Prerpints.org logo
Preprint
Article

This version is not peer-reviewed.

Achieve Sustainable Development of Projects by Integrating Good Risk Management and Performance Evaluation

A peer-reviewed version of this preprint was published in:
International Journal of Management Research and Economics 2024, 4(2), 25-41. https://doi.org/10.51483/ijmre.4.2.2024.25-41

Submitted:

09 December 2023

Posted:

11 December 2023

You are already at the latest version

Abstract
Risk management strategies protect the company as a whole as well as employees from unforeseen financial impacts. As in the case of personal finance, preparing for certain scenarios helps to face any difficulties that the company may encounter and allows it to get out of this impasse.For any project to be successful, the way the project executing agency will deal with potential risks must be determined so that it can identify, mitigate or avoid problems when it needs to do so. Successful project managers realize that risk management is important, because the achievement of project objectives depends on planning, preparation, results and evaluation that contribute to the achievement of strategic goals, especially the sustainable development of societies.Risk management strategies work to protect the company as a whole as well as employees from unexpected financial effects, and as is the case in personal finance, preparing for certain scenarios helps to face any difficulties that the company may face and allows it to get out of this impasse.To ensure the success of your project, determine how you will handle potential risks so that you can identify, mitigate or avoid problems when you need to do so. Successful project managers understand that risk management is important, because the achievement of project objectives depends on planning, preparation, results, and evaluation that contribute to the achievement of strategic objectives.
Keywords: 
Sustainable Development
;  
Integrating
;  
Risk Management
;  
performance evaluation
;  
Enterprise Performance Management
Subject: 
Business, Economics and Management  -   Business and Management

