beyond a websearch, however if it would make sense, it could help the article if you look into describing/investigating if there is any relevant tools or possible ways to reduce the time consumption doing risk management.&lt;br /&gt;
&lt;br /&gt;
===Question 7 · TEXT===&lt;br /&gt;
&#039;&#039;&#039;Annotated bibliography:&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
Does the article properly cite and acknowledge previous work? &lt;br /&gt;
&lt;br /&gt;
Does it briefly summarize the key references at the end of the article? &lt;br /&gt;
&lt;br /&gt;
Is it based on empirical data instead of opinion? &lt;br /&gt;
&lt;br /&gt;
What would you suggest to improve?&lt;br /&gt;
&lt;br /&gt;
===DONE Answer 7===&lt;br /&gt;
Thorough made throughout the article with proper referencing. All the key references are summarised well. The only thing I suggest to improve is the spelling of literature in the headline.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56369</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56369"/>
		<updated>2018-02-26T11:25:18Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Conclusion */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56368</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56368"/>
		<updated>2018-02-26T11:25:02Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56367</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56367"/>
		<updated>2018-02-26T11:24:43Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Risk Management Process (RMP) */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56365</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56365"/>
		<updated>2018-02-26T11:24:22Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Introduction */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56364</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56364"/>
		<updated>2018-02-26T11:23:48Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Risk definition */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pV)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56362</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56362"/>
		<updated>2018-02-26T11:22:55Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers do not blindly follow the ISO 31000, but read material from multiple sources, for instance, the literature listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56353</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56353"/>
		<updated>2018-02-26T11:18:25Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, the ISO 31000 is often criticized for having a narrow scope, for instance, the standard does not include setting objectives, but it does require that objectives are set.&lt;br /&gt;
Furthermore, the guidelines provided in the ISO 31000 can be harder to understand and implement in &#039;&#039;Small and Medium-sized Enterprises&#039;&#039; which is why the ISO 31000 SME &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt; can be an additional standard, which managers need to take into consideration. &lt;br /&gt;
&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
OLD XXX&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56200</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56200"/>
		<updated>2018-02-26T10:20:35Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
OLD XXX&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56178</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56178"/>
		<updated>2018-02-26T10:06:55Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Risk matrix */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth. &lt;br /&gt;
Visually risks in the red and yellow area, should, if possible, move towards the green area, when mitigations and controls are applied.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56167</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56167"/>
		<updated>2018-02-26T09:56:32Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Abstract */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56134</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56134"/>
		<updated>2018-02-26T09:49:11Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Further Reading Material */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches to risk management and is, therefore, a must-read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56124</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56124"/>
		<updated>2018-02-26T09:44:36Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References Credibility */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56123</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56123"/>
		<updated>2018-02-26T09:44:06Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References Credibility */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field (https://www.charteredaccountantsanz.com/about-us). Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference, on the page. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56112</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56112"/>
		<updated>2018-02-26T09:42:12Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References Credibility */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members, which is a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56106</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=56106"/>
		<updated>2018-02-26T09:40:34Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Literature */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is New Zealand based. They provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55221</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55221"/>
		<updated>2018-02-25T16:25:46Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* References */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55219</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55219"/>
		<updated>2018-02-25T16:23:01Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Just my notes - will be deleted xxx */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55218</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55218"/>
		<updated>2018-02-25T16:22:31Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations and advantages of RMP (discussion) */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of Risk management (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55216</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55216"/>
