Latest Lambert Mba Project Main Body

CHAPTER ONE
INTRODUCTION
1.1 Background Information
Risk management (RM) is a concept which is used in all industries, from IT related
business, automobile or pharmaceutical industry, to the construction sector. Each
industry has developed their own RM standards, but the general ideas of the
concept usually remain the same regardless of the sector. According to the Project
Management Institute (PMI) (2004), project risk management is one of the nine
most critical parts of project commissioning. This indicates a strong relationship
between managing risks and a project success. While RM is described as the most
difficult area within construction management (Addison et al., 2002) its
application is promoted in all projects in order to avoid negative consequences
(Addison et al., 2002).
One concept which is widely used within the field of RM is called the risk
management process (RMP) and consists of four main steps: identification,
assessment, taking action and monitoring the risks (Barton et al., 2002). In each of
these steps, there are a number of methods and techniques which facilitate handling
the risks.
Many industries have become more proactive and aware of using analyses in
projects. Likewise, RM has become a timely issue widely discussed across

1
industries. However, with regard to the construction industry, risk management is
not commonly used (Akkermans et al., 2002). More construction companies are
starting to become aware of the RMP, but are still not using models and techniques
aimed for managing risks. This contradicts the fact that the industry is trying to be
more cost and time efficient as well as have more control over projects. Risk is
associated to any project regardless the industry and thus RM should be of interest
to any project manager. Risks differ between projects due to the fact that every
project is unique, especially in the construction industry (Bakker et al., 2011).
However there are still many practitioners that have not realized the importance of
including risk management in the process of delivering the project (Akkermans et
al., 2002). Even though there is an awareness of risks and their consequences,
some organizations do not approach them with established RM methods.
Today, in business worldwide, the risk management function is becoming very
important for achieving the objectives of organizations (Alfayo, et al 2016). In
recent years, Nigeria has recognized the importance of the risk management
function, which is why that function has been established in some institutions both
private and public.
The Nigeria, Telecommunication sector is among those institutions that risk
management functions to deal with the assessment of control, good governance
and risk management. Managing risk is actually managing the organization in

2
planning, organising, directing, and controlling the organization's systems and
resources to achieve objectives (Gupta, 2011).
The risk management function is an integral part of the corporate governance
regime of most public institutions and a number of larger private companies. The
primary goal of risk management is to evaluate the institution’s internal controls
and corporate governance processes and ensure that they are adequate and are
functioning correctly. Gupta (2011) views the existence of risk management
function as essential for all institutions and suggests that where the board of such
an institution decides not to implement effective risk management function, full
reasons for its decision should be advanced in the institutions Annual Report.
1.2 Problem Statement
Most Telecommunication companies including MTN have well-structured risk
management departments that have the mandate of regulating and managing the
various risks the companies encounter in the course of doing business. Some of
these risks include: market risk, operational risk, credit risk and funding risk. As a
standard practice they maintain written policies and procedures that clearly outline
their risk management guidance for their trading activities. These policies identify
the risk tolerance of the Board of Directors and clearly delineate lines of authority
and responsibility for managing the risks of these activities. Individuals throughout
the trading and derivatives areas are made fully aware of all the policies and
3
procedures that relate to their specific duties. The Board of Directors, senior-level
management, and members with independent risk management functions also play
important roles in the risk management process.
Efficient management of risk in the Telecommunication industry is crucial for the
growth and development of the sector. To ensure the effective and efficient
management of risk, effective risk management policies and procedures need to be
put in place. Risk management measures are put in place by government,
regulatory bodies or institutions to provide reasonable assurance that objectives
could be achieved.
In spite of the well-structured process in managing risk exposures at MTN, the
company still faces the problem of embezzlement, theft, inaccurate and unreliable
information provided by officials on the field. This phenomenon mostly leads to
huge sums of losses to the company, and this invariably affects the company’s
general performance and profit negatively.
1.3 Aim and objectives of the Study
The aim of this research work is to examine the consequences of risk management
on the performance of MTN Telecommunication projects. To achieve this aim, the
following specific objectives are necessary:
i. To identify the factors responsible for poor risk management practices in
MTN Telecommunication projects;

4
ii. To examine the various risk response strategies in MTN Telecommunication
projects
1.4 Research Questions
i. What are the factors responsible for poor risk management practices in MTN
Telecommunication projects?
ii. What are the various risk response strategies in MTN Telecommunication
projects?
1.5 Justification of the study
Risk is a significant aspect of business activities in a market economy. As risk
taking constitutes a major characteristic of the Telecommunication sector, it is
important for management to address these risk issues.
Risks inherent in the operations of the Telecommunication sector have become
much more diversified and complicated and are generally categorized as the
following: credit risk, market risk, liquidity risk, operational risk, electronic data
processing (EDP) risk, and management risk. Risk management is a prominent
issue given the degree of impact it has on the Telecommunication sector and its
operations, should it emerge. Consequently, the strength of risk management
systems in the Telecommunication sector has naturally become one of the most
important aspects in assessing the safety and soundness of the sector.
5
Also, the deregulation and increased competition in the Telecommunication
industry in recent times has led to most Telecommunication companies taking
uncalculated risk.
1.6 Scope of the Study
1.7.1. Content Scope
This study review the consequences of risk management on the performance of
MTN Telecommunication and approved factors responsible for poor risk
management practices and various risk response strategies as the independent
variable which affects the performance of MTN Telecommunication
1.7.2. Geographical Scope
The study was conducted in MTN Telecommunication in Port Harcourt , Rivers
State. The study covered the human resources department of the Organisation.
1.7.3. Time Scope
The study covered the period three months, from February, 2021 to May, 2021
when the project was implemented which emphasized risk management on the
performance of MTN Telecommunication.
1.8 Limitations of the Study
Time and financial constraints limited the number of respondents contacted. The
ideal situation would have been to cover many respondents, but since there is time
6
allocation and financial resources limitation on the part of the researcher, it limited
the number of respondents contacted.
Also, the degree of reliability of responses due to memory lapses could affect the
precision of the outcome. Additionally, biases introduced by some respondents
could also not be estimated.
In spite of these limitations, the study was still good and reliable since data was
collected from credible sources.
CHAPTER TWO
LITERATURE REVIEW
2.1 Conceptual Review
2.1.1 The concept of risk management
Chapman et al. (2007) provide a comprehensive description of the concept of RM
and how it can be used in practice. According to the authors, risk management
cannot be perceived as a tool to predict the future, since that is rather impossible.
Instead, they describe it as a tool to facilitate the project in order to make better
decisions based on the information from the investment. In this way, decisions
based on insufficient information can be avoided, and this will lead to better
overall performance. In the literature, RM is described as a process with some
predefined procedures. The scope of its definition differs among the authors;
however the core information is the same. From a number of definitions which can
7
be found in the management literature. Chenoweth et al. (2009) explanation brings
the essence of this concept:
The risk management process involves the systematic application of management
policies, processes and procedures to the tasks of establishing the context,
identifying, analyzing, assessing, treating, monitoring and communicating risks
(Chenoweth et al., 2009).
Risk management process (RMP) is the basic principle of understanding and
managing risks in a project. It consists of the main phases: identification,
assessment and analysis, and response (Chapman et al. 2007). All steps in RMP
should be included when dealing with risks, in order to efficiently implement the
process in the project. There are many variations of RMP available in literature,
but most commonly described frameworks consist of those mentioned steps. In
some models there is one more step added, and the majority of sources identify it
as risk monitoring or review. For the purpose of this paper the model of RMP
described by Chapman et al. (2007) will be used for further analysis and will be
further explained in the following section.
2.1.2 Risk definition
Risk and uncertainty are the two most often used concepts in the literature covering
RM field. Although these terms are closely related, a number of authors
differentiate between them (Campbell Institute, 2014). Also practitioners working

8
with risk have difficulty in defining and distinguishing between these two. Often
definitions of risk or uncertainty are tailored for the use of a particular project. To
make it more systematized, a literature research was done. The findings of this
search resulted in a number of definitions risk and uncertainties.
Uncertainty is defined in a more abstract way. The descriptions provided in Table
2 are similar to each other and the common factor is again lack of information and
knowledge. The biggest difference by definition is awareness. For the purpose of
this thesis, the definition of uncertainty provided by Coles et al (2003) will be
used. These two chosen definitions best show the difference between risk and
uncertainty and help to be consistent with terminology in the paper.
Kogut et al (1996) find some of the risks to be predictable and easy to identify
before they occur, while the others are unforeseeable and can result in unexpected
time delays or additional costs. This statement finds confirmation in the definition
provided by Kululanga et al (2010) that uses the same arguments defining
uncertainty as rather unpredicted, unforeseeable events, while risk should be
possible to foresee. The overview of definitions which can be found in literature
regarding those two terms implies that uncertainty is a broad concept and risk is a
part of it. This confirms close relation between those two concepts but at the same
time distinguishes them.
9
Risk is also the uncertainty associated with any investment. That is, risk is the
possibility that the actual return on an investment will be different from its
expected return. A very important concept in finance is the idea that an investment
that carries a higher risk has the potential of a higher return. For example, a zero-
risk investment, such as treasury security has a low rate of return, while a stock in
a start-up company has the potential to make an investor very wealthy, as well as
the potential to lose one's entire investment. Certain types of risk are easier to
quantify than others. To the extent that risk is quantifiable, it is generally
calculated as the standard deviation on an investment's average return (Ibbs, 2000).
Risk is defined in ISO 31000 as the effect of uncertainty on objectives (whether
positive or negative).
There are a number of terms that relate to the word "risk", namely "chance",
"possibility", "danger", "gamble", "hazard", "jeopardy", "peril", "speculation" and
"uncertainty". Usually the connotation linked to risk is a negative one, which
implies loss or misfortune.
According to Flesher (1996) the word "risk" derives from the early Italian risicare,
which means "to dare". In this sense, risk is choice rather than fate. The action we
dare to take, which depends on how free we are to make choices, are what the story
of risk is all about.
10
According to Kerlinger (2012), risk refers to the probability that an event,
condition or action may adversely affect an organization or its activities. In the
same sense, Kerlinger (2012) states that the concept of risk is fundamental to the
auditing role, since it may be in conflict with the concept of control. Controls are
designed to ensure that objectives are achieved; risk may prevent this. Overall, risk
should be reduced by adequate controls, and the greater the degree of risk, the
greater the need for good controls. Audit has a clear remit to expose and help to
minimize the level of risk that threatens the organization.
According to Kerzner (2009), "risk" is a common word found liberally used in the
daily news media, weighty academic journals, and the professional magazines for
leaders of business, the economy and government. A manager skimming over the
daily news or perusing a more weighty publication is likely to find the word "risk"
used in many different ways. Risk is the property that causes value to vary in
uncertain ways. It is not the variation that is the source of risk. Managers can and
do anticipate variation and deal effectively with it. The source of risk is the
uncertainty of an unexpected change in the environment.
Khan et al (2007) defines risk as the uncertainty of an event occurring that could
have an impact on the achievement of objectives, and specifies that risk is
measured in terms of consequences and likelihood and is inherent to every
business or government entity. Opportunity risks assumed by management are