Introduction

Risk management is the process of identifying, evaluating and controlling threats to the organization's capital and profits and initiating the development of strategies to manage those potential risks and the risks that have already occurred. These threats or risks can stem from many sources such as financial uncertainty, legal obligations, strategic management errors, accidents and natural disasters. Institutions face these risks throughout the life stages of the project, including with regard to investment and commercial operations.
Risk management strategies have become an absolute necessity for companies and institutions, as they reduce threats and risks that may affect them, especially with regard to information technology and related data. As a result, a risk management plan necessarily includes all processes within a company to identify and control threats to its digital assets, including proprietary corporate data, personal customer information, and intellectual property.
Companies may face a certain type of threat, which is very dangerous, especially for startups, which is financial risk. Financial risks can be managed using methods such as financial swaps, which can be applied to all companies, both large and small, through a team specialized in managing this type of risk. Where financial risks are divided according to priorities, large losses are taken care of first, then small losses, respectively. On the other hand, it is the intangible risks that lead most companies to close, as a result of the companies' lack of anticipation.
Every business or organization faces the risk of unforeseen adverse events that could cost the business huge amounts of money or cause it to close permanently. Therefore, there must be a so-called risk management for companies and institutions, which allows institutions to try to prepare for the unexpected by reducing risks and additional costs before they occur. The method of risk management differs according to the nature and activities of the institution, which negatively affects the flow of the administrative process in companies. The importance of corporate risk management and how to address it can be summarized as follows:
By implementing a risk management plan and considering various potential events and risks before they happen, an organization can save money and protect their future. This is because having a solid risk management plan will help the company put in place procedures to avoid potential threats, minimize their impact if they occur and deal with the consequences. This will allow the ability to understand and control risks giving greater confidence in its business decisions. Moreover, strong companies that focus specifically on risk management can help them achieve their goals.
  • Risk identification
Risk identification is one of the benefits of risk management. It is important for organizations to identify potential risks before they undertake their business. Being aware of the usual potential risks makes it easier to take the necessary steps to avoid them. Being aware of potential risks enables management to develop an action plan through which the negative effects of risks are less. Any decision made by managers through reasoned analysis must be informed by a thoughtful risk management process. In the business world, there are four common types of risk that managers should look out for.
Market risk: It is the risk arising from the possible decline in the value of the organization's assets as a result of factors beyond its control such as interest rates, foreign exchange rates and commodity prices.
Credit risk: It refers to those losses that come with the company's outstanding and unpaid debt.
Operational risk: is the potential for business losses due to inadequate actions or failures on the part of the business or external factors
Reputational risk: which arises from the possibility that the company's reputation may be damaged as a result of internal and external factors.
2.
Risk management for financial prudence in business
One must be prepared for anything at all times. The purpose of corporate risk management plans is to ensure that they are easy to prepare financially should any problem arise. In many cases, organizations are able to access more loans and increase credit limits if they have risk management plans in place.
3.
Protecting company resources
Prioritizing risks enables the company to plan for them and respond to each one appropriately according to priority. The importance of risk action plans lies in the company's ability to save time, money and other material resources. This allows workers and management to dedicate their time on the job to doing the essential tasks that are essential to the success of the business.
4.
Improving the company's brands
A risk management plan is one of the best practices that companies can engage in. Such a process sends a positive message about the business, not only to stakeholders but to the general public as well. It gives employees confidence and motivation as they work for a resourceful and responsible company. It also gives clients the feeling that they are dealing with a proactive and professional business. Most importantly, having a risk management plan in place is an indication that the company has a good reputation and has set high standards for itself.
5.
Discover reusable information through risk management
Risk management is collaborative in nature because the effort must come from many individuals from different departments. The risk management method allows collecting important information from different people. The information gathered provides useful insights that can be applied to situations that may arise even after the plan has been developed. This means that organizations that use a business plan need not start from scratch when a problem arises that needs to be solved.
6.
Risk management and insurance plans
Risk management plans must have solutions to any potential threats. Among the components of the risk management plan is the 'Insurance Strategy'. The goal of insurance is to plan how to reduce or reduce the impact of risk. Insurance is one of the most appropriate ways to deal with the negative effects of risk. Moreover, in some cases insurance is part of government regulations, especially for companies that take a lot of risks. This risk management helps companies figure out what type of insurance coverage they need and even estimate the costs associated with it. You now know the importance of risk management in organizations. You can go ahead and plan the risks to ensure the smooth running and success of your business.
The importance of financial risk management is very important to ensure that there is not another global financial crisis and it is a system that focuses on modeling uncertainty, and how to implement the best ways to restrict any downside as it deems necessary.
It helps companies and investors to fulfill their obligations despite the market downturn, and to achieve stability in cash flows.
Measuring risks for the purpose of monitoring and controlling them is an essential role in which the new risk departments in institutions serve a number of important functions, including:
  • Helping to form a clear future vision, based on which the work plan and policy are determined.
  • Developing and developing a competitive advantage for companies by controlling current and future costs that affect profitability.
  • Estimating risks and hedging against them in a way that does not affect the company's profits.
  • Assist in making pricing decisions.
  • Developing the management of securities portfolios and diversifying those securities by improving the balance between risk and profitability.
  • Helping companies calculate the capital adequacy ratio according to the new proposals of the Basel Committee, which will represent a major obstacle for banking companies that will not be able to measure and manage their risks in a scientific manner, as the new requirements of the Basel Committee depend on the ability to measure, follow up and control expected loss rates. Norms, this is in addition to adding new types of risks to the proposed capital adequacy agreement, other than the risks covered by the current agreement.
One of the most important projects and institutions risk management is:
First: avert disaster.
Second: maximizing opportunities.
Third: Ensuring business growth.
Risk management has a direct impact on economic conditions, and risk management is important internally and externally. These main factors must be paid attention to and highlighted:
  • hazard identification
  • types risk
  • The causes of systemic risks
  • Classification of types of risks
  • Changing the currency or exchange rate
  • Follow up on new types of risks and their renewal in societies
  • How to manage risks in the labor market
  • Adjectives that indicate a bear market
  • How trading markets move
  • Planning for the labor market
Enterprise risk management (ERM) is a framework for managing organizational risk and organizational risk is a broad term. This can include concerns that range from ensuring employee safety and securing sensitive data to complying with legal regulations and stopping financial fraud. Hazards can be internal, such as equipment failures, or external, such as natural disasters. What is considered a risk varies from entity to entity.
Risk management is usually seen as minimizing the damage to the value an organization creates for itself, employees, shareholders, customers, and society. Each organization decides what it considers a risk to the organization and conducts some form of risk assessment. An enterprise risk management framework is a set of principles and procedures that help an organization manage expected risks so that it can successfully achieve its objectives. In this sense, risk management solutions do two things: protect the organization from harm and create opportunities to improve business performance.
Proper risk management helps enable business continuity. Business Continuity Management (BCM) is related to the relationship management of an organization. BCM is a management process that companies use to identify potential threats, plan for the future should these threats materialize, and ensure that the company can fulfill its obligations to customers, suppliers, and employees.
The modern view of ERM is that it should help you increase the likelihood of achieving your organizational goals rather than simply compiling a list of potential problems.
Risk management software is about more than just protecting a company's assets; it is about building a culture that is aware of risks so that employees can take the most informed actions and make the best decisions. Our mission in this study is to enable, standardize, orchestrate and align risk management solutions that always work.
That's why enterprise risk management tools are essential to managing risk in business success. Whatever business goals, enterprise risk management can help achieve them. Although every company practices risk management in some way, a formal ERM process puts methodologies and practices in place so that you can systematically increase your chances of success. In the absence of risk management, a company is likely to make poor decisions, be less prepared, and struggle to consistently achieve its business goals.
If one thing becomes too obvious companies have no choice but to plan ahead. Companies have been severely tested by a range of issues, including inadequate employee protection, supply chain deficiencies, and financial unpredictability, underscoring the need for data-driven, resilient enterprise risk management.
For example, security has always been a concern, but it has taken on a new and refocused urgency as companies have imposed work-from-home mandates. This sudden move left many companies scrambling to adapt their on-site protocols to off-site equivalents that would continue to protect the company and its employees from a wide range of concerns including insider threats and financial fraud, while also addressing data privacy, IP protection, cash preservation, and legal compliance.
While most companies focus on innovation and growth, only resilient companies are successful over time because their business strategies also address risk and preparedness. The best business plans are those that can rotate quickly in response to evolving markets, business models, and regulations. For example, companies with modern risk management systems that include automated audits and security monitoring can continue to perform these tasks remotely, even across international borders. This will enable them to operate smoothly despite the restrictions on travel as happened during the Covid-19 situation, and it stimulates a level of efficiency and cost savings that they will benefit from long after the crisis is resolved.