		<updated>2018-02-25T16:21:06Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take, the fast-changing and connected world which projects happens in today, in to account &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55204</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55204"/>
		<updated>2018-02-25T16:12:22Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Limitations */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s, which does not take the fast-changing and connected world which projects happens in today &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55199</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55199"/>
		<updated>2018-02-25T16:03:42Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
&lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55198</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55198"/>
		<updated>2018-02-25T16:03:30Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55197</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55197"/>
		<updated>2018-02-25T16:03:17Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects. Since projects are different, variations in the implementation can occur. However, these steps are a good guideline.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55192</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55192"/>
		<updated>2018-02-25T15:55:57Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Project Managers can use these 6 steps to implement risk management into their projects.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55186</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55186"/>
		<updated>2018-02-25T15:52:02Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;..&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55184</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55184"/>
		<updated>2018-02-25T15:51:24Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;..&lt;br /&gt;
&lt;br /&gt;
Furthermore, the ISO 31000 provides some additional steps to take into consideration &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;: &lt;br /&gt;
*The first step should be initiated at the right timing.&lt;br /&gt;
*Legal and regulatory requirements should be kept. &lt;br /&gt;
*Information of training sessions should be held.&lt;br /&gt;
*Communicate with stakeholders to ensure that the framework remains appropriate &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55183</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55183"/>
		<updated>2018-02-25T15:50:55Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier&amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;..&lt;br /&gt;
&lt;br /&gt;
Furthermore, the ISO 31000 provides some additional steps to take into consideration &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;: &lt;br /&gt;
*The first step should be initiated at the right timing.&lt;br /&gt;
*Legal and regulatory requirements should be kept. &lt;br /&gt;
*Information of training sessions should be held.&lt;br /&gt;
*Communicate with stakeholders to ensure that the framework remains appropriate &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55182</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55182"/>
		<updated>2018-02-25T15:50:05Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier.&lt;br /&gt;
&lt;br /&gt;
Furthermore, the ISO 31000 provides some additional steps to take into consideration &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;: &lt;br /&gt;
*The first step should be initiated at the right timing.&lt;br /&gt;
*Legal and regulatory requirements should be kept. &lt;br /&gt;
*Information of training sessions should be held.&lt;br /&gt;
*Communicate with stakeholders to ensure that the framework remains appropriate &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55178</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55178"/>
		<updated>2018-02-25T15:47:21Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Implementing Risk management */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier.&lt;br /&gt;
&lt;br /&gt;
Furthermore, the ISO 31000 provides some additional steps to take into consideration &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;: &lt;br /&gt;
*The first step should be initiated at the right timing.&lt;br /&gt;
*Legal and regulatory requirements should be kept. &lt;br /&gt;
*Information of training sessions should be held.&lt;br /&gt;
*Communicate with stakeholders to ensure that the framework remains appropriate &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55170</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55170"/>
		<updated>2018-02-25T15:40:59Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Further Reading Material */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following 7 steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier.&lt;br /&gt;
&lt;br /&gt;
Furthermore, the ISO 31000 provides some additional steps to take into consideration &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;: &lt;br /&gt;
*The first step should be initiated at the right timing.&lt;br /&gt;
*Legal and regulatory requirements should be kept. &lt;br /&gt;
*Information of training sessions should be held.&lt;br /&gt;
*Communicate with stakeholders to ensure that the framework remains appropriate &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[#https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
	<entry>
		<id>http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55169</id>
		<title>Risk Management Overview</title>
		<link rel="alternate" type="text/html" href="http://13.50.150.85/index.php?title=Risk_Management_Overview&amp;diff=55169"/>
		<updated>2018-02-25T15:40:47Z</updated>

		<summary type="html">&lt;p&gt;JonasHL: /* Further Reading Material */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Abstract==&lt;br /&gt;
Projects are part of a dynamic and fast-changing world. Therefore there is a degree of uncertainty and unpredictability in projects. In order to minimize uncertainties and unforeseeable events related to a project, risks are identified and managed throughout the project lifecycle. A risk is an uncertain event that can have e negative effect on one or more objects in a project such as time, cost, performance or scope &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