11
often drivers of organizational activities. Beyond these opportunities may be
threats and other dangers that are not clearly understood or fully evaluated and too
easily accepted as part of doing business.
According to Kinyua et al (2015), risk is defined as a deviation from the expected
value. It implies the presence of uncertainty, where there may be uncertainty as to
the occurrence of an event producing a loss, and uncertainty on the outcome of the
event, where the degree of risk is interpreted with reference to the degree of
variability and not with reference to the frequency with which the event will occur
or to the probability that it will display a particular outcome.
According to CIPFA (1997), risk is the chance of things going wrong. As
individuals, in the experience of risk is an unavoidable fact of life. However
carefully in trying and planning things and whatever precautions they take, the
likelihood is that every now and again things may still go wrong. The situation is
very similar for organizations, except that often the stakes are higher, and the cost
of things going wrong may therefore be far greater. Corporate risk can, thus, be
described as the probability that an event or action may adversely affect the
organization.
In broad terms, the risks faced by an organization can include the following:
- Failure to accomplish established objectives and goals for operations or
programmes
12
- Failure to meet statutory and regulatory requirements
- Wrong decisions taken because of incorrect, untimely, incomplete or unreliable
information, poor record-keeping, inappropriate accounting, inaccurate financial
reporting and financial loss and exposure
- Fraud, corruption, misappropriation of assets, waste and loss, failure to safeguard
assets adequately
- Customer dissatisfaction, negative publicity and damage to the organization's
reputation
- Failure to safeguard staff and customers adequately, and acquiring resources
uneconomically or using them inefficiently or ineffectively.
2.1.3 Risks in construction projects
Due to the nature of the construction sector, RM is a very important process here.
It is most widely used in those projects which include high level of uncertainty.
These types of risk investments are characterized by more formal planning,
monitor and control processes.. The easiest way to identify risk is to analyze and
draw a conclusion from projects which failed in the past. To make sure that the
project objectives are met, the portfolio of risks associated with all actors across
the project life cycle (PLC) should be considered (Cleland and Gareis, 2006). In
the early stages of the project where planning and contracting of work, together
with the preliminary capital budget are being drawn, risk management procedures
13
should be initiated. In later stages, RM applied systemically, helps to control those
critical elements which can negatively impact project performance. In other words,
to keep track of previously identified threats, will result in early warnings to the
project manager if any of the objectives, time, cost or quality, are not being met
(Jin et al, 2006).
There are a number of risks which can be identified in the construction industry
and which can be faced in each construction project regardless of its size and
scope. Changes in design and scope along with time frames for project completion
are the most common risks for the construction sector. The further in the process,
changes in scope or design are implemented, the more additional resources, time
and cost, those changes require. Project completion ahead of time may be as
troublesome as delays in a schedule. Too quick completion may be a result of
insufficient planning or design problems which in fact shorten the completion time
but on the other hand lead to a low quality of final product and increased overall
cost. Being behind schedule generates greater costs for both investors and
contractors due to non-compliance with contracted works (Pimchangthong et al.,
2017). And thus it is important to keep a balance in the concept of time-cost-
quality tradeoff, which more widely is becoming an important issue for the
construction sector (Pimchangthong et al., 2017). Depending on the project scope,
types of risks may differ among investments.

14
2.1.4 Levels of Risk
Risks fall into the following categories:
- Strategic risk - the risk to revenue, earnings and product offerings as a result of
poor decision-making or implementation of those poor decisions. Included in this
category is the risk of the deterioration of reputation arising from negative
publicity.
- Credit risk - the risk that counterpart will default on obligation, resulting in a
financial loss.
- Market risk - the risk of any fluctuation in the value of a portfolio resulting from
adverse changes in market prices and market parameters.
- operational risk - the risk of loss resulting from inadequate or failed internal
processes and systems, as well as the actions of people or from external events
(Owino et al., 2015).
2.1.5. Characteristics of Risk
According to Ovum (2015), risks have many different characteristics. The purpose
of this section is to determine and understand the characteristics of each risk. It is
specifically designed to answer the following questions about each risk:
- Where does the risk arise (is it external or internal to the company)?
- would the occurrence of the risk directly impact on the company's achievement of
its strategic objectives

15
- would the occurrence of one risk cause another risk to occur
- are there relationships and correlations with other risks?
- is the risk pervasive throughout the organization, or more discreet?
An understanding of risk characteristics can help organize and provide a sequence
to the formal assessment, give participants a context for understanding how the
various risks affect the organization, and identify opportunities to combine or
redefine risks before the formal risk assessment.
2.1.6 Sources of Risk
According to Ovum (2015), understanding the source of each risk helps to manage
the risk at its source instead of its outcome. If the source of a risk is not identified,
the risk cannot be managed as effectively and efficiently as desired by
management. External risks (those arising outside the organization) may not be
fully manageable by the company. Internal risks that are not managed at the source
may result in ineffective deployment of valuable resources. For example, if a
company’s products are not selling as expected due to a perception that the price is
too high, there may be an increased focus on managing price risk within the sales
and marketing areas.
Sources of risk are elements of the organizational environment that can bring about
positive or negative outcomes. For example, the decision to start the production of
a new item by an organization is hardly influenced by the market conditions.

16
Therefore, the market conditions that are described by the presence of competitors,
the needs of customers, the quality of the raw materials, etc. are sources of risk for
this organization. Different definitions and classifications can be used in
managerial practice. A general classification may use physical, social and
economic sources, but an in-depth investigation of risk identification may need
classification that can cover all types of risks in more detail. Depending on the
environment in which risks arise, their sources can thus be represented as follows:
• Physical environment
• Political environment
• Operational environment
• Legal environment
• Cognitive environment (Olsson, 2008)
2.1.7 Decision making process from risk management perspective
Each of the phases of the PLC has certain purpose and scope of work assigned. At
the completion of each phase there is a decision point where risk assessment takes
place. Based on the risk assessment, an appropriate decision is made regarding
further actions or proceeding to the next phase (Nelson et al., 2008). For project
management to be effective, an evaluation should be made including all phases of
the PLC. Nachmias, (2005) use 'go', 'maybe' and 'no go' options in a decision
making process. A 'go' status will constitute a green light for proceeding on to the
17
next phase while 'no go' will stop the project. Evaluation resulting in a 'maybe'
decision will lead to return to a previous phase or even phases for further
improvements and minimizing risk (Nachmias, 2005). The further on in the stages
the 'maybe' decision is made, which takes the process back to the initial phases, the
more problems it causes. According to Modarres (2006) it is possible to go back in
phases within a PLC, however this undermines decisions which were made in
previous stages and leads to waste of resources, usually both time and money
(Modarres, 2006). Decisions which are made at the end of each stage should be
made after a careful study of the possible risks and hindrances which might be
encountered.
2.1.8 The risk management process
As mentioned above, an RMP described by Modarres et al. (2006) has been chosen
for the purpose of this paper. This section will further explain the RMP, its four
stages and how it can be used in managing risks.
2.1.9 Risk identification
Mortensen (2013) claims that the first step in the RMP is usually informal and can
be performed in various ways, depending on the organization and the project team.
It means that the identification of risks relies mostly on past experience that should
be used in upcoming projects. In order to find the potential risks, an allocation
needs to be done. This can be decided and arranged by the organization. In this
18
case, no method is better than another, since the only purpose is to establish the
possible risks in a project.
Risks and other threats can be hard to eliminate, but when they have been
identified, it is easier to take actions and have control over them. If the causes of
the risks have been identified and allocated before any problems occur, the risk
management will be more effective (PMI, 2004). RM is not only solving problems
in advance, but also being prepared for potential problems that can occur
unexpectedly. Handling potential threats is not only a way to minimize losses
within the project, but also a way to transfer risks into opportunities, which can
lead to economical profitability, environmental and other advantages (Mortensen,
2013).
The purpose of identifying risks is to obtain a list with potential risks to be
managed in a project (National Communications Authority, 2012). In order to find
all potential risks which might impact a specific project, different techniques can
be applied. It is important to use a method that the project team is most familiar
with and the project will benefit from. The aim is to highlight the potential
problems, in order for the project team to be aware of them. Authors describe
many creative alternative methods.
2.1.9.1 Assessment/analysis
19
Risk analysis is the second stage in the RMP where collected data about the
potential risk are analyzed. Risk analysis can be described as short listing risks
with the highest impact on the project, out of all threats mentioned in the
identification phase (McKinsey et al. 2016). Although some researchers
distinguish between terms risk assessment and risk analysis and describe them as
two separate processes, for the purpose of this paper, this part of RMP will be
consistent with the model provided by McKinsey et al. (2016) and described as
one process.
In the analysis of the identified risk, two categories of methods – qualitative and
quantitative – have been developed. The qualitative methods are most applicable
when risks can be placed somewhere on a descriptive scale from high to low level.
The quantitative methods are used to determine the probability and impacts of the
risks identified and are based on numeric estimations (Mortensen, 2013).
Companies tend to use a qualitative approach since it is more convenient to
describe the risks than to quantify them (Thapar et al., 2016). In addition, there is
also one approach called semi-quantitative analysis, which combines numerical
values from quantitative analysis and description of risk factors, the qualitative
method (Mortensen, 2013).
Within the quantitative and qualitative categories, a number of methods which use
different assumptions can be found, and it may be problematic to choose an

20
appropriate risk assessment model for a specific project. The methods should be
chosen depending on the type of risk, project scope as well as on the specific
method’s requirements and criteria. Regardless of the method chosen, the desired
outcome of such assessment should be reliable (Thapar et al., 2016).
Thapar et al., 2016 explains a number of factors that can influence the selection of
the most appropriate methods in the risk assessment for the right purpose. It is up
to each organization to decide which of these factors are the most critical for them
and develop the assessment accordingly. In a survey conducted by Thapar et al.,
2016, many factors were discovered, and the most important ones are listed below.
 Cost of using the method, both the employment cost and the method itself
 Adaptability, the need of adapting to the organization’s requirement
 Complexity, how limited and simple the method is
 Completeness, the method needs to be feasible
 Usability, the method should be understandable to use
 Validity, the results should be valid
 Credibility
2.1.9.2 Quantitative methods
Quantitative methods need a lot of work for the analysis to be performed. The
effort should be weighed against the benefits and outcomes from the chosen
method, for example smaller projects may sometimes require only identification
21
and taking action on the identified risks, while larger projects require more in
depth analysis. The quantitative methods estimate the impact of a risk in a project
(PMI, 2017). They are more suitable for medium and large projects due to the
number of required resources such as complex software and skilled personnel
(PWC, 2017).
2.1.9.3 Scenario technique - Monte Carlo simulation
The Monte Carlo method is based on statistics which are used in a simulation to
assess the risks. The simulation is used for forecasting, estimations and risk
analysis by generating different scenarios (Rabechini et al, 2013). Information
collected for the simulation is, for instance, historical data from previous projects.
The data represent variables of schedule and costs for each small activity in a
project, and may contain pessimistic, most likely and optimistic scenarios (PWC,
2017). The simulation can be presented as a basket with golf balls, as Mun (2006)
explains the process. Data (the golf balls) are mixed and one of them is picked
each time the simulation is done. The chosen unit is an outcome which is recorded
and the ball will be put back into the basket. The simulation is then redone a
number of times and all outcomes are recorded. After completing the simulations
required number of times, the average is drawn from all of the outcomes, which
will constitute the forecast for the risk (Rabechini et al, 2013). The result from this
22
method is a probability of a risk to occur, often expressed in a percentage (Raz et
al., 2002).
The most common way of performing the Monte Carlo simulation is to use the
program Risk Simulator software, where more efficient simulations can be
performed. This analysis can be also done in Microsoft Excel where a special
function is used to pick the data randomly, but the results can be very limited
(Rabechini et al, 2013).
2.1.9.4 Modeling technique - Sensitivity analysis
The purpose of a sensitivity analysis is to establish the risk events which have the
greatest impact or value. Those events are later weighed against the objectives of
the project. The higher the level of uncertainty a specific risk has, the more
sensitive it is concerning the objectives. In other words, the risk events which are
the most critical to the project are the most sensitive and appropriate action needs
to be taken (PWC, 2017)
The result from the analysis can be presented in a spider diagram, Figure 4, that
shows the areas in the project which are the most critical and sensitive. Moreover,
one disadvantage with this analysis is that the variables are considered separately,
which means that there is no connection between them (PWC, 2017).
23
Figure 2.1: shows how a sensitivity analysis can look like (PWC, 2017)
The method requires a model of project in order to be analyzed with computer
software. According to Smith et al. (2006), the project will benefit if the method is
carried out in the project’s initial phases in order to focus on critical areas during
the project.
24
2.1.9.5 Diagramming technique
Decision tree analyses are commonly used when certain risks have an
exceptionally high impact on the two main project objectives: time and cost
(Robson et al., 2016). There are two types of decisions trees; called Fault tree
analysis (FTA) and Event tree analysis (ETA).
The FTA method of analysis is used to determine the probability of the risk and is
used to identify risks that can contribute or cause a failure of one event (Shenhar,
2002). The purpose is to find the underlying causes to this event. It is usually
drawn up as a sketch of a tree. The branches are the causes to the problem, and the
starting point of the tree is the problem itself. Each branch has its own sequence of
events and possible outcomes. The problem could depend on some causes that are
interrelated with each other, or simply random causes (Cooper et al. 2005). By
having many branches, the tree provides an opportunity to choose which branch to
follow and base decisions on (Robson et al., 2016).
2.1.9.6 Qualitative methods
Qualitative methods for risk assessment are based on descriptive scales, and are
used for describing the likelihood and impact of a risk. These relatively simple
techniques apply when quick assessment is required (Cooper et al. 2005) in small
and medium size projects (Robson et al., 2016). Moreover, this method is often
used in case of inadequate, limited or unavailable numerical data as well as limited

