POLYTECHNIC UNIVERSITY OF THE

PHILIPPINES
College of Engineering
Department of Mechanical Engineering

ENGINEERING
MANAGEMENT FOR M.E.
MEEN 3533

Final Exam
Risk Associated with
Management of Engineering
Projects
(Case Study)

Ulep, Ralph Nicholai A.

Student

Engr. Dennis Dale Fanoga

Professor

July 16, 2022

Date
Table of Contents
Introduction ....................................................................................................................................1
Body.................................................................................................................................................2
Decision Criteria .......................................................................................................................2
Five Main Steps in Risk Management .....................................................................................2
FMEA Analysis .......................................................................................................................3

Risk Identification ....................................................................................................................5

Assumption ..............................................................................................................................5
Risk Resources .........................................................................................................................5
Risk Category...........................................................................................................................5
Risk Analysis ...........................................................................................................................6
Probability of Risk Occurrence ................................................................................................6
Risk Impact ..............................................................................................................................6
Risk Exposure ..........................................................................................................................7
Risk Occurrence Timeframe ....................................................................................................7
Risk Classification Examples ..................................................................................................8
Risk Response Planning...........................................................................................................8
Risk Monitoring and Control ...................................................................................................8
Risk Reclassification ................................................................................................................9
Risk Reporting .........................................................................................................................9

Conclusion ....................................................................................................................................10
References .....................................................................................................................................11
Appendices ....................................................................................................................................12
Introduction

Risk management is simply the identification, assessment, and prioritization of risks,

followed by a coordinated and economical application of resources to minimize or control the
probability of occurrence and the impact of negative events, as well as to maximize the realization
of opportunities.

What is considered a risk? Risks can come from uncertainty in financial markets, project failures,
legal actions, regulatory liabilities, accidents, and natural disasters as well as simple human error.

The definition of risk is generally compartmentalized based upon whether the risk is in the context
of business continuity, project management, security, engineering, industrial processes, financial
portfolios, actuarial assessments, or public health and safety. The potential list is finite but is
certainly overwhelming. Within the context of Reliability Excellence and effective continuous
improvement, risk management can be limited to two major categories: business and asset risk.

For engineers, project management includes careful planning and communication of that
plan to a team of engineers. It involves the identification of project goals and milestones as well
as the development of multiple scenarios and contingency plans. It’s an important process for any
engineering team because otherwise, the unexpected can arise and derail the work of dozens or
even hundreds of people.

Engineering is a complex and ever-evolving industry, so engineering project managers need to be

adaptable and up to date on all of the latest best practices. That includes engineering practices
related to the project at hand, as well as overall management skills.

What is the Risk Management Process?

It's simply that: an ongoing process of identifying, treating, and then managing risks.
Taking the time to set up and implement a risk management process is like setting up a fire alarm–
–you hope it never goes off, but you’re willing to deal with the minor inconvenience upfront in
exchange for protection down the road.

Identifying and tracking risks that might arise in a project offers significant benefits,
including:

• More efficient resource planning by making previously unforeseen costs visible

• Better tracking of project costs and more accurate estimates of return on investment
• Increased awareness of legal requirements
• Better prevention of physical injuries and illnesses
• Flexibility, rather than panic, when changes or challenges do arise

1
Decision Criteria
Five Main Steps in Risk Management:
1. Identify the Risk
Anticipating possible pitfalls of a project doesn't have to feel like gloom and
doom for your organization. Quite the opposite. Identifying risks is a
positive experience that your whole team can take part in and learn from.

Use a risk breakdown structure to list out potential risks in a project and
organize them according to level of detail, with the most high-level risks at
the top and more granular risks at the bottom. This visual will help you and
your team anticipate where risks might emerge when creating tasks for a
project.

Figure 1: Risk Breakdown Structure Example

Once you and your team have compiled possible issues, create a project risk
log for clear, concise tracking and monitoring of risks throughout a project.

Figure 2: Qualitative Risk Register

2
 A project risk log, also referred to as a project risk register, is an integral
part of any effective risk management process. As an ongoing database of
each project’s potential risks, it not only helps you manage current risks but
serves as a reference point on past projects as well. By outlining your risk
register with the proper data points, you and your team can quickly and
correctly identify and assess possible threats to any project.

Figure 3: Project Register Risk

2. Analyze the Risk

Once your team identifies possible problems, it's time to dig a little deeper.
How likely are these risks to occur? And if they do occur, what will the
ramifications be?