In order to control and manage risks, the Risk Management Process (RMP) is used. RMP is divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. However, RMP is a continuous process, which happens throughout the lifecycle of a project.  &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;  &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The different natures of risks can be categorized with D. Rumsfeld&#039;s Unknown-Knowns and assessed with the risk matrix (both residual- &amp;amp; inherent risk). When treating a risk, the risk managers can choose to &#039;&#039;Avoid&#039;&#039;, &#039;&#039;Reduce&#039;&#039;, &#039;&#039;Share&#039;&#039; or &#039;&#039;Accept&#039;&#039; the risk. The risks can be monitored by using a risk register, where risks and countermeasures can be mapped. &lt;br /&gt;
&lt;br /&gt;
Risk management is an essential tool to use in project management and helps managers get an overview of potential obstacles that can occur or prevent a team from achieving their goals. &lt;br /&gt;
Risk management is a highly importent discipline and should be present in all projects, however, its importance is often neglected. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This Wiki-article will describe the risk management Process, Risk matrix, Rumsfeld&#039;s Unknown-Knowns, inherent- and residual risks.&lt;br /&gt;
At last limitations and advantages of risk management will be discussed and a brief overview of other relevant reading material is given. &lt;br /&gt;
&lt;br /&gt;
Please note that this article only covers the risk (threat) management of a project and does not look into opportunities management (risks with a positive effect).&lt;br /&gt;
&lt;br /&gt;
==Introduction==&lt;br /&gt;
&lt;br /&gt;
=== Risk definition ===&lt;br /&gt;
Risk can be defined as follows: &amp;quot;&#039;&#039;Risk is an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as time, cost and quality, or effect of uncertainty on objectives&#039;&#039;&amp;quot;&lt;br /&gt;
All activities in an organization involve risks. These risks can be managed by identifying them, analyzing them and then evaluating whether the risk should be modified by risk treatment in order to satisfy the organization&#039;s risk criteria. &lt;br /&gt;
During this process, risk managers communicate with stakeholders and monitor the risk. The controls are modified to ensure that the amount of risk treatment is minimized. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.V)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk identification is the &amp;quot;&#039;&#039;process of finding, recognizing and describing risks&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;. Risk identification involves the identification of risk sources, event, causes and potential consequences. The identification can involve historical data, theoretical analysis, expert opinions, and stakeholder needs &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.4)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
However identification is only the first step, managers also need to analyze the risk to the most significant ones can be dealt with on an ongoing basis &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.219)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Rumsfeld&#039;s Unknown-Knowns ===&lt;br /&gt;
The different nature of risks can be categorized with former US Defense Secretary, Donald Rumsfeld&#039;s definition. Rumsfeld categorizes risks as the following &amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt; : &lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;Known-Knowns&#039;&#039; describes the things we know we know. An example could be the fact that we know that there are some risks in every project or maybe learning&#039;s from a previous project.&lt;br /&gt;
*&#039;&#039;Known-Unknowns&#039;&#039; describes the things we know are uncertain. For example, the delays because of a third party fail to deliver on deadline or human errors administration wise or misunderstandings.&lt;br /&gt;
*&#039;&#039;Unknown-Unknowns&#039;&#039; describes the things that we in no way could have seen or expected. This could be a sudden death, war or terrorist attack. &lt;br /&gt;
*&#039;&#039;Unknown-Knowns&#039;&#039; describes the things we should have known, but we for various reason (mostly complexity) don&#039;t. An example could be when a terrorist attack happens on American solid, to some extent, this is an Unknown-Known for the CIA &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.219-220)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Risk matrix ===&lt;br /&gt;
[[File:Risk_matrix_Pic.png|right|thumb|500px|Risk matrix &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;]]&lt;br /&gt;
When the risk elements to be managed is identified, the next step is to ensure that either the likelihood is reduced or the impact of that activity occurring.&lt;br /&gt;
&lt;br /&gt;
The risk matrix is one of the most used tools for risk evaluation. &lt;br /&gt;
The matrix can be used to determine the size of a risk &amp;amp; whether or not a risk is sufficiently controlled. &lt;br /&gt;
&lt;br /&gt;
The risk-matrix is compiled of two dimensions Probability (also called likelihood) and Impact (also called severity). Likelihood is the measure of how likely a given event is, and impact is the effect the risk can do.&lt;br /&gt;
The combination of these two dimensions gives a collective risk rating in the matrix.&lt;br /&gt;
Usually, the risk-matrix consists of 3 different risk ratings: Low (Acceptable), Medium and high (Not acceptable), however, some matrixes also have a 4. level very high  &amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The horizontal and vertical scale can have different values or tags, however, in this case, both impact and probability have a scale from 1-5. &lt;br /&gt;
An example of a risk rating could have a probability of 3 (possible), and an impact of 2 (Minor) would have a collective risk ration of medium &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.223)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The numeric scale of 1-5 can be hard for managers to visualize and use, therefore more subjective values like unlikely and likely is often used, as seen in the table below. &lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot; style=&amp;quot;margin-left: auto; margin-right: auto; border: none;&amp;quot;&lt;br /&gt;
|+ Objectively description of numeric scale&lt;br /&gt;
! Scale (1-5)&lt;br /&gt;
! Probability (Subjective values)&lt;br /&gt;
! Impact (Subjective values)&lt;br /&gt;
|-&lt;br /&gt;
| 1&lt;br /&gt;
| Highly unlikely&lt;br /&gt;
| No impact&lt;br /&gt;
|-&lt;br /&gt;
| 2&lt;br /&gt;
| Unlikely &lt;br /&gt;
| Minor&lt;br /&gt;
|-&lt;br /&gt;
| 3&lt;br /&gt;