25
resources of time and money (Radu, 2009). The main aim is to prioritize potential
threats in order to identify those of greatest impact on the project (Cooper et al.
2005), and by focusing on those threats, improve the project’s overall performance
(Standish Group, 2014). The complexity of scales (Smith, 2006) and definitions
(Standish Group, 2014) used in this examination reflect the project's size and its
objectives. During the phases of the PLC, risks may change, and thus continuous
risk assessment helps to establish actual risk status (Smith, 2006).
Limitations of qualitative methods lie in the accuracy of the data needed to provide
credible analysis. In order for the risk analysis to be of use for the project team, the
accuracy, quality, reliability, and integrity of the information as well as
understanding the risk is essential.
Qualitative methods are related to the quantitative methods, and in some cases
constitute its foundations (PMI, 2017).
PMI (2017) identifies four qualitative methods for risk assessment: Risk
probability and impact assessment, Probability/impact risk rating matrix, Risk
Categorization and Risk Urgency Assessment. These methods are briefly discussed
below.
2.1.10 Risk probability and impact assessment
By applying the method called risk probability and impact assessment, the
likelihood of a specific risk to occur is evaluated. Furthermore, risk impact on

26
project‟s objectives is assessed regarding its positive effects for opportunities, as
well as negative effects which result from threats. For the purpose of this
assessment, probability and impact should be defined and tailored to a particular
project (PMI, 2017). This means that clear definitions of scale should be drawn up
and its scope depends on the project's nature, criteria and objectives (Smith, 2006).
PMI (2017) identifies exemplary range of probability from 'very unlikely' to
'almost certain', however, corresponding numerical assessment is admissible. The
impact scale varies from 'very low' to 'very high'. Moreover, assessing impact of
project factors like time, cost or quality requires further definitions of each degree
in scale to be drawn up. Each risk listed under the identification phase is assessed
in terms of the probability and the impact of its occurrence (PMI, 2017).
Figure 2.2: Definition of Impact Scales for Four Project Objectives (PMI,
2017)
27
Risk impact assessment investigates the potential effect on a project objective such
as time, cost, scope, or quality. Risk probability assessment investigates the
likelihood of each specific risk to occur. The level of probability for each risk and
its impact on each objective is evaluated during an interview or meeting.
Explanatory detail, including assumptions justifying the levels assigned, are also
recorded. Risk probabilities and impacts are rated according to the definitions
given in the risk management plan. Sometimes, risks with obviously low ratings of
probability and impact will not be rated, but will be included on a watch-list for
future monitoring (Safaricom, 2016).
2.1.11 Probability/impact risk rating matrix
Probability and impact, which were assessed in the previous step, are used as basis
for quantitative analysis and risk response which will be explained further in the
paper. For this reason findings from the assessment are prioritized by using various
methods of calculation which can be found in the literature (PMI, 2017). Westland
(2016) computes the priority score as the average of the probability and impact.
The range of priority score, the rating and color are assigned to indicate the
importance of each risk (Westland, 2016). In order to set priorities, impact is
multiplied by probability. The compiled results are shown in the matrix in Figure
7(PMI, 2004). Such combination of factors indicates which risks are of low,
28
moderate or high priority. Regardless of the calculation method chosen, such a
combination of data shows priority of previously identified risks by use of i.e.
corresponding colors or numerical system and helps to assign appropriate risk
response. For instance, threats with high impact and likelihood are identified as
high-risk and may require immediate response, while low priority score threats can
be monitored with action being taken only if, or when, needed (PMI, 2017).
Figure 2.3 Probabilities and Impact Matrix (PMI, 2017)
2.1.12 Risk categorization and Risk Urgency Assessment
Two methods mentioned by PMI (2017) are not as commonly used as probability
and impact. Risk categorization is a way of systematizing project threats according
to e.g. their sources, in order to identify areas of the project that are most exposed
29
to those risks. Tools which can be used in this method are work break down
structure (WBS) or risk breakdown structure (RBS), and their role is to develop
effective risk response (PMI, 2004). WBS breaks down large activities into small,
manageable units and creates linked, hierarchical series of independent activities
(Zailani et al., 2016). RBS categorizes risks and shows their dependencies (Dallas,
2006). The role of the second method, Risk Urgency Assessment, is to prioritize
risks according to how quick response they require.
Lists with risks prioritized by applying qualitative methods, can be used to bring
attention to significant problems to the project. Problems that are classified as a
medium level risks can be a subject of a quantitative analysis to have better control
over them. The threats that are assessed as low impact can be placed on a watch list
and monitored. It will allow the project team to focus on more important issues.
Risk categorization helps reveal the weak links in the project organization where
more attention should be directed (PMI, 2017).
2.1.13 External and Internal Risk
One way in which to classify risks is to refer to external and internal risks. External
risks are usually very difficult or impossible to control. These include risks such as
economic factors (inflation, petrol price), the financial markets (exchange rates,
share prices), regulating factors (legislation, import control and regulations) and
the actions of competitors (Young and Associates, 2017). Internal risks arise as a
30
result of the organization's own activities, processes, products, contractual
obligations and/or relationships with employees, clients, suppliers and the
environment.
Young and Associates (2017), states that several events, which can be classified as
either external or internal factors, may affect an organization. The external and
internal factors are as follows:
■ External factors
- Economic
- Natural environment
- Political
- Technological
■ internal factors
- Infrastructure
- Personnel
- Process
2.1.14. Risk identification
According to Pickett (2005), the risk management process starts with a method for
identifying all risks an organization faces. This should involve all parties who have
expertise, responsibility and influence over the area affected by the risks in
question. All imaginable risks should be identified and recorded. Business risk is
31
really about these types of issues, and not just the more well-known disasters, acts
of God or risks to personal safety.
Every organization faces a number of risks of varying levels of seriousness. Risk
can be seen both in terms of threats (something going wrong) and opportunities
(achieving, or not achieving, business objectives). It can be financial (e.g. incurring
bad debts) or non-financial (e.g. pollution), although most will be reflected in
deteriorating financial performance sooner or later (Financial Management 2005).
AIRMIC, ALARM, IRM (2002) indicate that risk identification sets out to identify
an organization's exposure to uncertainty. This requires an intimate knowledge of
the organization, the market in which it operates, the legal, social, political and
cultural environment in which it exists, as well as the development of a sound
understanding of its strategic and operational objectives. Risk identification should
be approached in a methodical way to ensure that all significant activities within
the organization have been identified and all the risks flowing from these activities
are defined. All associated volatility related to these activities should be identified
and categorized.
2.1.14.1 Techniques with which to identify risk
Various techniques may be used in the process of identifying risk. According to the
results of a study on the use of the enterprise risk management (ERM) by
organizations on which methods are used most frequently, conducted by the

32
Institute of Internal Auditors Research Foundation, the most popular methods are
interviews, questionnaires and workshops.
• Interviews
This is the best method by which to obtain information with regard to areas that
hold possible risks for the organization. However, for a thorough study it is not
sufficient to only conduct interviews.
• Questionnaires
Questionnaires may be used to point out important information that may be
examined further by means of other techniques.
• Workshops
Workshops may be arranged to identify information on risk areas. This entails the
bringing together of key figures in the organization at one central point (conference
venue). Certain subjects are discussed by the group, from which the identification
of risks follows with the help of a facilitator. These workshops may be manual or
computer-driven. With a manual system, the facilitator will table certain subjects
and the group will discuss them. From the discussion, the risks will be identified
(Young and Associates, 2017).
2.1.14.2 Addressing specific risks
It is sometimes very difficult to identify the risks that threaten an organization,
because there are so many risks. According to a study performed by the Institute of
33
Internal Auditors Research Foundation (Young and Associates, 2017), the top five
areas affected by risk are as follows (it is important to note that this is not a
complete list):
- Reputation or rating
- People and intellectual capital
- Technology
- Competition
- Expenses
According to Wipro (2014), the risks that are identified as the most common by
government departments are as follows:
- Financial risk
- Project risk
- Compliance risk
- Reputation risk
- missed opportunities
2.1.14.3 Risk assessment
According to Wieland et al (2012), the entity must be aware of and deal with the
risks it faces. It must set objectives, integrated with sales, production, marketing,
financial and other activities, so that the organization is operating in concert. It
must also establish mechanisms to identify, analyze, and manage the related risks.
34
Risk assessment (risk analysis) is the process of identifying the risks and
determining the probability of occurrence, the resulting impact, and additional
safeguards that would mitigate this impact. It includes risk measurement and
prioritization.
The assessment of the potential impact of a particular risk may be complicated by
the fact that a range of possible outcomes may exist or that the risk may occur a
number of times in a given period of time. Such complications should be
anticipated and a consistent approach adopted, which, for example, may seek to
estimate a worst-case scenario over a 12-month period. The assessment of the
impact of the risk on the organization should take the financial impact, the impact
on the organization's viability and objectives and the impact on political and
community sensitivity into account. The analysis may be either qualitative or
quantitative, but should be consistent to permit comparisons (Wieland et al 2012).
The assessment and classification of risk will be different for each company and
internal audit helps management by commenting on the criteria used for
classification and/or criteria that have been applied. The following is a list of risk
management techniques:
- accept the risk (e.g. for low impact, low likelihood risks)
- reduce the risk (e.g. by implementing improved internal controls)
- avoid the risk (e.g. by not engaging in a particular activity)

35
- transfer the risk (e.g. by means of insurance, or by requiring third parties to sign
on (Bagshaw 2002)
2.1.14.4 Management acceptance of risks
Gleim (2004), practice advisory (2600), states that when the chief audit executive
believes that senior management has accepted a level of residual risk that is
unacceptable to the organization, he or she should discuss the matter with senior
management.
If the decision regarding residual risk is not resolved, the chief audit executive and
senior management should report the matter to the board for resolution. One of the
key requirements of the board or its equivalent is to gain assurance that risk
management processes are working effectively and that key risks are managed to
an acceptable level (IIA 2004).
2.1.15 Risk Management
According to Namee (2005), the risk management practice of yesterday focused
largely on hazard insurance and probable loss, but the risk management practice of
today focuses on the broad issues of general management. This is the essence of
management, and the reason why understanding risk and the practice of risk
management is a central issue for management today and tomorrow.
Managing risk is actually managing the organization in planning, organizing,
directing, and controlling the organization's systems and resources to achieve