Create an appropriate framework for risk management in the enterprise

Enterprise Risk Management (ERM) is a business process with steps, milestones, and defined stakeholders. A reliable and effective ERM framework is built on the participation of committed stakeholders and is supported by actionable big data and powerful intelligence.
The purpose of your ERM framework is to help you identify, assess and analyze key business risks and mitigate negative business impacts if those risks arise. The ERM framework must be context-based and modular across all areas of the business, because different functions are subject to different types of risks and at different levels. Finally, cyber risk management must consider both internal and external risks and consider how these risks also create opportunities.
For example, if you are entering a new market or acquiring a new company, you will want to apply risk models to understand the potential impacts across each business unit and function. Powerful data analytics, AI, and machine learning (ML) can help you create scenarios and models that not only identify potential for damage but also potential for business growth.

The Enterprise Risk Management (ERM) Matrix Grid

Figure 1 illustrates a popular matrix grid for classifying potential risk events. The vertical axis reflects the severity and impact if a risk event were to occur. The horizontal axis reflects the probability that the risk event might occur. The diameter of the risk event represents the relative cost to mitigate the risk.
This grid is useful to connect ERM with budgeting. Of course, an organization cannot afford to mitigate 100% of the potential risk events and maintain and increase its profits. So, those risk events that can be mitigated are in the upper right corner of the grid. Their impact would be severe and their probability of occurrence relatively high.

How are cloud technologies and analytics changing enterprise risk management?

Technology is transforming within the ERM arena, just as it is in many other enterprise operations. Technology is accelerating the power of ERM in three primary ways.
  • It makes the process more data-driven. Historically, top-down risk mitigation has stemmed from corporate leaders defining enterprise risk, as they see it. Technology provides a data-driven bottom-up ability to classify existing risks and identify new risks based on reliable information. This capability is a game changer. Not only that, the more CRM you integrate with your existing processes and collect data about these processes, the more powerful your risk management will be.
  • It makes the process more flexible and more digital. Cloud technology enables simple, secure workflows that standardize and orchestrate activities across business areas, locations, and functions. Many organizations still rely on spreadsheets, websites, and email for their risk management processes. The lack of secure risk management processes hampers an organization's ability to identify and plan for risks and creates opportunities for data breaches. In contrast, moving to a digital platform, such as cloud risk management, greatly increases the effectiveness of ERM and allows the entire organization to easily participate, which is essential to success.
  • It makes cyber security an enterprise-wide concern and a top priority for Group C. Technology has led to an explosion of data and an increasingly remote workforce, leading to the growth in severity and frequency of cyber threats. Institutions also face stricter expectations from financial regulators when it comes to securing their digital defences. For most companies, a proactive risk management strategy that constantly monitors user access and activity should be the next step in their cybersecurity journey.

What to look for in an ERM solution?

When you're ready to bring technology to your organization's risk and compliance efforts, look for a custom-designed enterprise risk management solution that can give you the following benefits:
Simplicity. First and foremost, an ERM solution must be easy for all stakeholders to use. This is critical because multi-stakeholder participation must be effective. ERM is not an independent process. It should be fully integrated with your existing systems so that you have easy access to all the decision makers in your organization, and they can easily provide continuous input.
integration. Enterprise risk management software and technology implementation cannot be isolated and separated from the rest of the enterprise. Silent risk management programs often fail to reach and influence other stakeholders. In this case, ERM is simply a procedure without collaboration, influence, or systemic adoption—all of which are essential to success. Instead, aim to build a culture of risk awareness throughout your organization.
interaction. When considering a risk management solution, evaluate the solution's potential to engage all stakeholders across the organization. This is the main decision-making factor. Choose a solution that is easy, intuitive, and easy to use so people will use it. Although digital risk management is technology-driven, its real success is rooted in engaging both frontline and organizational leaders so that it becomes part of everyone's daily responsibilities and decision-making, young and old.
standards and best practices. Any ERM solution should incorporate global ISO standards and best practices and include a standard set of analytics to get you started.

When ERM becomes part of the fabric of every system

When your ERM solution is fully integrated into financial, human resources, and supply chain management systems, you can model various issues, events, and possibilities across the business for potential impacts and opportunities. This allows you to monitor the entire business, flag risks, and create mitigation plans. Organizations that lack a proactive risk management strategy will be reactive and will enter crisis mode when an outage occurs.

How a robust risk management framework can protect you?
What are the benefits of an enterprise risk management solution?

The standard properties and benefits offered by the cloud are a natural fit for ERM solutions: faster to deploy, more secure, and more durable. In the context of ERM events, such as a system downtime or business outage due to internal or external forces, infrastructure is always essential to protect your business and maintain your business.
Moreover, collaboration is essential for the effective deployment of enterprise relationship management. Collaboration in the cloud is much easier than it is in a non-cloud environment.
Additionally, with the cloud, creating effective risk management solutions is not a multi-year project that requires huge investments of resources and time. Instead, risk management cloud solutions can be deployed quickly, often within days. This means you can move quickly and start reaping the benefits right away.

What is the future of enterprise risk management?