| Possible&lt;br /&gt;
| Medium&lt;br /&gt;
|-&lt;br /&gt;
| 4&lt;br /&gt;
| Likely&lt;br /&gt;
| Major&lt;br /&gt;
|-&lt;br /&gt;
| 5&lt;br /&gt;
| Very likely&lt;br /&gt;
| Extensive&lt;br /&gt;
|}&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
It is important to notice that the risk matrix is only used to rank risks, and not as a decision tool itself. How to treat the individual risk the matrix does not answer - other tools and analysis should be used for this (see section [[#Treat risks/Control|Treat risks/Control]]). The tool, however, can be used to prioritize and categorize the risks, so the risks with the highest rating can be dealt with first and so forth.&lt;br /&gt;
&lt;br /&gt;
=== Residual - &amp;amp; Inherent risks ===&lt;br /&gt;
Identified risks can be categorized into two different categories, depending on, if controls fail or not. &lt;br /&gt;
The residual risk is the identified risk as it is today, with the controls in place. &lt;br /&gt;
An example could be the risk of &amp;quot;financial loss if the bank is robbed&amp;quot;, however, we have a control in place and hired security people. &lt;br /&gt;
The inherent risk is the risk we face if the controls for the residual risk fail. For instance, all the security people get food poisoning, and the bank&#039;s protection is therefore gone. &lt;br /&gt;
Naturally the Impact/Probability for the inherent risk should be greater or equal to the ratings in the residual &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; &amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk Management Process (RMP) ==&lt;br /&gt;
[[File:IAMC.jpg|right|thumb|500px|Risk Management Process &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;]]&lt;br /&gt;
The Risk Management Process can be divided into four main categories &#039;&#039;Identify risks&#039;&#039;, &#039;&#039;Assess risks&#039;&#039;, &#039;&#039;Treat risks&#039;&#039; and &#039;&#039;Monitor risks&#039;&#039;. &lt;br /&gt;
=== Identify risks ===&lt;br /&gt;
The first process is &amp;quot;&#039;&#039;Identify risks&#039;&#039;&amp;quot;, here potential risk events and their characteristics that can have a negative effect on the project is identified. The &#039;&#039;identification of risk&#039;&#039; is a repeatable process since risks can change or new risks are discovered, throughout the project&#039;s lifecycle. The identification process can consist of a variety of different stakeholders, project management team, experts, senior managers, etc.&lt;br /&gt;
&lt;br /&gt;
=== Assess risks ===&lt;br /&gt;
The second process is &amp;quot;&#039;&#039;Assess risks&#039;&#039;&amp;quot;, which is used to measure and prioritize risks. In the &#039;&#039;assessment of risks&#039;&#039; the probability of each risk occurring &amp;amp; the corresponding impact for the project, if the risk does occur. The probability and impact are then used to prioritize the risks. This process is also repetitive throughout the project. The [[#Risk matrix|Risk matrix]], as described earlier, can be used for accessing the risks.&lt;br /&gt;
&lt;br /&gt;
=== Treat risks/Control ===&lt;br /&gt;
The third process is &amp;quot;&#039;&#039;Treat risks&#039;&#039;&amp;quot;, here actions to reduce risks, are developed and determined. The &#039;&#039;treatment of risks&#039;&#039; can consist of adding additional resources (manpower, budget) into the schedule. However, the treatment should be customized to fit the individual risk and be as realistic and cost-effective as possible. The process also includes measures to avoid, mitigate or deflect the risk. Another possibility is to develop contingency plans which can be used if the risk occurs &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.138)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Risk Treatment&#039;&#039; consists of a range of options for mitigating the risk, assessing options, and preparations for implementing action plans. As mentioned earlier (in section [[#Risk matrix|Risk matrix]]) the highest risks should be addressed first and so on and forth. Of course, the cost of treating the risk should be evaluated and compared with a potential loss by risk.&lt;br /&gt;
Depending on the type and nature of the risk, the following options are available &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: &lt;br /&gt;
*Avoid - The risk is avoided by stopping to proceed with the activity that introduced the risk. Instead, an alternative activity that still meets business objectives is chosen or a less risky approach or process.&lt;br /&gt;
*Reduce - The likelihood or effect of the risk is reduced to an acceptable level. However in regards to time and expense, it is desirable to eliminate the risk &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;. &lt;br /&gt;
*Share or Transfer - The risk is transferred away from the risk-owner. For instance by outsourcing the activities that the risk is tied to, making contracts with service providers or buying insurance that covers that risk. &lt;br /&gt;
*Accept - The risk is simply accepted, risks with very low impact and likelihood can often be accepted. A risk can also be accepted if the cost of the treatment outweighs the benefit. By accepting the risk no further action is taken to treat the risk, the risk is of cause still monitored and evaluated on an ongoing basis, due to potential changes &amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Monitor risks ===&lt;br /&gt;
The fourth process is &amp;quot;&#039;&#039;Monitor risks&#039;&#039;&amp;quot;, here actions to track and monitor risks are developed. One of the most common approaches to risk monitoring is to use a risk register, which is initiated at the start of a project and continually reviewed and updated. A risk register should as a minimum contain the following information: &lt;br /&gt;
*Risk identification number (Used for identification of risks)&lt;br /&gt;
*Risk Owner (Should be clearly defined and registered in the risk register)&lt;br /&gt;
*Description of Risk (Makes it easier to communicate risk)&lt;br /&gt;
*Results of assessment (Probability/Impact) and assessment date&lt;br /&gt;
*Mitigating Actions (Actions to address the risk)&lt;br /&gt;
*Date for next risk review &amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
It is important to note that risks should be monitored, reviewed and controlled on an ongoing base. The controlling of risks is done by continuous tracking of identified risks while identifying and analyzing new risks.&lt;br /&gt;