36
objectives. This must come from within and act to change the organization and its
responses to change in the environment rather than trying to guess what risks will
affect the organization. In this context, the organization should develop certain
characteristics to improve its ability to respond to change.
Managers must plan, organize, direct, and control systems to reflect both risk and
opportunity. The strategic risk/opportunity curve is an effective thinking model to
plan control systems to deal with both risk and opportunity over multiple time
horizons (Risk Management Framework 2002).
Risk management has been related to financial loss due to fraud and has also been
associated with doing something wrong. As a result, there has been a
preoccupation with administrative processes and controls rather than outcomes and
performance. Risk management has different and more complex dimensions in the
public sector compared to the private sector, which means more attention should be
devoted to "getting the balance right". Managing risk is a continuing activity and
not something done once a year. To be effective, risk management requires a
systematic and logical approach, as well as the availability of good quality
information to individuals (IIA 2004).
According to AIRMIC, ALARM and IRM (2002), risk management is a central
part of any organization's strategic management. It is the process according to
which organizations methodically address the risks attached to their activities with
37
the goal of achieving sustained benefits in each activity and across the portfolio of
all activities. The focus of good risk management is the identification and
treatment of these risks. It marshals the understanding of the potential upside and
downside of all those factors that can affect the organization. It increases the
probability of success, and reduces both the probability of failure and the
uncertainty of achieving should be a continuous and developing process that runs
throughout the organization's overall objectives.
Risk management should be a continuous and developing process that runs
throughout the organization’s strategy and the implementation of that strategy. It
should methodically address all the risks surrounding the organization's activities
in the past, present and, in particular, the future. It should further be integrated into
the culture of the organization with an effective policy and a programme led by the
most senior management. This strategy should be translated into tactical and
operational objectives according to which responsibility will be assigned
throughout the organization to each manager and employee responsible for the
management of risk. Risk management supports accountability, performance
measurement and reward; thus promoting operational efficiency at all levels.
CIPFA (2001) explains risk management as the term applied to a logical and
systematic method of establishing the context of and identifying, analyzing,
evaluating, treating, monitoring, and communicating the risks associated with any
38
activity, function, or process in a way that will enable the organization to minimize
losses and maximize opportunities. In the public sector there are many cases where
risk management is being practiced under other names, such as health and safety,
community safety, environmental management, emergency planning, treasury
management, etc.
Woods (2011) suggests that in the process of risk management, the internal audit
activity should assist the organization by identifying and evaluating significant
exposures to risk and contributing to the improvement of risk management and
control systems.
Risk management is detecting, preventing and managing the possibility of
something going wrong in an area of business in which the likelihood and/or
impact of this untimely event could threaten a company from meeting its business
objectives. This untimely threat may originate in and/or affect any area of a
business, such as financial reporting, operations or any other segment of the
business infrastructure. Furthermore, successful risk management does not mean
absolute assurance, but rather an approach to systematically manage the higher
risks of each segment in a business to mitigate these risks, as well as to identify
and address new risks as a business evolves (Woods, 2011).
The risk management process has gone through the following steps:
39
> Risk identification
Risk identification sets out to identify an organization's exposure to uncertainty.
This requires an intimate knowledge of the organization, the market in which it
operates, the legal, social, political and cultural environment in which it exists, as
well as the development of a sound understanding of its strategic and operational
objectives, including factors critical to its success and the threats and opportunities
related to the achievement of objectives.
> Risk description
The objective of risk description is to display the identified risks in a structured
format, for example, by using a table. The risk description figure (Figure 2.2)
overleaf can be used to facilitate the description and assessment of risks.
> Risk evaluation
When the risk analysis process has been completed, it is necessary to compare the
estimated risks against the risk criteria that the organization has established.
> Risk reporting
Different levels in an organization need different information from the risk
management process. A company needs to report to its stakeholders on a regular
basis to set out its risk management policies and report on its effectiveness in
achieving its objectives.
40
> Risk treatment
Risk treatment is the process of selecting and implementing measures to modify
the risk. Risk treatment has risk control or mitigation as its major element, but
extends further to, for example, risk avoidance, transfer and financing, etc.
> Monitoring
Effective risk management requires a reporting and review structure to ensure that
risks are effectively identified and assessed and that appropriate controls and
responses are in place.
2.1.16 Risk management cycle
> Objectives
Risk management starts and stops with helping an organization achieve its
objectives. This includes high-level corporate objectives and the lower-level
operational objectives that derive from an overall strategic plan.
> Risk policy
One aspect of risk management that comes to the fore when developing suitable
arrangements relates to commonality and consistency - that is, consistency in
terminology, clarity of the respective roles in the organization, an accepted
assessment methodology, and a willingness to develop a culture that supports risk
management and accountability rather than blame assignment.
41
> Risk identification
The risk cycle requires that a formal process is in place for identifying risks to the
business. This may be done through research, business analysis, risk workshops,
audit and review, industry benchmarking schemes or regular staff surveys.
> Risk assessment
Once all known risks are documented, there has to be a mechanism to put them
into context, and sort out which ones are important and crucial to address and
which ones can be sidelined for the time being. The idea is that an organization can
allocate its base resources to areas of high risk with a view to mitigation and,
meanwhile, assign venture capital to areas of low risk that can be further exploited.
> Risk mitigation
High levels of unacceptable risk have to be mitigated to bring them to an exposure
that fits the organization's risk appetite. Mitigation revolves around implementing
controls where required. Controls increase the certainty that risks will be
addressed, and that objectives will have a better chance of being achieved.
> Risk management
The overall response to risk across an organization will be found at this stage: the
adoption of a risk management strategy. The response to risk depends on the nature
of the risk and whether it is of high, medium or low priority. Some risks have to be
42
accepted, because there is little that can be done to mitigate them, or the cost of
such mitigation is prohibitive.
2.1.16.1 Risk management policy
Woods (2011) suggests that the risk management policy of the organization should
fit into the policy on performance management, and each risk status should prompt
different types of actions as a response to the risk exposure identified along, for
example, the following lines:
- High risk exposure: urgent board level reports and ongoing monitoring
- Major risk exposure: director involvement rapid review
- Significant risk exposure: manager intervention and summary briefing to director
- Moderate risk exposure: basic management practice applied
- Low risk exposure: no special action
- Trivial risk exposure: review whether able to remove resources away from
monitoring
In this way the board and top management may have a view on risk across the
organization and how it is handled.
IRMIC, ALARM and IRM (2002), stress that an organization's risk management
policy should set out its approach to and appetite for risk and its approach to risk
management. The policy should also set out responsibilities for risk management
43
throughout the organization. Furthermore, it should refer to any legal requirements
for policy statements.
Attached to the risk management process is an integrated set of tools and
techniques for use in the various stages of the business process. To work
effectively, the risk management process requires the following:
- Commitment from the chief executive and executive management of the
organization
- Assignment of responsibilities in the organization
- Allocation of appropriate resources for training and development on enhanced
risk awareness by all stakeholders.
2.1.17 Responsibility for risk management
The board of directors has overall responsibility for ensuring that risks are
managed. In practice, the board will delegate the operation of the risk management
framework to the management team, who will be responsible for completing the
activities pertaining to risk management. There may be a separate function that
coordinates and manages these activities and has specialist skills and knowledge.
Everyone in the organization plays a role in ensuring successful enterprise-wide
risk management, but the primary responsibility for identifying risks and managing
those lies with management (World Economic Forum, 2015).
44
The board is responsible for setting the organization's risk appetite and tolerance.
The audit committee of the board is responsible for overseeing all aspects of risk
management and internal control, including compliance activity, the audit
programme, the appropriateness of accounting policies and the adequacy of
financial reporting. The executive and the senior management teams are
responsible at the management level for implementing the board-approved
management strategy and developing policies, processes, procedures and controls
for identifying and managing risks in all areas of activity (World Economic Forum,
2015).
2.1.18 Managing risks through internal control
CIPFA (1997:6) suggests that if an organization is to manage and assess risks
successfully, then the evaluation of risk will need to cover the whole spectrum of
the organization's activity to ensure that the most appropriate decision is taken.
Similarly, managers should be in possession of information on the organization's
risk exposure in order to take sensible and timely decisions, so that objectives are
achieved.
Organizations need to establish an efficient and effective system of internal
controls to ensure that they meet their objectives. "Internal control" is defined as
the whole system of controls, financial or otherwise, established in order to provide
reasonable assurance of:

45
- Effective and efficient operations;
- Reliable financial information and reporting; and
- Compliance with laws and regulations.
i) Effective and efficient operations
Organizations need to establish controls to assist them in operating effectively and
efficiently to meet their basic objectives, including both financial and non-financial
performance goals, and to help them in the safeguarding and efficient use of
resources. Safeguarding includes controlling the unauthorized use or loss of assets
and ensuring that liabilities are identified and controlled.
ii) Reliable financial information and reporting
Organizations need to maintain proper accounting records and have reliable
financial information to assist them in making decisions for day-to-day operations
and for publication to third parties.
iii) Compliance with laws and regulations
Organizations seek to operate within the law and abide by relevant regulatory
requirements that apply to them, as infringement can often result in the imposition
of serious penalties and, in extreme cases, can bring about an organization's
demise. Furthermore, legislative and regulatory changes themselves often require
that organizations reappraise and change their corporate objectives.
46
2.1.19 Benefits with risk management
To maximize the efficiency of risk management, the RMP should be continuously
developed during the entire project. In this way, risks will be discovered and
managed throughout all the phases (World Economic Forum, 2015). The benefits
from RM are not only reserved for the project itself, but also for the actors
involved. The main incentives are clear understanding and awareness of potential
risks in the project. In other words, risk management contributes to a better view of
possible consequences resulting from unmanaged risks and how to avoid them.
(Thomas, 2009) Another benefit of working with risk management is increased
level of control over the whole project and more efficient problem solving
processes which can be supported on a more genuine basis. It results from an
analysis of project conditions already in the beginning of the project. (Perry, 1986)
The risk management also provides a procedure which can reduce possible and
sudden surprises (World Economic Forum, 2015).
Different attitudes towards risk can be explained as cultural differences between
organizations, where the approach depends on the company's policy and their
internal procedures (World Economic Forum, 2015).
47
2.1.20 Risk response
This third step of the RMP indicates what action should be taken towards the
identified risks and threats. The response strategy and approach chosen depend on
the kind of risks concerned (Winch, 2002). Other requirements are that the risk
needs to have a supervisor to monitor the development of the response, which will
be agreed by the actors involved in this risk management process. (PMI, 2004)
Winch (2002) claims that the lower impact the risk has, the better it can be
managed. Most common strategies for risk response are: avoidance, reduction,
transfer and retention (Potts, 2008). Beyond those types of responses, Winch
(2002) describes that sometimes it is difficult to take a decision based on too little
information. This may be avoided by waiting until the appropriate information is
available in order to deal with the risk. This way of acting is called „Delay the
decision‟ but this approach is not appropriate in all situations, especially when
handling critical risks. Those need to be managed earlier in the process.
Avoidance/prevention
If the risk is classified as bringing negative consequences to the whole project, it is
of importance to review the project’s aim. In other words, if the risk has significant
impact on the project, the best solution is to avoid it by changing the scope of the
project or, worst scenario, cancel it. There are many potential risks that a project
can be exposed to, and which can impact its success (Potts, 2008). This is why risk
48
management is required in the early stages of a project instead of dealing with the
damage after the occurrence of the risk (PMI, 2017).
The avoidance means that by looking at alternatives in the project, many risks can
be eliminated. If major changes are required in the project in order to avoid risks,
Zailani et al (2016) suggest applying known and well developed strategies instead
of new ones, even if the new ones may appear to be more cost efficient. In this
way, the risks can be avoided and work can proceed smoothly because strategy is
less stressful to the users.
Cooper et al. (2005) list some activities that can help to avoid potential risk:
i. More detailed planning
ii. Alternative approaches
iii. Protection and safety systems
iv. Operation reviews
v. Regular inspections
vi. Training and skills enhancement
vii. Permits to work
viii. Procedural changes
ix. Preventive maintenance
49
Reduction/mitigation
By having an overview over the whole project it is easy to identify problems which
are causing damage. In order to reduce the level of risk, the exposed areas should
be changed (Wallace et al., 2007). This is a way of minimizing the potential risks
by mitigating their likelihood. One way to reduce risks in a project is to add
expenditures that can provide benefits in the long term. Some projects invest in
guarantees or hire experts to manage high-risk activities. Those experts may find
solutions that the project team has not considered (Wallace et al., 2007).
Mitigation strategies can, according to Cooper et al. (2005), include:
 Contingency planning
 Quality assurance
 Separation or relocation of activities and resources
 Contract terms and conditions
 Crisis management and disaster recovery plans
Those risks which should be reduced can also be shared with parties that have
more appropriate resources and knowledge about the consequences (Thomas,
2009). Sharing can also be an alternative, by cooperating with other parties. In this
way, one project team can take advantage of another‟s resources and experience. It
is a way to share responsibilities concerning risks in the project (Darnall and
Preston, 2010).
50
Transfer
If a risk can be managed by another actor who has a greater capability or capacity,
the best option is to transfer it. The actors that the risks can be transferred to are,
for example, the client, contractor, subcontractor, designer etc, depending on the
risk’s character. As a result this could lead to higher costs and additional work,
usually called risk premium (Potts, 2008). It must be recognized that the risk is not
eliminated; it is only transferred to the party that is best able to manage it (PMI,
2004). Shifting risks and the negative impacts they bring is also an option when the
risks are outside the project management’s control, for example political issues or
labor strikes (Wallace et al., 2007). The situation may also consist of catastrophes
that are rare and unpredictable in a certain environment. (Winch, 2002) Such risks
that are beyond the management’s control should be transferred through insurance
policies.
Retention
When a risk cannot be transferred or avoided, the best solution is to retain the risk.
In this case the risk must be controlled, in order to minimize the impact of its
occurrence. Retention can also be an option when other solutions are uneconomical
(Wallace et al., 2007).
51
Monitoring
This final step of RMP is vital since all information about the identified risks is
collected and monitored (Winch, 2002). The continuous supervision over the RMP
helps to discover new risks, keep track of identified risks and eliminate past risks
from the risk assessment and project (PMI, 2017). PMI (2017) also states that the
assumptions for monitoring and controlling are to supervise the status of the risks
and take corrective actions if needed.
2.1.21 Management Override of Risk Management Procedures
Management may override or disregard prescribed policies, procedures, and
controls for improper purposes. Override practices include misrepresentations to
state officials, staff from the central control agencies, auditors or others.
Management override must not be confused with management intervention (ie the
departure from prescribed policies and procedures for legitimate purposes).
Intervention may be required in order to process non-standard transactions that
otherwise would be handled inappropriately by the risk management processes. A
provision for intervention is needed in all risk management processes since no
process anticipates every condition (Voetsch et al., 2004).
2.1.21.1 Personnel Errors or Mistakes
The risk management procedure is only as effective as the personnel who
implement the procedure and process. For example, employees may misunderstand
52
instructions or make errors of judgment. Employees may also make mistakes
because of personal carelessness, distraction or fatigue. The risk department should
carefully consider the quality of the entity’s personnel when evaluating risk
(Voetsch et al., 2004)
2.1.21.2 Collusion
The effectiveness of segregation of duties lies in individuals’ performing only their
assigned tasks or in the performance of one person being checked by another.
There is always a risk that collusion between individuals will destroy the
effectiveness of segregation of duties. For example an individual received cash
receipts from customer can collude with the one who records these receipts in the
customers’ records in order to steal cash from the entity (Voetsch et al., 2004).
2.1.21.3 Judgment
Effective risk management may be limited by the realities of human judgment.
Decisions are often made within a limited time frame, without the benefit of
complete information, and under time pressures of conducting agency business.
These judgment decisions may affect achievement of objective. Risk management
may become ineffective if management fails to minimize the occurrence of errors
for example, misunderstanding instructions, carelessness, distraction, fatigue, or
mistakes (Voetsch et al., 2004).
53
2.1.21.4 Breakdowns
Even well designed risk management procedures and processes can break down.
Employees sometime misunderstand instructions or simply make mistakes. Errors
may also result from new technology and the complexity of computerized
information systems.
2.1.21.5 Cost versus Benefits
The cost of risk management must not exceed benefits to be derived. Potential loss,
associated with exposure, should be weighed against the cost to control it.
Although the cost-benefit relationship is a primary criterion to be considered in
designing risk management policies, the precise measurement of costs is generally
not possible. The challenge is to find a balance between excessive risk which is
costly and counterproductive and too little risk which exposes the organization to
increased and unnecessary risk (Voetsch et al., 2004).
2.1.22 Limitations of Risk Management
A fundamental concept underlying the definition of risk management is that risk
management structure provides only reasonable assurance that agency
objectiveness will be achieved. Limitations are inherent in all risk management
processes. These result from poor judgment in decision-making, human error,
management’s ability to override controls, collusion to circumvent control, and
consideration of costs and benefits relative to risk management. No matter how

