IS RISK MANAGEMENT A REACTIVE CRISIS MANAGEMENT OR PROACTIVE RISK CONTROL MANAGEMENT THAT IS MOST ESSENTIAL FOR SUCCESSFUL PROJECTS?

Project risks results in negative outcome. On contrary opportunities have positive impact on project success? Hence risks are to be identified, prioritized, mitigated and or transferred to third party. Risk Management is highly essential during the project life cycle for successful project management. Proactive risk management is key to the success. Poor risk management results in time, and Cost overruns and poor quality. Risk management needs to be integrated in every phase of the life cycle with adaptive control to suit the situation. Risk events are characterized with the probability ranging from 0 to 1. Risk management is proactive management in successfully managing projects where as reactive approach may result in total project failures or reduction in degree of success.

2, need of risk management is highly essential for the Critical and High condition, else any project is bound to give failure results which will definitely lead to poor satisfaction of the stakeholders. Whereas Medium and Low has less impact comparatively. However with the risk management all the above conditions may be attended to, which will bring certainly better satisfaction to stakeholders.

Risk Manager is a liability or asset?
Risk manager is a not a liability and definitely an asset to the organization and to the humanity at large as the risk manager predicts the different types of causes and takes necessary control measures to avoid, transfer or mitigate and minimise residual risk and contributes to the success of the project. Many of them feels risk manager is a liability because, they believe in crisis management rather than proactive approach.
In India, most of the software organizations have not seen the concept of risk management due to small or medium organisation cannot afford to employ them. However risks can be managed by outsourcing the tacit knowledge with mutual trust and confidence, which will definitely bring some more success. However in large software organizations systematic and strategic approach prevails.

Who will identify the risks?
Identification of the risks is a very vital task and requires highly experienced people to estimate or predict risk. However low and medium types of risks are managed by the team members during the execution phase but high and critical impact risks are to be identified in the early stages so that the same can be attended in time and at low cost without effecting the project deliverables. Every member of the team shall feel that, they are responsible to identify the risks. Whereas some of the software team members may feel risk identification is the job of the project manager or the top management. Hence the need of the agile team is highly required to manage the risks to make the software project success.

Impacts of risk:-
Risk has very high impact on the project outcome and it effects broadly on the following. 1. Cost -Overall Cost and Profits 2. Schedules -Project time duration. 3. Scope -Deliverables and Quality.
Excepting to the natural calamities due to act of "GOD ALMIGHTY" which are beyond human control, all other risks can be controlled and managed. 1082

Principles of Risk Management [2]
The ten elements of operation that represent the main risk areas to the success of a business are considered to be: 1 Premiseswhere the firm is located, type of premises available for use, amenities, distribution routes, access for customers.
2 Productindustry sector, features of product or service offered, life cycle and fashion trends, materials used in production, green issues, quality 3 Purchasingaccess to supplies, storage and warehouse facilities, stock control, payment terms, cost.
4 Peoplethe workers in the organization, skills, training needs, motivation and commitment, incentive packages available, employment contracts.
5 Proceduresproduction procedures, record keeping and reporting systems, monitoring and review, use of standards, emergency procedures.
6 Protectionpersonal protection of workers and others, property and vehicle security, insurance cover, information systems, data security.
7 Processesproduction processes, waste and scrap disposal, skills, technology and new materials.
9 Planningaccess to relevant data, management skills, external factors and levels of control, short-and long-term planning, investment options.
10 Policyrange of policies that support the strategic plans of the firm.