Risks and the effectiveness of controls and mitigations should be evaluated throughout the project life cycle &amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.142)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Risk management ==&lt;br /&gt;
=== Risk management in different industries ===&lt;br /&gt;
Risk management is relevant for all industries. However, the degree of importance and impact can vary a lot. &lt;br /&gt;
Risk management is highly essential in sectors like finance/banks, Formula One, drilling oil &amp;amp; gas or space programs. Where big money can be lost, reputations ruined or even lives lost.&lt;br /&gt;
Risk management is especially important in the following areas:&lt;br /&gt;
*Construction&lt;br /&gt;
*Medical procedures&lt;br /&gt;
*Disaster and terrorism management&lt;br /&gt;
*Tech companies&lt;br /&gt;
*Oil and gas &lt;br /&gt;
*Financial &lt;br /&gt;
*Large government projects&lt;br /&gt;
*Pharmaceutical sector&lt;br /&gt;
The parameters used to measure the impact can also vary a lot. For an R&amp;amp;D project, the impact measurements could be delays, financial and mistakes while a bank could use reputational, regulatory, and financial scales to measure the impact. The space program could be an operational risk such as the risk of burning up when astronauts are reentering the atmosphere. While financial institutions could loose reputation or customers if they have a security breach, like hacking or transferring the wrong amount of money from one customer to another.&lt;br /&gt;
&lt;br /&gt;
====Examples of good and bad risk management====&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Bad:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;Volkswagen - Dieselgate&#039;&#039;: In 2015 it was discovered that car manufacturer VW was cheating in emissions test, which made their cars seem more eco-friendly. This act resulted in a recall which costed around 6.7 billion euro and resulted in the company posting its first quarterly loss in 15 years. &amp;lt;ref name=&amp;quot;VWArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Samsung - Galaxy Note 7 smartphone explosions&#039;&#039;: When Samsung launched Galaxy Note 7 in August 2017, there was a fatal error with the batteries which caused them to explode, and Samsung was forced to recall 2 million devices with an estimated cost of 5.3 billion USD. &amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot; /&amp;gt;&lt;br /&gt;
*&#039;&#039;Deutsche Bank -Fined 14 billion USD&#039;&#039;: Deutsche Bank was fined 14 billion USD, by the US for misselling mortgage securities in the US. The bank selected mortgages, packed them into bonds (RMBS) and sold on to investors.&amp;lt;ref name=&amp;quot;DBArticle&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Good:&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;NASA - mission planning and real-time mission operations&#039;&#039;: NASA is known for having a lot of risks in their projects, and have managed to excel in risk management. &lt;br /&gt;
*&#039;&#039;Formula One racing&#039;&#039; - Is high-performance racer sport, where safety and risk management is taken very seriously. Resulting in a 20-year streak with no fatal incidents, until October 2014 &amp;lt;ref name=&amp;quot;FOneArticle&amp;quot; /&amp;gt;. Former Formula One driver Jackie Stewart did even say: &amp;quot;&#039;&#039;There is no doubt that Formula One has the best risk management of any sport and any industry in the world&#039;&#039;&amp;quot;&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Implementing Risk management ==&lt;br /&gt;
[[File:ReducingRisk.jpg|right|thumb|500px|Steps in implementing Risk management &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;]]&lt;br /&gt;
The steps to implementing risk management can be divided into the following 7 steps &amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt;: &lt;br /&gt;
#&#039;&#039;&#039;Start right&#039;&#039;&#039; - It is important to have a clear and precise definition of what the project outcome should be, along with project vision, objectives, scope, and deliverables.&lt;br /&gt;
#&#039;&#039;&#039;Accountable&#039;&#039;&#039; - Involve the whole team and share responsibilities among team members. &lt;br /&gt;
#&#039;&#039;&#039;Identify&#039;&#039;&#039; - Start with identifying the risks (step 1-2 in the [[#Risk Management Process (RMP)|Risk Management Process (RMP)]])&lt;br /&gt;
#&#039;&#039;&#039;Risk plan&#039;&#039;&#039; - The actions to counter risks is planned and mapped (step 3 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Monitor&#039;&#039;&#039; - The identified risks are monitored and tracked (Step 4 in RMP)&lt;br /&gt;
#&#039;&#039;&#039;Transparency&#039;&#039;&#039; - Is about communication, being clear and straight up with stakeholders, bosses and employees, which will make the project easier.&lt;br /&gt;
&lt;br /&gt;
Furthermore, the ISO 31000 provides some additional steps to take into consideration &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;: &lt;br /&gt;
*The first step should be initiated at the right timing.&lt;br /&gt;
*Legal and regulatory requirements should be kept. &lt;br /&gt;
*Information of training sessions should be held.&lt;br /&gt;
*Communicate with stakeholders to ensure that the framework remains appropriate &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.12)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Limitations and advantages of RMP (discussion) ==&lt;br /&gt;
&lt;br /&gt;
=== Advantages ===&lt;br /&gt;
By having an effective and structured risk management system, organizations will get the following benefits:&lt;br /&gt;
*Increased ability to deliver projects on time, since there will be fewer surprises.&lt;br /&gt;
*Better use of resources. &lt;br /&gt;
*Overview of risks and losses.&lt;br /&gt;
*Better quality data for decision making.&lt;br /&gt;
*Budgets are less relying on guesswork.&lt;br /&gt;
&lt;br /&gt;
There are many more benefits of good risk management than just the ones listed here, but this is some of the important ones for organizations.&lt;br /&gt;
Risk management helps organization overview and control risks and therefore make better decisions. Risk management is therefore highly relevant and should be implemented and used in organizations.&lt;br /&gt;
&lt;br /&gt;
=== Limitations ===&lt;br /&gt;
Risk management has an array of advantages. However, risk management also has some limitations:&lt;br /&gt;
*No matter how much preparation is done, accidents and unforeseen events will always happen. &lt;br /&gt;