54
well risk management procedures operate, some events and conditions are beyond
management’s control (Voetsch et al., 2004).
2.2 Theoretical Review
2.2.1 Expectancy Theory
This theory was developed by Vroom (1964). The theorist believes that motivation
of the individual is determined by perception of relationship between the actions
and rewards. The theory is categorized into three sections namely, valence,
expectancy and instrumentality. Expectancy assumes that a certain level of effort
will be followed with certain level of performance. Valence represents a value that
a given outcome has for individual. Instrumentality relate to the connection
between first level outcome like promotion and second level outcome such as raise.
Thomas (1990) analyzed Vroom expectancy theory model in the context of
construction industry, and found that the theory discusses variations of
performance in terms of effort which the employee is willing to exert in order to
finish a job. According to Thomas, the result performance could be observed based
on efficiency, effectiveness, quality of work, innovation, profitability and
productivity. 12 According to Gonzalez (1991), managers should determine the
outcome of each employee values and define adequate and good performance, in
terms that are observable and measurable so that employees understand managers’
desires. Project managers in construction industries should also ensure that

55
intended level of performance is attainable in fact; they should connect the
outcome required by the workers to specific performance. This theory relates to
performance of projects as it will help all stakeholders such as projects managers to
develop measurement guide that can give important feedback to workers therefore
improving performance of projects.
2.2.2 Enterprise Risk Management Theory
According to Nocco and Stulz (2006), Enterprise Risk Management (ERM) is a
risk management theory advocates for recommends for the measurement and
management of notable risk facing a given entity whole than the management of
each risk independently. Its main aim is to combine the risk management silos in
an organization into one holistic and comprehensive framework. The ERM risk
management framework of managing risk emphasizes that senior company
executives and employees should actively be involved in risk management process
of analyzing and responding to a wide range of company risks (Hallowell,
Molenaar, &Fortunato, 2013). This concept encourages all members of the
organization to be involved in the management of risks and not only one or a few
members. The ERM also highlight the importance of clear process and policies for
managing risks. According to Olson and Wu (2010), the theory also affirms that if
10 organizations can embrace formal policies that define risks appetite, strategic
goals, tolerance and systematic processes then they can improve their risk
56
management capacity of identifying, analyzing, and treating of risks. The theory
also stresses on a creation of risk management culture where all stakeholders are
empowered and accountable to manage risks. Cormican (2015) suggested that
ERM practices involve increased competitive advantage, stakeholder confidence
and long-term viability of organizations. The ERM theory has become popular in
project management techniques despite the fact that it was developed for
management of company risks. Drumll (2001) explains that adopting ERM
philosophy in the construction industry is a wise decision as it applies to industries
that have very high rates of failure like construction industry. These failures are as
a result of failure to identify, mitigate and control risk across the entire business
making this theory relevant to this research.
2.2.3 Network Theory
Network theory is a hypothesis that is used to clarify the structure and working of
social frameworks. According to Fang, Marle, Zio&Bocquet (2015) this hypothesis
sees social frameworks, for example, organizations or projects as a network that
includes nodes and links associating these nodes. For example, in a given projects,
the nodes may incorporate members of the project team, the task administrator,
suppliers, owner of the project and project financiers. These nodes are associated
with different connections such as supplier buyer relationship, financing, legal, and
working connections. The hypothesis clarifies that adjustments or unsettling

57
influences in any node or line inside the system cause a progressively outstretching
influence on every single other line and nodes. The theory is frequently used as a
part of risk management to clarify and educate the procedure of risk analysis.
Moreover, according to Zingrand (2010), this theory also put more emphasis on the
need to adopt a systematic approach when analyzing and understanding risk
instead of concentrating on the risk consequences as one component of the project.
It urges project team to consider how different segments of the project are
interrelated and how obstruction in one component will influence other
components of the project. This point of view of investigating risk empowers
managers of the project to think of a more reasonable and all-encompassing
evaluation of the effect of specific risk. This theory recommends that in order to
judge the success of project management strategies the researcher should establish
the extent at which this strategy holistic and comprehensive making this theory
relevant to this research
2.3 Empirical Review
Aduma and Kimutai (2018) conducted a study in Nairobi Kenya to investigate risk
management practices conducted at the National Hospital Insurance Fund in
Nairobi. A descriptive research design was adopted in the study and a total of 651
management employees at NHIF were the study’ target population. A stratified
proportionate random sampling technique was employed and the sample size was
58
241. Self-administered questionnaires were then administered to the study
respondents who consisted of staff from finance, Health insurance and legal affairs,
Public procurement and human resources departments. The data collected was then
analyzed using both descriptive statistics and inferential statistics a test for
multicollinearity. Findings of the study revealed that risk transfer influenced
performance of NHIF in that use of outsourcing, high cost of risk premiums and
insurance policy and contractual agreements to a third party greatly influenced
performance of the Funds projects.
Nsiah and Bonnah (2014) conducted a study in Ghana to investigate the effect of
risk management practices on Ghanaian banking industry. The study adopted a
case study research design and a total of 5 banks located in the rural area consisted
of the study’ target population. The employed questionnaires and face to face in-
depth interviews to investigate how risk management practices influenced the
performance of the banks. Questionnaires were then successful administered to
bank managers, strategic and finance officers. For data analysis, the study
employed descriptive and content analysis and findings of the study revealed that
risk transfer strategies such as high-risk premiums, signing of contracts and
insurance policy influenced the performance of the 5 banks.
Kolo (2015) investigated the influence of project risk management practices in
construction projects in Abuja Nigeria. The study adopted a descriptive research

59
design and a total of 12 construction firms in Yola were the study’ target
population. Questionnaires were successfully administered to project managers,
supervisors and general managers of the firms. Data collected was then analyzed
using descriptive analysis and findings of the study revealed that the construction
firm adopted risk transfer strategies such as insurance policy and risk premiums
influenced performance of the projects in terms of cost time and quality.
Pimchangthong and Boonjing (2017) investigated the effect of risk management
practices on performance of IT projects. The study adopted a descriptive research
design and a total of 200 project managers, IT managers and IT analysts working
in IT firms were interviewed. The researcher successfully administered
questionnaires consisting of both open ended and closed ended questions to the
study respondents. Data collected was then analyzed using descriptive statistics.
Findings of the study revealed that risk transfer strategies such as highrisk
premiums, signing of legal agreements and outsourcing influenced the
performance of the firm’s IT projects.
Ubani, Amade, Benedict, Aku, Agwu, and Okogbuo (2015) conducted a study in
Nigeria to investigate the influence of risk management practices on construction
industry. The study adopted a case study research design and the study’ target
population consisted of contractors, clients and consultants in the construction
industry. A total of 84 respondents represented the sampling size. For data