For many organizations today, ERM is a separate and separate set of activities that don't take advantage of the latest technology to help make critical and risk-related decisions. It doesn't have to be this way. Together, digital and the cloud provide an integrated, seamless platform that everyone can easily interact with - to get the most out of your organization.
In the future, ERM will be more pervasive and data-driven, becoming an integral part of every decision and process. Using powerful data, AI, and machine learning to drive your ERM not only helps you better identify risk, but also makes risk management a part of every activity across the organization. In this iteration, ERM becomes the fabric of everything everyone else does.
With AI and machine learning built into a cloud ERM solution, you can continuously monitor suspicious activity in your core business processes, stop insider threats, and orchestrate preparedness and responses. Your solution will segment this information through dashboards designed specifically for your stakeholders so they can easily access insights and analytics. From assessment to recovery, the solution must take a holistic approach that helps keep mission-critical operations running, whatever the risks that may come your way.
It's not just about minimizing harm, it's a way to help organizations achieve their broader goals and increase their chances of success, despite the risks.
Why a cloud risk management and risk management solution is a great combination.
Business leaders understand that uncertainty and disruption will always be there. We can't always predict the next social or environmental driver, disruptive new business model, or emerging competitor - but we can control our responses and act quickly. This is where a modern approach to ERP and risk management elevates a company's ability to sustain itself and make bold decisions with confidence. Having a risk management solution fully embedded in critical ERP business processes gives you the right framework for growth, compliance, and maintaining security. Plus, advanced built-in controls and automation let you:
  • Automate user access monitoring and control
  • Continuously monitor user activity using artificial intelligence
  • Simplify financial reporting and compliance

Performing Management Reviews of Your Risks

Having a record of the risks experienced by societies, companies, or institutions, planning to mitigate risks, and developing a future plan for that of what the project, institution, or community may go through may be the two most important risk management activities, as the risk management program will not be successful if management does not participate in the process.
The biggest challenge that comes with involving management in the risk acceptance process is that not every manager needs to see in addition to reviewing every single risk. The risk review process requires input from the concerned managers only. In addition, the severity of the risks must be considered when deciding which manager should perform the audit. This is because the severity of risk is a measure of the likelihood and impact of an organization. For example, if an enterprise data breach, one of the risks that our study is concerned with, actually occurs before the mitigation is implemented, the consequences are likely to be felt across the entire organization. This means that ideally, it will be a member of the organization's executive leadership team who will review this risk and determine the course of action. The objective here is to leverage a risk management platform that is able to handle risk appetite by taking into account the context of risk ownership and risk severity.
The higher authority of the management of the institution should evaluate the performance of its employees and according to the structure of the institution from the top of the pyramid to the lowest job degree in the institution to manage project risks as well and not just to manage projects. The word risk here means a lot for institutions, as it means preparing for societal disasters if they are natural disasters such as earthquakes, volcanoes, floods or human-induced Such as wars, for example, and the risks associated with them, as happened in the Corona ‘’Covid-19’’ pandemic, and an integrated plan was developed in this regard.
For example, in construction projects, there are some times that are considered important determinants in the project other than the final time of the project. In some projects, there are specific endings for certain stages during the project period, or the completion of the implementation of one of the buildings within the project. In the event that the contractor fails to finish the project in the specified time, he is subject to a fine, in addition to that the reputation of the contractor and the project that is delayed is considered one of the moral aspects that are taken into consideration. resources to another project. In conclusion, the project end time is one of the most important objectives by which project management is concerned. The contractor is usually free to plan its resources and arrange project activities to achieve its contractual objectives. Planning in this case is considered one of the very important parts within project management because it depends on detailed studies of work needs and the planning function is completed by dividing the project into small parts called activities. Etc..) and the result of the project planning appears in the form of a Bar Chart Research problem: - The emergence of problems during implementation, which leads to non-compliance with the set timetable. Research Disk: Accuracy in project management and risk management analysis that the project is exposed to during implementation leads to quality in project implementation according to the specified schedule. Research content: - The problems that the engineer faces during the implementation process The problems that the engineer faces during the implementation and methods of remedying them 1 - The length of the implementation period 2 - The delay in the project schedule 3 - The miscalculation of the feasibility study for the project 4 - The failure to estimate the final cost of the project in a realistic way, which Leads to the lack of liquidity necessary to carry out the business and not waiting for the required financial resources leads to disruption and implementation of the business The following: 1 - Funding problems, lack of liquidity necessary to carry out the business, and failure to wait for the required financial resources. 2- The initial miscalculation of the feasibility studies of these projects, optimistic estimates of the sales movement, and the dependence of most of these projects on the financial flows resulting from the sale. projects. 3 - Poor organization of management and the ineffectiveness of planning and follow-up. 4 - The entry of many non-specialists in the field of real estate investment, who were seduced by the gains achieved by some projects, despite their lack of experience necessary for the construction process. 5 - The lack of seriousness of many land buyers, whether associations or individuals, in construction, as it is noticeable that large tracts of land have been sold for construction and housing purposes at very low prices to encourage the investment movement. However, no positive step for construction has yet been initiated. 6- Lack of seriousness in applying the law or taking sufficient procedures or guarantees to comply with construction on the set dates

Literature review

In a study conducted by Waheeb et al 2020, Waheeb and Andersen2021, Waheeb et al, 2022, Waheeb et. al., 2022, Waheeb et. al., 2022, Waheeb et. al.,2023, it showed that 30%-50% of the projects in emergency reconstruction post disaster in Iraq, were stopped and canceled in the middle of implementation, and that more than 50% of the projects had exceeded the cost included in the estimated budget by 190%, and that more than half of them had also Exceeding the planned time in the schedule by 220%.
Waheeb et.al.,2022, Waheeb et.al.,2023, invented a model and a program can be used in construction projects to predict delay ratio and additional cost before the dead line of project in time, and before approaching to the fund shortage.
The concept of risk management is a complex combination between the possibility of a risk and the consequences of its occurrence. Where risk management is referred to on the basis of its association with the negative aspects of risk, the standard therefore considers risks in terms of both the negative and positive aspects.
In the field of safety, it is generally noted that only negative outcomes are taken into consideration, which has led to the focus of safety risk management on the prevention and reduction of harm. The importance of risk management stems from providing a framework for the organization with the aim of supporting the implementation of future activities in a coordinated and controlled manner, developing methods of decision-making and planning, defining priorities, changes, opportunities and risks, contributing to the effective use and allocation of capital and resources available to the organization, as well as reducing fluctuations in the areas of non-core activities and protecting and developing The assets and reputation of the organization, the development and support of manpower and the organization's information base, and maximizing operating efficiency.