*Risk management will not delay or remove all risks. &lt;br /&gt;
*It can be used as decision support, but not as a decision tool.&lt;br /&gt;
*Risk management uses a lot of time, to gather information, it has information and can be difficult to implement. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Risk Management Process is concerned with managing the identified and quantified risks &amp;amp; mitigations and does not tackle other types of uncertainty like the cost to develop a new prototype or if customers will buy the product &amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(pp.134-135)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
Furthermore, a lot of time and resources can potentially be spent on prioritizing and assessing, risks that are not likely to occur, which will divert resources that could have been spent more effectively.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039; ISO 31000 &#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The ISO 31000 is probably the most used risk management standard. However, it has some flaws, which managers need to take into consideration.&lt;br /&gt;
 &lt;br /&gt;
First, a considerable amount of scientific literature arguing for the ISO 31000 is outdated since it uses ideas of risk assessment and characterization as used in the 1970s and 1980s &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Second, a significant proportion of management researchers and analysts agrees on risk captures two dimensions:&lt;br /&gt;
# something is at stake (health and lives, the environment and material assets)&lt;br /&gt;
# uncertainties.&lt;br /&gt;
Above-mentioned can be conceptualized, measured and described in a more and understandable way than the ISO 31000, for instance, the SRA glossary &amp;lt;ref name=&amp;quot;CriticArticle&amp;quot; /&amp;gt;. &lt;br /&gt;
This claim is backed up in the ISO 31000 SME, which states: The ISO 31000 &amp;quot;&#039;&#039;provides generic guidelines, it is not intended to promote uniformity of risk management across organizations.&#039;&#039;&amp;quot; &amp;lt;ref name=&amp;quot;iso31000sme&amp;quot; /&amp;gt;.&lt;br /&gt;
Therefore it is vital that risk managers don&#039;t blindly follow the ISO 31000, but read material from multiple sources, for instance, the SRA glossary or material listed in section [[#Further Reading Material|Further Reading Material]].&lt;br /&gt;
&lt;br /&gt;
== Conclusion ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
There will always be risks in projects, and how they are managed will have a large impact on the success of a project &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.232)&amp;lt;/sup&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Bad or no risk management can lead to immense losses and complications, whereas great risk management will lead to better decision making, quality, and budgets for projects.&lt;br /&gt;
Naturally, risk management has some limitations such as its time consumption and the missing ability to remove all delays/risks.&lt;br /&gt;
&lt;br /&gt;
The RMP helps manages to get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
It is important that managers use risk management, and spent time on improving and develop the risk management programme of companies.&lt;br /&gt;
&lt;br /&gt;
Even though risk management naturally is a more integrated and important discipline in some industries, it is recommended that it is used at least to some degree throughout all projects and companies.&lt;br /&gt;
&lt;br /&gt;
== Just my notes - will be deleted xxx ==&lt;br /&gt;
*Even though risk management indisputably is beneficial, most managers use the ISO 31000 standard, which has some critical flaws.&lt;br /&gt;
ARTA diagrams are included for risk treatment and control????? XXX&lt;br /&gt;
Implementation of risk management xxxxxx&lt;br /&gt;
xxx Project management context - Here the risk management process will be put into a project management context. xxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is an important tool to use in project management, even-though risk management is only estimates of potential future situations. Risk identification helps the manager get an overview of potential obstacles that can occur or prevent the team from achieving their goals. By identifying the risks, managers can map them and initiate appropriate measurements to counter them.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Risk management is highly important discipline and is therefore present in most projects. &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; NoGET MED GOAL XXX&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*Slides from fist lecture.&lt;br /&gt;
*Write something about project in all sections ex: treat risk/control&lt;br /&gt;
*&amp;quot;Implementation risk management (step by step guide)&amp;quot;  &lt;br /&gt;
*An example of a risk register can be seen here : xxxx&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Implementing risk management according to ISO 31000&#039;&#039;&#039; &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;&#039;&#039;&#039;:&#039;&#039;&#039; &lt;br /&gt;
*define the appropriate timing and strategy for implementing the framework;&lt;br /&gt;
*apply the risk management policy and process to the organizational processes;&lt;br /&gt;
&lt;br /&gt;
*comply with legal and regulatory requirements;&lt;br /&gt;
&lt;br /&gt;
*ensure that decision making, including the development and setting of objectives, is aligned with the&lt;br /&gt;
outcomes of risk management processes;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*hold information and training sessions; and&lt;br /&gt;
*communicate and consult with stakeholders to ensure that its risk management framework remains&lt;br /&gt;
appropriate.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;x&#039;&#039;{{sup|2}}&lt;br /&gt;
&lt;br /&gt;
Ref test xxx .. &amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt;{{rp|pages=22-27}}&lt;br /&gt;
test test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;{{rp|needed=y|date=February 2018}}&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt; &amp;quot;#page=N&#039;&lt;br /&gt;
&lt;br /&gt;
{{r|PMBOK|p=56}}&lt;br /&gt;
&lt;br /&gt;
{{rp|89}}&lt;br /&gt;
&amp;lt;sup&amp;gt;2&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
ref test &amp;lt;ref name=&amp;quot;PMBOK&amp;quot; /&amp;gt;&amp;lt;sup&amp;gt;(p.2)&amp;lt;/sup&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==Literature==&lt;br /&gt;