A. What is Success? [12]
Success is one of those words that conjure up a picture we paint in our minds.

B. Trends in Project Management -Failures & Success
The Standish Group research [7][19] shows a staggering 31.1% of projects will be cancelled before they ever get completed. Further results indicate 52.7% of projects will cost 189% of their original estimates. The cost of these failures and overruns are just the tip of the proverbial iceberg. The lost opportunity costs are not measurable, but could easily be in the trillions of dollars.
The following trend shows the Successful, Failed and Challenged projects starting from 1994 to 2015 (Source Standish report) On the success side, the average is only 29 % for software projects that are completed on-time and on-budget. In the larger companies, the news is even worse: only 9% of their projects come in on-time and on-budget. And, even when these projects are completed, many are no more than a mere shadow of their original specification requirements. Projects completed by the largest American companies have only approximately 42% of the originally-proposed features and functions. Smaller companies do much better. A total of 78.4% of their software projects will get deployed with at least 74.2% of their original features and functions.
This data may seem disheartening, and in fact, 48% of the IT executives in their research sample feel that there are more failures currently than just five years ago. The good news is that over 50% feel there are fewer or the same number of failures today than there were five and ten years ago. The reasons for failures are 1. Untrained. 2. Not matching organization goals with individual goals. 3. Right person in right job doing right thing for achieving organization goals. 4. Accepting unrealistic goals. 5. Lack of control over the activities.
At CHAOS University Martin Cobb, Treasury Board of Canada Secretariat, Ottawa, Canada outlined his paradox: "We know why projects fail; we know how to prevent their failure --so why do they still fail?" --Cobb's paradox The most important aspect of the research is discovering why projects fail. To do this, The Standish Group surveyed IT executive managers for their opinions about why projects succeed. The three major reasons that a project will succeed are user involvement, executive management support, and a clear statement of requirements as shown in the Table I. There are other success criteria, but with these three elements in place, the chances of success are much greater. Without them, chance of failure increases dramatically.

Risk Principles:-A. What is risk?
Risk [4] is an inherent property of any activity. The dictionary meaning of "risk" is "the possibility of being exposed to danger or loss" (Source: Oxford Dictionary). The term risk has its Etymological origin in the Latin word "resceare", which means "to cut-off". It has evolved since then as the French word "risqué", and the Italian word "risco".
The term risk is used universally in different contextual domains. For example, it is used in the financial sector to mean the possibility of incurring financial loss, and in the medical sector to mean the possibility of physiological loss to life. In the "software" world, risk is an important issue often referring to the sources of danger to software development, acquisition, procurement, or maintenance.
One of the important considerations challenging any risk management researcher is the definition of risk. In other words, before proposing any risk management framework one needs to specify/quantify the "dimensions" of risks. This is because it is a challenge to unanimously agree on the definition of risk.
There are several formal definitions of risk available in literature, few of which are presented below.
"A possible future event that, if it occurs, will lead to an undesirable outcome" (Leishman and VanBuren, 2003). "Risk is a combination of an abnormal event or failure, and the consequences of that event or failure to a system"s operators, users, or environment. A risk can range from catastrophic (loss of an entire system, loss of life, or permanent disability) to negligible (no system damage or injury)" (Glutch, 1994).
"Risk refers to a possibility of loss, the loss itself, or any characteristic, object, or action that is associated with that possibility" (Kontio, 2001). Risks are characterized with the probability ranging from 0 to 1.

Projet Failure Reasons
Managerial Issues Technical Issues 1085 Riskthe likelihood that it will actually cause damage, harm or injury Risk assessmentthe process of identifying hazards and assessing the severity of damage, harm and likelihood it will occur Risk factorthe range of factors that combine to represent the potential for harm, injury, damage or loss to occur C. Risk Factors [2]:

D. What is Risk Management?
Risk management [4] is a way to manage risks. In other words, it concerns all activities that are performed to reduce the uncertainties associated with certain tasks, or events. In the context of projects, risk management reduces the impacts of undesirable events on a project. Risk management in any project requires undertaking decision-making activities.