During this step, your team will estimate the probability and fallout of each
risk to decide where to focus first. Factors such as potential financial loss to
the organization, time lost, and severity of impact all play a part in
accurately analyzing each risk. By putting each risk under the microscope,
you’ll also uncover any common issues across a project and further refine
the risk management process for future projects.

Nobody likes to think about failure. But if you want to avoid it, you need to
take a hard look at what could go wrong (and why), so you can take steps
to reduce the risk.

That is the goal of the FMEA risk analysis.

What is FMEA analysis?

FMEA stands for Failure Modes and Effects Analysis. It is a step-by-step
method for identifying and analyzing all possible ways a process or product
could fail and designing a strategy to prioritize and mitigate the biggest
risks.

In other words, FMEA asks and answers:

3
• What could go wrong?
• Why would the failure happen?
• How likely is this failure?
• What could be the consequences of each failure?

Figure 4: FMEA (Cause and Effect) Chain

3. Prioritize the Risk

Now prioritization begins. Rank each risk by factoring in both its likelihood
of happening and its potential effect on the project.

This step gives you a holistic view of the project at hand and pinpoints
where the team's focus should lie. Most importantly, it’ll help you identify
workable solutions for each risk. This way, the project itself is not
interrupted or delayed in significant ways during the treatment stage.

4. Treat the Risk

Once the worst risks come to light, dispatch your treatment plan. While you
can’t anticipate every risk, the previous steps of your risk management
process should have you set up for success. Starting with the highest priority
risk first, task your team with either solving or at least mitigating the risk so
that it’s no longer a threat to the project.

Effectively treating and mitigating the risk also means using your team's
resources efficiently without derailing the project in the meantime. As time
goes on and you build a larger database of past projects and their risk logs,
you can anticipate possible risks for a more proactive rather than reactive
approach for more effective treatment.

4
 5. Monitor the risk
Clear communication among your team and stakeholders is essential when
it comes to ongoing monitoring of potential threats. And while it may feel
like you're herding cats sometimes, with your risk management process and
its corresponding project risk register in place, keeping tabs on those
moving targets becomes anything but risky business.

Assumption:
Engineers might face risk in shortage of manpower, resources, equipment, and overall cost
of day-to-day operations in developing projects.

Risk Identification
Risks are to be identified and dealt with as early as possible in the project. Risk
identification is done throughout the project life cycle, with special emphasis during the
key milestones.

Risk identification is one of the key topics in the regular project status and reporting
meetings. Some risks may be readily apparent to the project team—known risks; others will take
more rigor to uncover but are still predictable.

Risk Resources

Figure 5: Risk Source

Risk Category
Risk category provides a list of areas that are prone to risk events. The organization
recommends high-level, standard categories, which have to be extended based on the
project type.

5
 Figure 6: Organization-Provided Standard Risk Categories

Risk Analysis
Risk analysis involves examining how project outcomes and objectives might change due
to the impact of the risk event.

Once the risks are identified, they are analyzed to identify the qualitative and quantitative
impact of the risk on the project so that appropriate steps can be taken to mitigate them.
The following guidelines are used to analyze risks.

Probability of Risk Occurrence

• High probability – (80 % ≤ x ≤ 100%)
• Medium-high probability – (60 % ≤ x < 80%)
• Medium-Low probability – (30 % ≤ x < 60%)
• Low probability (0 % < x < 30%)

Risk Impact
• High – Catastrophic (Rating A – 100)
• Medium – Critical (Rating B – 50)
• Low – Marginal (Rating C – 10)

Figure 7: Impact Classification Guideline

6
Risk Exposure
Risk Exposure or Risk Score is the value determined by multiplying the Impact Rating
with Risk Probability.

Figure 8: Impact-Probability Matrix

Risk Occurrence Timeframe

The timeframe in which this risk will have an impact is identified. This is classified into
one of the following:

Figure 9: Risk Occurrence Timeframe

7
Risk Classification Examples:

Figure 10: Risk Classification Examples

Risk Response Planning

There may not be quick solutions to reduce or eliminate all the risks facing a project. Some
risks may need to be managed and reduced strategically over longer periods. Therefore, actioplans
should be worked out to reduce these risks. These action plans should include:

• Risk description with risk assessment

• Description of the action to reduce the risk
• Owner of the risk action
• Committed completion date of the risk action

Risk Monitoring and Control

Risk monitoring and control includes:

• Identifying new risks and planning for them

• Keeping track of existing risks to check if:
• Reassessment of risks is necessary
• Any of risk conditions have been triggered
• Monitor any risks that could become more critical over time
• Tackle the remaining risks that require a longer-term, planned, and managed
approach with risk action plans

8
Risk reclassification
For the risks that cannot be closed, the criticality has to go down over a period of time due
to implementing the action plan. If this is not the case, then the action plan might not be
effective and should be re-examined.