===References Credibility===&lt;br /&gt;
This section contains a brief discussion of the used online sources credibility. This is done to ensure transparency and provide a high-quality list of sourcing which the reader can follow up on.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot; /&amp;gt;: Is written by the &#039;&#039;Office of risk management&#039;&#039; at Georgetown University and can, therefore, be seen as an academically valid source. &lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot; /&amp;gt;: Is a podcast produced by a Danish radio called &#039;&#039;Risiko Radio&#039;&#039;, which specialize in risk. However this podcast is in Danish, which can be problematic, the interviewed author J.L. Jensen, also argues for this in his book &#039;&#039;Redefining Risk &amp;amp; Return - The Economic Red Phone Explained&#039;&#039; (ISBN 978-3-319-41368-6).&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot; /&amp;gt;: &#039;&#039;Wikipedia&#039;&#039; is often criticised for is reliability since everybody can edit the pages. However, since this source is used in combination with the book Project Management by H. Pearson &amp;lt;ref name=&amp;quot;PMBogen&amp;quot; /&amp;gt; and since this article is a Wikipedia itself, this is not a huge issue. Last modified 02-02-2018&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot; /&amp;gt;: Is written by &#039;&#039;CGE Academy&#039;&#039; which is a information site created by the company &#039;&#039;CGE - Risk Management Solutions&#039;&#039;. &#039;&#039;CGE&#039;&#039; is a multinational company which specializes in risk management solutions. The company has over 10.000 end users and a 21% growth over the last five years, and it is fair to say that &#039;&#039;CGE&#039;&#039; is a reliable source considering Risk Management. (https://www.cgerisk.com/about-us/) Last modified 24-07-2017&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot; /&amp;gt;: &#039;&#039;Nasdaq BWise&#039;&#039; is a global company which helps streamline risk management activities, furthermore the information from their webpage was compared with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;. (http://www.bwise.com/about) Last modified 29-09-2015&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;RMPPic&amp;quot; /&amp;gt;: &#039;&#039;Procurement Journey&#039;&#039; is a webpage written by the Schottish Government (http://www.gov.scot/About) and can be seen as a credible source. Last modified 2016&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot; /&amp;gt;: Is written by &#039;&#039;Chartered Accountants&#039;&#039;, which is a New Zealand based, they provide business and finance support to over 100.000 members. They are a huge company and therefore must have a lot and specialized knowledge within their field. Furthermore the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt; is used as a reference , on the page. (https://www.charteredaccountantsanz.com/about-us)&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot; /&amp;gt; Is written by the CEO of &amp;quot;Projectmanager.com, which is a company that produces Project Management software. The company has more than 10.000 users, including NASA, VOLVO, and UN (https://www.projectmanager.com/). The webpage can be seen as credible. However information from webpage is used in combination with information from the ISO 31000 &amp;lt;ref name=&amp;quot;iso31000&amp;quot; /&amp;gt;.&lt;br /&gt;
*&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot; /&amp;gt; Is an article published on the business site Wisestep, which can be seen as a credible source. The article was last modified/published 12-02-2018.&lt;br /&gt;
&lt;br /&gt;
However, a more general critic of the use of online source could be based on the following:&lt;br /&gt;
#Information available on the Internet is not regulated for quality or accuracy.&lt;br /&gt;
#Almost anyone can publish anything they wish on the internet.&lt;br /&gt;
#The information on a given webpage can change over time.&lt;br /&gt;
#The information can be outdated.&lt;br /&gt;
#Information can be twisted to reflect a person or companies interests.&lt;br /&gt;
&lt;br /&gt;
As earlier stated the used online sources are relatively credible (point 1-2). When considering the change and outdatedness (point 3-4), the webpages was last edited between 29-09-2015 and 02-02-2018, which is relatively new and relevant.&lt;br /&gt;
Since all the internet pages used are on a factual and information level, and not analytical the risk of exposure to company interests are minimal (point 5). &lt;br /&gt;
In conclusion, the used internet pages are credible sources.&lt;br /&gt;
&lt;br /&gt;
===References===&lt;br /&gt;
&amp;lt;references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBogen&amp;quot;&amp;gt;H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000sme&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk Management for smes&amp;quot;, &#039;&#039;ISO&#039;&#039;, (2015):. https://www.iso.org/iso/iso_31000_for_smes.pdf, Visited 07-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;iso31000&amp;quot;&amp;gt;ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009):. &amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RiskMatrixPicture&amp;quot;&amp;gt;CGE Academy, &amp;quot;Risk matrices&amp;quot;, https://www.cgerisk.com/knowledgebase/Risk_matrices, Visited 05-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ResidualInherent&amp;quot;&amp;gt;Nasdaq, &amp;quot;Assessing Risks: Inherent or Residual&amp;quot;, http://www.bwise.com/blog/assessing-risks-inherent-or-residual/obj5382859, Visited 08-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;KnownKnownsWiki&amp;quot;&amp;gt;Wikipedia, &amp;quot;There are known knowns&amp;quot;, https://en.wikipedia.org/wiki/There_are_known_knowns, Visited 03-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;HowToDoProjects&amp;quot;&amp;gt;J. Geraldi, C. Thuesen and J. Oehmen, &amp;quot;How to Do Projects&amp;quot;, &#039;&#039;Dansk Standard&#039;&#039;, (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;TreatRisks&amp;quot;&amp;gt;Chartered Accountants, &amp;quot;Treat Risks&amp;quot;, https://survey.charteredaccountantsanz.com/risk_management/midsize-firms/treat.aspx, Visited 09-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMGeorgUni&amp;quot;&amp;gt;Georgetown University, &amp;quot;Risk Management Overview&amp;quot;, https://riskmanagement.georgetown.edu/overview, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RMPPic&amp;quot;&amp;gt;Procurement