types of risks

  • internal risks
Risks arising from the wrong initial studies of the project: including legal and organizational risks, and pertaining to the risks related to licenses and permits.
Risks related to the design processes: Not taking into account the limitations on the site.
Risks of installing newer technologies: It is difficult to make an assessment of productivity and potential delays as productivity or unit costs are adjusted without a benchmark.
Difficulties anticipated in design build or construction management: change in specification reflecting design.
The risks arising from the work team: that the work team is not prepared in a timely manner and is not with the appropriate efficiency, or the work team falls behind or fails to perform the work.
Risks arising from mismanagement of the project: taking decisions at the wrong time or making the wrong decisions that lead to the disruption of the project.
Risks related to construction: eg quality problems, poor site safety, worker’s strikes
Delivery risks: These are the risks that lead to a delay in project delivery beyond the specified time as a result of non-compliance with the project schedule.
2.
external risks
Risks arising from equipment: Breakdown of devices and equipment used in the project.
Risks arising from technology: Poor use of technology may lead to project delay.
Natural or environmental hazards: It is the possibility of having adverse environmental effects when planning and executing.
Social risks: This risk is related to the customs, traditions and culture of the community.
Commercial and economic risks: problems with inflation and recession... or problems with distribution routes.
Global Market Risk: There is a rapid change in global and local prices, from the beginning to the end of the project.
Credit risk: which is taking large loans from banks and the lack of strategies to repay those loans.

Methodology

Risk is an inherent part of any business venture, and the way you decide to manage the risks to which the project is exposed is what ultimately determines whether the project will end in success or failure. Therefore, a careful approach to the risk management process is crucial.
Since risk is an essential component of a business, it makes sense to think about how to control this risk, or at least manage it; If we cannot prevent the danger from occurring, we can manage it, and put in place methods and mechanisms that enables us to handle it properly.
Our study plan consists of four steps to manage the risks that the project may face at any stage,
This is as follows:
  • Identify potential risks
You cannot manage risks without predicting them; What you must hold a lot of brainstorming sessions with your team members, and try to find the risks that may threaten the project, whether now or in the medium or long term; Or even in the short term, and put all these possibilities in the "risk register".
It is important here to listen to all points of view, including those that involve different visions. In the end, thinking about what has yet to come is important, and therefore no possibility should be ruled out as long as it could happen at some point in time.
2.
Analysis and evaluation of risks
Once you have identified the potential risks, you must, at this stage, determine the possibility of each risk occurring, and what potential consequences each could have.
This method may help in knowing the risks that must be dealt with at the time, what are the risks that can be postponed thinking about them, and being able to arrange these risks in terms of their severity and the extent of their impact on the project, and therefore there will be a clear perception of what must be done about each potential risk.
3.
Responding to risks
This is the stage of starting the actual diving, and going down to the river, where the previous two steps may enable us to build a clear perception of what will be the case, or rather what is the reality, and what are the risks that may face the work.
In this step, it is necessary to start responding to the most acute risks, and those that have the most impact on the project, and it is important to start doing so urgently, before the danger escalates and its consequences are dire.
4.
Monitor and measure risks
Here, the feasibility of the work is known, and was the work management of the risks effective, which means that this step is concerned with measuring the risks, so has its intensity decreased or been completely eliminated after dealing with it, or not?
Preprints 92830 i001
Risk management process framework.

Results and discussion

The Ways to identify risks are as below:
  • Objective-based identification: Organizations and working teams have goals, and any event that jeopardizes the achievement of these goals, whether in part or in whole, is considered risks.
  • Scenario-based identification: In the planning process, different scenarios are created that may be alternative ways to achieve a goal. Any scenario that is different from what was envisioned and undesirable is defined as dangerous.
  • Source-based identification: This is a breakdown of all potential sources of risk.
  • Review common risks: In many organizations there are lists of potential risks.