Risk reporting
The risk register is continuously updated, from risk identification through risk response
planning and status update during risk monitoring and control. This project risk register is
the primary risk reporting tool and is available in the central project server, which is
accessible to all stakeholders.

Risk monitoring and controlling or risk review is an iterative process that uses progress status
reports and deliverable status to monitor and control risks. This is enabled by various status reports,
such as quality reports, progress reports, follow-up reports, and so forth.

Risk Reviews are a mandatory item of milestone meetings and/or regular project meetings, but
they can also be executed during separately planned risk review meetings. These risk reviews must
be held regularly. The frequency could also be determined based on the overall risk level of a
project.

9
Conclusion
Risk management is simply the identification, assessment, and prioritization of risks, followed
by a coordinated and economical application of resources to minimize or control the probability
of occurrence and the impact of negative events, as well as to maximize the realization of
opportunities. The potential list is finite but is certainly overwhelming. Within the context of
Reliability Excellence and effective continuous improvement, risk management can be limited to
two major categories: business and asset risk. For engineers, project management includes
careful planning and communication of that plan to a team of engineers. Engineering is a
complex and ever-evolving industry, so engineering project managers need to be adaptable and
up to date on all of the latest best practices. That includes engineering practices related to the
project at hand, as well as overall management skills. It's simply that: an ongoing process of
identifying, treating, and then managing risks.

10
References

“5 Steps to Any Effective Risk Management Process.” Lucidchart, 9 Oct. 2019,

www.lucidchart.com/blog/risk-management-process.

Everitt, Jessica. “What Is a Risk Register in Project Management? | Wrike.” Wrike, 26 Apr.

2022, www.wrike.com/blog/what-is-a-risk-register-project-management.

Lavanya, N., and T. Malarvizhi. “Risk Analysis and Management |

Https://Www.Pmi.Org/Learning/Library/Risk-Analysis-Project-Management-7070.” Risk

Analysis and Management, 3 Mar. 2008, www.pmi.org/learning/library/risk-analysis-

project-management-7070.

Lucid Content Team. “How to Conduct an FMEA Analysis | Lucidchart Blog.” FMEA Analysis,

13 Mar. 2019, www.lucidchart.com/blog/what-is-fmea-analysis.

McNeice, Kirsten. “What Is Project Management for Engineers?” Accelo, 8 June 2021,

www.accelo.com/resources/blog/what-is-project-management-for-

engineers/#:%7E:text=Engineering%20Project%20Management,multiple%20scenarios%

20and%20contingency%20plans.

Mobley, R. Keith. “What Is Risk Management?” What Is Risk Management? Life Cycle

Engineering, www.lce.com/What-is-Risk-Management-1263.html. Accessed 16 July

2022.

Schmittner, Christoph. “FMEA Cause-Effect-Chain |

Https://Www.Researchgate.Net/Figure/FMEA-Cause-Effect-Chain_fig2_290751391.”

FMEA Cause-Effect-Chain, Sept. 2014, www.researchgate.net/figure/FMEA-cause-

effect-chain_fig2_290751391.

11
 Appendices
Appendix A: Risk Breakdown Structure

Figure 1: A Table to list down all the Risk

12
 Appendix B: Qualitative Risk Register

Figure 2: Table to Categorize Qualitative Risk Register

13
 Appendix C: Project Register Risk

Figure 3: Table to be used for Registering Project Risk

14
Appendix D: FMEA Cause and Effect Chain

Figure 4: Chart for Analyzing Cause and Effect

15
 Appendix E: Risk Source

Figure 5: Table to identify the Source of the Risk

16
Appendix F: Organization-Provided Standard Risk Categories

Figure 6: Table to Identify the Category of the Risk

17
 Appendix G: Impact Classification Guideline

Figure 7: Table to Identify the Objective of the Project and its Impact Ratings

18
 Appendix H: Impact-Probability Matrix

Figure 8: Table to be used for the Impact of Risk Exposure

19
 Appendix I: Risk Occurrence Timeframe

Figure 9: Table to be used for Identifying the Timeframe of the Risk

20
 Appendix J: Risk Classification Examples

Figure 10: Table to be used for Risk Event and the Probability and Impact Rating

21