Journey, &amp;quot;Risk Management Process&amp;quot;, https://www.procurementjourney.scot/risk-management-process, Visited 10-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;CriticArticle&amp;quot;&amp;gt;T. Aven, &amp;quot;The flaws of the ISO 31000 conceptualisation of risk&amp;quot;, &#039;&#039;Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability&#039;&#039;, 5 (2017):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;RisikoRadio&amp;quot;&amp;gt;Risko Radio, &amp;quot;Episode 027: Hvad er en Risikoejer? Interview med Jesper Lyng Jensen&amp;quot;, https://podtail.com/da/podcast/risiko-radio/episode-027-hvad-er-en-risikoejer-interview-med-je/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;AdvantageDisadvantage&amp;quot;&amp;gt;C. Reddy, &amp;quot;Advantage and Disadvantage of Risk Management&amp;quot; (published: 12/02-2018), &#039;&#039;Wisestep&#039;&#039;, https://content.wisestep.com/advantage-disadvantage-risk-management/, Visited 13-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;PMBOK&amp;quot;&amp;gt;Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000):.&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;SamsungArticle&amp;quot;&amp;gt;M. Lopez, &amp;quot;Samsung Explains Note 7 Battery Explosions, And Turns Crisis Into Opportunity&amp;quot; (published: 22/01-2017), &#039;&#039;Forbes&#039;&#039;, https://www.forbes.com/sites/maribellopez/2017/01/22/samsung-reveals-cause-of-note-7-issue-turns-crisis-into-opportunity/#9a47e4b24f12, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;VWArticle&amp;quot;&amp;gt;R. Hotten, &amp;quot;Volkswagen: The scandal explained&amp;quot; (published: 10/12-2015), &#039;&#039;BBC&#039;&#039;, http://www.bbc.com/news/business-34324772, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;DBArticle&amp;quot;&amp;gt;J. Treanor, &amp;quot;The $14bn Deutsche Bank fine – all you need to know&amp;quot; (published: 06/09-2016), &#039;&#039;The Guardian&#039;&#039;, https://www.theguardian.com/business/2016/sep/16/deutsche-bank-14bn-dollar-fine-doj-q-and-a, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneArticle&amp;quot;&amp;gt;G. GonzalezTreanor, &amp;quot;Formula One risk management strives to prevent racing deaths after tragedies&amp;quot; (published: 16/10-2017), &#039;&#039;Business Insurance&#039;&#039;, http://www.businessinsurance.com/article/00010101/NEWS06/912316546/Formula-One-risk-management-strives-to-prevent-racing-deaths-after-tragedies, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;ref name=&amp;quot;FOneQoute&amp;quot;&amp;gt;vGroup, &amp;quot;DFA Launch&amp;quot;, http://www.vgroupinternational.com/news-and-media/latest-news/dfa-launch, Visited 15-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ProjectManager&amp;quot;&amp;gt;J. Westland, ProjectManager.com, &amp;quot;What Is Project Risk and Why Should You Care?&amp;quot;, https://www.projectmanager.com/blog/what-is-project-risk-and-why-should-you-care, Visited 23-02-2018&amp;lt;/ref&amp;gt;&lt;br /&gt;
&amp;lt;/references&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===Further Reading Material===&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Wikipedia articles&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*[[Risk management]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk and Opportunities Management]]&lt;br /&gt;
&lt;br /&gt;
*[[W:https://en.wikipedia.org/wiki/There_are_known_knowns|There are known knowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Management in Renewable Energy Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk Register]]&lt;br /&gt;
&lt;br /&gt;
*[[Impact vs. Probability]]&lt;br /&gt;
&lt;br /&gt;
*[[Unknown unknowns]]&lt;br /&gt;
&lt;br /&gt;
*[[Risk identification]]&lt;br /&gt;
&lt;br /&gt;
*[[Including Risk Management in Construction Projects]]&lt;br /&gt;
&lt;br /&gt;
*[[#ISO_31000|ISO 31000]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Books&#039;&#039;&#039;&lt;br /&gt;
*Chapter 10 in: H. Pearson, &amp;quot;Project Management&amp;quot;, &#039;&#039;Pearson Education Limited&#039;&#039;, 4th. Edition (2010) &lt;br /&gt;
::This chapter is about Risk &amp;amp; Opportunities Management and describes: &#039;&#039;risk matrix, Rumsfeld&#039;s Known-unknowns, qualitative and quantitative approaches, sensitivity analysis, PERT technique&#039;&#039; and &#039;&#039;Monte Carlo simulation&#039;&#039;. &lt;br /&gt;
*ISO, &amp;quot;31000 Risk management — Principles and guidelines&amp;quot;, &#039;&#039;International Standard&#039;&#039;, (2009)&lt;br /&gt;
::The golden standard within risk management, it gives a great overview of definitions and approaches within risk management and is there for a must read.&lt;br /&gt;
*Chapter 11 in: Project Management Institute, &amp;quot;A guide to the project management body of knowledge: PMBOK Guide&amp;quot;, &#039;&#039;Project Management Institute&#039;&#039;, (2000)&lt;br /&gt;
::This chapter is about Project Risk Management and describes: &#039;&#039;risk Management Planning, Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, Risk Response Planning&#039;&#039; and &#039;&#039;Risk Monitoring and Control.&lt;br /&gt;
*Committee on Foundations of risk analysis, &amp;quot;SRA glossary &amp;quot;, &#039;&#039;Committee on Foundations of risk analysis&#039;&#039;, (2015) (Link: http://www.sra.org/sites/default/files/pdf/SRA-glossary-approved22june2015-x.pdf)&lt;br /&gt;
::The SRA is similar to the ISO 31000, in the way it gives an overview of definitions and approaches to risk management.&lt;br /&gt;
* J. L. Jensen, &amp;quot;Risk &amp;amp; Return - The Economic Red Phone Explained&amp;quot;, &#039;&#039;Springer International Publishing AG&#039;&#039; (2017)&lt;br /&gt;
::This book attempt to re-define objective risk, and addresses the critical factor of defining a risk owner. It argues for defining risk owner at the lowest possible management level, and the importance of proper risk management. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Articles&#039;&#039;&#039;&lt;br /&gt;
*N.T. Nassim, D.G. Goldstein and M.W. Spitznagel &amp;quot;The Six Mistakes Executives Make in Risk Management&amp;quot;, &#039;&#039;Harvard Business School Publishing Corporation&#039;&#039; (2009)&lt;br /&gt;
::This article outlines some of the general mistakes managers make when doing risk management, and have some great arguments which managers should take into consideration.&lt;/div&gt;</summary>
		<author><name>JonasHL</name></author>
	</entry>
</feed>