Steps in the risk management process

  • Identify risks
  • Identify important risks.
  • Risk recognition can start from the source of the problems or the problem itself.
  • When the problem or its source is known, the incidents that result from it can be searched for.
2.
Risk analysis
  • An organization's exposure to uncertainty requires substantial knowledge of the organization and the external environment in which it operates.
  • It requires a proper understanding of the organization's strategic and operational objectives to analyze the causes and effects of risks.
  • One of the vital factors to ensure the success of the organization are the opportunities and threats associated with achieving the objectives. Therefore, risks must be analyzed after identifying them to know their components and causes.
3.
Risk classification
  • Taking into account the consequences and probabilities of each risk and giving priority to the main risks.
  • The risks associated with the activities can be classified into strategic, operational and operational.
  • It is essential to integrate risk management into the planning and implementation phase of any project.
  • Use a well-designed method to ensure that hazard description and classification procedures are carried out in a comprehensive manner.
4.
Risk assessment
  • Risks can be estimated quantitatively, semi-quantitatively or qualitatively in terms of the probability of realization and potential outcomes.
  • Results in terms of threats or chances of success may be high, medium or low.
  • The odds may be high, medium or low.
  • Drawing risks on the area of activity affected by them, and identifying areas in which risk control may need to be increased, reduced or redistributed.
5.
Risk Assessment
  • It is necessary to compare the risk assessment with the prepared risk measures.
  • The measure of risk may include returns and losses, legal requirements, social, economic and environmental factors.
  • The assessment of acceptable or unacceptable risks is used to make the right decisions about them.
6.
Preparing risk reports and communications
  • Adopting control methods, especially administrative responsibilities in risk management.
  • Implementing primary control systems to manage significant risks.
  • Implement follow-up and review systems.
  • Record any deficiencies in the system and determine the steps to deal with it.
7.
Addressing risks
  • Risk treatment is the process of selecting and applying actions to change risks.
  • The cost of risk control measures is related to the expected benefits of risk reduction.
  • Risk management includes risk control as one of its most important elements, and extends more to risk avoidance

The Ways to deal with risks

Transfer: It is a means that helps to accept the risk by another party, usually through contracts or financial protection. Insurance is an example of transferring risk through contracts. The contract may include a formula that guarantees the transfer of the risk to another party without the obligation to pay insurance premiums.
Avoidance: It means trying to avoid activities that lead to a risk. An example of this is not buying property or entering into a business to avoid liability. Avoidance seems to be a solution to all risks, but at the same time it may lead to deprivation of the benefits and profits that could have been obtained from the avoided activity.
Reduction: It includes ways to reduce the severity of the resulting losses. An example of this is software development companies that follow methodologies to reduce risks by developing software gradually.
Acceptance (withholding): It means accepting losses when they happen. This method is considered an acceptable strategy in the case of small risks in which the cost of insuring against the risk over time is greater than the total losses. All risks that cannot be avoided or transferred must be accepted.
Surrender: The psychological factor of the risky party must be calculated and persuaded to turn to the permanent rather than the quick interest.
Monitoring and reviewing risk management processes
The control process must ensure that appropriate control measures are applied to the organization's activities.

Controls and audits should determine:

  • The procedures used have given the targeted results.
  • The procedures followed and the information collected for the purpose of examining the hazards were appropriate.
  • Cognitive development helps through lessons learned in examining and managing risks in the future.

risk environment in the project

The nature of the risks facing the project depends on the level of assurance and the state of the environment in which it operates.
  • Proven environment.
  • Dangerous environment.
  • The environment is in a state of complete uncertainty.

proven environment

In this type of environment, all the required data are available, and the results are clear and known, and the project management must take the appropriate decision.
In this case study, we have three projects, each with a specific return (according to the following Table 1), so which project will you choose?
The solution: The best choice, of course, is project B, because it provides the largest Earning.

Dangerous environment

An environment in which the expected probabilities of the alternatives are known, and will result in a different outcome and alternative.
In this case, to make a selection decision two different criteria can be used:
Expected Monetary Value (EMV).
Expected/Alternative Opportunity Loss (EOL).
Case Study: A hospital needs to expand and has two options:
  • Building a large pavilion that is expected to generate a revenue of $300,000 per year if the population continues to increase, but if the city’s population remains constant, building a large pavilion will result in a loss of $170,000.
  • Building a small wing is expected to generate a revenue of $120,000 per year if the population continues to increase, but if the city’s population remains constant, building a small wing will lead to a loss of $90,000. And if you know that the probability that the city’s population will grow is 0.7?
In the case of this study, we will take the appropriate decision in two ways:
1- Standard of expected financial value.
2- Criterion of loss of alternative opportunity.

Use the expected financial value method

Table 2. the expected financial value method.
Table 2. the expected financial value method.
alternative Case
The population is fixed The population is growing
Building a large suite -170.000 300.000
Building a small suite -90.000 120.000
do nothing 0 0
Probability ratio 0.3 0.7
The expected value of building a large suite = (300.000 × 0.7) +(-170.000 × 0.3) = 159.000$
The expected value of building a small suite = (120.000 x 0.7) + (-90.000 x 0.3) = 57.000$
The expected value to do nothing = 0.0
So the best alternative is the one that achieves the highest expected value, which is the alternative of building a large suite.