60
collection the study adopted use of questionnaires that were administered t 15
construction companies. Data collected was then analyzed using SPSS and the
findings of the study revealed that the construction firms adopted risk control
strategies through identification of the risk, quantifying and responding to the risk
in accordance to risk management policy of each firm. The findings of the study
further implicated that all of the construction firms adjusted plans and scope of
work in order to counter risk effects, monitoring risk making timely decisions and
keeping project managers informed about possible risk. The study concluded that
by adopting risk control measures the construction company’s performance of
projects is enhanced through working within the time limit and budget of projects.
Naktari (2014) conducted a study in West Pokot to investigate the effect of
humanitarian risk management strategies on NGO’s. The study adopted a
descriptive research methodology and the study’ population consisted of all
humanitarian NGO operating in West Pokot. The study employed structured
questionnaires that consisted of both open ended and close ended questions. For
the data collected the study employed descriptive statistics and content analysis for
statistical analysis of the data collected. Findings of the study revealed that the
NGO’s adopted a contingency plan to minimize hazard risks financial risks,
operational and strategic risks. Study findings further revealed that the NGO’s
61
adopted a detailed crisis management plan and a disaster recovery plan as the
mitigation strategies.
Ubani, Amade, Benedict, Aku, Agwu, and Okogbuo (2015) conducted a study in
Nigeria to investigate the influence of risk management practices on construction
industry. The study adopted a case study research design and the study’ target
population consisted of contractors, clients and consultants in the construction
industry. A total of 84 respondents represented the sampling size. For data
collection the study adopted use of questionnaires that were administered t 15
construction companies. Data collected was then analyzed using SPSS and the
findings of the study revealed that the construction firms adopted risk retention
through active retention by taking self-insurance after evaluation of possible losses
and costs of alternative ways of handling risks. The study findings further
implicated that risk retention positively influences performance of the construction
firms.
Aimable, Shukla and Oduor (2015) conducted a study in Rwanda to investigate the
effects of risk management methods on the performance of construction projects
facilitated by RBSS multi-storey building projects. The study adopted a descriptive
research design and a total of 291 project team located in 4 districts were the study’
population. The study used simple random sampling and the sample size was
169.Study employed structured questionnaires, documentary review and In-depth

62
interviews for data collection and for data analysis the study adopted qualitative
analysis techniques. Findings of the study revealed that the construction firm
purchase insurance and have detailed crisis management plan and a disaster
recovery plan in the case of hurricanes. The findings of the study revealed that risk
retention positively influenced the performance of the construction projects.
2.4 Summary
In this chapter, risk management is explained in detail; that is the definition of risk,
and sources, characteristics and the impact of risk. This knowledge is necessary to
understand the role of management and risk department in the risk management
process. The chapter also expands on the risk management cycle and policy, the
responsibility for risk management, and how to assess risk management.
63
CHAPTER THREE
METHODOLOGY
3.1. Research Design
The use of descriptive survey research method was used for this research work
(Quantitative approach). The data collection procedure made use of closed end
questionnaire. The chapter concluded with different data analysis techniques, using
the SPSS data analysis software.
In this part of the research, the researcher talked mainly about the assessment of
risk management tools in construction project in Nigeria using MTN office at
G.R.A in Rivers State, as a case study. Emphases are therefore on the various risk
management tools used in construction projects in Nigeria.
3.3 Population and Sample Size of the Study
For the purpose of this research, the population of study comprised the Clients,
Contractors, Consultants, and Other Professionals in the study area. These
respondents were 103 in numbered. 103 was therefore the Sample Size, Using
Taro Yamane formula for the sample size determination.
n = N
1+N(e)2
n= 103
64
1+103 (0.0025)
n= 103. Therefore, the sample size was 103 respondents.
3.4: Data Collection Procedure
For purposes of triangulation (Ghauri and Grönhaug, 2005) both primary and
secondary sources of data were used.
According to Kumar (2005) primary sources are sources of data collection where
the data is collected for the specific purpose at the time of collection. The primary
sources of data were collected primarily through survey of the staffs using
questionnaires. The study also made used secondary sources of data. To Ghauri
and Grönhaug (2005) secondary sources of data are data that were collected,
recorded and used previously. The secondary sources of data were from featured
periodicals, company websites and journals.
3.5 Research Instruments
Questionnaire distribution as well as interviews with some of the respondents in
the study area was deployed to elicit opinions on the objectives of the study. All
the respondents that were administered the questionnaire include Clients,
Contractors, Consultants, and Other Professionals who have gained experience on
project related issues. One hundred and three (103) questionnaire were distributed
65
via personal contacts to the respondents and a total number of ninety two (92)
were properly filled out and were used for the analysis. The respondents’
background was of importance as this was used to determine their level of
experience in project related issues. The five point likert scale, was used in
eliciting response from the respondents in the scale of 1 to 5 (Strongly agree=5,
Agree=4, Neutral=3, Disagree=2 and strongly disagree=1). In addition, the data
collected were also used to compare the opinions among Clients, Contractors,
Consultants and Other Professionals on the project related issues. Results from the
questionnaire survey were analyzed using different statistical techniques with the
aid of Statistical Package for Social Sciences (SPSS). Firstly, a descriptive
statistics of the demographic concerns about the respondents in terms of their
frequency as regards the professionals’ background, education qualifications, work
experiences in addition to average number of projects taken were presented using
frequency tables. Secondly, the respondents were asked to provide answers to the
key research questions using the five point likert scale questionnaire format.
The research design used in any study is determined by the nature of the research
problems and by the objective of the study. As this study is focused on evaluating
the as a case study,
3.7 Data Analysis Procedure
66
Both descriptive statistics and qualitative approaches were used to analyse the data.
The collected data were summarized and presented in tabular form. The
questionnaires which were not completely answered were considered non-
responsive. Frequency distributions tables and percentages were used to illustrate
the results. Key variables were analyzed and ranked in order to establish their
criticality, relevance and level of influence in determining…. Then before a
relative importance index (RII) as stated in equation 3.2 below was applied to
prioritize the severity of the factors, the raw rankings were multiplied together to
produce a critical factor index (CFI) as shown in equation 3.1
(CFI) = ΣW [(f1 x n1) + (f2 x n2) + (f3 x n3) +... + (fn x nn)] --------------- 3.1
Where,
ΣW = the summation of the weighting given to each factor.
fn = score ranking.
nn = corresponding number of responses.
Relative important index (RII) = ------------------------------ 3.2
Where, f is the frequency of score,(x) for the factor under consideration, A=
highest weighting factor, (that is 5), F=total number of sample. The final results
obtained were presented using Tables and percentages. All these were done in
order to ensure that the responses received would be reliable.
67
CHAPTER FOUR
RESULTS AND DISCUSSIONS
4.1 Preamble
Chapter four gives a comprehensive and analytical discussion of the results of the
study in form of tables. The section deals with an analysis of information gathered
from the survey questionnaire issued to the respondents so as to achieve the
objectives of the study. The initial aspect of the result deals with general
background information of the respondents. Frequency tables and Relative
Importance Index (RII) to identify the most important factors that impact on risk
management on projects were all detailed.
SECTION A
Table 4.1: Details of Response Rate of Respondents
Group of No. of No. returned Rate (%) of No. Percentage

Respondents Questionnair returned Responsive
es distributed
Clients 24 21 87.5 21 22.8
Contractors 29 27 93.1 27 29.3
Consultants 35 31 88.6 31 33.7
Others 15 13 86.7 13 14.2
TOTAL 103 92 89.3 92 100.0
Source: Field survey, 2019.
68
The data were collected from the questionnaires administered to the four basic
respondents namely: Clients, Contractors, Consultants and Other Professionals
identified in the study area. The Table 4.1 above had shown the sample size of the
respondents. 103 questionnaires were administered to respondents out of which 92
representing 89.3% (n=92) were returned. A questionnaire is said to be responsive
where all questions in relation to the topic are fully answered. A total of 92
questionnaires were said to be responsive representing 89.3% (n=92) of the
questionnaires returned as displayed in Table 4.1 above.
The Table 4.1 also shows the breakdown of the results. 22.8% are Clients, 29.3%
are Contractors, 33.7% are Consultants, while the remaining 14.2% are other
Professionals. The result shows that majority of the respondents are Consultants
representing 33.7% of the total respondents.
Table 4.2: Level of Education
Level of Education Frequency Percent Valid Cumulative

Percent Percent
O – LEVEL 18 19.6 19.6 19.6
OND/ NCE 21 22.8 22.8 42.4
HND / B.Sc. 34 37.0 37.0 79.3

Valid
MBA / M.Sc. 16 17.4 17.4 96.7
Ph.D. 3 3.3 3.3 100.0
Total 92 100.0 100.0
69
From the table 4.2 above, it was observed that 19.6% or 18 respondents are
O – Level holders, 22.8% or 21 respondents are OND/NCE holders, 37.0% or 34
respondents are HND/B.Sc. holders, 17.4% or 16 respondents are MBA/M.Sc.
holders and the remaining 3.3% or 3 respondents had Ph.D. qualifications.
Table 4.3: Years of working experience of the respondents.
Age Frequency Percent Valid Cumulative

Percent Percent
0 – 5 years 29 31.5 31.5 31.5
6 – 10 years 47 51.1 51.1 82.6

Valid
More than 10 years 16 17.4 17.4 100.0
Total 92 100.0 100.0

Table 4.3 indicates that the results of distribution of the respondents on the basis of
working experience. The table shows that out of the 92 respondents surveyed
31.5% of the respondents have between 0-5 years working experience, 51.1% have
experience between 6-10 years while the remaining 17.4% or 16 respondents have
over 10 years working experience. These finding indicates that the majority of the
respondents have working experiences 6-10 years. The result as displayed provided
the level of working experience and knowledge which would help in creating
confidence in the credibility of the data. It indicates that responses provided could
be relied upon for the study.
70
Table 4.4: Average Number of Projects taken.
Options Frequency Percent Valid Cumulative

Percent Percent
Below 3 9 9.8 9.8 9.8
3–5 18 19.6 19.6 29.3
Valid 6 – 10 24 26.1 26.1 55.4
Above 10 41 44.6 44.6 100.0
Total 92 100.0 100.0

Table 4.4 indicates that the results of distribution of the respondents on the basis of
average number of projects taken. The table shows that out of the 92 respondents
surveyed, 9.8% of the respondents have taken below 3 projects, 19.6% have taken
between 3-5 projects, 26.1% respondents have taken between 6-10 projects while
the remaining 44.6% or 41 respondents have taken over 10 projects
71
SECTION B
Table 4.5: Analysis and ranking of Risk Factors

RANKING total ΣW Mea RII Rank
Risk Factors SA A N D SD n
5 4 3 2 1
Change of Government Policy 12 28 25 20 7 92 294 3.20 0.64 8th
Delay in Payment 28 44 20 0 0 92 376 4.01 0.82 1st
Obsolete Technology 18 16 30 14 14 92 286 3.10 0.62 9th
Availability of Labour and Materials 25 37 26 4 0 92 359 3.90 0.78 2nd
Competence of Consultants and 16 33 32 11 0 92 330 3.59 0.71 4th
Contractors
Design Changes 28 23 14 14 13 92 315 3.42 0.68 5th
Inaccurate Estimates 20 33 25 12 2 92 333 3.62 0.72 3rd
Poor Communication Among Project 17 16 32 27 0 92 299 3.25 0.65 7th
Team
Price Fluctuation 17 16 32 10 17 92 282 3.07 0.61 10th
Contract Flaws 16 18 41 15 2 92 307 3.34 0.67 6th
The viewpoints of the respondents were sought on the Risk factors affecting
project management. The results of the responses were analysed using Relative
Importance Index (RII) and Mean Score as shown in Table 4.5 above. The indices
observed suggest that the higher the important index, the more significant and
influential that factor. Based on Table 4.5 above, Delay in Payment emerged as the
highest ranked factor with a RII value of 0.82 followed by Availability of Labour
and Materials (RII=0.78) as the second ranked factor. Inaccurate Estimates was
72
3rd major factor (RII=0.72) followed by Competence of Consultants and
Contractors as 4th ranked factor (RII=0.71 and Mean Score = 3.59). Design
Changes was ranked 5th, with a RII of 0.68 (Mean Score=3.42), Contract Flaws
with RII of 0.67 was ranked sixth, Poor Communication Among Project Team
with RII of 0.65 as the seventh and Change of Government Policy (RII=0.64) as
the eighth factor. Obsolete Technology was ranked 9th with a RII of 0.62 (Mean
Score=3.10), Price Fluctuation with RII of 0.61 was ranked tenth and lowest
ranked factor among other factors as displayed in the Table 4.5 above.
SECTION C
Table 4.6: Ranking of Respondents’ opinions on Risk Response Strategies