E. Origin of Risk Management.
Risk management [4] has its roots in probability theory, and decision making under uncertainty. Three well-known theories in these areasexpected utility theory (Bernoulli, 1954; Hogarth 1987), theory of bounded rationality (Simon, 1979), and prospect theory (Kahneman and Tversky, 1973; Kaheman et al., 1982)were of the greatest influence. These theories may be considered as disciplines by themselves. Therefore, to put our discussions on risk management in context, we briefly state below only what each of these theories propose.
In brief, the expected utility theory discusses how people make choices from different alternatives, based on their expected utility. The theory of bounded rationality states that for real life events, the outcomes, and their associated probabilities are very limitedly understood by people to make the required decisions to maximize their expected utility. Therefore, people have a tendency to set up targets of aspiration in life by eliminating alternatives from the different options they have. This theory is useful for modeling the behavior of project management personnel in charge of risk management. Prospect theory, which has its origin in Psychology, helps to model how the perceptions of human beings influence their choices from the given options. It, thus, helps for understanding, and estimating the utility losses of different alternatives while analyzing risks in risk management.

1086
F. RISK CIRCLE [6] Risk cyclic process is described below.

Figure 5:-Risk Circle Process
Steps in the CRM process include: (1) Identify: Identify contributors to risk (shortfalls in performance relative to the baseline performance requirements).
Note: Sometimes the relationship between an identified risk and performance measures is indirect, but risks within the proper scope of CRM are addressed precisely because they may affect one or more performance measures.
(2) Analyze: Estimate the probability and consequence components of the risk through analysis, including uncertainty in the probabilities and consequences and, as appropriate, estimate aggregate risks.
(3) Plan: Decide on risk disposition and handling, develop and execute mitigation plans, and decide what will be tracked.
(5) Control: Control risk by evaluating tracking data to verify effectiveness of mitigation plans, making adjustment to the plans as necessary, and executing control measures.
(6) Communicate and document: Communicate and document the above activities throughout the process. G. Risk Score Risk score is the indicator which is the combination of risk probability of occurrence of and event and the impact of the risk of effect as per the equation given below. Risk Score = Risk Probability x Risk Impact x 100 Global Risk Management Methods:-Some of the risk management models, standards, principles, and techniques are discussed.

A. Software Risk Management Models [4]
Several software risk management approaches have been proposed in the past, most of which assess risks during all the phases of software development, by integrating risk management practices along with the software development process. As a result, in these approaches, the risk management models follow a disciplined process. These approaches are listed below. These approaches are summarized below. A "horizontal" comparison of all of these approaches may not be fair because, although each of them address risk management, they were developed under different circumstances for solving may be related but different issues. For example, Hall"s P 2 I 2 was developed from a risk management capability modeling perspective. On the other hand, Boehm"s Win-Win model was developed primarily as a novel software development process model ("spiral" development) taking a risk-based approach. We provide below a high-level overview of these approaches. Boehm (1991) also proposed a risk management framework, which helps to identify the primary sources of risk, analyze, and resolve them. This risk management framework can be integrated into the Original Spiral, or the Win-Win Model.
SEI's Software Risk Management Approach: SEI provided a comprehensive risk management framework comprising of the following three groups of practices: Software Risk Evaluation, Continuous Risk Management, and Team Risk Management. The Software Risk Evaluation approach concerns the identification, analysis, communication, and mitigation strategies for software risk management. The approach depends on, amongst other elements, the risk taxonomy, which consists of constructs used for organizing risk information. The taxonomy helps in providing with an instrument (questionnaire) to elicit different classes of risks. The entire taxonomy of risks can be found in (Higuera and Haimes, 1996), and is omitted from here. The taxonomy has classification of risks into categories such as Requirements risks, Design risks, Coding and testing risks, Contract risks, Resource risks, and so on.
Hall's P 2 I 2 Approach: Hall (1998) approached risk management by identifying four different factors that have the potential to alter the expected results in any project. These factors are People, Process, Infrastructure, and Implementation.
The People factor is concerned with human resource aspects for risk management. This is important because the success of any risk management activities is dependent on the successful communication of different issues arising while conducting risk management activities.
The Process factor defines the processes that should be taken to manage risks for minimizing uncertainties involved in the project.
The Infrastructure factor defines the requirements, resources, and results required to perform risk management activities in an organization.
The Implementation factor concerns the actual implementation of risk management activities such as, establishing the initiatives for risk management, developing the plan, customizing the standard processes to meet the requirements of the project, assessing risks, and controlling risks.