Use opportunity value

We subtract the values in each column in the previous table from the largest value in that column, with the aim of obtaining the opportunity loss table, and the results appear in the following Table 3
The expected value of loss when building a large suite = 170.000x0.3 + 0x0.7 = 51.000$
The expected value of loss when building a small suite = 90.000x0.3 + 180.000x0.7= 153.000$
The expected value of loss when do nothing = 0x0.3 + 300.000x0.7 = 210.000$
So the best alternative is the one that achieves the least expected financial loss, and it is the first alternative for building a large suite.
The environment is in complete uncertainty
This environment is characterized by ambiguity and uncertainty due to the lack of sufficient data, and the data is so scarce that it does not even help in predicting the potential for events to emerge.
Among the most important decision-making criteria in this type of environment we find:
  • The optimistic criterion (or the best of the best criterion).
  • The pessimistic criterion (or the best-worst criterion).
  • Rational criterion (or Laplace criterion).
  • Realism criterion or Hurwicz criterion.
  • Regret's Criterion of Regret.
  • Optimistic criterion (or better-than-best criterion):
In this criterion, the decision-maker assumes that all conditions are in his favor, so he chooses the best case for each alternative, and then chooses the best alternative among them.
2.
The pessimistic criterion (or the better-worst criterion):
In this criterion, the decision-maker assumes that conditions are always bad in all alternatives, so he chooses the worst case for each alternative, and then chooses the best between them.
3.
Rational criterion (or Laplace criterion):
This criterion is also called the criterion of equal probabilities, because the decision maker gives equal probabilities for each of the cases. The alternatives are determined by calculating the arithmetic mean for each of these alternatives.
4.
Realism Criterion (or Hurwicz Criterion):
It is a reconciling criterion between the pessimist and the optimist. Alternatives are determined using the optimism coefficient (the coefficient of realism) and it is indicated by the α sign. The value of the criterion is 1 ≥ α ≥ 0. The closer the coefficient is to 1, the decision maker is optimistic. The alternative is calculated by multiplying the highest value by the coefficient of realism and the lowest value by the coefficient's complement. Realism combines the two values to obtain the best alternative
5.
Regret Criterion:
Where the returns table is converted to a regret matrix as in the alternative opportunity method (subtracting the values of each column from the largest value in this column) and then choosing the alternative that corresponds to the least regret

Integrating ERM with Enterprise Performance Management (EPM)

There is increasing interest with integrating ERM with enterprise performance management (EPM) methods.
First, a definition of EPM. Enterprise Performance Management (EPM) is the integration of multiple management improvement methods with each embedded with business analytics, such as segmentation analysis, and especially predictive analytics. Its primary purposes are to achieve the executive team’s strategy, to make better decisions, and to improve operational and financial Performance.
Combining the disciplines of enterprise risk with performance management results in better business decisions and actions. Monitoring performance and risk as separate issues is not adequate for driving shareholder and owner value. Investors expect returns that are in proportion to the risks that a firm is taking. This entails understanding how risk impacts corporate strategic direction and decision making as well as processes such as planning, forecasting and profitability analysis.
One of the EPM methods is a strategy map with its associated balanced scorecard as a feedback mechanism to assess how well the executive team’s formulated strategy is being implemented. This is referred to as “strategy management”’
A strategy map has four (4) perspectives with a cumulative impact of cause-and-effect relationships from accomplishing strategic objectives in each of the four perspectives. There are typically two to three strategic objectives in each perspective. The relationships are:
A learning environment → Process excellence → Customer retention and growth → Financial value
For each strategic objective the executives and employee teams will identify (1) projects that will implement the objective; or (2) an end-to-end business process that must be improved. Next, a few key performance indicators (KPIs) are identified for each strategic objective. The purpose of KPIs are to monitor the progress for accomplishing each strategic objective. An executive team will typically establish a target measure for each KPI, and the hold various managers accountable to meet or exceed the target. This provides the motivation and focus with the ultimate purpose to successfully implement the executive teams formulated strategy.
Enterprise risk management (ERM) utilizes a similar measure as KPIs. They are referred to as key risk indicators (KRIs). When a KRI starts going in an unfavorable direction they provide an early warning that a key performance indicator (KPI) will adversely impacted.

Biases can Prevent the Reduction of Risks

Organizations tend to be overconfident about the risk events not occurring in the future. Managers accept information that supports their position, a confirmation bias, and suppress information that contradicts it. Managers suppress expressing objections to actions that C-suite executives and others endorse. Managers accept minor failures and defects as normal rather than as signs of imminent danger.
Preprints 92830 i002Preprints 92830 i003Preprints 92830 i004Preprints 92830 i005Preprints 92830 i006

Recommendations

Risk management helps companies and entrepreneurs to know proactively the size of potential risks, to develop the best strategies to deal with them. When we talk about managing or managing risks, we mean the policy adopted by all companies, regardless of the size of their activity, but the large ones manage the process with greater professionalism due to the fact that the risks threatening them are more influential.