Risk Response Strategies RANKING Total ΣW Mean RII Rank
SA A N D SD
Risk Avoidance 26 44 10 8 4 92 356 3.87 0.77 2nd
Risk Transfer 24 42 13 8 5 92 348 3.78 0.76 3rd
Risk Reduction 28 49 8 5 2 92 382 4.15 0.83 1st
Risk Retention 21 36 8 15 12 92 315 3.42 0.68 4th
Source: Field Study, 2019.
The viewpoints of the respondents were sought on the Risk Response Strategies.
The results of the responses were analysed using Relative Importance Index (RII)
and Mean Score as shown in table 4.6 above. The indices observed suggest that the
73
higher the important index, the more significant and influential that factor. Based
on Table 4.6 above, Risk Reduction as the highest ranked sanitary facility with a
RII value of 0.83 followed by Risk Avoidance (RII=0.77) as the second ranked risk
response strategy. Risk Transfer was 3rd strategy (RII=0.76). Risk Retention with
RII of 0.68 was ranked fourth risk response strategy among others as displayed in
the table 4.6 above. Interestingly, most respondents interviewed in the study area
considered Risk Reduction as highest ranked risk response strategies in the study
area.
4.2 Discussion of findings
Firstly, it was observed from the analysis that the indices observed suggest that the
on Table 4.5 above, Delay in Payment emerged as the highest ranked factor with a
RII value of 0.82 followed by Availability of Labour and Materials (RII=0.78) as
the second ranked factor. Inaccurate Estimates was 3rd major factor (RII=0.72)
followed by Competence of Consultants and Contractors as 4th ranked factor
(RII=0.71 and Mean Score = 3.59). Design Changes was ranked 5th, with a RII of
0.68 (Mean Score=3.42), Contract Flaws with RII of 0.67 was ranked sixth, Poor
Communication Among Project Team with RII of 0.65 as the seventh and Change
of Government Policy (RII=0.64) as the eighth factor. Obsolete Technology was
ranked 9th with a RII of 0.62 (Mean Score=3.10), Price Fluctuation with RII of
74
0.61 was ranked tenth and lowest ranked factor among other factors as displayed in
the Table 4.5 above.
The second tables of the respondents were sought on the Risk Response Strategies.
The results of the responses were analysed using Relative Importance Index (RII)
and Mean Score as shown in table 4.6 above. The indices observed suggest that the
on Table 4.6 above, Risk Reduction as the highest ranked sanitary facility with a
RII value of 0.83 followed by Risk Avoidance (RII=0.77) as the second ranked risk
response strategy. Risk Transfer was 3rd strategy (RII=0.76). Risk Retention with
RII of 0.68 was ranked fourth risk response strategy among others as displayed in
the table 4.6 above. Interestingly, most respondents interviewed in the study area
considered Risk Reduction as highest ranked risk response strategies in the study
area.
75
CHAPTER FIVE
CONCLUSION AND RECOMMENDATION
5.1. Conclusions
This study primarily sets out to examine the consequences of risk management on
the performance of MTN Telecommunication. The specific objectives were to:
identify the factors responsible for poor risk management practices in Nigeria and
to identify the various risk response strategies in MTN Telecommunication. The
outcomes of this study were expected to serve cell site construction projects
implementers with the requisite knowledge on the possible risk associated with this
kind of project and how to manage the risks accordingly.
A cursory search on existing literature on the subject matter indicates that popular
among the various types of risk identified by previous writers are physical works,
delay and disputes, direction and supervision, damage and injury to persons and
property, external factors, payment, and law and arbitration. Classification of risk
also encompassed contractual risk - caused by lack of clarity, absence of
communication between parties, problems of timeliness in contract administration
and construction risk – which is inherent in the work itself.
The Project Management Institute (2004), being a major source of authority on this
subject matter, also puts together in their literature that two of the major categories
of risk assessment and measurement techniques include the quantitative or

76
qualitative approaches. The literature accordingly emphasises that qualitative risk
analysis usually prioritises risks for subsequent further analysis or action by
assessing and combining their probability of occurrence and impact. Quantitative
risk analysis approaches on the other hand numerically analysis the effect on
overall project objectives of identified risks.
This study primarily makes use of field data sourced through questionnaires
administered in MTN Nigeria, G.RA Branch, Rivers state in Nigeria. In all, a total
of one hundred and three (103) questionnaires were distributed to respondents but
due to high non-response rate, only ninety two (92) were returned by the
respondents representing 89.3% of the non- response rate. The ninety-two (92)
respondents unevenly emerged from the stakeholders currently in the industry at
the time of the analysis and concluding on the findings of the study.
paragraph
In drawing a conclusion on the various submissions on poor risk management and
risk response strategies, it is worth establishing that task such as site feasibility
assessment, survey, and marking; and the finalization of specifications for risk
response strategies in the company. These two major tasks are paramount and must
be granted the necessary attention by project managers in the telecommunication
sector.
77
On the various types of risks associated with the performance of MTN
Telecommunication. However, the study finally establishes with deductions from
the responses of the respondents that cell site construction project implementers
give higher attention to financial loss and market leadership related risks than to
the other identified risk forms.
On the modalities of how project implementers have identified and managed the
associated risks of telecommunication tower construction, it was realized that a
mix of quantitative and qualitative techniques are employed in the assessment of
risk. In this regard, the results show that the expected net present value (ENPV)
and expected monitory value (EMV) are the most prevalent quantitative techniques
used by project implementers in the identification of risks. The results also show
that in terms of qualitative approaches, the use of ―rule of thumb‖ appears to be
the most frequently used and popular method compared to ―personal and
corporate experience approaches‖ though being occasionally used in respondents
organisations also yields a relatively high rate of success.
More emphatically, managing risks in the cell site construction project through the
collaboration of project related parties have been found in this study as being
fundamental to the realisation of goals of cell site projects. It is established that
there is a high need for consultative and collaborative interfaces between the
project technical teams, the commercial/market and capital budgeting teams at all
78
stages of the project implementation. There is an effective management and control
of deviations from standards, budgets allocations, corporate policies and the
organisational objectives of acquiring high returns on the cell site project when this
is done.
5.2. Recommendations
From this study, I propose to stakeholders to employ all due diligence in the
assessment of the feasibility of locations for the installation of cell sites prior to
commencement of on-site works.
There is the need to create the platforms in corporate settings that foster an
effective interface among the various units within the organisation especially
among the commercial or marketing teams and the project technical teams in an
efficient manner that enhances the bringing on board of ideas pertaining to good
cell site locations and satisfaction of customer mobile communication needs. A fair
representation of individuals with various backgrounds to also have evaluative
oversight on any cell site project to be constructed would go a long way to enhance
the achievements of cell site construction objectives.
These competitive business times would not reward organisations that rely solely
on the prerogatives of its top management or corporate governing body regarding
the feasibility of the implementation of any slated cell site projects without
79
considering the competing views or interest of stakeholder groups in any cell site
construction project.
80
REFERENCES
Addison, W. & Vallabh, P. (2002). Impact of project risk Identification
performance of software projects in IT enterprises in China. Journal of
Project Risk Management, 8 (1), 17-24.
Akkermans, H. & Helden, V. (2002). Vicious and virtuous cycles in ERP
implementation: a case study of interrelations between critical success
factors; European Journal of Information Systems, 11(1), 35-46.
Alhawari, S., Karadech, L., Talet, A., Mansour E. (2012). Knowledge-based risk
management framework for information technology project. International
Journal of Information Management, 32(1), 50–65.
Alfayo, K. & Namusonge, G. (2016). The effect of monitoring, evaluation and risk
management of projects on performance of firms in the telecommunication
sector in Kenya: The Strategic Journal of Business & Change Management,
3(4), 1377-1396.
Aviram-Unger, E., Zwikael, O. & Restubog, S. (2013). Revisiting goals, feedback,
recognition and performance success: the case of project teams. Group &
Organization Management: An International Journal, 38 (5), 570–600
Bakker, K., Boonstra, A., & Wortmann, H. (2011). Risk management affecting
IS/IT project success through communicative action. Pproject Management
Journal, 42(3), 75–90. Retrieved from: http://dx.doi.org/10.1002/pmj.20242
Bannerman, P. L. (2008). Risk and risk management in software projects: A
reassessment. The Journal of Systems and Software, 81(12), 2118-2133.
Barton, T. L., Shenkir, W.G. and Walker, P. L. (2002). Making Enterprise Risk
Management Pay Off. USA, Prentice Hall PTR, Financial Times
Besner, C., Hobbs, B. (2006). The perceived value and potential contribution of
project management practices to project success. Project Management
Journal, 37(3), 37-48.
Bloch, M., Blumberg, S., Laartz, J. (2012). Delivering large-scale IT projects on
time, on budget, and on value, McKinsey & Company in conjunction with
the University of Oxford. Retrieved from
http://www.mckinsey.com/businessfunctions/businesstechnology/our-
insights.
Briggs, R. (2017). Normative Theories of Rational Choice: Expected Utility. The
Stanford Encyclopedia of Philosophy (spring 2017 Edition). Retrieved from
81
https://plato.stanford.edu/archives/spr2017/entries/rationality-normative-
utility. Cagliano, C., Grimaldi, S., Rafele, C. (2015). Choosing project risk
management techniques. A theoretical framework. Journal of risk research,
18(2), 232-248.
Campbell Institute. (2014). Risk Perception: Theories, Strategies and Nest Steps.
The Campbell Institute. Retrieved from https://thecampbellinstitute.org
Chapman, C., & Ward, S. (2007). Project risk management: Process, techniques
and insights (2nd Ed.). Chichester, UK: John Wiley. Chapman, C., and
Ward, S. 1997. Project Risk Management: Process, Techniques and Insights,
John Wiley & Sons.
Chenoweth, T., Minch, R. and Gattiker, T. (2009). Application of Protection
Motivation Theory to Adoption of Protective Technologies. Proceedings of
the 42nd Hawaii International Conference on System Sciences.
Cisco Visual networking Index. (2016). Global Mobile data Traffic Forecast
Update 2016 − 2021, White Paper. Retrieved from https://www.cisco.com
Communication Authority of Kenya. (2015). Mobile operators Fail to Meet
Quality of Service targets for the third year running. Retrieved from
http://www.ca.go.ke/index.php Communication Authority of Kenya. (2017).
Annual report. Retrieved from http://www.ca.go.ke.
Coles, R. S. & Moulton, R. (2003). Operationalizing IT risk management.
Computers and security, 487-492
GSMA (2016). The Mobile Economy Africa report. Gsmaintelligence. Accessed
from https://www.gsmaintelligence.com/research.
Gupta P. (2011). Risk Management in Indian Companies: Enterprise-Wide Risk
Management. Journal of Risk Finance, 121-139.
Hens, T. and Rieger, M. (2016). Financial Economics, Springer Texts in Business
and Economics, Springer-Verlag Berlin Heidelberg.
Hillson, D. (2000). Developing effective risk responses. In Proceedings of the 30th
Annual Project Management Institute Seminars & Symposium, 10-16
October, 1999, Sylva. NC:Project Management Institute;
Hillson, D., and Simon, P. (2007). Practical project risk management. The ATOM
methodology. Vienna, VA: Management Concepts.
Hunt. R. and Kosaroglu, M. (2006) Project manager skill sets in
telecommunications industry new product development projects,
82
International Conference on Project Management (Promac2006), PMI,
September 2006, Sydney, Australia.
Ibbs, C.W., Kwak, Y. (2000). Assessing project management maturity. Project
Management Journal, 31(1), 3243.
Jin, X. & Yean, F. (2006). Key relationship-based determinants of project
performance in China, Building and Environment, 41, 915-925.
Jun, G., Qiuzhen, R. & Qingguo, E. (2010). Effects of project risk planning on IT
project performance focusing on a case of China vendor firms. Project
Management Journal, 31(1), 32-43.
Kerlinger (2012). Leading Change: “Why Transformation Efforts Fail”. Harvard
Business Review, 59-67.
Kerzner, H. (2009). Project Management: A Systems Approach to Planning,
Scheduling and Management, Hoboken, New Jersey, USA, John Wiley
&Sons, Inc.
Khan, O., & Burnes, B. (2007). Risk and supply chain management: Creating a
research agenda, International Journal of Logistics Management, 18(2), 197-
216.
Kinyua, E., Ogollah, K. & Mburu D. (2015) Effect Of Risk Management Strategies
on Project Performance of Small and Medium Information Communication
Technology Enterprises in Nairobi, Kenya. International Journal of
Economics, Commerce and Management, United Kingdom, 3(2), 1-30.
Kululanga, G., Kuotcha, W. (2010). Measuring project risk management process
for construction contractors with statement indicators linked to numerical
scores", Engineering, Construction and Architectural Management, 17(4),
336-351.
Lee, J., & Chun, J. (2009). Risk response analysis model for construction method
using the forced-decision method and binary weighting analysis. Journal of
Asian Architecture and Engineering, No.1:205-12.
Leung, H. V., Tummala, R. & Chuah, K. (1998). A knowledge-based system for
identifying potential project risks. Omega:26, 623-638.
Levinson, M. (2010). IT Project Management: 10 less considered Keys to Success.
Retrieved from http://www.cio.com.
Lientz, B. P & Larsen, L. (2006). Risk Management for IT projects: how to deal
with over 150 issues and risks. USA, Elsevier, Inc.
83
Ludovico, F. & Petrarca, F. (2010), Extreme project management in Telco
industry. Paper presented at PMI Global Congress. EMEA, Milan, Italy.
Newtown Square, PA: Project Management Institute
McKinsey & Co. (2016). Telecommunications industry at cliff’s edge, Report on
Telecommunications, Media, and Technology practice in Middle East and
Africa. Retrieved from https://www.mckinsey.com
Mortensen, M. (2013). The top five Network Migration Implementation Risks
Telecom Project Managers Should Focus On. Retrieved from
http://www.redonis.com.
Modarres, M. (2006). Risk analysis in engineering: techniques, tools, and trends.
Taylor & Francis Group, Boca Raton.
Nachmias, N. (2005). Improvising organizational transformation overtime: A
situated change perspective, 7(1), 63-92.
National Communications Authority. (2012). Mobile Number Portability in Ghana,
First Year Report, 1-15 Retrieved from http://www.nca.org.
Nelson, R. & Winter, S. (2008). Innovation systems, path dependency and policy.
Journal of Economic Behavior & Organization.
Olsson, R. (2008). Risk management in a multi project environment. International
Journal of Quality and Reliability Management, 25, 1, 60-71
Ovum (2015). Africa Market Outlook. Retrieved from http://info.ovum.com
Owino, W., Keraro, N. & Wanjiku, R. (2015). Factors That Influence the
Performance of Information Communication Technology Projects in Kenya.
International Journal of Innovative Social Sciences & Humanities Research,
3(2), 127-135
Pimchangthong, D., Boonjing, V. (2017). Effects of risk management practices on
IT project success. Management and production engineering review, 8(1),
30–37.
Porta, M., Puigdomènech, E., Ballester, F., Selva, J., Ribas-Fitó, N., Llop, S., &
López, T. (2008). Monitoring concentrations of persistent organic pollutants
in the general population: the international experience. Environment
International, 34(4), 546-561.
Project Management Institute. (2017). Pulse of the profession global survey, 9th
Edition. Newtown square, USA. Project Management Inc.
84
Pushpakumari, M., & Watanabe, T. (2009). Do strategies improve SME
performance? An empirical analysis of japan and Sri Lanka. Meijo Asian
Research Journal,1(1).
PWC (2017). The Global Information Technology Report: Strategyand. Retrieved
from http://www.strategyand.pwc.com.
Rabechini, R., Carvalho, M. (2013), Understanding the Impact of Project Risk
Management on Project Performance: an Empirical Study; Journal of
Technology management and Innovation, 8, Special Issue ALTEC.
Raz, T., Shenhar, A. j., Dvir, D. (2002). Risk management, project success, and
technological uncertainty. R&D Management, 32(2), 101-109.
Robson, C., & McCartan, K. (2016). Real world research. John Wiley & Sons ltd.
Westland, Y. (2016). Impact of project risk management, assessment of risks on
project performance in Brazilian Vendor companies. International Journal of
Project Management, Vol. 21 No 2, pp. 97-105.
Rwanda utility regulatory Authority. (2017). Retrieved from http://www.rura.rw
Safaricom (2016). Safaricom Annual Report 2016/2017, accessed from
http://www.safaricom.co.net
Shenhar, A. J. (2002). One size does not fit all projects: exploring classical
contingency domains. Management Science, 47(3), 394–414.
Smith, N. (2006) Managing Risk in Construction Projects, Blackwell Science,
Oxford. Speckle, F., Elten, H. & Kruis, M. (2007). Sourcing of internal
auditing: An empirical study. Management Accounting Research, 36, 1-66
Standish Group. (2014). Chaos Report. Retrieved from
http://www.projectsmart.co.uk
Taylor, H., Artman E., Woelfer, J. (2012). Information Technology Project Risk
Management: Bridging the Gap between Research and Practice, Journal of
Information Technology, 27, 17-34.
Thapar, S. Karmakar, P. (2016). Performance evaluation of LTE network: An
energy saving and capacity gain perspective, International conference on
Advances in Computing, Communications and informatics (ICACCI).
The Institute of Risk Management. (2010). Fundamentals of effective risk
management. London, Kogan Page publishers.
Tuncel, G., & Alpan, G. (2010). Risk assessment and management for supply
chain networks: A case study. Computers in industry, 61(3), 250-259.
85
Voetsch, J., Cioffi, F. and Anbari, F.T. (2004) Project Risk Management Practices
and their Association with Reported Project Success, Proceedings from
IRNOP.
Wallace, P., & Blumkin, M. (2007). Major Construction Projects: Improving
Governance and Managing Risks. Retrieved from www.deloitte.com Ward,
S., Chapman, C. (2003). Transforming project risk management into project
uncertainty management. International Journal of Project Management, 21
(2), 97- 105.
Wieland, A. & Wallenberg, C.M. (2012). Dealing with supply chain risks: Linking
risk management practices and strategies to performance, International
Journal of Physical Distribution and Logistics Management, 42(10), 887-
905.
Wipro (2014). Accelerated Rollout of LTE services, accessed on 20th June 2017
[online]. Available: http://www.wipro.com/documents/accelerated-rollout-
of-LTE-services.pdf
Woods, M. (2011). Risk Management in Organizations: An Integrated Case Study
Approach, Abingdon and Routledge. Harvard Business Review. 79(1): 66-
76.
World Economic Forum. (2015). Global Information Technology Report:
INSEAD. Retrieved from www.weforum.org/gitr. Yin, R.K (2013). Case
study research: Design and methods. Sage publications.
Young and Associates. (2017). Risk articles Retrieved from
http://riskarticles.com/creditrisk-management.
Zailani, S., Ariffin, H., Iranmanesh, M., Moeinzahed, S., Masoomeh I., (2016).
The moderating effect of project risk mitigation strategies on the relationship
between delay factors and construction project performance. Journal of
Science and Technology Policy Management, 7(3).
Zwikael, O., & Ahn, M. (2011). The effectiveness of risk management: an analysis
of project risk planning across industries and countries. Risk analysis, 31(1),
25-37.
86
Appendix
Department of Project management