ISSN: 2320-5407
Int. J. Adv. Res. 5(8), 1080-1092 1089 free model, calibrating the risk-free model, estimating the probabilities of risk events, evaluating the combined values of risk, developing action plans, and monitoring the progress.

B. Risk Management Standards
The following are some of the important global risk management standards. Similarly 80-20 principle it can be extended to risk management and can be stated that "80 % of the risks can be managed or mitigated with 20 % of the efforts". This is the main essence of the proactive risk management strategy.

How to control and manage risks?
A. Difference between Controlling and Managing Risks. Majority of the people feel both controlling and managing risks is synonymous. But there are entirely different concepts. Controlling the risks is bringing the risk in the tolerable range whereas risk management is managing risks minimum possible risks at that time depending on the availability.
The relation between Impact of risk on project and the probability of occurrence of the events is tabulated below.  [3].
Risks associated with software development projects, there are strong indicators that these risks can be managed successfully. Research of failed software projects showed that "their problems could have been avoided or strongly reduced if there had been an explicit early concern with identifying and resolving their high-risk elements" (Boehm, 1991). Effective risk management is the most important management tool a project manager can employ to increase the likelihood of project success. Since risk management is not widely used and understood, this could be a significant competitive advantage to those that implement the risk management processes in their projects.
A large number of processes have been generated in recent years to address the need for more effective risk management. The risk management process provided in the PMBOK (PMI, 2001) is a good overview of the typical processes, yet it is often too generic to meet the specific needs of software projects. The Software Engineering Institute (SEI) has developed the Team Software Process TM (TSP TM ) for the team as a whole, and the Personal Software Process TM (PSP TM ) for the individual during software project development (SEI, 2001). Keshlaf and Hashim (2000) have developed models for tools to aid the software risk management process. As shown in Fig.  below, it uses an eight-step process during the initial phases of the project. When any new risks are identified throughout the project, a five-step inner process is used to improve earlier estimates and judgments continuously.
"Team risk management" is a process that addresses the risks associated with multiple entities (Higuera et al., 1994). Although developed specifically for software contractual relationships, the concept is just as viable for multiple divisions or multiple projects, which is a common paradigm in most organizations.

Risk Instrumentation:-A. Risk Instrumentation
Risk Instrumentation provides the Manual Control, Semi-Automatic Control and Fully Automatic Control systems on Risk management on Process control Instrumentation model.
In risk instrumentation, initially risks are predicted, sensed, ,measured and identified and the process is controlled by manipulating the output parameters with different types of control modes to adjust the position of final control elements so that the process parameter is changed to the required value in comparison with the required, set or desired value.

Proposed Proactive Risk Control System:-
Risk Control System is like Process Control Closed loop Instrumentation system. In every closed loop risk control system contains

Findings:-
The mentioned risk management measures are accepted by Software people across different organizations. A detailed questionnaire is presented and got answers positive by proving risk management followed by a project manager or risk manager at different phases of the Project Management Life Cycle. Hence Risk Control System was proposed based on proactive and Feed forward approach as presented above for minimizing the risks in Project management and thereby increasing successful projects.

Conclusion:-
Risk management is a concept which can be explored more and there is a scope for future work. Project risks are probable events or conditions, on occurrence will result in negative impact on the project success. On contrary opportunities have positive impact on project success. Hence risks are to be identified, predicted, prioritized, mitigated and attended by elimination as far as possible or transfer the risks to third parties or residual risks are to be reduced by mitigation to minimum possible for project success. Risk Management is highly essential during the project life cycle for successful project management. Proactive approach is key to successfully manage risks and there by projects. Poor risk management results in time, Cost overruns and deliverables quality. Risk management needs to be integrated in every phase and process group of project management with systematic and structured approach continuous risk control system and it is not an optional utility. Risk management is certainly not reactive approach rather it is proactive continuous control system. Risks can no longer be tolerated as mismanagement leads to failure and hence it is high time to implement risk control measures at all levels and phases of the projects.