References

  1. Cokins, Gary; Performance Management: Integrating Strategy Execution, Methodologies, Risk, and Analytics; ISBN 978-0-470-44998-1; John Wiley & Sons, Inc.; 2009.
  2. Waheeb, Rasha Abdulrazzak. "Identification of Delay Causes in Construction Projects and Emergency Reconstruction ''Iraq as a case study''." (2018).
  3. Waheeb, Rasha A., Bjørn S. Andersen, and Rafea AL Suhili. "Using ANN in emergency reconstruction projects post disaster." International Journal of Engineering Business Management 12 (2020): 1847979020967835. [CrossRef]
  4. Waheeb, Rasha A., and Bjørn S. Andersen. "Causes of problems in post-disaster emergency re-construction projects—Iraq as a case study." Public Works Management & Policy 27.1 (2022): 61-97. [CrossRef]
  5. Waheeb, Rasha Abdulrazzak. "APP innovation to control projects risks management during crises." EAI Endorsed Transactions on Internet of Things 8.30 (2022). [CrossRef]
  6. Waheeb, Rasha A. "Strength & Conduct of Reinforced Concrete Corner Joint under Negative Moment Effect." Journal of Architectural Environment & Structural Engineering Research 4.4 (2021): 10-17. [CrossRef]
  7. Waheeb, Rasha A., et al. "Impact of Pandemic SARS COVID-19 on Different Construction Project Management: Problems and Solutions." Public Works Management & Policy (2022): 1087724X221113579. [CrossRef]
  8. Waheeb, Rasha, et al. "The prospective of Artificial Neural Network (ANN’s) model application to ameliorate management of post disaster engineering projects." Available at SSRN 4208375 (2022).
  9. Waheeb, Rasha. "Diagnoses of Delay Causes in Construction Projects During Disaster." Available at SSRN 4255634 (2022).
  10. Waheeb, Rasha. "Sustainability of Societies Using Artificial Intelligence in Green Buildings Baghdad." Available at SSRN 4255832 (2022).
  11. Waheeb, Rasha, et al. "Design of earthquake-resistant buildings by using reinforced concrete or steel flexible corner joints." Available at SSRN 4362461 (2023).
  12. Waheeb, Rasha. "How to Prepare the Project Schedule?" Available at SSRN 4297325 (2022).
  13. Waheeb, Rasha. "Quality Control of Steel in Steel Iron Product Factory System." Available at SSRN 4408235 (2023).
  14. Waheeb, Rasha. "Using Digital Twin Technology to Improve Projects Management." Available at SSRN 4255641 (2022).
  15. Waheeb, Rasha. "Dealing with Stabilization and Sustainability issues in Emergency Reconstruction Projects." Available at SSRN 4255645 (2022).
  16. Waheeb, Rasha. "Successful Character of Project Manager (Presentation Slides)." Available at SSRN 4386359 (2018).
  17. Waheeb, Rasha. "Dealing with Stabilization and Sustainability issues in Emergency Reconstruction Projects." Available at SSRN 4255645 (2022).
  18. Waheeb, Rasha. "How to Prepare An Estimated Bill of Quantities for a Project? Iraqi House as a Case Study'Model’." Iraqi House as a Case Study'Model’(April 17, 2023) (2023).
  19. Waheeb, Rasha. "How to Build Your House?" Available at SSRN 4432814 (2023).
  20. Waheeb, Rasha A., and Bjørn S. Andersen. "Causes of Problems in Post-Disaster Emergency Re-Construction Projects—Iraq as a Case Study." Public Works Management & Policy 1 (2021): 37. [CrossRef]
  21. Waheeb, Rasha. "Protect Oil Industry Sector in Iraq by Using AI." Available at SSRN 4440154 (2023).
  22. Waheeb, Rasha. "'Energy Saving by Using Thermal Insulation Works in Buildings'." Available at SSRN 4447979 (2023).
  23. Waheeb, Rasha. "Identification of Delay Causes in Construction Projects and Emergency Reconstruction." Available at SSRN 4449802 (2023).
  24. Waheeb, Rasha. "Mesopotamia Post Disaster 2003 (Emergency Reconstruction Problems and Solutions)." Available at SSRN 4433323 (2023).
  25. Waheeb, Rasha. "The Genesis of Sustainable Development." Available at SSRN 4451312 (2023).
  26. Waheeb, Rasha. "Educating societies on sustainable development." Available at SSRN 4452724 (2023).
  27. Waheeb, Rasha. "The Concept of Sustainable Development." Available at SSRN 4452385 (2023).
  28. Waheeb, Rasha Abdulrazzak. "Diagnoses of Delay Causes in Construction Projects During Disaster." (2022).
  29. Waheeb, Rasha. "Risk Management Mechanism." Available at SSRN 4462360 (2023).
  30. Waheeb, Rasha. "Sustainable ENERGY by using AI." Available at SSRN 4465582 (2023).
  31. Waheeb, Rasha. "Waste Recycling to Save Energy by Using AI." Available at SSRN 4468539 (2023).
  32. Waheeb, Rasha. "The Concept of Urbanization in Developing Countries." Available at SSRN 4468913 (2023).
  33. Waheeb, Rasha. "Enough Pollution and Let's Work Towards a Sustainable Environment: Baghdad as An Emergency Case Study." Available at SSRN 4473744 (2023).
  34. Waheeb, Rasha. "Building Countries by Eliminating Corruption." Available at SSRN 4475261 (2023).
  35. Waheeb, Rasha. "Reducing the Severity of Global Warming to Preserve a Sustainable Environment." Available at SSRN 4468810 (2023).
  36. Waheeb, Rasha. "Capital of the World Baghdad 'The Return of the Mongols'." Available at SSRN 4476447 (2023).
  37. Waheeb, Rasha. "AI Control." Available at SSRN 4497462 (2023).
  38. Waheeb, Rasha. "Ethical Uses of Artificial Intelligence AI." Available at SSRN 4507569 (2023).
  39. Waheeb, R. "Ethical Uses of Artificial Intelligence AI." (2023).
  40. Waheeb, Rasha. "Using Artificial Intelligence to Manage Hajj Rituals." Available at SSRN 4504555 (2023).
  41. Waheeb, Rasha. "AI Points of view." Available at SSRN 4529381 (2023).
Table 1. Ernings.
Table 1. Ernings.
Project Earning $
A 9000
B 10000
C 8000
Table 3. Opportunity value.
Table 3. Opportunity value.
alternative Case
The population is fixed The population is growing
Building a large suite 170.000 0.0
Building a small suite 90.000 180.000
do nothing 0 300.000
Probability ratio 0.3 0.7
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
Prerpints.org logo

Preprints.org is a free preprint server supported by MDPI in Basel, Switzerland.

facebook logotwitter logolinkedin logo
bsky
MDPI Initiatives
Important Links
Subscribe

Accessibility

Disclaimer

Terms of Use

Privacy Policy

Privacy Settings

© 2026 MDPI (Basel, Switzerland) unless otherwise stated