technology
Federal University of Technology
P.M.B 1526, Owerri
Imo State
Dear Respondents
I am Anyi Lambert Chinweuba, from Federal University of technology, pursuing a

Masters Degree in Project management technology. I’m interested in learning more
about consequences of risk management on the performance of MTN
Telecommunication. I will ask you several questions. The information you
provide will be used to develop better education programs for construction
stakeholders. DO NOT write your name on this questionnaire. The answers you
give will be kept strictly confidential; they will only be used for statistical analysis,
and for University use only. No one will know what you write. Answer the
questions based on what you really do and to the best of your ability. Completing
the survey is voluntary. If you don’t want to answer a question, just leave it blank.
Thank you
Yours faithfully
…………………………………….
87
QUESTIONNAIRE
Instruction: Please tick (√) on your most preferred choice(s) on a question
SECTION A: Demographic Characteristics of Respondent
SECTION A: Background and Characteristics of Respondents
1. Group of Respondents
Clients
Contractors
Consultants
Others
2. Level of Education
O – LEVEL
OND/ NCE
HND / B.Sc
MBA / M.Sc
Ph.D
3. Years of working experience of the respondents
0 – 5 years
6 – 10 years
More than 10 years
88
4. Average Number of Projects taken.
Below 3
3–5
6 – 10
Above 10
SECTION B: Analysis and ranking of Risk Factors
Table 4.5:
RANKING
Risk Factors SA A N D SD
5 4 3 2 1
Change of Government Policy
Delay in Payment
Obsolete Technology
Availability of Labour and Materials
Competence of Consultants and Contractors
Design Changes
Inaccurate Estimates
Poor Communication Among Project Team
Price Fluctuation
Contract Flaws
89
SECTION C: Ranking of Respondents’ opinions on Risk Response Strategies
Risk Response Strategies RANKING
SA A N D SD
Risk Avoidance
Risk Transfer
Risk Reduction
Risk Retention
90

Latest Lambert Mba Project Main Body

Uploaded by

Copyright:

Available Formats

Latest Lambert Mba Project Main Body

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Latest Lambert Mba Project Main Body

Uploaded by

Copyright:

Available Formats

CHAPTER ONE

1.1 Background Information

business, automobile or pharmaceutical industry, to the construction sector. Each

most critical parts of project commissioning. This indicates a strong relationship

difficult area within construction management (Addison et al., 2002) its

application is promoted in all projects in order to avoid negative consequences

(Addison et al., 2002).

management process (RMP) and consists of four main steps: identification,

projects. Likewise, RM has become a timely issue widely discussed across

project is unique, especially in the construction industry (Bakker et al., 2011).

including risk management in the process of delivering the project (Akkermans et

some organizations do not approach them with established RM methods.

Today, in business worldwide, the risk management function is becoming very

important for achieving the objectives of organizations (Alfayo, et al 2016). In

private and public.

The Nigeria, Telecommunication sector is among those institutions that risk

management functions to deal with the assessment of control, good governance

and risk management. Managing risk is actually managing the organization in

resources to achieve objectives (Gupta, 2011).

The risk management function is an integral part of the corporate governance

primary goal of risk management is to evaluate the institution’s internal controls

functioning correctly. Gupta (2011) views the existence of risk management

an institution decides not to implement effective risk management function, full

1.2 Problem Statement

Most Telecommunication companies including MTN have well-structured risk

important roles in the risk management process.

Efficient management of risk in the Telecommunication industry is crucial for the

management of risk, effective risk management policies and procedures need to be

put in place. Risk management measures are put in place by government,

regulatory bodies or institutions to provide reasonable assurance that objectives

In spite of the well-structured process in managing risk exposures at MTN, the

information provided by officials on the field. This phenomenon mostly leads to

general performance and profit negatively.

1.3 Aim and objectives of the Study

on the performance of MTN Telecommunication projects. To achieve this aim, the

following specific objectives are necessary:

i. To identify the factors responsible for poor risk management practices in

MTN Telecommunication projects;

1.4 Research Questions

1.5 Justification of the study

Risk is a significant aspect of business activities in a market economy. As risk

taking constitutes a major characteristic of the Telecommunication sector, it is

important for management to address these risk issues.

Risks inherent in the operations of the Telecommunication sector have become

processing (EDP) risk, and management risk. Risk management is a prominent

operations, should it emerge. Consequently, the strength of risk management

important aspects in assessing the safety and soundness of the sector.

industry in recent times has led to most Telecommunication companies taking

1.6 Scope of the Study

1.7.1. Content Scope

This study review the consequences of risk management on the performance of

MTN Telecommunication and approved factors responsible for poor risk

management practices and various risk response strategies as the independent

variable which affects the performance of MTN Telecommunication

1.7.2. Geographical Scope

The study was conducted in MTN Telecommunication in Port Harcourt , Rivers

1.7.3. Time Scope

performance of MTN Telecommunication.

1.8 Limitations of the Study

the number of respondents contacted.