Risk Management and Project Life Cycle



By Pascal Bohulu Mabelo

Johannesburg, South Africa


Despite the growing awareness of the importance of Risk Management across most industries, all the sophisticated tools and techniques, not to mention assistance available from professional bodies, Project Risk Management (PRM) still proves so ineffective the string of failed projects keeps growing longer by the day. Poor Risk Management is a constant feature of project failures, even in well-established organisations. One of the pernicious causes of ineffective application of PRM could stem from its processes not being reconciled to Project Life Cycle methodologies—it shall become an integral part of every phase, process group and aspect of managing the project.

Necessity of Project Risk Management

ISO 31000 Standard for Risk Management defines “risk” as “the effect of uncertainty on objectives”; and would further state that, “An effect is a positive or negative deviation from what is expected”. This notion is relevant, particularly in Large Infrastructure Projects (LIPs) owing to their VUCA characteristics—i.e., their ever-increasing Vulnerability, Uncertainty, Complexity, and Ambiguity. It is no longer a question as to whether the project outcomes might deviate from its objectives, goals, and other expectations, but more about the quantum of likely deviations and their consequences. Putting an emphasis on “objectives”, ISO 31000 Standard will define Risk Management as follows:

“Risk Management increases the likelihood of an organisation performing as planned by identifying and managing barriers to meeting objectives in advance […]” (ISO 31000, 2018)

We ought to not only pertinently identify risks, but also effectively manage the performance (i.e., the activities and resources) of the said organisation towards achieving the intended objectives. In the context of Large Infrastructure Projects, the organisation is the project team (i.e., Realisation-System), whereas the objectives are, among others, job creation, provision of goods and services, increase in exports and reduction in imports, and contributions to the country’s economic growth:

“Investments in modern infrastructure lay the foundations for economic development and growth. Building roads, bridges, power transmission lines and making other improvements create jobs. When completed, these projects help a society increase its wealth and its citizens’ standard of living.” (U.S. DoS, 2012)

Two important messages are noted: (1) The works involved in delivering infrastructure result in job creation; e.g., the Daxing Airport (Beijing, China) created 40,000 direct jobs during construction; and (2) when completed, modern infrastructure projects increase the wealth (of the host-nation) and standard of living of citizens. Further, “Infrastructure creates value when it contributes to addressing social needs or facilitates economic activity. Choices regarding infrastructure development must therefore be focused on user [and stakeholders] needs.” (OECD, 2017). Such important “objectives” should not be deviated from owing to risks. No wonder Risk Management constitutes a tool of choice in ensuring that investments in infrastructure provide benefits to stakeholders by meeting objectives.

Thus, the Project Management Body of Knowledge defines Project Risk Management as follows:

“Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and monitoring and control on a project. The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of negative events in the project.” (PMI, 2013)

Again, the emphasis is on “managing both positive and negative events” to steer the project toward its objectives, as discussed earlier. On such note, one may suggest that Project Risk Management (PRM) constitutes the “immune system” of the infrastructure project; it provides the “intelligence” to detect and protect the project against anything (or lack thereof) that could prevent/hinder and/or diminish/delay the achievement of project objectives—Should PRM fail, the project will soon suffer.

Therefore, bad or poor project outcomes, when persistent, should be seen as a sign of a failed or lack of Risk Management in large and complex projects—consequently, the project manager should be actively involved in Project Risk Management, not merely delegate it to a Risk Management Team.

“There can’t be a meaningful dialogue about risk and risk management if only one party to the conversation understands the significance of what is being said.” (Crouhy et al, 2006)

“Risk Management is no longer confined solely to risk management specialists. Stakeholders ranging from employees to investors [as well as executive management] must understand how to quantify the trade-offs of risk against the potential returns. The failure to understand the essential nature of risk can have devastating consequences [on projects].” (Crouhy et al, 2006)

Accordingly, project risk managers and practitioners should not always take a pessimistic view of risk. “A pessimist sees difficulty in every opportunity; and an optimist sees the opportunity in every difficulty” (Winston Churchill)—“events with likely positive effects” (i.e., opportunities) and “events with potentially negative effects” (i.e., threats) on “objectives” must be addressed in LIPs. Therefore, “Project managers may need encouragements to be open to opportunities and to manage both threats and opportunities proactively” (INCOSE SEH, 2011)—for a “holistic” view is essential.

Project Risk Management Frameworks

Organisations should consult with the relevant stakeholders when developing an appropriate Risk Management framework. The approach to managing risk in any organisation, including in Large Infrastructure Projects would be highly dependent on the complexity of methods and the extent of analysis required—and on the nature of the organization, its governance and style of management.

In the main, organisations involved in “risky” initiatives (e.g., projects, mergers-and-acquisitions, military conquests) should develop and implement risk treatments to reduce residual risks to levels acceptable to most stakeholders and monitor (and adjust) to ensure efficiency and effectiveness. Thus, appropriate and effective assessment steps, including developing and documenting methods and techniques to identify, analyze, and evaluate pertinent risks, will be defined and implemented:


To read entire paper, click here

How to cite this paper: Mabelo, P. B. (2023). Risk Management and Project Life Cycle; featured paper, PM World Journal, Vol. XII, Issue VI, June. Available online at https://pmworldlibrary.net/wp-content/uploads/2023/05/pmwj130-Jun2023-Mabelo-Risk-Management-and-Project-Lifecycle.pdf

About the Author

Pascal Bohulu Mabelo

Johannesburg, South Africa


 Pascal Bohulu Mabelo, MBA, MSc (Industrial), BSc (Civil), Pr. Eng, Pr. CPM, Pr. PMSA, PMP, has more than 25 years of professional experience and possesses a wide range of technical and managerial skills pertaining to large and complex infrastructure projects. He has worked in large infrastructure projects as a design engineer, project/programme manager, project consultant and project management executive. Pascal was honoured to serve as the national chairman of Project Management South Africa (PMSA), the leading Project Management professional association in Southern Africa.

Pascal has published the book: “Managing Engineering Processes in Large Infrastructure Projects” (2021); he has also published, “How to Manage Project Stakeholders—Effective Strategies for Large Infrastructure Projects” (2020) and “Operational Readiness—How to Achieve Successful System Deployment” (2020). Through various other publications, he assiduously promotes the application of Systems Thinking and/or Systems Engineering principles and concept to unravel complexity in Large Infrastructure Projects (LIPs) in order to address their persistent risks of failure and their massive, even pernicious, cost and schedule overruns.

Pascal is currently a Director and Principal Consultant at E 6 Project Consulting (Pty) Ltd or E6PC; for any comments, further information, and clarifications he may be contacted at Consult@e6pc.com